| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Description: CLU: dbgen.pl fails to load data files
Reviewed by: nhosoi (Thanks!)
Fix Description: dbgen.pl is hardcoded to look for data files in ../data. Instead, we should allow the user to provide the location to the data files e.g. -l /path/to/data, and we should also use share/brand-ds/data as the default directory.
|
| |
|
|
|
|
|
| |
Summary: rhds71 Invalid LDIF Syntax crashes directory server (comment #18)
Description: The problem was if an RDN ends with '\\', strcpy_special_undo
did not check if there is no more character, and incremented the pointer
beyond the end and accessed the address.
|
| |
|
|
|
|
| |
Summary: Reimplement ds_remove without setuputil code (comment #6)
Description: adding nsslapd-instancedir to dse.ldif for ds_remove to find out
the instance dir path.
|
| |
|
|
|
| |
Summary: feature request for ldclt: add randomauthid for testing
Description: Adding randomauthid options: -e "randomauthid" -e "randomauthidlow=<low>" -e "randomauthidhigh=<high>"
|
| |
|
|
|
|
| |
Summary: Add config attributes to cn=config to support Console (comment #1)
Description: Console needs to know the default paths for ldif_dir and bak_dir.
Adding the paths to cn=config.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description: Move DS Admin Code into Admin Server - ldif templates, pwdhash
Reviewed by: nhosoi (Thanks!)
Fix Description: These changes are primarily to allow the admin server setup to run completely in perl with no more setuputil code.
1) Added LDIF templates for DS config. template-dse.ldif is the core minimal directory server configuration. Values can be replaced with parameters in the same style as used with register_server.pl - %token%. For the plugin entries, the plugin shared library name is now just a name. There is no more full path. The code in dynalib.c handles this case by using the compiled in PLUGINDIR. The NSPR function PR_GetLibraryName knows the correct shared lib suffix for the platform. All of this allows us to do 2).
2) Added ability to run pwdhash with no server configuration. If no configuration is given, it uses the template-dse.ldif above. And instead of having to worry about where the plugins are installed and the shared lib suffix, it just depends on the above changes. This allows us to generate password hashes during setup before the directory server instance is created, and also to keep clear text password usage to a minimum.
3) Added defaultuser and defaultgroup.
4) Added support for continuation lines in Inf files.
5) All user visible messages during setup should be localizable
Platforms tested: RHEL4
Flag Day: Yes, autotool file changes.
Doc impact: Yes, along with the previous fixes for this bug.
|
| |
|
|
|
|
|
|
| |
Summary: Use mozldap6 ldif_parse_line API
Changes:
1) Removed ldif.h from the DS tree.
2) Eliminated the 5-th arg of ldif_parse_line (errmsg) and the errmsg related
code.
|
| |
|
|
| |
Summary: Added SASL support to ldclt as well as some thread-safety fixes for ns-slapd when using SASL.
|
| |
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot (Comment #9)
|
| |
|
|
|
| |
Summary: Move DS Admin Code into Admin Server (Comment #2)
Description: Cleaning up unused code
|
| |
|
|
|
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot (Comment #7)
Changes: If PR_Recv in sasl_recv_connection gets EAGAIN (== errno 11),
check whether it should be retried as being done for "a temporary
non-blocking I/O error".
|
| |
|
|
|
|
| |
Summary: Random SASL GSSAPI test failure on shadowfoot
Description: As mentioned in the comment just above of the code: "we now must
read more data off the wire until we have the complete packet", we read more.
|
| |
|
|
| |
Summary: Remove obsolete makefiles
|
| |
|
|
|
|
|
|
|
| |
Bug Description: small memory leaks in task code
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: There were a few places that were using slapi_get_first/next_backend without freeing the iterator cookie.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Change format of DBVERSION and guardian files (comment #10)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration: Migrate from 1.0.x to 1.1
Reviewed by: nhosoi (Thanks!)
Fix Description: The basic strategy is
1) shutdown the old servers - databases should be quiescent
2) run the migration script - this will copy all of the files (under /opt/fedora-ds/slapd-* by default) to their new FHS style locations, and fix up any entries and attributes that are obsolete or have changed (e.g. values that refer to paths)
3) service fedora-ds start
The migration script does not need to do anything to the database files - the new database code added by Noriko will handle the database upgrade automagically, but I'm leaving the database upgrade code in the script, commented out, in case we need it in the future.
This also fixes an annoying problem with automake - it would build ds_newinst.pl from ds_newinst.pl.in in the source ldap/admin/src directory, and use that version. This is really a problem with multi platform builds, where you want to share the ldapserver source code among multiple platforms. With the fix, built/ldap/admin/src/ds_newinst.pl is generated from srcdir/ldap/admin/src/ds_newinst.pl.in, and srcdir/ldap/admin/src/ds_newinst.pl is not written.
Platforms tested: FC6
Flag Day: no
Doc impact: Yes - we need to document migration
|
| |
|
|
|
|
|
|
| |
Summary: Change format of DBVERSION and guardian files (Comment #4)
1) introduced new strings for DBVERSION
2) added the logic to compare the new DBVERSION strings
note: we don't store the current db version string in the backend source
code any more. Instead, we get it from Berkeley DB header file db.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: PAM passthru ENTRY method not working
Reviewed by: prowley (Thanks!)
Fix Description: There are several problems.
1) For the ENTRY method to perform the internal search to get the entry for the bind DN, it must have a component ID (aka plugin identity). The code was already there to get/set it, but it was never initialized in the init function.
2) You cannot mix slapi_sdn_new* with slapi_sdn_init* - slapi_sdn_init will erase the knowledge that the Slapi_DN was allocated with malloc and it will not free it in slapi_sdn_free().
3) People may assume they can specify a subtree (e.g. ou=people,dc=example,dc=com) instead of a suffix for the list of included/excluded suffixes. The error message will not print a list of valid suffixes for the admin to use.
4) slapi_be_exist was failing because the database does not notify the mapping tree code that the backend is started during startup. This works fine under normal conditions because most all of the code in mapping_tree.c will lookup the backend if the mtn_be pointer in the mapping tree node is NULL. However, slapi_be_exist and slapi_be_select do not do this. The proper solution is to call slapi_mtn_be_started() at database startup time. This is the same thing that happens when a backend is added at runtime.
Platforms tested: FC6
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Modification of directory entries with VLV-indexed null-value attributes results in server crash
Reviewed by: nkinder, nhosoi, prowley (Thanks!)
Fix Description: The value lowest_value is defined outside the loop that loops through all the attributes in the vlv sort specification (e.g. usually something like cn givenname o ou sn if defined by the console browsing index). lowest_value is not reset for each loop iteration. So if it goes through the loop one time for e.g. givenname, and givenname has values, lowest_value will point to the lowest value of givenname until the key is created, then it is freed. So the next loop iteration uses o, and if for example o does not have any values, lowest_value will point to the already freed memory used by the givenname iteration, which is now garbage (e.g. the lowest_value->bv_len may be very large, which is the probably cause of the malloc out of memory errors seen by the customer). The solution is to reset lowest_value to NULL before each loop iteration (I did this by moving the declaration and initialization of lowest_value inside the loop scope) and testing for lowest_value == NULL before trying to use it.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
| |
Summary: CRM #1160370 RHDS does not reset passwordRetryCount to 0 upon a successful BIND
Change: If password lockout is on, need_new_pw from the successful bind tries
to set passwordRetryCount to 0 in smods, but if passwordExpirationTime is not
set and password never expires, the smods is not applied and discarded. Added
pw_apply_mods if password lockout is on.
|
| |
|
|
|
| |
Summary: A system index of eq for nsds5ReplConflict does not help
Change: added a presence index for nsds5ReplConflict
|
| |
|
|
|
| |
Summary: Add LDAPI (LDAP over unix domain sockets) (Comment #5)
Change: Fixed a copy & paste error...
|
| |
|
|
|
| |
Summary: LDAPI: referral mode needs LDAPI socket? (Comment #3)
Change: LDAPI is disabled in the initial configuration parameter setting.
|
| |
|
|
| |
Summary: Corrected out of date licensing/copyright block in a few files.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Allow building with bdb 4.4 or later
Reviewed by: nkinder (Thanks!)
Fix Description: db.m4 already had code to detect and use the correct version of db headers and libraries. There have been some minor api changes since 4.3, so not much code changes were required. Note that this merely allows the server to build and run with db4.4 or later, not to take advantage of the newer features of the API.
Platforms tested: FC7
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Description: Warn if cert or key file is missing
Fix Description: My fix for https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224672 reopened
this bug. I think the correct way to address this problem is this:
If using security, the key and cert db files must exist i.e. there must already
be a server cert for the server.
If not using security, there may not be a key/cert db, but NSS will create them
if the directory is writable.
Reviewed by: nhosoi (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Get rid of key/cert db prefix
Reviewed by: nhosoi (Thanks!)
Fix Description: Now that we have everything in its own instance
specific directory, we do not need the troublesome key/cert database
prefix. This simplifies the slapd_nss_init code a great deal.
Platforms tested: RHEL4
Flag Day: no
Doc impact: YES - A couple of the pages on the wiki talk about slapd-instance-cert8.db and so on - these pages will have to change once FDS 1.1 is released
|
| |
|
|
|
| |
Summary: make new_task() non-static
Adding a sample task plugin code and updating the README for the plugin.
|
| |
|
|
|
|
|
| |
Summary: [195305] make new_task() non-static
Changes: provide slapi_new_task and slapi_destroy_task as slapi APIs
Summary: [195307] task registration by plugins is wiped by task_init()
Changes: clean up old tasks before plugin_startall
|
| |
|
|
|
| |
Summary: referential integrity plugin does not stack with Class of Service appliance (Comment #16)
Changes: Don't call dblayer_close before plugin_closeall.
|
| |
|
|
|
| |
Summary: Directory Server hangs when running VLV search and update operations simultaneously. (Comment#22)
Change: Before creating db cursor, unlock vlvSearchList.
|
| |
|
|
| |
Summary: Fix inconsistent clear password storage and ensure that SASL authentication uses passwords properly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: db backend path handling could be impoved to deal with "//", "..", etc.
Changes:
util.c:
modified rel2abspath so that if the given path contains "//", calls the
normalize function, and the normalize function eliminates the repeated
separators.
ldbm_config.c, ldbm_instance_config.c:
before setting the nsslapd-directory paths, pass them to rel2abspath to clean
up the paths.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Server autoconf build crashes when stopped/started very quickly
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem was that 3 of the database threads were being started and stopped before the 4th had a chance to start. So the thread count would start at 3 and drop to 0, and the dblayer_pre_close code would think everything was fine. The 4th thread is the checkpoint thread which was doing a db_checkpoint operation before incrementing the thread count. For some reason, on x86_64 with the system provided libdb-4.2, the checkpoint operation was taking longer than it usually does with our locally built libdb-4.2, so this allowed the other 3 threads to stop and start before the checkpoint thread had a chance to increment the thread count.
The solution is to make sure the incrementing of the thread count occurs as early as possible in the thread function, before any executable code that might take any time. This should ensure that all of the threads start up and increment the thread count before the shutdown occurs.
The second part of the solution is that, according to wtc, the NSPR maintainer, the PR_Atomic functions should not be used as a semaphore like this. So, the code was rewritten to use locks and condition variables. The code is not performance critical, so adding locking should not have any impact on performance. In addition, the new code is much cleaner, more correct, and more obvious about what it's doing.
Platforms tested: RHEL4 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: Directory Server hangs when running VLV search and update operations simultaneously. (Comment #16)
Changes:
1. promoted idl_delete to global to make it available in
vlv_trim_candidates_byvalue. In vlv_trim_candidate_byvalue, if any id's in the
idlist is found not having the corresponding entry, delete the id from the
idlist and retry the binary search.
2. demoted too noisy error message: - compare_entries db err -30990
3. not to include the db access code (cursor operation) inside of the read-lock in vlv_find_index_by_filter.
|
| |
|
|
|
|
| |
Summary: Make random password generation work with policies
Changes: 1) Generate a password that meets the current password syntax rules.
2) Report errors when Min8Bit is set or MinCategories > 4
|
| |
|
|
| |
Summary: Improved error messages for password syntax violations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: integrating db43 into ds70
Reviewed by: nkinder (Thanks!)
Fix Description: I took the original diffs posted by Ulf and merged them in with our code which has changed slightly since the diffs were originally generated. I also put #if directives like the following:
#if 1000*DB_VERSION_MAJOR + 100*DB_VERSION_MINOR >= 4300
... db43 features ...
#else
... db42 features ...
#endif
so that we can use both db42 and db43.
Platforms tested: RHEL4/FC5
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
| |
Summary: configure needs to support --with-fhs (Comment #6)
Changes: Added the following include next to the end of the copyright block.
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
|
| |
|
|
|
| |
Summary: Cleaning up obsolete macros in the build
Changes: eliminated macro CYRUS_SASL and BUILD_GSSAPI (Comment #23)
|
| |
|
|
|
| |
Summary: Cleaning up obsolete macros in the build
Changes: eliminated macro NSPR20 (Comment #8)
|
| |
|
|
|
| |
Summary: Cleaning up obsolete macros in the build
Changes: eliminated macro NSPR20 (Comment #9)
|
| |
|
|
|
| |
Summary: Cleaning up obsolete macros in the build
Changes: eliminated macro UPGRADEDB (Comment #6)
|
| |
|
|
|
| |
Summary: Cleaning up obsolete macros in the build
Changes: eliminated macro NET_SSL (Comment #5)
|
| |
|
|
|
| |
Summary: Cleaning up obsolete macros in the build
Changes: eliminated macro NS_DS (Comment #2, #3)
|
| |
|
|
| |
Summary: Corrected ACI checking for userPassword during an add operation.
|
| |
|
|
| |
Summary: Make fallback SASL path work for 64-bit Linux default location.
|
