| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=511112
Fix Description: If an entry already having more than 25 password
history attributes is added and password modify is performed on
the entry, it overflows the fixed length values_replace array and
crashes the server. This patch protects the overflow.
|
| |
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=595893
Fix Description: It must be guaranteed that ndn returned
from slapi_sdn_get_ndn is normalized. Putting back the
normalization code in slapi_sdn_get_ndn.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=588867
Fix description: _sparcv9_AtomicAdd, _sparcv9_AtomicSub, and
_sparcv9_AtomicSet were not correctly declared. It brought
in the implicit function declaration, where the return value
were casted to 32-bit integer and the comparison against the
64-bit unsigned integer failed. The comparison was in the
endless loop and it caused the server hang.
|
| |
|
|
|
|
|
|
|
| |
The anonymous resource limits were not being properly set. This
patch ensures that the limits are set properly when an anonymous
or unauthenticated BIND operation is performed. It also sets the
anonymous limits when we do a read on a connection that has not
yet perfomed a BIND. These limits will be overwritten with any
default or user-based limits once a valid BIND is performed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593110
Fix description:
ldap/servers/slapd/back-ldbm/dblayer.c -- A memory area that
stores nsslapd-directory was shared between 2 structures:
struct ldbminfo and dblayer_private. In dblayer_post_close,
dblayer_private is released but not struct ldbminfo. The
latter does not know the memory area is freed. This fix
changes it so that each structure has its own copy.
ldap/servers/plugins/acl/acl.c -- A variable result_status
had a chance to be evaluated w/o an initialization.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Server Causes Crash
Fix description: normalized_mods->mod_bvalues is an array of
(struct berval *). When slapi_dn_normalize_ext returns an
allocated memory (case rc > 0), a new struct berval should have
been allocated and the address of the normalized string (normed)
and its length (dnlen) should be set in the berval.
The struct berval allocation was missing in the previous fix
for "Update to New DN Format".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change description:
. adding upgradednformat utility to each server instance.
. adding 91upgradednformat.pl for in-place-upgrade.
. implementing ldbm_back_upgradednformat sharing the import/
reincexing codes.
. adding a new DBVERSION ID "dn-4514" for the upgraded db.
. fixing access logs (delete.c and modify.c)
. fixing compiler warnings.
. fixing memory leaks.
. fixing a bug in syntax plugin to free strings.
. adding templates for plugin id, version, vendor, and description,
which are needed for the online upgrade.
. dbversion_write takes an additional bit flags, which indicates
which extra DBVERSION strings are written to the DBVERSION file.
It was introduced for the upgrade tools not to intervene each
other's tasks (e.g., dn2rdn for converting entrydn to entryrdn
and upgradednformat for upgrading the DN format).
. fixing a bug in entryrdn index code which was missing to normalize
RDN.
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=591336
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Migration.2FUpgrade
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
1. Got rid of the old hardcoded limit 200MB.
2. Introduced the memory hard limit and soft limit.
Standalone command line import ldif2db behaves as follows:
If import cache autosize is enabled:
nsslapd-import-cache-autosize: -1 or 1 ~ 99
(if the value is greater than or equal to 100,
it's reset to 50 with a warning.)
the import cache size is calculated as
nsslapd-import-cache-autosize * pages / 125
(./125 instead of ./100 is for adjusting the BDB overhead.)
If import cache is disabled:
nsslapd-import-cache-autosize: 0
get the nsslapd-import-cachesize.
Calculate the memory size left after allocating the import cache size.
If the size is less than the hard limit, it issues an error and quit.
If the size is greater than the hard limit and less than the soft limit,
it issues a warning, but continues the import task.
Note: this function is called only if the import is executed as a stand
alone command line (ldif2db).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handled correctly
https://bugzilla.redhat.com/show_bug.cgi?id=574167
Bug Description: If a DN contains "\ " at the end of its RDN,
it's be converted to "\20" by slapi_dn_normalize_ext in the
add operation. But the following search returns ' ' (not
an escaped space).
Fix Description: When slapi_dn_normalize_ext was applied to a
string which contains "\20", it converted the string to ' '.
This fix changes the behaviour so that the string "\20" in
DN remains untouched.
Also, this patch includes a fix to add a default suffix value
with no double quotes in template-suffix-db.ldif.in. We keep
double quoted suffix for the backward compatibility.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=572018
Resolves: bug 572018
Bug Description: Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot
Reviewed by: self
Branch: HEAD
Fix Description: According to the error message, the entry id cannot be
found in the id2entry file. The entry id comes from the parentid index,
which has just been created by the dn2rdn upgradedb process. The entryid
is the key in the parentid index. I'm not sure how this can happen -
either the parentid contains the id of an entry that does not exist, or
the entryid was somehow corrupted. I've added some additional debugging
statements to try to narrow this down.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=145181
Resolves: bug 145181
Bug Description: Plugin target/bind subtrees only take 1 value.
Fix Description: New attributes nsslapd-exclude-targetSubtree and
nsslapd-exclude-bindSubtree have been added to specify excluded subtrees.
The set_plugin_config_from_entry() has been modified to read multiple
subtrees. The plugin_invoke_plugin_sdn() and plugin_allow_internal_op()
have been modified to check for excluded subtrees.
Reviewed by: rmeggins (and pushed)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The rsearch utility has an option (-i) that allows one to have a
file containing names to be used as a variable in search filters.
The way this is designed is that you would specify a partial filter
(such as "uid=") as the filter option and a random name from the
name file will be appended to the filter for each search operation.
Unfortunately, this option was broken. The format was missing
where we were creating the filter string, which caused the filter
option to be used as specified without appending a name from the
name file.
|
| |
|
|
| |
ldap/servers/slapd/filterentry.c (line 685) void function cannot return value
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deleted entries)
https://bugzilla.redhat.com/show_bug.cgi?id=576644
Resolves: bug 576644
Bug Description: segfault while multimaster replication (paired node won't find deleted entries)
Reviewed by: rmeggins
Fixed by: edewata, nhosoi
Branch: HEAD
Fix Description: The delete code stores the actual entry from the entry
cache in the pblock as SLAPI_DELETE_BEPREOP_ENTRY so that the be preop
plugins can have access to the entry. SLAPI_DELETE_BEPREOP_ENTRY is an
alias for SLAPI_ENTRY_PRE_OP which is used by the front-end delete code.
When processing a replicated delete operation, and the
entry has already been deleted (converted to a tombstone), we needed to
restore the original entry in SLAPI_DELETE_BEPREOP_ENTRY so that the
front-end code can free it as SLAPI_ENTRY_PRE_OP instead of freeing the
actual entry from the cache.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The password modify extended operation was modifying the local database
on a read-only replica instead of returning a referral. The server is
designed to let the plugin ID used for updating password retry info make
local updates instead of returning a referral. This plugin ID was being
used by the password extop code, which it should not be doing.
The second issue is that we need to check if a referral needs to be sent
as early as possible when processing the extop request. We don't want
to reject the change if an entry does not exist before checking if a
referral is necessary since the server we refer to may have the target
entry present. This required adding a new helper function that allows
one to see if a write operation to a particular DN would require a
referral to be sent. The password modify extop code leverages this new
function to get the referrals and return them to the client if necessary.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
attribute returns all elements.
https://bugzilla.redhat.com/show_bug.cgi?id=572162
Resolves: bug 572162
Bug Description: the string "|*" within a search filter on a non-indexed attribute returns all elements.
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: PCRE interprets the '|' character as the start of
alternative branch. In the search filter, the other side of the '|' is
empty, which means match everything. The solution is to escape this and
other PCRE special chars before matching.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds a new managed entries plug-in. This plug-in allows
one to have the Directory Server automatically maintain a set
of entries that are based off of another type of entry (such
as user private group entries based off of user entries).
For more details, see the design document at:
http://directory.fedoraproject.org/wiki/Managed_Entry_Design
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=578167
Resolves: bug 578167
Bug Description: repl. of mod/replace deletes multi-valued attrs
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: The server implements a mod/replace operation as a
mod/delete if all values, followed by a mod/add of the new values. The
mod/delete phase, since it removes all of the values, essentially deletes
the attribute, so it must set the attribute deletion_csn. This is even
true in the case when you do a mod/replace on an attribute that doesn't yet
exist. We have to create an empty attribute on the deleted_attrs list with
the deletion_csn set to the csn of the operation. This preserves the
semantics of the mod/replace operation.
When doing the add phase of the mod/replace, we have to be able to
resurrect attributes and values that may have been deleted by the mod/delete
phase. We can tell that we need to resurrect a deleted value in
resolve_attribute_state_multi_valued, in the deleted_values loop, because
the deletioncsn will be the same as the update csn, and the
delete_priority flag will be 0.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=566320
Resolves: bug 566320
Bug description: RFE: add exception to removal of attributes in cn=config for aci
Fix description: The modify_config_dse() has been modified to
check the ignore_attr_type() for all types of modify operation.
Reviewed by: rmeggins (and pushed by)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=567429
Resolves: bug 567429
Bug Description: slapd didn't close connection and get into CLOSE_WAIT state
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The JNDI code attached to the bug uses persistent search.
The connection pool code handles persistent searches differently than
regular connections. The connection pool code was acquiring a reference
to a conn, but was not releasing it in the persistent search case, assuming
the persistent search code did not also have a reference, but it does. This
caused connection_table_move_connection_out_of_active_list() to not move
the connection out of the active list, and therefore available for closing,
because there was an outstanding reference. The solution is for the
connection pool code to release its reference.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=455489
Resolves: bug 455489
Bug description: Address compiler warnings about strict-aliasing rules
Fix description: The codes that generate strict-aliasing warnings have
been changed.
Reviewed by: rmeggins (and pushed by)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=576074
Resolves: bug 576074
Bug Description: search filters with parentheses fail
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: PCRE requires '(' and ')' to be escaped to match a literal
parenthesis. Otherwise, it thinks the parenthesis is used for grouping.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conflict
https://bugzilla.redhat.com/show_bug.cgi?id=571677
Resolves: bug 571677
Bug Description: Busy replica on consumers when directly deleting a replication conflict
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: In some cases, urp fixup operations can be called from
the bepreop stage of other operations. The ldbm_back_delete() and
ldbm_back_modify() code lock the target entry in the cache. If a bepreop
then attempts to operate on the same entry and acquire the lock on the
entry, deadlock will occur.
The modrdn code does not acquire the cache lock on the target entries
before calling the bepreops. The modify and delete code does not acquire
the cache lock on the target entries before calling the bepostops.
I tried unlocking the target entry before calling the bepreops, then locking
the entry just after. This causes the problem to disappear, but I do not
know if this will lead to race conditions. The modrdn has been working this
way forever, and there are no known race conditions with that code.
I think the most robust fix for this issue would be to introduce some sort
of semaphore instead of a simple mutex on the cached entry. Then
cache_lock_entry would look something like this:
if entry->sem == 0
entry->sem++ /* acquire entry */
entry->locking_thread = this_thread
else if entry->locking_thread == this_thread
entry->sem++ /* increment count on this entry */
else
wait_for_sem(entry->sem) /* wait until released */
and cache_unlock_entry would look something like this:
entry->sem--;
if entry->sem == 0
entry->locking_thread = 0
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=515805
Fix Description:
SLAPI_TASK_CANCELLED could be set in task_modify any time by
users' modifying nsTaskCancel value to TRUE. Then the following
slapi_task_status_changed destroys the task, which is called
even via a simple logging call slapi_task_log_status. After the
task is destroyed, any task related calls such as another
slapi_task_log_status or slapi_task_finish crashes the server.
This fix changes the behaviour to destroy the task only when
task_state is SLAPI_TASK_FINISHED. Once SLAPI_TASK_CANCELLED
is set to task_state, changing the state to SLAPI_TASK_FINISHED
by calling slapi_task_finish is the responsibility of the task
application (e.g., import). Until then, it is guranteed that
the task is available.
|
| |
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=573375
Resolves: bug 573375
Bug Description: MODRDN operation not logged
Fix Description: The slapi_log_access() should be invoked using
LDAP_DEBUG_STATS, LDAP_DEBUG_STATS2, or LDAP_DEBUG_ARGS level.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=573896
Description: When an import is executed using a task mechanism,
slapi_task_log_notice is called for logging, where task_log field
points the memory storing the log messages. If multiple log
messages were logged by multiple worker threads simultaneously,
there was a chance that the address of the log message was switched
by realloc while the other threads were accessing the old address.
This patch introduces task_log_lock per task to protect task_log.
Note: slapi_ch_malloc and its friends never return NULL. They rather
exits. Thus, to avoid the confusion which may look leaking the
lock, I eliminated 2 error returns from slapi_task_log_notice.
|
| |
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=573060
Description: there were 2 bugs handling ESC HEX HEXT format.
It was ignoring non-ASCII characters. Now, they are covered.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=470684
Resolves: bug 470684
Bug Description: Pam passthrough doesn't verify account activation
Reviewed by: rmeggins
Branch: HEAD
Fix Description: The check_account_lock() has been renamed to
slapi_check_account_lock() and moved into libslapd.so so any plugins
can use it. The account_inactivation_only parameter has been replaced
by check_password_policy. A new parameter send_result has been added
to determine whether to send LDAP results.
The pam_passthru plugin has been modified to use this function to
check account activation when the pamIDMapMethod is set to ENTRY.
The plugin will not check password policy.
|
| |
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=572649
Fix Description: There was a chance to jump to error_return before
back_txn structure was initialized. In the error handling, the
transaction abort is called against the garbage address. Slapi_DN
also gets freed without an initialization. Now these variables
are initialized first.
|
| |
|
|
|
|
|
|
|
|
|
| |
modrdn with non-ASCII new rdn incorrect
https://bugzilla.redhat.com/show_bug.cgi?id=570107
Description: When getting the DN value from the raw ldif file,
it was strictly checking "dn: ", which was incomplete. We
should have checked "dn:: " for the Base64 encoded DN. This
patch is adding the case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
containing special characters
https://bugzilla.redhat.com/show_bug.cgi?id=199923
Description: regression observed in the tests.
> as of March 04, 2010, this is happening again.
Fix Description:
dn.c: Based upon RFC 4514, the following characters in the RDN
values need to be escaped:
'+', ';', '<', '>', and '=' for the intermediate characters
'+', ';', '<', '>', '=', '#' and ' ' for leading characters
'+', ';', '<', '>', '=', and ' ' for trailing characters
validate.c: If an escaped character followed by another escaped
character, e.g., \#\<, the pointer was moved twice skipping '\'
before '<' and it makes the validation fail.
ldbm_add.c: a local variable addr was not initialized.
|
| |
|
|
|
|
| |
This patch cleans up various build warnings found by compiling the code
with -Wall on RHEL5.
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sasl/external
https://bugzilla.redhat.com/show_bug.cgi?id=554573
Resolves: bug 554573
Bug Description: ACIs use bind DN from bind req rather than cert mapped DN from sasl/external
Reviewed by: ???
Branch: HEAD
Fix Description: Added a new config option - nsslapd-force-sasl-external (on/off)
default is off - when set to on, a SIMPLE bind on a connection that has set
a DN from a cert will be changed to be a SASL/EXTERNAL bind.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: yes - new attribute to document
Note: This commit is for reapplying the patch I accidentally reverted
by the previous revert (031e725dce895bf2382ca7801cef772fe6b24c61).
(see commit f4b90ed5e43fa06ea6185cf17073b7a32db6ef4c, as well)
commit 031e725dce895bf2382ca7801cef772fe6b24c61
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Fri Mar 5 16:09:28 2010 -0800
Revert "Merge branch '547503'"
This reverts commit f2a04fdc45cc8a408267019990504354282c4303, reversing
changes made to 0b95451c7e50cb6b2d0cb310dddca18336e1b2ac.
|
| |
|
|
|
| |
This reverts commit f2a04fdc45cc8a408267019990504354282c4303, reversing
changes made to 0b95451c7e50cb6b2d0cb310dddca18336e1b2ac.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sasl/external
https://bugzilla.redhat.com/show_bug.cgi?id=554573
Resolves: bug 554573
Bug Description: ACIs use bind DN from bind req rather than cert mapped DN from sasl/external
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Added a new config option - nsslapd-force-sasl-external (on/off)
default is off - when set to on, a SIMPLE bind on a connection that has set
a DN from a cert will be changed to be a SASL/EXTERNAL bind.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: yes - new attribute to document
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=551198
Resolves: bug 551198
Bug Description: LDAPI: incorrect logging to access log - part 2
Reviewed by: andrey.ivanov@polytechnique.fr (Thanks!)
Branch: HEAD
Fix Description: Initialize the from PRNetAddr to nulls. That way, if
PR_Accept doesn't fill in the local fields, we can see that they are
empty and set the printed from field to "local".
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
var/tmp/run_gssapi.vg.25032:Memory leak: 99 bytes duplicates: 5
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> ids_sasl_check_bind() at saslbind.c:924
> do_bind() at bind.c:382
> connection_threadmain() at connection.c:554
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The problem is that ids_sasl_check_bind can reset SLAPI_BIND_TARGET to
a malloc'd value. The do_bind() code should check for this condition
and free it.
var/tmp/entryusn.vg.5997:Memory leak: 8 bytes duplicates: 8
> calloc() at vg_replace_malloc.c:397
> slapi_ch_calloc() at ch_malloc.c:243
> slapi_counter_new() at slapi_counter.c:95
> ldbm_usn_init() at ldbm_usn.c:86
> ldbm_back_start() at start.c:223
> plugin_call_func() at plugin.c:1417
> plugin_dependency_startall.clone.0() at plugin.c:1385
> main() at main.c:1138
The backend cleanup code should free be_usn_counter.
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_listenhost() at libglobs.c:3674
> main() at main.c:874
var/tmp/ipv6.vg.15561:Memory leak: 13 bytes duplicates: 3
> malloc() at vg_replace_malloc.c:207
> strdup() at /lib/libc-2.10.2.so
> slapi_ch_strdup() at ch_malloc.c:277
> config_get_securelistenhost() at libglobs.c:3686
> main() at main.c:881
config_get_listenhost() and config_get_securelistenhost() return malloc'd
memory which must be freed.
var/tmp/dna_scen1.vg.4901:Memory leak: 248 bytes duplicates: 1
> malloc() at vg_replace_malloc.c:207
> nslberi_malloc() at io.c:1677
> ber_flatten() at io.c:1604
> create_NSDS50ReplicationExtopPayload() at repl_extop.c:218
> NSDS50EndReplicationRequest_new() at repl_extop.c:265
> release_replica() at repl5_protocol_util.c:469
> repl5_inc_run() at repl5_inc_protocol.c:1187
> prot_thread_main() at repl5_protocol.c:341
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The payload was not being freed under all function exit conditions. So, just free it immediately after use.
var/tmp/dnarun.vg.2491:Memory leak: 27 bytes duplicates: 0
> malloc() at vg_replace_malloc.c:207
> slapi_ch_malloc() at ch_malloc.c:155
> slapi_entry_attr_get_charptr() at entry.c:2432
> dna_parse_config_entry() at dna.c:816
> dna_pre_op() at dna.c:2587
> plugin_call_func() at plugin.c:1417
> plugin_call_plugins() at plugin.c:1379
> op_shared_add() at add.c:606
> do_add() at add.c:232
> connection_threadmain() at connection.c:564
> --unknown-- at /lib/libnspr4.so
> start_thread() at /lib/libpthread-2.10.2.so
> clone() at /lib/libc-2.10.2.so
The value was not being freed under all conditions.
==9877== 1,890 (252 direct, 1,638 indirect) bytes in 3 blocks are definitely lost in loss record 1,628 of 1,725
==9877== at 0x47E0E5C: calloc (vg_replace_malloc.c:397)
==9877== by 0x4819D89: slapi_ch_calloc (ch_malloc.c:243)
==9877== by 0x48284A6: slapi_entry_alloc (entry.c:1686)
==9877== by 0x4829BA5: str2entry_dupcheck (entry.c:631)
==9877== by 0x482BB5D: slapi_str2entry_ext (entry.c:1194)
==9877== by 0xB2A8E9D: import_producer (import-threads.c:541)
==9877== by 0x72E1990: (within /lib/libnspr4.so)
==9877== by 0x731E8F4: start_thread (in /lib/libpthread-2.10.2.so)
==9877== by 0x75B2FCD: clone (in /lib/libc-2.10.2.so)
Make sure the entry or backentry are freed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=551198
Resolves: bug 551198
Bug Description: LDAPI: incorrect logging to access log
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: The connection logging code was not ldapi/unix socket
aware. Now we check for the socket type, and check to see if there is
a proper path name in the path field. The "server" side of the socket
seems not to get the path name set correctly - not sure why, but it doesn't
really matter, since the client side path name does seem to be set
correctly. The access log will contain the server side path and the client
side path, so something like "from local to /var/run/slapd-foo.socket"
Platforms tested: RHEL5 x86_64, Fedora 11 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=516611
Resolves: bug 516611
Bug Description: 389 DS segfaults on libsyntax-plugin.so - part 2
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: If there is an empty mod/replace of a non-existent attribute
following a real modify operation, the server will allow it, and the code in
entry_delete_present_values_wsi() would create an empty Slapi_Attr. LDAP
says that an empty mod/replace of a non-existent attribute should be ignored,
as it is in the non-repl case.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=548115
Description:
dse.c: 1) dse_add_entry_pb is supposed to free the given
the schema entry e. Although the function never consumes the
entry, it was only freeing it when the entry was added. (If
it was merged or rejected, it was not freed.)
schema.c: 1) when allocating a work buffer with sizedbuffer_allocate,
the space for the NULL termination was not counted.
2) DSE returned from slapi_validate_schema_files must have been
freed regardless of the return value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=506206
Resolves: bug 506206
Bug Description: problems linking with -z defs
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Some platforms (debian) and some build checking tools
(rpmlint, others) link with -z defs to look for any undefined references at
link time. We had several of these in various directory server objects.
1) all of the plugins need to link against libslapd.la
2) most of the plugins need to link against ldapcsdk and nspr
3) the pwdstorage plugin needs to link against LIBCRYPT, which is platform
dependent
4) various other link fixes
Platforms tested: RHEL5 x86_64
Flag Day: yes - autotool file changes
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
| |
if replacement of the attribute values fails (e.g. due to duplicate values)
the valstoreplace is not freed - the caller expects the valueset_replace
function to own the values passed in. The function will now free the values
if there was an error
In addition, valueset_replace should not free the old values in case
of error - it should leave the old values in the attribute
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
octet string ordering work correctly
https://bugzilla.redhat.com/show_bug.cgi?id=559315
Resolves: bug 559315
Bug Description: Searching some attributes are now case sensitive when they were previously case-insensitive
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: slapi_matchingrule_is_compat() was not checking for NULL; the matching rule syntax plugin was registering with the INTEGER syntax oid; the bin_filter_ava() function needs to be ordering aware to implement the octetStringOrderingMatch; in default_mr_filter_create(), make sure the requested matching rule is provided by the given plugin
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=567370
Descriptino: When deleting an entry, if the dn is in the dn cache,
it should be removed. The original code was trying to remove it
regardless of the existence in the dn cache. Fixed it so that
only when the dn is in the cache, it's removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=539618
Descriptions: When a protocol is freed by prot_free, prot_close
is supposed to have been called to stop the main thread
prot_thread_main. But, there was no mechanism for the freeing
thread whether the prot_thread_main has already quitted or not,
it could have released the Repl_Protocol even though it was
still being in use. This fix is adding a checking method.
The same test revealed ldbm_back_modrdn had a chance to access
a field of NULL entry structure.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=527848
Change Description:
1. Replication Changelog
1-1. In the clean recover mode, transaction logs should not be removed.
1-2. When nsslapd-db-circular-logging is on (by default, it's on),
call log_archive function with DB_ARCH_REMOVE, which removes
log files that are no longer needed.
1-3. Call transaction checkpoint just before shutting down the server.
1-4. "From string" in the upbrade message had a flaw.
2. Backend dblayer
2-1. In checkpoint_threadmain, call log_archive with DB_ARCH_ABS,
which returns the absolute path of the transaction log files.
It eliminates the code which generates the absolute paths.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=559315
Resolves: 559315
Description: Searching some attributes are now case sensitive when they were previously case-insensitive
Reviewed by: nhosoi (Thanks!) - also added some suggested comments
I added code to allow the syntax plugins to register corresponding
matching rules. That is, the functions that the syntax plugins use
for filter matching and key generation can also be used for matching
rules with the new wrapper code. I added some convenience functions
and structures in the syntax plugin code to make it easier to add
matching rules in the future. I also added a new feature to the
matching rule code - in the LDAP spec definition of matching rule, the
syntax provided in the matching rule definition is the syntax for
the _assertion value_ used with the matching rule, which is not
necessarily the same as the syntax of the _attribute values_ to which
the matching rule can be applied. For example, matching rules that apply
to syntax DirectoryString can also be applied in some cases to
PrintableString, CountryString, and IA5String. There are several other
cases like this as well. I also introduced the concept of a compat
syntax that can be used with a matching rule. The server will now
check, when reading in the schema, if the syntax and matching rules
for an attribute are consistent.
Finally, for 05rfc4523.ldif, I changed the attributes to use
octetStringMatch instead of one of the unimplemented certificate
matching rules.
|
| |
|
|
|
|
|
|
|
|
|
| |
Created wrappers around the new syntax style functions to make them look
like the old style filter functions. There are a few caveats:
1) SUBSTRING extensible filter searches are not supported. There is no
way currently to pass in the timelimit required by the syntax substring
filter functions.
2) ORDERING only does greater than or equal. There is no standard way to
do an extensible match with a standard ordering matching rule and specify
less than or greater than.
|
| |
|
|
|
|
|
| |
Create wrappers for the new syntax plugin style matching rule code so that
we can use the old matching rule indexing functions. Introduced a new type
of indexer for Slapi_Value values. The old style used struct berval * values,
but the syntax plugins and a lot of newer code work with Slapi_Value* instead.
|
