| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
| |
Summary: LDAPI: support auto-bind
Description: String representation of socktype was not set correctly when
the socktype was PR_AF_LOCAL.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: LDAPI: support auto-bind
Description:
1) Debugged the basic code of slapd_get_socket_peer, which is used for Solaris9
and HP-UX. The recvmsg call returns an error immediately if no data is waiting
to be received since the socket is set PR_SockOpt_Nonblocking (O_NONBLOCK). To
make slapd_get_socket_peer more robust, we have to retry recvmsg if it returns
EAGAIN. But set a retry count not to hang there.
2) Introduced c_local_valid in the Connection handle to tell the autobind
code that the uid/gid pair is valid or not.
3) Stops the automagic/unconditional auto-bind (the code used to be in
daemon.c).
4) Auto-bind is effective only when the client passes the SASL/EXTERNAL request.
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: LDAPI: referral mode needs LDAPI socket
Problem Description: If you start the server with the referral mode, e.g.,
like this:
ns-slapd refer -D /etc/dirsrv/slapd-test -r ldap://laputa.example.com
UNIX socket for LDAPI was not opened since LDAPI configuration parameters are
not read from dse.ldif at that moment.
Fix Description: adding the code to process nsslapd-ldapifilepath and
nsslapd-ldapilisten in slapd_bootstrap_config.
|
| |
|
|
|
|
|
| |
Summary: Allow larger regex buffer to enable long substring filters
Description: Applying the patches provided by ulf.weltman@hp.com.
regex.c: use dynamically allocated regex buffer, use ptrdiff_t to store the offsets to be restored after the realloc, and use a constant for the value of "how much the NFA buffer can grow in one iteration on the pattern".
string.c: use dynamically allocated buffer if the prepared buffer is not large enough, used wrong pointer (pat instead of p) in a debug message, and performed an unneeded strcat of ".*"
|
| |
|
|
| |
Summary: Check for indirect memberships when removing memberOf attributes.
|
| |
|
|
|
|
|
|
| |
Summary: memory leaks in extensible filter code
Description: applying the patch provided by Ulf Weltman
1) type is not consumed in attrlist_merge
2) although dnattrs is a linked list, only the first item was released.
Test case filter: "(ou:dn:=groups)"
|
| |
|
|
| |
Summary: Fixed memory leaks in memberOf plug-in.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: simple password auth fails using NSS 3.11.99 or later
Reviewed by: nkinder (Thanks!)
Fix Description: The new softokn in NSS 3.11.99 and later requires that
the server calls NSS_Init() after forking, but before detaching from the
controlling terminal. In fact, this was always a requirement, but the
softokn in older NSS allow it. However, it's possible that some
hardware crypto devices do not allow this and may not work with older
directory servers. The fix is to move the nss/ssl initialization so
that it can be called at the right point, or from other points in cases
where the server does not fork (e.g. db2ldif).
Platforms tested: Fedora 9 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Fixed valrgind errors about use of unitialized values.
|
| |
|
|
| |
Summary: Enhanced SLAPI task API and ported existing tasks to use new API.
|
| |
|
|
| |
Resolves: 439450
|
| |
|
|
| |
Summary: Handle delete modify of all present member values. When doing a delete modify, we should treat it the same as a replace when no deletion values are specified.
|
| |
|
|
| |
Summary: Handle updates of memberOf attributes for indirect members when a group is renamed.
|
| |
|
|
|
|
|
|
| |
Summary: SASL IO functions set/get: argument mismatch
Fix description: When setting the IO functions in sasl_io_setup, use the local
memory to pass the IO functions. Plus, allocate the memory for backing up the
existing IO functions (real_iofns in the code), which is set in sasl_io_setup
and the area is released after setting it back in sasl_io_cleanup.
|
| |
|
|
| |
Summary: Allow fractional replication between masters.
|
| |
|
|
| |
640:9c57bd91b32f if ipa-memberof.c).
|
| |
|
|
| |
Summary: Fixed crash in replication during bulk import. Use bulk impport code more consistently.
|
| |
|
|
| |
Summary: Allow import fifo to clear out all finished entries.
|
| |
|
|
|
| |
Descriptionn: fedora-ds-base build problem
Fix Description: Correct usage of va_list and vfprintf
|
| |
|
|
|
|
|
| |
Summary: Multiple restores from a non-existant directory could wipe out database
Description: The given archive path was not normalized. Due to the trailing
slash '/', comparing with the db dir failed and wiped out the db dirs.
Applying the path normalization to the archive path.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: db2bak: crash bug (comment #8, 11)
Description:
Set the strong requirement: nsslapd-directory must have some value.
to guarantee it:
1) checking errors from ldbm_config_directory_set. If the check fails, don't
start the server.
2) if nsslapd-directory does not exist or the value is empty in dse.ldif,
issuing an error message and returning the error code.
3) since it was difficult to distinguish the nsslapd-directory empty value from
the initial default value, introduced CONFIG_FLAG_SKIP_DEFAULT_SETTING flag to
tell the backend config code to skip setting the default value
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: LongDuration: Error log Rotation test suite causes slapd hang
Problem description: LDAPDebug eventually calls slapd_log_error_proc_internal,
which obtains the lock. If any functions called in the lock tries to log into
the errors log, it tries to get the same lock and it hangs there since the
underlying PR_Lock is not reentrant.
Fix description: log__enough_freespace and log__delete_error_logfile could be
called indirectly from slapd_log_error_proc_internal. Instead of LDAPDebug,
changed these functions to call log__error_emergency when necessary.
|
| |
|
|
|
|
| |
Summary: db2bak fails if the archive path exists and ends with '/' (Comment #8)
Description: Changed the condition to normalize the path: if '.' or '/' is
included in the path, normalize it.
|
| |
|
|
|
|
| |
Summary: Hide nsslapd-db-transaction
Description: don't show the configuration parameter nsslapd-db-transaction in
dse.ldif.
|
| |
|
|
|
|
| |
Summary: clu test failures (Comment #7)
Description: 1) Removing obsolete PATH info from Usage
2) Replacing "idl" with "ID list" following the suggestion from Doc.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: MMR breaks from master that has been reinited
Reviewed by: nkinder (Thanks!)
Fix Description: This problem occurs when you have two or more masters, and you have updates that have originated at a master that have been sent to other masters (so that the other masters have a valid min/max csn for that replica in the ruv). If that master needs to be reinitialized for some reason (crash, etc.) the reinit will erase the changelog. The RUV for that master will now contain CSNs that are not in the changelog. If that master attempts to update another master, it will first look at the RUV from the consumer, which will contain the old CSNs, and it will look for those CSNs in the changelog, fail, and abort the update process, meaning this master can no longer send updates to other servers.
The solution is for the master to just use the min CSN in its own RUV as the new starting point, if it has not been purged. In the case of purging, if the CSN is not found, this means the consumer is too far behind and must be reinitialized.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
| |
Summary: listenhost: hostname associated with multiple addresses
1) parentheses were needed around *addr, which should have been evaluated
before the array.
2) fixed a small memory leak.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: PTA config parsing broken
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem is that it is very difficult to use a comma as a delimiter between the url and the optional settings. This is because the suffix may contain many commas. The argument string may look like this:
ldap://host1:port1 host2:port2 .... hostN:portN/a,long,suffix1:a,long,suffix2;....;a,long,suffixN optional,numeric,settings
The ldap url may not contain any spaces after the hostlist - the suffixlist part must contain only url encoded spaces if the suffix actually has a space in it. So the solution is to use a space to separate the url from the options list. The parser looks for the first space after the last "/" in the url. This should be ok - at least it will not break the most common use of pta, which is to allow the config DS admin user to log into servers that do not have the o=NetscapeRoot. setup will use something like this:
ldap://configdshost:configdsport/o=NetscapeRoot
with not optional settings - this should parse just fine with the new code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: dbgen.pl uses incorrect perl interpreter on hpux
Reviewed by: nhosoi (Thanks!)
Fix Description: Set @perlexec@ to the correct platform specific perl location.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration : encryption key entries missing when source is 6.21
Reviewed by: nhosoi (Thanks!)
Fix Description: I found out why it wasn't always adding the attribute encryption entries. If the cn=monitor entry existed for the database, it would not add the other container entries. I don't know why it did that. I changed it to always add those entries, and just skip the ones that already exist. This should ensure that the attribute encryption entries always exist.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: "nested" filtered roles result in deadlock
Description: Function slapi_vattr_values_get_sp used to use the context
allocated on the stack. Changed it to call vattr_context_new to set the
locally created pblock (local_pb). The pblock is used to pass the context
loop info as the stack gets deeper to prevent the stack overflow. At the
end of this function slapi_vattr_values_get_sp, slapi_pblock_destroy is
called if the context is local (use_local_ctx). The function cleans up
pb_vattr_context internally.
|
| |
|
|
|
|
|
| |
Summary: rhds71sp1 rhel3u6 - ns-slapd process dies with segmentation fault
Description: ldap_utf8prev, LDAP_UTF8PREV, and LDAP_UTF8DEC were sometimes
used without checking the returned pointer going back beyond the beginning
of the string.
|
| |
|
|
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler (Comment #25,26)
Change description: moved the DEBUG_TRACE to the place before deleting the
physical log file.
|
| |
|
|
| |
Summary: Corrected path generation for loading SNMP stats file.
|
| |
|
|
|
| |
Description: ACI targetattr list parser is whitespace sensitive
Fix Description: In addition to the previous fixes, test for quote at end of string before incrementing s - otherwise test will always fail.
|
| |
|
|
|
| |
Description: ACI targetattr list parser is whitespace sensitive
Fix Description: I made it too sensitive. The parser should allow simple unquoted strings. However, if it begins with a quote, it must end with a quote.
|
| |
|
|
| |
Summary: Don't define _XOPEN_SOURCE_EXTENDED on HP-UX.
|
| |
|
|
|
| |
Description: ssl acceptance tests are failing
Fix Description: This isn't the full fix, but the error message should print out the directory where it was looking for the missing cert db files.
|
| |
|
|
|
|
| |
Description: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash
Reviewed by: supplemental
Fix Description: In some cases, it is ok if the filter is NULL. So just allow NULL in those cases. slapi_str2filter must take either NULL or a writable string, so make sure we pass those in correctly.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: qualify warning message when cert8.db is missing
Reviewed by: self
Fix Description: Only warn when both cert8.db and cert7.db are missing. If cert7.db is there, NSS will automatically create cert8.db from it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Solaris: warnings reported by the Solaris compiler
|
| |
|
|
|
|
| |
Summary: infadd tool won't start. Fails to load data file (comment #4)
Description: HP compiler does not like to have a function call in a constant
expression.
|
| |
|
|
|
|
|
|
|
| |
Summary: MMR: Supplier does not respond anymore after many operations (deletes)
Description: introduce OP_FLAG_REPL_RUV. It's set in repl5_replica.c if the
entry is RUV. The operation should not be blocked at the backend SERIAL lock
(this is achieved by having OP_FLAG_REPL_FIXUP set in the operation flag).
But updating RUV has nothing to do with VLV, thus if the flag is set, it skips
the VLV indexing.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem was that we were not checking the return value of slapi_str2filter(). I added a check at the crash site, and it will not print out a helpful error message. I did a search through the code looking for other similar places and found a couple. I added similar code in those places.
I added an initialization of a buffer to null, as suggested by nhosoi.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: ACI targetattr list parser is whitespace sensitive
Reviewed by: nkinder, nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Need to trim trailing whitespace from the targetattr clause. I noticed that targetattrfilters had the same problem, except it returned ACL_SYNTAX_ERR in that case, so I changed targetattr to do the same.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
| |
Summary: "nested" filtered roles result in deadlock (comment #16)
Description: fixed a memory leak introduced in the previous checkins (comment #12)
|
| |
|
|
| |
Summary: Look for infadd data files in TEMPLATEDIR.
|
| |
|
|
| |
Summary: Sleep longer when waiting for ldap-agent to start.
|
| | |
|
