| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11821 DEADCODE Triaged Unassigned Bug Minor Fix Required
allinstance_set_busy() ds/ldap/servers/slapd/back-ldbm/misc.c
11822 DEADCODE Triaged Unassigned Bug Minor Fix Required
allinstance_set_not_busy() ds/ldap/servers/slapd/back-ldbm/misc.c
Comment:
objset_next_obj releases the previous object internally.
Thus, there is no leak. Just remove the 2 lines:
if (inst_obj)
object_release(inst_obj);
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610281
11820 DEADCODE Triaged Unassigned Bug Minor Fix Required
idl_new_delete_key() ds/ldap/servers/slapd/back-ldbm/idl_new.c
Comment:
tmpid is no longer used. Since we don't define DB_ALLIDS_ON_WRITE, ALLID has no chance to be stored in the db. But the code should be fixed as follows:
Remove:
480 ID tmpid = 0;
The 496 must be
496 if (id == ALLID) {
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=616618
Change Description:
. renamed 91upgradednformat.pl to 80upgradednformat.pl to run
upgradednformat before 90subtreerename.pl.
. ported following patches applied to Directory_Server_8_2_Branch
to master and 389-ds-base-1.2.6.
612771 - RHDS 8.1/389 v1.2.5 accepts 2 identical entries with
different DN formats
* commit 50bb2ee6676e10cdda704982dfa831efa4011037
Fix Description:
This patch fixes the upgradednformat utility to eliminate the
duplicated DNs found in the upgrading period. Assuming DN:
attr0=value0,attr1=value1,...,attrn=valuen exists in the DB
and another identical DN is found, the second DN is renamed to
nsuniqueid=<uuid>+attr0=value0,attr1=value1,...,attrn=valuen
, where the <uuid> is the unique id assigned to the entry when
the entry is added to the server. The modification is logged
in the error log.
In addition, there was a bug to handle multi-valued RDNs in
slapi_dn_normalize_ext. In case multi-valued RDN appears with
DN value (e.g., nsuniqueid=<uuid>+cn=uid\=<uid>\,o\=<org>,dc=<dc>),
it was not normalized properly. Introduced second rdn_av_stack
(subinitial_rdn_av_stack) for the nested DN value.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Another_Upgrade_Scenario
* commit ebaa18adaf201f75c709e078abd8e32605eddb81
Fix Description:
1) In the previous commit 50bb2ee6676e10cdda704982dfa831efa4011037,
there were 3 places to miss replacing rdn_av_count with subrdn_av_count.
2) A variable subtypestart is used to keep the head of nested
multivalued RDNs. For instance,
seeAlso=cn\=<CN>\+l\=<L>\,o\=<O>,dc=examle,dc=com
^ or ^ or ^
There was a bug to set the first position ("cn" in the above example).
In addition, fixed a warning assigning "const char *" to "char *" in
import_foreman (import-threads.c).
* commit 472a2c0f2f21205390ba87c31c498b4419a932ba
Fix Description:
When newly creating an ancestorid index file, instead of
opening the index file with DB_TRUNCATE option, delete
the file then create it.
616135 - Upgrade failure on Solaris :
tar: db/NetscapeRoot/{DBVERSION,*.db4}:
No such file or directory
* commit e6723421e6dc69408edb2a396eb22da361cff206
Fix Description:
.../'{'DBVERSION,*.db4'}' is not a shell syntax. Process DBVERSION
and *.db4 individually.
Cherry-picked 700d7c1a199db4a690740636b8bd3e612304ce1e and
0b6ddc9b06845bdf385e749f2c5a99497df20d98 from
389-ds-base-1.2.6 branch.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12237 UNINIT Triaged Unassigned Bug Minor Fix Required
vlv_trim_candidates_byvalue() ds/ldap/servers/slapd/back-ldbm/vlv.c
Commit:
There is almost no chance to pass uninitialized typedown_value to
ber_bvecfree unless vlv_request_control value is NULL. Anyway, we
init typedown_value to NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609255
12236 UNINIT Triaged Unassigned Bug Minor Fix Required
dblayer_get_aux_id2entry() ds/ldap/servers/slapd/back-ldbm/dblayer.c
Comment:
If a backend instance info (inst) or ldbminfo (li) or dblayer private
info (opriv) is not available, uninitialized priv is passed to
slapi_ch_free_string and slapi_ch_free. We need to init priv to NULL
and handle done: case if priv is NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=611850
Resolves: bug 611850
Bug Description: fix coverity Defect Type: Error handling issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Check the error return from the functions. In some cases,
I was able to figure out that the calling function should perform additional
error handling (return early, goto error label), but in general the code
just logs an appropriate error message and continues. I was able to get
rid of some more libacl code. I removed an unused variable from modify.c
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=610177
Resolves: bug 610177
Bug Description: fix coverity Defect Type: Uninitialized variables issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Initialize variables to 0, NULL, or an appropriate error
code. Got rid of the unused lexer code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The cnt parameter is not used, so just get rid of it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rename switch is on
https://bugzilla.redhat.com/show_bug.cgi?id=578296
Change Description:
1) ldbm_back_next_search_entry_ext (ldbm_search.c)
When getting an entry from ID using id2entry_ext, pass a flag
ID2ENTRY_ADD_ENTRYDN to add entrydn to the entry.
2) id2entry_ext (id2entry.c)
Added id2entry_ext to handle the flag ID2ENTRY_ADD_ENTRYDN.
If ID2ENTRY_ADD_ENTRYDN is set in the flags variable and
entryrdn switch is enabled, entrydn is added to the entry.
3) index_read_ext (index.c)
If entryrdn switch is on and the attribute type is entrydn and
the search type is equality, then call entryrdn_index_read
to get the ID directly.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=574101
Description: To create the ID list for child entries of to-be-renamed
entry, an inappropriate function (idl_append) was used. The function
expects the passed IDs are sorted. If not sorted, idl_insert should
be used instead.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=597375
Fix Description:
1) When a backend was removed, the db instance directory was removed
as well (See also 463774 - index files for database should be deleted
when db is deleted). In case DB_RECOVER_FATAL is set in the DB open
after the removal (e.g., in restore), the logs in the transaction
logs are replayed and compared with the contents of the DB files.
At that time, if the db instance directory does not exist, libdb
returns FATAL error. To prevent the problem, we have to leave the
empty directory.
2) When removing index files, we don't have to open index files
with CREAT flag.
Note: In the bug 463774, the server was fixed so that once a db
backend is removed, the db instance directory is removed. With
this fix (597375), the backend removal leaves the empty db instance
directory. Plus, if backup is restored, even if the backup was
made after the backend is deleted, the restore could create empty
DB files in the deleted db instance directory if the transaction
log files still contain the history of the deleted backend.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593110
Fix description:
ldap/servers/slapd/back-ldbm/dblayer.c -- A memory area that
stores nsslapd-directory was shared between 2 structures:
struct ldbminfo and dblayer_private. In dblayer_post_close,
dblayer_private is released but not struct ldbminfo. The
latter does not know the memory area is freed. This fix
changes it so that each structure has its own copy.
ldap/servers/plugins/acl/acl.c -- A variable result_status
had a chance to be evaluated w/o an initialization.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change description:
. adding upgradednformat utility to each server instance.
. adding 91upgradednformat.pl for in-place-upgrade.
. implementing ldbm_back_upgradednformat sharing the import/
reincexing codes.
. adding a new DBVERSION ID "dn-4514" for the upgraded db.
. fixing access logs (delete.c and modify.c)
. fixing compiler warnings.
. fixing memory leaks.
. fixing a bug in syntax plugin to free strings.
. adding templates for plugin id, version, vendor, and description,
which are needed for the online upgrade.
. dbversion_write takes an additional bit flags, which indicates
which extra DBVERSION strings are written to the DBVERSION file.
It was introduced for the upgrade tools not to intervene each
other's tasks (e.g., dn2rdn for converting entrydn to entryrdn
and upgradednformat for upgrading the DN format).
. fixing a bug in entryrdn index code which was missing to normalize
RDN.
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=591336
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Migration.2FUpgrade
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
1. Got rid of the old hardcoded limit 200MB.
2. Introduced the memory hard limit and soft limit.
Standalone command line import ldif2db behaves as follows:
If import cache autosize is enabled:
nsslapd-import-cache-autosize: -1 or 1 ~ 99
(if the value is greater than or equal to 100,
it's reset to 50 with a warning.)
the import cache size is calculated as
nsslapd-import-cache-autosize * pages / 125
(./125 instead of ./100 is for adjusting the BDB overhead.)
If import cache is disabled:
nsslapd-import-cache-autosize: 0
get the nsslapd-import-cachesize.
Calculate the memory size left after allocating the import cache size.
If the size is less than the hard limit, it issues an error and quit.
If the size is greater than the hard limit and less than the soft limit,
it issues a warning, but continues the import task.
Note: this function is called only if the import is executed as a stand
alone command line (ldif2db).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=572018
Resolves: bug 572018
Bug Description: Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot
Reviewed by: self
Branch: HEAD
Fix Description: According to the error message, the entry id cannot be
found in the id2entry file. The entry id comes from the parentid index,
which has just been created by the dn2rdn upgradedb process. The entryid
is the key in the parentid index. I'm not sure how this can happen -
either the parentid contains the id of an entry that does not exist, or
the entryid was somehow corrupted. I've added some additional debugging
statements to try to narrow this down.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deleted entries)
https://bugzilla.redhat.com/show_bug.cgi?id=576644
Resolves: bug 576644
Bug Description: segfault while multimaster replication (paired node won't find deleted entries)
Reviewed by: rmeggins
Fixed by: edewata, nhosoi
Branch: HEAD
Fix Description: The delete code stores the actual entry from the entry
cache in the pblock as SLAPI_DELETE_BEPREOP_ENTRY so that the be preop
plugins can have access to the entry. SLAPI_DELETE_BEPREOP_ENTRY is an
alias for SLAPI_ENTRY_PRE_OP which is used by the front-end delete code.
When processing a replicated delete operation, and the
entry has already been deleted (converted to a tombstone), we needed to
restore the original entry in SLAPI_DELETE_BEPREOP_ENTRY so that the
front-end code can free it as SLAPI_ENTRY_PRE_OP instead of freeing the
actual entry from the cache.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conflict
https://bugzilla.redhat.com/show_bug.cgi?id=571677
Resolves: bug 571677
Bug Description: Busy replica on consumers when directly deleting a replication conflict
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: In some cases, urp fixup operations can be called from
the bepreop stage of other operations. The ldbm_back_delete() and
ldbm_back_modify() code lock the target entry in the cache. If a bepreop
then attempts to operate on the same entry and acquire the lock on the
entry, deadlock will occur.
The modrdn code does not acquire the cache lock on the target entries
before calling the bepreops. The modify and delete code does not acquire
the cache lock on the target entries before calling the bepostops.
I tried unlocking the target entry before calling the bepreops, then locking
the entry just after. This causes the problem to disappear, but I do not
know if this will lead to race conditions. The modrdn has been working this
way forever, and there are no known race conditions with that code.
I think the most robust fix for this issue would be to introduce some sort
of semaphore instead of a simple mutex on the cached entry. Then
cache_lock_entry would look something like this:
if entry->sem == 0
entry->sem++ /* acquire entry */
entry->locking_thread = this_thread
else if entry->locking_thread == this_thread
entry->sem++ /* increment count on this entry */
else
wait_for_sem(entry->sem) /* wait until released */
and cache_unlock_entry would look something like this:
entry->sem--;
if entry->sem == 0
entry->locking_thread = 0
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=515805
Fix Description:
SLAPI_TASK_CANCELLED could be set in task_modify any time by
users' modifying nsTaskCancel value to TRUE. Then the following
slapi_task_status_changed destroys the task, which is called
even via a simple logging call slapi_task_log_status. After the
task is destroyed, any task related calls such as another
slapi_task_log_status or slapi_task_finish crashes the server.
This fix changes the behaviour to destroy the task only when
task_state is SLAPI_TASK_FINISHED. Once SLAPI_TASK_CANCELLED
is set to task_state, changing the state to SLAPI_TASK_FINISHED
by calling slapi_task_finish is the responsibility of the task
application (e.g., import). Until then, it is guranteed that
the task is available.
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=572649
Fix Description: There was a chance to jump to error_return before
back_txn structure was initialized. In the error handling, the
transaction abort is called against the garbage address. Slapi_DN
also gets freed without an initialization. Now these variables
are initialized first.
|
| |
|
|
|
|
|
|
|
|
|
| |
modrdn with non-ASCII new rdn incorrect
https://bugzilla.redhat.com/show_bug.cgi?id=570107
Description: When getting the DN value from the raw ldif file,
it was strictly checking "dn: ", which was incomplete. We
should have checked "dn:: " for the Base64 encoded DN. This
patch is adding the case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
containing special characters
https://bugzilla.redhat.com/show_bug.cgi?id=199923
Description: regression observed in the tests.
> as of March 04, 2010, this is happening again.
Fix Description:
dn.c: Based upon RFC 4514, the following characters in the RDN
values need to be escaped:
'+', ';', '<', '>', and '=' for the intermediate characters
'+', ';', '<', '>', '=', '#' and ' ' for leading characters
'+', ';', '<', '>', '=', and ' ' for trailing characters
validate.c: If an escaped character followed by another escaped
character, e.g., \#\<, the pointer was moved twice skipping '\'
before '<' and it makes the validation fail.
ldbm_add.c: a local variable addr was not initialized.
|
| |
|
|
|
|
| |
This patch cleans up various build warnings found by compiling the code
with -Wall on RHEL5.
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
var/tmp/run_gssapi.vg.25032:Memory leak: 99 bytes duplicates: 5
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> ids_sasl_check_bind() at saslbind.c:924
> do_bind() at bind.c:382
> connection_threadmain() at connection.c:554
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The problem is that ids_sasl_check_bind can reset SLAPI_BIND_TARGET to
a malloc'd value. The do_bind() code should check for this condition
and free it.
var/tmp/entryusn.vg.5997:Memory leak: 8 bytes duplicates: 8
> calloc() at vg_replace_malloc.c:397
> slapi_ch_calloc() at ch_malloc.c:243
> slapi_counter_new() at slapi_counter.c:95
> ldbm_usn_init() at ldbm_usn.c:86
> ldbm_back_start() at start.c:223
> plugin_call_func() at plugin.c:1417
> plugin_dependency_startall.clone.0() at plugin.c:1385
> main() at main.c:1138
The backend cleanup code should free be_usn_counter.
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_listenhost() at libglobs.c:3674
> main() at main.c:874
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_securelistenhost() at libglobs.c:3686
> main() at main.c:881
config_get_listenhost() and config_get_securelistenhost() return malloc'd
memory which must be freed.
var/tmp/dna_scen1.vg.4901:Memory leak: 248 bytes duplicates: 1
> malloc() at vg_replace_malloc.c:207
> nslberi_malloc() at io.c:1677
> ber_flatten() at io.c:1604
> create_NSDS50ReplicationExtopPayload() at repl_extop.c:218
> NSDS50EndReplicationRequest_new() at repl_extop.c:265
> release_replica() at repl5_protocol_util.c:469
> repl5_inc_run() at repl5_inc_protocol.c:1187
> prot_thread_main() at repl5_protocol.c:341
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The payload was not being freed under all function exit conditions. So, just free it immediately after use.
var/tmp/dnarun.vg.2491:Memory leak: 27 bytes duplicates: 0
> malloc() at vg_replace_malloc.c:207
> slapi_ch_malloc() at ch_malloc.c:155
> slapi_entry_attr_get_charptr() at entry.c:2432
> dna_parse_config_entry() at dna.c:816
> dna_pre_op() at dna.c:2587
> plugin_call_func() at plugin.c:1417
> plugin_call_plugins() at plugin.c:1379
> op_shared_add() at add.c:606
> do_add() at add.c:232
> connection_threadmain() at connection.c:564
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The value was not being freed under all conditions.
==9877== 1,890 (252 direct, 1,638 indirect) bytes in 3 blocks are definitely lost in loss record 1,628 of 1,725
==9877== at 0x47E0E5C: calloc (vg_replace_malloc.c:397)
==9877== by 0x4819D89: slapi_ch_calloc (ch_malloc.c:243)
==9877== by 0x48284A6: slapi_entry_alloc (entry.c:1686)
==9877== by 0x4829BA5: str2entry_dupcheck (entry.c:631)
==9877== by 0x482BB5D: slapi_str2entry_ext (entry.c:1194)
==9877== by 0xB2A8E9D: import_producer (import-threads.c:541)
==9877== by 0x72E1990: (within /lib/libnspr4.so)
==9877== by 0x731E8F4: start_thread (in /lib/libpthread-2.10.2.so)
==9877== by 0x75B2FCD: clone (in /lib/libc-2.10.2.so)
Make sure the entry or backentry are freed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=506206
Resolves: bug 506206
Bug Description: problems linking with -z defs
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Some platforms (debian) and some build checking tools
(rpmlint, others) link with -z defs to look for any undefined references at
link time. We had several of these in various directory server objects.
1) all of the plugins need to link against libslapd.la
2) most of the plugins need to link against ldapcsdk and nspr
3) the pwdstorage plugin needs to link against LIBCRYPT, which is platform
dependent
4) various other link fixes
Platforms tested: RHEL5 x86_64
Flag Day: yes - autotool file changes
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=567370
Descriptino: When deleting an entry, if the dn is in the dn cache,
it should be removed. The original code was trying to remove it
regardless of the existence in the dn cache. Fixed it so that
only when the dn is in the cache, it's removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=539618
Descriptions: When a protocol is freed by prot_free, prot_close
is supposed to have been called to stop the main thread
prot_thread_main. But, there was no mechanism for the freeing
thread whether the prot_thread_main has already quitted or not,
it could have released the Repl_Protocol even though it was
still being in use. This fix is adding a checking method.
The same test revealed ldbm_back_modrdn had a chance to access
a field of NULL entry structure.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=527848
Change Description:
1. Replication Changelog
1-1. In the clean recover mode, transaction logs should not be removed.
1-2. When nsslapd-db-circular-logging is on (by default, it's on),
call log_archive function with DB_ARCH_REMOVE, which removes
log files that are no longer needed.
1-3. Call transaction checkpoint just before shutting down the server.
1-4. "From string" in the upbrade message had a flaw.
2. Backend dblayer
2-1. In checkpoint_threadmain, call log_archive with DB_ARCH_ABS,
which returns the absolute path of the transaction log files.
It eliminates the code which generates the absolute paths.
|
| |
|
|
|
|
|
| |
Create wrappers for the new syntax plugin style matching rule code so that
we can use the old matching rule indexing functions. Introduced a new type
of indexer for Slapi_Value values. The old style used struct berval * values,
but the syntax plugins and a lot of newer code work with Slapi_Value* instead.
|
| |
|
|
|
|
|
|
|
|
|
| |
There were many places in the server code that directly used the syntax
plugin for the attribute. If the attribute schema definition specified
a matching rule, we must use that matching rule for matching values of
that attribute, filtering that attribute, and generating index keys for
values of that attribute. New internal and plugin APIs have been added
that use the Slapi_Attr* instead of using the syntax plugin directly.
The new API will determine which matching rule to apply based on the
schema definition.
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=565664
Description: Special thanks to edewata@redhat.com for fixing the bug.
> See ldap/servers/slapd/back-ldbm/id2entry.c line 196.
> The second parameter should be a pointer to pointer,
> but the current code passes a regular pointer:
> CACHE_RETURN(&inst->inst_dncache, bdn);
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=563365
1) Error handling in ldbm_back_{add,delete,modify,modrdn} functions was
incomplete. When any error occurs after the transaction begins, the
changes made after that should be aborted. There were some cases the
abort was not called.
2) If modrdn failed in ldbm_back_modrdn, new DN in the DN cache was not
removed.
3) config_set_instancedir in libglobs.c was missing the function type.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=548535
Description:
The attrcrypt module maintains the inst_attrcrypt_state_private
field in the instance structure (ldbm_instance) to store the private
keys. The area and the space for the private keys are allocated in
attrcrypt_init which is called from dblayer_instance_start.
A backend instance could be closed and restarted multiple times
(for instance, in the bulk_import, which is used by the replica
initialization), but the area had no chance to be freed.
This patch is adding the clean-up code.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=555577
Undoing the previous checkin.
The parameter "strict" is for the trength of the DN validation.
It should be confusing to use it for turning on/off the validation
itself.
|
| |
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=555577
[See comment 7 of the bug]
DistinguishName validation slapi_dn_syntax_check should be
called only when nsslapd-dn-validate-strict is on.
|
| |
|
|
| |
Use entryrdn instead
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch includes
- replacing the entrydn index with the entryrdn index
- replacing a full DN in each entry in the DB with an RDN
- extending Slapi_Entry, entry2str, and str2entry to absorb the changes
made on the entry
- adding DN/RDN helper functions
- adding DN cache
- adding a utility and a migration script to convert the DN format database
to the RDN format
- extending a database dump utility dbscan to support the entryrdn
- slapi_dn_syntax_check by nkinder@redhat.com is added to check the dn before
modify operations
- big fix for 171338 - Enhancement: winsync modrdn not synced
In addition to the above, compile warnings and memory leaks found in testing
the new feature are fixed.
For more details, see the feature design document at:
http://directory.fedoraproject.org/wiki/Subtree_Rename
and bugzilla at:
https://bugzilla.redhat.com/show_bug.cgi?id=171338
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
version 1.2.5.a1
Instead of changing configure.ac AC_INIT for each version change, there
is a new file - VERSION.sh. This file also contains support for creating
version numbers for pre-releases, and pre-release strings containing git
commit hashes.
One of the complications is that AC_INIT does not allow you to override the version and package tarname fields. We can override them after the fact everywhere
except in config.h. AC_INIT defines the following which we would like to override but cannot: PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_STRING PACKAGE_BUGREPORT
Instead, we define DS_ versions of these e.g. DS_PACKAGE_VERSION etc. and make
these available with AC_DEFINE(DS_PACKAGE_VERSION,...) etc.
As an extra added precaution, we undefine these in Makefile.am like this:
DS_DEFINES = ... \
-UPACKAGE_VERSION -UPACKAGE_TARNAME -UPACKAGE_STRING -UPACKAGE_BUGREPORT
If someone tries to use PACKAGE_VERSION in C code, they will not be able to,
and will have to use DS_PACKAGE_VERSION instead. All of the DS code that used
PACKAGE_VERSION has been changed to use DS_PACKAGE_VERSION instead.
There is a new make target - git-archive - as a convenience for creating source
tarballs from git. By default, the source archive will be placed in the build
directory - you can specify SRCDISTDIR=/path/to/SOURCES to use an alternate
dir (e.g. make SRCDISTDIR=/path/to/rpmbuild/SOURCES git-archive to make a
source tarball for rpmbuild)
configure will print the branded package name and version
Reviewed by: nkinder (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix contributed by Ulf Weltman (ulf.weltman@hp.com)
Description From Ulf Weltman (ulf.weltman@hp.com)
In previous releases, if LDIF being imported contained createTimestamp,
creatorsName, modifyTimestamp, or modifiersName, those values would be kept in
the imported entries. BZ# 462922 added code to insert those attributes during
import but it clobbers any values existing in the LDIF being imported. I think
the imported values should take precedence, this would be useful during
migration for example.
If anyone wants to take advantage of the new behavior where the server
provisions new values, they can strip out the values from the LDIF before
importing or they can set nsslapd-exclude-from-export to not export those
attributes before importing.
See also https://bugzilla.redhat.com/show_bug.cgi?id=525007
Reviewed by richm, nkinder, and nhosoi
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=516305
Resolves: bug 516305
Bug Description: MODIFY/replace with empty values does not ignore missing or unknown attributes
Reviewed by: nhosoi (Thanks!)
Fix Description: The function mods_have_effect() did not work correctly. It
would set the flag have_effect = 0 the first time a type was not found.
Then if a subsequent mod would apply, it would still return have_effect = 0.
What it should do is keep looking for all mod types in the list of mods to
see if any of them would apply, and return have_effect = 1 if at least one
of them would apply. This corresponds to RFC 4511 section 4.6:
replace: replace all existing values of the modification
attribute with the new values listed, creating the attribute
if it did not already exist. A replace with no value will
delete the entire attribute if it exists, and it is ignored
if the attribute does not exist.
So the proper behavior is to ignore attributes that do not exist, and to
apply the rest.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
| |
See also http://directory.fedoraproject.org/wiki/Entry_USN#Standalone.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This cleans up the following warnings:
ds.git/ldap/servers/slapd/back-ldbm/ldbm_usn.c:102: warning: unused variable 'li'
ds.git/ldap/servers/plugins/replication/repl5_agmt.c:1184: warning: too many arguments for format
ds.git/ldap/servers/plugins/syntaxes/dn.c:143: warning: unused variable 'val_copy'
ds.git/ldap/servers/plugins/syntaxes/deliverymethod.c:264: warning: unused variable 'p'
ds.git/ldap/servers/plugins/syntaxes/facsimile.c:269: warning: unused variable 'p'
ds.git/ldap/servers/plugins/usn/usn.c:107: warning: value computed is not used
ds.git/ldap/servers/plugins/usn/usn.c:263: warning: control reaches end of non-void function
ds.git/ldap/servers/plugins/usn/usn.c:525: warning: control reaches end of non-void function
The only one I'm not sure about is changing usn_get_attr to always return a 0 - please review that usage.
With these fixes, I only see the llu and lld format warnings on RHEL5 with the default rpmbuild compiler flags.
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=519065
Resolves: 519065
Bug Description: Fails to start if attrcrypt can't unwrap keys
Reviewed by: nhosoi (Thanks!)
Fix Description: If not using the attrcrypt feature, just return success
if the keys could not be unwrapped.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
| |
The commit a26ba73fb5040383c27872997bc07ab0c2006459 made to fix the bug 509472
put the assertion at the wrong place. It should be applied just for the worker
thread.
|
| |
|
|
|
|
|
|
|
|
|
| |
modifying attributes with subtypes
Andrey Ivanov (andrey.ivanov@polytechnique.fr) pointed out my previous
check-in for bug 506786 had an inefficient code. To determine whether
to delete an equality index key or not, the code checks the key still
exists in the value array having the same attribute type. The check
should be done as soon as one value is found in the value array instead
of checking through all of them.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The vendor, brand, and capbrand are set in configure - we should use those
everywhere rather than have to run some sort of script over the code to
change vendor, brand, version, etc. I've added VENDOR, BRAND, CAPBRAND
to the default defines passed to the compiler, and changed the code to use
these defines. And instead of the unintuitively named PRODUCTTEXT macro,
we should use the already defined PRODUCT_VERSION.
This allowed me to get rid of some code. The version was from a generated
file called dirver.h which we don't need anymore, and we don't need the perl
script dirver.pl which generated it.
The vendor string was coming from the dirlite header file. So I also used this
as an excuse to get rid of all references to dirlite once and for all (yay!).
For the places in plain text files which are not substituted, I just used the
generic name Dirsrv or Directory Server instead of having an explicit brand
and/or version in there.
Reviewed by: nkinder (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
modifying attributes with subtypes
When there are identical attribute value pairs except subtypes exist
in an entry, if one of the pairs are deleted, it should not affect the
index the attribute value is the key.
e.g.,
mail: abc
mail;en: abc
mail;fr: xyz
removing mail=abc or mail;en=abc, should not remove =abc from the
mail.db#.
This fix uses the value array evals to determine if the equality key
in the index should be deleted or not. The value array evals stores
the values of the attribute in the entry after the deletion is done.
If evals is empty, it means the to-be-deleted attribute value pair is
the only pair in the entry. Thus, the equality key can be removed fom
the index.
If evals has values, then the to-be-deleted attribute (curr_attr,
which was retrieved from the old entry) value needs to be checked if
it's in evals or not. If it is in evals, the equality key is still
used by other pair(s). So, leave it. Otherwise, the key can be
removed.
In the above example, let's assume removing mail=abc. evals holds
{"abc", "xyz"}. curr_attr abc is in evals, thus =abc will not be
removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
db2index all (internally, called upgradedb) reads through the main db
id2entry.db# and reindex all the associated indexed attributes. The
reindex borrows the import code where the entry id is newly assigned.
The new entry id's are connective. On the other hand, entry id's of the
entries in the db to be reindexed are not. The borrowed import code
assumes the entry id and the index of the fifo are tightly coupled and
the timing when the writing to and reading from the fifo are calculated
based upon the
assumption.
The assumption should have been revised so that the entry id which is
available up to is kept in ready_EID in the job structure and entry id from
each entry (entry->ep_id) is compared with ready_EID instead of ready_ID
that holds the sequential number.
Additionally, I eliminated unused variable "shift" from import_fifo_fetch.
Also, _dblayer_delete_instance_dir cleans up files and directories, recursively.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
estimate of total no of entries are same
The code processing search results were returning the PAGE END without
knowing there are more entries to return or not. To learn it, introduced
"read ahead" one entry when it comes to the PAGE END. If there are more
entries, the code undo the read ahead, which prompts for the next page
on the client side. If there is no more entries, it returns the status
SEARCH END instead of PAGE END.
In addition to the read ahead implementation to fix the bug 513916,
* supporting Simple Paged Results for chaining backend is added.
* fixed a bug in idl_new_fetch (idl_new.c) -- idlistscanlimit was not
checked when the cursor comes to the end of an index file.
|
| |
|
|
|
|
|
|
| |
This reverts commit 1e3138f1d41562d6f42a8fdf0934af23219bb8e1.
Misunderstood nsslapd-lookthroughlimit. Regardless of the filter test result,
once hit the lookthroughlimit, search should be aborted there. That's what
the original code does and that is correct.
|
