| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=644608
Description:
Previous cherry-pick commit 5cd9fc9826fd88b8672129e41523065c0b692c3b
failed the merge for setting a special dup compare callback
ai_dup_cmp_fn when it is set.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=644608
Description: Upgrade script ##upgradednformat.pl generates an
ancestorid index file in which the entry IDs are not sorted
in the index values.
This was caused because
1. upgradednformat.pl copies db files to a work dir
/path/to/db/<inst>/dnupgrade/<inst>
and run upgradednformat against the work dir.
2. Since ancestorid index needs to be created from the scratch,
import/upgradednformat code deletes the index and recreates
it.
3. When creating the index file, dblayer_open_file checks if
the to-be-opened index file is (in the standard location AND
the file exists) or not. In this case, the condition is
satisfied. Thus, the db is created using an absolute path
and closed once. Then, it is reopened using a relative path.
4. Before opening an index file, callback functions for libdb
are set. idl_new_compare_dups is one of them which is used
to sort entry IDs in the secondary index attribute values.
The setting is discarded by the close described in 3.
This patch resets the db callbacks and flags after the close.
Note: cherry-picked 058299aeaf48e34f4359f00cc05eb7186a80fc48
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the entrydn in id2entry
https://bugzilla.redhat.com/show_bug.cgi?id=592397
Description: If entries created by the 389 v1.2.5 or older,
the primary db (id2entry.db4) contains "entrydn: <normalized dn>".
Upgrading from the old version to v1.2.6 keeps the entrydn
attribute type and its value even though v1.2.6 is not supposed
to store the entrydn in the database.
1) This patch drops the entrydn attribute and value in upgrading
the db.
2) If an ldif file contains entrydn attribute type and value,
import (ldif2db[.pl]) ignores it.
3) A leak was found in the export (db2ldif[.pl]) which is fixed.
4) When nsslapd-subtree-rename-switch configuration attribute has
the value "on", entrydn is not used nor created. But the
server accepted reindexing entrydn request and generated an
entrydn index file. This patch rejects it.
5) Entry and dn cache clear calls (cache_clear) are added to
dblayer_instance_close in "#if defined(_USE_VALGRIND)", which
is not defined. To enable the code, the server needs to be
rebuilt with defining the macro. This is purely for debugging.
|
| |
|
|
|
|
|
| |
This patch allows an empty modify operation. We currently reject
an empty modify operation, but this patch makes the empty operation
update the modifyTimestamp and modifiersName attributes similar to
a touch-type operation.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=643532
Description: Some of the functions in ldbm_entryrdn.c uses
static memory for reading data from the entryrdn index, where
the static initializer should not have been used since the
memory cannot be shared among threads. This patch fixes it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=244229
Description:
1. When acl contains targetattr keyword:
(targetattr [!]= "attribute_1 || attribute_2 ...|| attribute_n"),
where attribute_n does not contain '*', the current ACL plugin
accepts any attribute_n value even if it is not defined in the
schema. This patch rejects the aci if it contains attribute_n
not defined in schema with this error message:
NSACLPlugin - targetattr "attribute_n" does not exist in schema.
Please add attributeTypes "attribute_n" to schema if necessary.
The message is logged in the error log as well as returned to
the client.
2. To implement 1, slapi APIs slapi_attr_syntax_exists is added.
3. An attributeTypes "connection" is added to 01core389.ldif which
is referred in an aci of cn=monitor.
|
| |
|
|
|
|
| |
Removed the extra proxydn format argument that was not being used
Use %lu for size_t format arguments
Reviewed by: nkinder (Thanks!)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
allow to delete some cn=config attributes
https://bugzilla.redhat.com/show_bug.cgi?id=602456
Description:
1. Originally, configuration attributes are designed not to allow
adding or deleting, but to allow just replacing. Due to a defect
in checking the add operation, adding (LDAP_MOD_ADD) is not rejected.
Instead of fixing the add checking to disallow adding, this patch
logs the operation in the error log.
2. On the other hand, deleting configuration attributes is rejected
by LDAP_UNWILLING_TO_PERFORM. We have a request that some attributes
need to allow to delete. This patch introduces a config attribute
nsslapd-allowed-to-delete-attrs, which value is configuration
attributes separated by a space ' '. If an attribute is in the list,
the attribute is allowed to delete. The delete operation is also
logged in the error log. By default, the list contains "nsslapd-
listenhost" and "nsslapd-securelistenhost".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of sasl packet length on connection 4
https://bugzilla.redhat.com/show_bug.cgi?id=637852
Description: A SASL packet is made from the 4 byte length and
the length size of payload. When the first 4 bytes were not
successfully received by one PR_Recv call, sasl_io_start_packet
in sasl_io.c considered an error occurred and set PR_IO_ERROR,
which terminates the SASL IO session.
To give clients a chance to send the rest of the length in the
next packet, this patch sets PR_WOULD_BLOCK_ERROR to the nspr
error code and EWOULDBLOCK/EAGAIN to errno and once the succeeding
packet comes in, it appends it to the previous incomplete length
data and continues the SASL IO.
|
| |
|
|
|
|
| |
This patch makes the access log entries for search, add, mod, del,
and modrdn operations display the authzid that is used when the
proxy authorization control is sent by the client.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
write entry; db error - 22 Invalid argument
https://bugzilla.redhat.com/show_bug.cgi?id=640854
Description: DBENV open flags is used to determine the DB_OPEN mode
whether to set DB_AUTO_COMMIT or not. The info was eliminated in
the change made for "Bug 633168 - Share backend dbEnv with the
replication changelog".
This patch picks up the backend dbenv openflags and uses it for
the changelog DB_OPEN.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=640027
Description: When DN is made from RDNs containing escaped plus
"\+", the dn normalizer considers the value could be nested multi-
valued RDNs. (e.g., cn=C\=Z\+A\=X\+B\=Y\,o\=O,o=OO)
In that case, multi-valued RDNs are sorted by the normalizer.
(==> cn=A\=X\+B\=Y\+C\=Z\,o\=O,o=OO)
The sample DN provided by Andrey Ivanov contains "\+", but that
is not a separator for the multi-valued RDNs:
cn=mytest\+\=-123'\;456,dc=example,dc=com
The dn normalizer should have checked the possibility, as well.
The check is added in this patch.
Also, sorting was not triggered if multi-valued RDNs are located
at the end of the value. (e.g., cn=C\=X\,B\=Y\+A\=Z,o=OO)
The bug was fixed, as well.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=639289
Description:
There was a bug in the utf8 uppe2Lower table:
Character İ (LATIN CAPITAL LETTER I WITH DOT ABOVE) did not map
to the corresponding LATIN SMALL LETTER DOTLESS I (2 bytes) but
to ascii 'i' (1 byte). The shortened DN tailed with a garbage
character and the entry was treated as an orphan entry which does
not belong to any suffix.
This patch fixes the mapping table mismatch as well as adds a code
to dn_ignore_case_to_end to force to NULL terminate the converted
string.
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the account policy plugin and related server code, schema, and config
A new switch to configure has been added --enable-acctpolicy - this is
enabled by default - so the plugin and the schema will be built and installed
by default
the plugin will be in dse.ldif, but will be disabled by default
The original contribution had some minor problems with the schema and config
entries - these have been cleaned up
The original contribution had a few memory leaks - these have been cleaned up
|
| |
|
|
|
|
|
|
|
|
| |
Have to ensure that all usage of ber_init in the server checks to see if
the bv->bv_val is non-NULL before using ber_init, and return the appropriate
error if it is NULL
Also fixed a problem in dna_extend_exop - would not send the ldap result to
the client in certain error conditions
Reviewed by: nhosoi (Thanks!)
Tested on: RHEL5 x86_64
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description:
This commit made for the bug 635987 introduced a bug to replication.
commit 8ac525e5ac997378f4f2a386e9b96568c8d66db5
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Tue Sep 21 15:12:07 2010 -0700
subtree_candidates (ldbm_search.c)
If you do have a tombstone filter, descendants will be NULL,
and idl_intersection of candidates and descendents will wipe
out all of the candidates, leaving just the one entry, e->ep_id.
Changed to call idl_intersection only when the filter is not
for tombstone or entryrdn_get_noancestorid (false, by default).
|
| |
|
|
|
|
|
|
|
|
|
| |
also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: Client side sizelimit / timelimit request should
be honoured by the Directory Manager, too. Changing the time/
sizelimit evaluation so that if client side request exists,
the value is set even if the bind user is the directory manager.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ACL containing ldap:///self
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description: When a basedn has no descendants, the code to take an
intersection of idl (which was returned from the filter search --
filter_candidates) and the basedn was skipped in subtree_candidates
(ldbm_search.c). Regardless of descendants, the intersection should
be taken for the idl and a tree starting with the basedn.
Note: This bug was introduced with entryrdn.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The str2simple() has been modified to release unqstr when
an error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The plugin_setup() has been modified to release the value before
it returns.
|
| |
|
|
|
| |
We don't free new_scheme if the password encode function is not
set. We need to free new_scheme in this error case.
|
| |
|
|
|
|
| |
There is a chance that we leak the memory pointed to by the new
variable if we never have one of the ldclt contexts point to it.
We need to jump to the error label in this case to free the memory.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The moddn_rename_children() has been modified to release
child_entry_copies before it returns.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The import_producer() has been modified to release ep when an error
occured.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The index_set_entry_to_fifo() has been modified to release ep when
the job is aborted.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The _entryrdn_delete_key() has been modified to release tmpsrdn
when an error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The bulk_import_queue() has been modified to release ep when an
error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The _entryrdn_index_read() has been modified to release tmpsrdn
when an error occurs.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=630092
Description:
The putvalue() has been modified to release b64 using freeEnc64()
before it returns.
|
| |
|
|
|
|
| |
There is a chance that a can be NULL, which we then dereference
within the else block. We should not execute the else block if
a is NULL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
result being a paged one
https://bugzilla.redhat.com/show_bug.cgi?id=558099
Description: searched entry count is logged in the access log as
(nentries=<num>). When RFC 2696 page results control is passed,
the nentries logs the page size instead of the total searched
count. andrey.ivanov@polytechnique.fr proposed to log the control
info as follows:
[..] conn=# op=#RESULT err=0 tag=101 nentries=# etime=0 notes=P
This patch implemented the spec.
Also, there was a bug regarding unindexed note "notes=U" when
the paged results control is received. Only the first page logs
it, but not the rest. The bug was fixed.
|
| |
|
|
|
|
|
|
|
| |
the entry is moved to "under" the same DN.
https://bugzilla.redhat.com/show_bug.cgi?id=625014
Description: adding a check if the newsuperior is the entry itself
or its descendent. If it is, modrdn returns LDAP_UNWILLING_TO_PERFORM.
|
| |
|
|
|
|
|
|
| |
In entryrdn_compare_dups(), we dereference the a and b parameters
when initializing the elem_a and elem_b variables. We later
perform NULL checks on both a and b, but a NULL would have
triggered a crash. We should not dereference a or b until after
the NULL checks are performed.
|
| |
|
|
|
|
|
|
| |
The first parameter of dblayer_set_env_debugging() is dereferenced
inside of that function without NULL checking. We pass the env
variable to this function without first checking if it is NULL.
We should move the existing NULL check of env up to the top of the
dblayer_copy_file_keybybey() function.
|
| |
|
|
|
|
| |
The entry pointer that is passed to slapi_entry_attr_find() is
dereferenced by that function without a check for NULL. We should
check if ep->ep_entry is NULL before calling slapi_entry_attr_find().
|
| |
|
|
|
|
|
| |
There is a chance that we can deference a NULL pointer in the
mmldif code. If "(numb > tot_b)" is true, it is not guaranteed
that "a" is non-NULL. We need to check if "a" is NULL before
dereferencing it in the "(cmp < 0)" case.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
There is a possibility of deferencing prevocp when it is NULL
the second time through the loop if the first pass was not a
standard objectclass definition and tmpocp != curlisthead.
I don't think that this issue is possible unless some other
thread was able to modify tmpocp->oc_next between where curlisthead
is set (schema.c:2654) and where nextocp is set (schema.c:2658) the
first time through the loop. That said, I see no harm in checking
if prevocp is NULL before attempting to dereference it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=631862
Resolves: bug 631862
Bug Description: crash - delete entries not in cache + referint
Reviewed by: rmeggins and nhosoi
Branch: master
Fix Description: When deleting an entry, the referential integrity (referint)
plugin does an internal search to find references to this entry (e.g. in
group entries) and removes them. The search code wants to ensure that the
entrydn attribute is present in the entry when using entryrdn (subtree
rename). The search code sets a flag to tell the id2entry code to add the
entrydn attribute if it is not present. However, it was doing this to an
entry in the cache, which may be in use by another thread. The solution is
to add the entrydn attribute before adding the entry to the cache. In the
id2entry code, this is after the entry has been read from the id2entry db
successfully, but before the entry is added to the cache. In the LDAP ADD
code, this is done when the other computed operational attributes are added
to the new entry.
In addition to the above fix by rmeggins@redhat.com, following changes are
made:
1) entrydn attribute is always added to the entry in memory before putting
it in the entry cache, and the attribute is removed before writing the
entry to the database.
2) eliminating id2entry_ext, which was introduced to pass flags, but it is
no longer needed since only a flag ID2ENTRY_ADD_ENTRYDN was removed.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function slapi_mapping_tree_select_and_check() is only called for
modrdn operations, to make sure we are not attempting to rename a suffix
or move an entry from one backend to another. This defeats datainterop
plugins that may want to perform some other operation in these cases. If
the target suffix/backend is not found, the default backend is used. If
the default backend is being used, don't check for all errors, just allow
the operation to pass through to the preop plugins.
Need to make sure this doesn't cause problems if
1) null suffix is not used - entry really is bogus or doesn't exist
2) null suffix is being used but entry belongs to another null suffix or
is really bogus
Reviewed by: nhosoi (Thanks!)
Tested on: Fedora 14 x86_64
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=633168
Description:
* cl5_api.c, cl5_api.h
- fetches dbEnv from backend using slapi_back_get_info.
- unused macros and DB helper functions and APIs are removed.
* cl5_config.c
- local changelog DB related config parameters are removed.
* Added SLAPI_PLUGIN_BE_PRE_CLOSE_FN and SLAPI_PLUGIN_BE_POST_OPEN_FN to
close changelog DB before dbEnv is closed and to open changelog DB after
dbEnv is opened, respectively.
* Added slapi APIs slapi_back_get_info and slapi_back_set_info to get/set
the backend info.
* back-ldbm
- db2bak[.pl] and bak2db[.pl] backs up and restores the database files
including changelog db.
- changelog dir is backed up in <backupdir>/.repl_changelog_backup.
- underlying implementation ldbm_back_get_info for slapi_back_get_info
is added.
* Added an upgrade script 81changelog.pl
See also:
http://directory.fedoraproject.org/wiki/Move_changelog
|
| |
|
|
|
|
| |
In attr_index_config(), if argc or argv are NULL, we jump to the
done label. We then try to free attrs, but it was never initialized.
We need to initialize attrs to NULL.
|
| |
|
|
|
| |
In search_easter_egg(), we need to initialize the bervals before
we pass them to slapi_ldif_parse_line().
|
| |
|
|
|
|
|
|
| |
If we encounter an error early in
ldbm_instance_index_config_modify_callback(), we jump to the out
label where we try to free origMatchingRules, but it may not be
initialized. The same is true for origIndexTypes. We need to
initialize these pointers to NULL.
|
| |
|
|
|
|
|
|
| |
If we encounter an error early in
ldbm_instance_index_config_modify_callback(), we jump to the out
label where we free each element of the arglist array. This can
happen without initializing the array. We need to initialize arglist
before there is any chance to jump to the out label.
|
| |
|
|
|
|
|
|
| |
In entryrdn_get_parent(), there is a DBT structure that we can use
without initializing. If we goto the bail label, we try to free
data.data, but data was never initialized. We should clear the
memory used by data in the beginning of the function before we have
an opportunity to goto bail.
|
| |
|
|
|
|
| |
We use some uninitialized bervals when the backend code calls
slapi_ldif_parse_line(). We should be initializing the bervals to
be empty.
|
| |
|
|
|
|
| |
When the server is built against MozLDAP, we use some uninitialized
bervals when the backend code calls slapi_ldif_parse_line(). We
should be initializing the bervals to be empty.
|
| |
|
|
|
|
|
|
|
|
|
| |
The switch statements in agt_mopen_stats() are missing breaks to
prevent falling through to the next case when the stats file is
opened in read-only mode. This looks like it causes the stats file
to get opened a second time in read/write mode when ldap-agent
attempts to open it in read-only mode. This may leak file
descriptors in ldap-agent.
We need to add the proper break statements.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The final frees of priv->memory and priv will never be reached since
the function returns prior to these calls. It looks as if an
"error:" label was removed at some point, as the WIN32 code in this
function has goto statements using that label, but the label is not
defined.
The fix is to add the "error:" label in ifdef blocks for WIN32 that
calls the free of priv. The free of priv->memory is not necessary
since WIN32 doesn't use it and non-WIN32 builds don't use the error
label at all.
|
| |
|
|
|
|
|
|
|
|
|
| |
In the call to slapi_log_error(), we are guaranteed that srdn is
NULL if we are checking it for NULL due to the way the conditions
are nested. The only time we check if srdn is NULL is if be is
non-NULL, and the if condition guarantees that either be or srdn
are NULL.
We can just use the string "srdn" in our log message if be is
non-NULL.
|
