| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: dbgen.pl uses incorrect perl interpreter on hpux
Reviewed by: nhosoi (Thanks!)
Fix Description: Set @perlexec@ to the correct platform specific perl location.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: migration : encryption key entries missing when source is 6.21
Reviewed by: nhosoi (Thanks!)
Fix Description: I found out why it wasn't always adding the attribute encryption entries. If the cn=monitor entry existed for the database, it would not add the other container entries. I don't know why it did that. I changed it to always add those entries, and just skip the ones that already exist. This should ensure that the attribute encryption entries always exist.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: "nested" filtered roles result in deadlock
Description: Function slapi_vattr_values_get_sp used to use the context
allocated on the stack. Changed it to call vattr_context_new to set the
locally created pblock (local_pb). The pblock is used to pass the context
loop info as the stack gets deeper to prevent the stack overflow. At the
end of this function slapi_vattr_values_get_sp, slapi_pblock_destroy is
called if the context is local (use_local_ctx). The function cleans up
pb_vattr_context internally.
|
| |
|
|
|
|
|
| |
Summary: rhds71sp1 rhel3u6 - ns-slapd process dies with segmentation fault
Description: ldap_utf8prev, LDAP_UTF8PREV, and LDAP_UTF8DEC were sometimes
used without checking the returned pointer going back beyond the beginning
of the string.
|
| |
|
|
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler (Comment #25,26)
Change description: moved the DEBUG_TRACE to the place before deleting the
physical log file.
|
| |
|
|
| |
Summary: Corrected path generation for loading SNMP stats file.
|
| |
|
|
|
| |
Description: ACI targetattr list parser is whitespace sensitive
Fix Description: In addition to the previous fixes, test for quote at end of string before incrementing s - otherwise test will always fail.
|
| |
|
|
|
| |
Description: ACI targetattr list parser is whitespace sensitive
Fix Description: I made it too sensitive. The parser should allow simple unquoted strings. However, if it begins with a quote, it must end with a quote.
|
| |
|
|
| |
Summary: Don't define _XOPEN_SOURCE_EXTENDED on HP-UX.
|
| |
|
|
|
| |
Description: ssl acceptance tests are failing
Fix Description: This isn't the full fix, but the error message should print out the directory where it was looking for the missing cert db files.
|
| |
|
|
|
|
| |
Description: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash
Reviewed by: supplemental
Fix Description: In some cases, it is ok if the filter is NULL. So just allow NULL in those cases. slapi_str2filter must take either NULL or a writable string, so make sure we pass those in correctly.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: qualify warning message when cert8.db is missing
Reviewed by: self
Fix Description: Only warn when both cert8.db and cert7.db are missing. If cert7.db is there, NSS will automatically create cert8.db from it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Solaris: warnings reported by the Solaris compiler
|
| |
|
|
|
|
| |
Summary: infadd tool won't start. Fails to load data file (comment #4)
Description: HP compiler does not like to have a function call in a constant
expression.
|
| |
|
|
|
|
|
|
|
| |
Summary: MMR: Supplier does not respond anymore after many operations (deletes)
Description: introduce OP_FLAG_REPL_RUV. It's set in repl5_replica.c if the
entry is RUV. The operation should not be blocked at the backend SERIAL lock
(this is achieved by having OP_FLAG_REPL_FIXUP set in the operation flag).
But updating RUV has nothing to do with VLV, thus if the flag is set, it skips
the VLV indexing.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem was that we were not checking the return value of slapi_str2filter(). I added a check at the crash site, and it will not print out a helpful error message. I did a search through the code looking for other similar places and found a couple. I added similar code in those places.
I added an initialization of a buffer to null, as suggested by nhosoi.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: ACI targetattr list parser is whitespace sensitive
Reviewed by: nkinder, nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Need to trim trailing whitespace from the targetattr clause. I noticed that targetattrfilters had the same problem, except it returned ACL_SYNTAX_ERR in that case, so I changed targetattr to do the same.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
| |
Summary: "nested" filtered roles result in deadlock (comment #16)
Description: fixed a memory leak introduced in the previous checkins (comment #12)
|
| |
|
|
| |
Summary: Look for infadd data files in TEMPLATEDIR.
|
| |
|
|
| |
Summary: Sleep longer when waiting for ldap-agent to start.
|
| | |
|
| |
|
|
|
|
|
| |
Description: tmpwatch whacks stats
Reviewed by: nkinder (Thanks!)
Fix Description: move the snmp slapd.stats file to run_dir (/var/run/dirsrv) and rename to slapd-instance.stats. Had to add nsslapd-rundir to cn=config in order for ldap-agent to be able to get it.
Doc: Yes, we need to document the new attribute nsslapd-rundir.
|
| |
|
|
| |
Summary: HP-UX: warnings reported by the HP-UX compiler
|
| |
|
|
| |
Summary: Fixed small non-recurring memory leak at startup.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Netscape Console allows instance directory to be set as change log
Reviewed by: nkinder (Thanks!)
Fix Description: 1) When removing the changelog files and directories, only remove the actual db related files - version, guardian, *db4, log.*, and __db.* - This should take care of the cases where the changelog was already created in an existing directory.
2) Disallow adding/changing a changelog db directory if it already exists and is not empty
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
| |
Summary: Don't add mailGroup objectclass when sync'ing new group entries from AD.
|
| |
|
|
|
|
|
|
| |
Summary: Migration/Upgrade fails when it's from 6.21 to 8.0 on the same OS/architecture
Description:
back-ldbm.h: added LDBM_VERSION_62
dblayer.c: fixed a bug to check the instance dir name
upgrade.c: added LDBM_VERSION_62
|
| |
|
|
| |
Summary: Ensure that we NULL terminate strings properly when processing config file settings.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: uuid generator not initialized by import from command line
Reviewed by: nkinder (Thanks!)
Fix Description:
The unique ID generator is not initialized if import is run from the command
line. The bad effect of this is that the clock sequence and node fields are all
zeros. This could lead to duplicate unique IDs being assigned by two different
servers.
What happens is that the uuid values all look like this:
XXXXXXXX-XXXXXXXX-80000000-00000000
So the time based part is generally ok, but the clock seq and node ID part are never initialized, hence 0's for those fields.
The fix is to initialize the unique id generator in the same manner as we do for the server when it starts up in regular mode, except that we tell the generator to use the single threaded (st) mode rather than the multi threaded (mt) mode.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: uuid generator truncates clock_seq_hi_and_reserved field
Reviewed by: nkinder (Thanks!)
Fix Description:
The uuid code has this code (where clock_seq is unsigned16 - 2 bytes and
uuid->clock_seq_hi_and_reserved is unsigned8 - 1 byte):
uuid->clock_seq_hi_and_reserved = (unsigned8)(clock_seq & 0x3F00) >> 8;
In this code, the cast to unsigned8 takes precedence over over the shift. So
what happens is that (clock_seq & 0x3F00) is first cast to an 8 bit quantity,
then shifted by 8 bits. The result is that the value is _always 0_. The code
also does this:
uuid->clock_seq_hi_and_reserved |= 0x80;
You can see this because every nsUniqueID looks like this:
XXXXXXXX-XXXXXXXX-80XXXXXXXX-XXXXXXXX
The first byte of the 3rd octet is always 80.
This may also be related to https://bugzilla.redhat.com/show_bug.cgi?id=197886 and may explain why the sequence numbers were exhausted so quickly. Without this fix, we only have 256 sequence numbers available. This fix adds another 6 bits.
The fix is to mask and shift as an unsigned16 quantity, then cast to unsigned8.
Platforms tested: RHEL5 x86_64
Flag Day: no - I think this will only impact new unique IDs that are generated. It will not affect existing unique IDs.
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: "nested" filtered roles result in deadlock (Comment #12)
Description:
1. Changed cache_lock to the read-write lock.
2. Instead of using the local vattr_context in vattr_test_filter, use the one
set in pblock as much as possible. To achieve the goal, introduced
pb_vattr_context to pblock.
3. Increased VATTR_LOOP_COUNT_MAX from 50 to 256.
4. When the loop count hit VATTR_LOOP_COUNT_MAX, it sets
LDAP_UNWILLING_TO_PERFORM and returns it to the client.
|
| |
|
|
| |
Summary: Remove changelog db file when replica config is removed.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: add an view object inside a view object that has an improper nsviewfilter crashes the server
Reviewed by: nhosoi (Thanks!)
Fix Description: I could not reproduce the problem by simply adding the bogus nsviewfilter. The server seemed to run fine, but I didn't stress it. However, if I restarted the server, the server would core during startup. The last message in the error log would say something about recovering the database, which is probably why the bug reporter said that it will not recover the database. The problem doesn't appear to be with views specifically, but with any internal search which uses the search_internal_callback_pb() (as opposed to the non callback internal search) and there are search base rewriters (such as the views code). The aci code uses this type of search at startup to find the acis, and that's where I saw the crash. I could crash the server at startup regardless of whether the view filter was bogus or not. The problem is that we are not passing in the address of new_base to slapi_ch_free. The fix is to use slapi_ch_free_string and pass in the address of the string. That fixes the crash.
I also cleaned up a few places in the views code which was not checking to see if slapi_str2filter returned NULL, which would happen in the case of the bogus search filter. I also added an error message which will tell the user that filter X in entry Y is bogus.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
Bug Description: crash at startup with new ldap sdk on 64-bit platform
Reviewed by: nkinder (Thanks!)
Fix Description: I went ahead and cleaned up or removed the incorrect ber code. We do not need to use LBER_SOCKBUF_OPT_DESC or LBER_SOCKBUF_OPT_READ_FN or LBER_SOCKBUF_OPT_WRITE_FN. I removed an unnecessary malloc/free and just used the stack as we do everywhere else in the code. It looks as though the start_tls cleanup code is almost never used - the code assumes that when you do a start_tls, that stays in force throughout the lifetime of the connection. Removing this code now should insulate us from future ldap c sdk changes.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Server hangs when adding a group with two password entries
Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: The pw_encodevals() was not encoding each value, only the first one, then setting each new value to the same encoded value. The solution is to move char *enc into the loop so that it is allocated anew each time.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Avoid double free of controls in passthrough plugin.
|
| |
|
|
| |
Summary: Initialize backup directory name properly for all cases.
|
| |
|
|
| |
Summary: Added new operation flag to skip writing modifiresname and related attributes. Updated password policy internal operations to use this new flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: Directory Server should shutdown if it fails to write logs (comment #7)
Change Description:
1. introduced a new static function log__error_emergency, which is called at
emergency to log to the syslog and at least try to log into the errors log one
more time.
2. added an error parameter to the macro LOG_WRITE_NOW to return if the writing
to the log was successful or not.
3. if opening an errors log or writing to an errors log failed, call
g_set_shutdown to shutdown the server gracefully.
4. log__error_emergency calls writing log function (LDAPDebug --> slapd_log_error_proc_internal) with ERROR_LOCK_WRITE unlocked, if locked.
|
| |
|
|
| |
Summary: Handle poorly formatted DN's when normalizing. Also only check modify values against authenticated DN for DN syntax attributes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: rhds71 - search filters returns too many entries on interger attributes value greater than 2 to the 31
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: I found a bug in my previous patch. The bt_compare function is used not only for comparing the actual key values but also for comparing raw index keys - that is, keys with the leading '=' or '*'. If comparing two keys, we should only use the syntax specific compare function if we are comparing two valid equality keys. A valid equality key begins with EQ_PREFIX and has at least one character after that. In this case, we strip off the EQ_PREFIX and pass the values to the syntax specific compare function. Otherwise, we just use a simple berval compare function that is based on memcmp.
The code in index_range_read needs to use a similar comparison algorithm, so I beefed up DBTcmp.
Why is this necessary? When doing a >= search or a <= search, we need to get the upper (for >=) or lower (for <=) bound for the range, which will either be the last (for >=) or first (for <=) equality key in the index. The index code uses a key of '=' to find the lower bound (which is lower than any key "=value") and a key of '>' to find the upper bound. A '=' with no value will collate before any real eq key with a value, and the ascii value of '>' is one greater than the ascii value of '='.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: logrotation time of -1 causes hang
Change description:
1. slapd_log_audit_proc, slapd_log_error_proc_internal, and log_flush_buffer:
use absolute value of rotationtime_secs to calculate the rotationsyncclock.
2. when the result of "atoi" for nsslapd-XXX-logrotationtime is 0 due to the
invalid setting, logrotation time is reset to -1 (no rotation).
3. if nsslapd-XXX-logrotationtime and nsslapd-XXX-logexpirationtime is large
(near MAXINT) and calculated rotationtime_secs and/or exptime_secs is
overflown, set MAXINT to the sec value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: db2bak fails if the archive path exists and ends with '/'
Fix description:
1. Use path normalize API rel2abspath to remove the trailing '/'s.
2. db2bak renames the archive dir if the directory exists, checks the directory
is the db dir or not. If it is, the command line rename back the existing db
to the original and exits with the error: db2archive: Cannot archive to the db
directory. Then, the original dir is renamed back. If the db2bak runs as a
task (db2bak.pl or console), the server is up and running. Although the
backend is disabled, we don't want to rename the db path even for a short time.
That being said, changed the order to: check if the archive dir is the same as
db dir or not. It exits immediately.
|
| |
|
|
|
|
|
| |
Description: double err=32 result sent when suffix doesn't exist
Reviewed by: nkinder (Thanks!)
Fix Description: The backend does not send back a result if the op is search and the err is NO_SUCH_OBJECT (32). The frontend should handle this case so that it knows to defer sending the result until all of the backend candidates have been scanned. We also need to change send_nobackend_ldap_result() to use slapi_send_ldap_result instead of send_ldap_result so that it has the same semantics as the regular backend code.
Platforms tested: RHEL5 x86_64
|
| |
|
|
|
|
| |
Summary: miscellaneous memory leaks
Description: 1) fixed memory leaks
2) cleaned up normalize_path code with fixing memory leaks
|
| |
|
|
|
| |
Summary: vlv: crash after repeated backend creation/deletion
Description: added a check code for the backend's existing.
|
| |
|
|
| |
Summary: Don't send result twice when searching against a non-existent suffix.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: rhds71 - search filters returns too many entries on integer attributes value greater than 2 to the power of 31
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: The way >= and <= searches are supposed to work in LDAP is that you are supposed to define an ORDERING matching rule for the attribute you want to use in the search filter. The way our code is written, most strings "just work" as a side effect of the way bdb sorts the keys by default - so you can do (uid>=jvedder) and get what you would expect, even though LDAP says this is illegal because the schema definition of the uid attribute does not have an ORDERING matching rule. And INTEGER worked with the old binary format for the same reason. The only attribute definitions we use with ORDERING are attributes that use Generalized Time syntax (e.g. createTimestamp, et. al.) and numSubordinates (which uses INTEGER, but this is a special case handled internally by the db code).
The way it works now is that the indexing code will honor the ORDERING matching rule specified in the schema definition. Or, if ORDERING is not specified, the user can use the nsMatchingRule index configuration. This will allow an existing customer that depends all integer syntax attributes (e.g. uidNumber) to allow range searches by default to enable range searches without editing the schema. The syntax definition for the attribute must also specify a compare function. This compare function will be used by the bdb bt_compare() function.
I also fixed a bug in the integer normalize code - a string of all zeros should normalize to a single "0". In all other cases, the leading zeros should be removed.
Platforms tested: RHEL5 x86_64
Flag Day: Yes. Integer indexes will need to be rebuilt (except for numsubordinates).
Doc impact: Yes - document slapi API additions
QA impact: Pay close attention to tests that use >= or <= search filters, both with and without index attributes. Also, pay close attention to greater/less than searches using i18n collations.
New Tests integrated into TET: Forthcoming
|
| |
|
|
| |
Summary: Add entries to entrycache after adding operational attributes.
|
| |
|
|
|
|
| |
Summary: server crash after deleting supposedly deleted attribute
Description:
index.c: if there is no attribute to delete, don't call index_addordel_values_svstring.c: changed string_values2keys to handle NULL bvals
|
