| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: ACLPB_MAX_ATTR_LEN is the buffer size including the trailing
null, not the strlen.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Just error and return if nread is < 0.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: If there was an error, set filter to NULL so we won't attempt
to free static memory.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=609590
Resolves: bug 609590
Bug Description: fix coverity Defect Type: Memory - corruptions issues
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The cnt parameter is not used, so just get rid of it.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=603942
Resolves: bug 603942
Bug Description: null deref in _ger_parse_control() for subjectdn
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: Needed to pass &orig to ber_scanf 'a' instead of orig. Also,check for NULL before doing strlen(orig).
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 82625ebf670c0f234e8bcbf18420e84b325e359e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rename switch is on
https://bugzilla.redhat.com/show_bug.cgi?id=578296
Change Description:
1) ldbm_back_next_search_entry_ext (ldbm_search.c)
When getting an entry from ID using id2entry_ext, pass a flag
ID2ENTRY_ADD_ENTRYDN to add entrydn to the entry.
2) id2entry_ext (id2entry.c)
Added id2entry_ext to handle the flag ID2ENTRY_ADD_ENTRYDN.
If ID2ENTRY_ADD_ENTRYDN is set in the flags variable and
entryrdn switch is enabled, entrydn is added to the entry.
3) index_read_ext (index.c)
If entryrdn switch is on and the attribute type is entrydn and
the search type is equality, then call entryrdn_index_read
to get the ID directly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
failure in PR_Poll
https://bugzilla.redhat.com/show_bug.cgi?id=604453
Resolves: bug 604453
Bug Description: SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: When the server pushes the SASL IO layer on to the connection
it must do so when there are no other references to the connection. The only
way to do this without introducing more locking is to have the saslbind code
just register the intent to push SASL IO at the next available time. This
cannot be done in the sasl bind code (or any operation code for that matter)
because connection_threadmain() will enable the connection for reading
(and polling) after reading the PDU and before calling the operation
function. Therefore, during the operation function, the connection may be
being actively polled, so we must not access the conn c_prfd.
The best place to push the IO layer is in connection_threadmain, after the
server has notified that there is read ready on the connection, but before
we have actually attempted to read anything. At this point,
connection_threadmain is the only thread that will be accessing the
connection, and if we push or pop the IO layer before calling the read
function, we are guaranteed to have the correct IO layer to use.
The code has been made generic enough to allow for use by the startTLS code
if the need arises.
I also added some more locking in the saslbind code, and changed the sasl IO
code to more closely resemble the way that the NSS code deals with IO
layer push/pop.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit c28fcadfc7812108573e40f13624e11a5a8609e5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
failure in PR_Poll
https://bugzilla.redhat.com/show_bug.cgi?id=604453
Resolves: bug 604453
Description: SASL Stress and Server crash: Program quits with the assertion failure in PR_Poll
Branch: master
Reviewed by: nhosoi (Thanks!)
Fix Description: We usually do not have to pop the IO layer from the SASL
connection. This is usually handled by PR_Close() on the PRFD, which should
only happen when the connection is not being referenced by the main PR_Poll()
call. The only time we need to explicitly pop the SASL IO layer is if the
client re-negotiates the SASL bind with a different ssf e.g. going from
clear to protected or vice versa.
Platforms tested: RHEL5 x86_64
(cherry picked from commit ac6ce0947d9b2d5ec3649948bca861f0e318d708)
|
| |
|
|
|
|
|
|
|
|
|
| |
also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: When a timelimit (as well as a sizelimit) is successfully
retrieved from SLAPIResLimitConnData, the value is always set to pblock.
With this change, it sets "no limit (-1)" if the operation is initiated
by Directory Manager.
|
| |
|
|
|
|
|
|
|
| |
If a password is changed using the password modify extended
operation, the modify used to modify the password will be leaked
if the change is rejected due to password policy or access control
settings.
This patch frees the mod when the password change is rejected.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=574101
Description: To create the ID list for child entries of to-be-renamed
entry, an inappropriate function (idl_append) was used. The function
expects the passed IDs are sorted. If not sorted, idl_insert should
be used instead.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=597375
Fix Description:
1) When a backend was removed, the db instance directory was removed
as well (See also 463774 - index files for database should be deleted
when db is deleted). In case DB_RECOVER_FATAL is set in the DB open
after the removal (e.g., in restore), the logs in the transaction
logs are replayed and compared with the contents of the DB files.
At that time, if the db instance directory does not exist, libdb
returns FATAL error. To prevent the problem, we have to leave the
empty directory.
2) When removing index files, we don't have to open index files
with CREAT flag.
Note: In the bug 463774, the server was fixed so that once a db
backend is removed, the db instance directory is removed. With
this fix (597375), the backend removal leaves the empty db instance
directory. Plus, if backup is restored, even if the backup was
made after the backend is deleted, the restore could create empty
DB files in the deleted db instance directory if the transaction
log files still contain the history of the deleted backend.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=595874
Resolves: bug 595874
Bug Description: 99user.ldif getting overpopulated
Reviewed by: self
Branch: HEAD
Fix Description: The schema code was adding X-ORIGIN 'user defined' to all
schema elements that had no X-ORIGIN. It should only add user defined to
schema elements from the user defined schema file, not to schema defined
in standard (read only) schema files. It looks like the code should work
fine if the schema element has no origin, so there is no reason to add
an origin for schema other than user defined schema.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=511112
Fix Description: If an entry already having more than 25 password
history attributes is added and password modify is performed on
the entry, it overflows the fixed length values_replace array and
crashes the server. This patch protects the overflow.
|
| |
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=595893
Fix Description: It must be guaranteed that ndn returned
from slapi_sdn_get_ndn is normalized. Putting back the
normalization code in slapi_sdn_get_ndn.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593899
Additional fix: if a target value is double quoted followed by
trailing spaces, the double quotes were not correctly handled.
Sample failed case:
aci: ( target = "ldap:///ou=organizationalUnit, o=test_ACIs.com" )
^
Changed to call __acl_strip_trailing_space to remove them.
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=588867
Fix description: _sparcv9_AtomicAdd, _sparcv9_AtomicSub, and
_sparcv9_AtomicSet were not correctly declared. It brought
in the implicit function declaration, where the return value
were casted to 32-bit integer and the comparison against the
64-bit unsigned integer failed. The comparison was in the
endless loop and it caused the server hang.
|
| |
|
|
|
|
|
|
|
| |
The new repl sesssion API will crash when adding a replication agreement.
It should check to see if there is a repl session api before attempting
to get the init function.
Reviewed by: nhosoi
Branch: HEAD
Platforms tested: RHEL5 x86_64
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593899
Fix Description: There was a bug if an invalid syntax acl was given
(e.g., the value of userdn was not double quoted), normalize_nextACERule
mistakenly continued processing the acl and eventually tried to
allocate a huge size of memory (since the end address was less
than the start address, end - start became negative) and it made
the server quit. Added more error handling code to prevent such
failures.
|
| |
|
|
|
|
|
|
|
| |
The anonymous resource limits were not being properly set. This
patch ensures that the limits are set properly when an anonymous
or unauthenticated BIND operation is performed. It also sets the
anonymous limits when we do a read on a connection that has not
yet perfomed a BIND. These limits will be overwritten with any
default or user-based limits once a valid BIND is performed.
|
| |
|
|
|
| |
The previous patch had a mangled function name in
the function prototype. This corrects the name.
|
| |
|
|
|
|
|
|
| |
This adds the ability to write a plug-in to register callbacks for
controlling when replication is allowed to occur. For details,
please see the design document at:
http://directory.fedoraproject.org/wiki/Replication_Session_Hooks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=593110
Fix description:
ldap/servers/slapd/back-ldbm/dblayer.c -- A memory area that
stores nsslapd-directory was shared between 2 structures:
struct ldbminfo and dblayer_private. In dblayer_post_close,
dblayer_private is released but not struct ldbminfo. The
latter does not know the memory area is freed. This fix
changes it so that each structure has its own copy.
ldap/servers/plugins/acl/acl.c -- A variable result_status
had a chance to be evaluated w/o an initialization.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Server Causes Crash
Fix description: normalized_mods->mod_bvalues is an array of
(struct berval *). When slapi_dn_normalize_ext returns an
allocated memory (case rc > 0), a new struct berval should have
been allocated and the address of the normalized string (normed)
and its length (dnlen) should be set in the berval.
The struct berval allocation was missing in the previous fix
for "Update to New DN Format".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change description:
. adding upgradednformat utility to each server instance.
. adding 91upgradednformat.pl for in-place-upgrade.
. implementing ldbm_back_upgradednformat sharing the import/
reincexing codes.
. adding a new DBVERSION ID "dn-4514" for the upgraded db.
. fixing access logs (delete.c and modify.c)
. fixing compiler warnings.
. fixing memory leaks.
. fixing a bug in syntax plugin to free strings.
. adding templates for plugin id, version, vendor, and description,
which are needed for the online upgrade.
. dbversion_write takes an additional bit flags, which indicates
which extra DBVERSION strings are written to the DBVERSION file.
It was introduced for the upgrade tools not to intervene each
other's tasks (e.g., dn2rdn for converting entrydn to entryrdn
and upgradednformat for upgrading the DN format).
. fixing a bug in entryrdn index code which was missing to normalize
RDN.
See also:
https://bugzilla.redhat.com/show_bug.cgi?id=591336
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format#Migration.2FUpgrade
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
1. Got rid of the old hardcoded limit 200MB.
2. Introduced the memory hard limit and soft limit.
Standalone command line import ldif2db behaves as follows:
If import cache autosize is enabled:
nsslapd-import-cache-autosize: -1 or 1 ~ 99
(if the value is greater than or equal to 100,
it's reset to 50 with a warning.)
the import cache size is calculated as
nsslapd-import-cache-autosize * pages / 125
(./125 instead of ./100 is for adjusting the BDB overhead.)
If import cache is disabled:
nsslapd-import-cache-autosize: 0
get the nsslapd-import-cachesize.
Calculate the memory size left after allocating the import cache size.
If the size is less than the hard limit, it issues an error and quit.
If the size is greater than the hard limit and less than the soft limit,
it issues a warning, but continues the import task.
Note: this function is called only if the import is executed as a stand
alone command line (ldif2db).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows one to set multiple dnaType attributes for a single
DNA range. This allows the same value to be used for each dnaType
(such as ensuring the uidNumber and gidNumber are the same value
from the range when ading a posixAccount).
There are some differences with the way DNA works for multi-type
ranges. For a value to be generated from a multi-type range, the
magic value must be specified to indicate which attributes should
use the newly generated value. This allows a range to be shared
across different entry types (such as having a uidNumber/gidNumber
range that is used or posixAccount and posixGroup entries). A
multi-type range will not generate a value for missing attributes
as DNA does for single-type ranges.
Since a range can have multiple types, the internal ordering of
config structs had to be changed to order by scope only. It was
previously ordered by type and then scope, which allowed us to
easily detect if we had already generated a value for a given type.
This change required a number of helper functions to be added for
tracking and checking which types we have already generated values
for.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handled correctly
https://bugzilla.redhat.com/show_bug.cgi?id=574167
Bug Description: If a DN contains "\ " at the end of its RDN,
it's be converted to "\20" by slapi_dn_normalize_ext in the
add operation. But the following search returns ' ' (not
an escaped space).
Fix Description: When slapi_dn_normalize_ext was applied to a
string which contains "\20", it converted the string to ' '.
This fix changes the behaviour so that the string "\20" in
DN remains untouched.
Also, this patch includes a fix to add a default suffix value
with no double quotes in template-suffix-db.ldif.in. We keep
double quoted suffix for the backward compatibility.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=585905
Bug Description:
targattrfilters takes this format of value:
(targattrfilters="add=attr1:F1 && attr2:F2... &&
attrn:Fn,del=attr1:F1 && attr2:F2 ... && attrn:Fn")
The ACL plugin code had blindly expected the value contains
the operator "add" or "del" and '=' to concatenate the
attribute and filter pair. The plugin should have checked
the possibility that the value does not follow the format.
Fix Description:
If '=' is not included in the targattrfilters value, the
ACL parser returns ACL_SYNTAX_ERR. Also, adding a check
code for the returned pointer from strchr and strstr.
|
| |
|
|
| |
Removed unused format arguments from format string
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=572018
Resolves: bug 572018
Bug Description: Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot
Reviewed by: self
Branch: HEAD
Fix Description: According to the error message, the entry id cannot be
found in the id2entry file. The entry id comes from the parentid index,
which has just been created by the dn2rdn upgradedb process. The entryid
is the key in the parentid index. I'm not sure how this can happen -
either the parentid contains the id of an entry that does not exist, or
the entryid was somehow corrupted. I've added some additional debugging
statements to try to narrow this down.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=145181
Resolves: bug 145181
Bug Description: Plugin target/bind subtrees only take 1 value.
Fix Description: New attributes nsslapd-exclude-targetSubtree and
nsslapd-exclude-bindSubtree have been added to specify excluded subtrees.
The set_plugin_config_from_entry() has been modified to read multiple
subtrees. The plugin_invoke_plugin_sdn() and plugin_allow_internal_op()
have been modified to check for excluded subtrees.
Reviewed by: rmeggins (and pushed)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Description:
. adding slapi_dn_normalize_ext and its siblings to normalize/validate
invalid DNs; deprecating slapi_dn_normalize and its siblings. (dn.c)
. replacing slapi_dn_normalize with new corresponding functions.
. normalizing hardcoded DNs (e.g., removing spaces around ',')
. setting correct DN syntax to nsslapd-suffix, nsslapd-ldapiautodnsuffix,
costemplatedn, nsslapd-changelogsuffix, nsBaseDN, nsBindDN
. if nsslapd-dn-validate-strict is enabled, incoming DN is examined and
rejected if it is invalid. Once approved, the DN is normalized.
. fixing compiler warnings and typos.
See also:
http://directory.fedoraproject.org/wiki/Upgrade_to_New_DN_Format
Related bugs:
Bug 199923 - subtree search fails to find items under a db containing special
characters
Bug 567968 - subtree/user level password policy created using 389-ds-console
doesn't work.
Bug 570107 - The import of LDIFs with base-64 encoded DNs fails, modrdn with
non-ASCII new rdn incorrect
Bug 570962 - ns-inactivate.pl does not work
Bug 572785 - DN syntax: old style of DN <type>="<DN>",<the_rest> is not
correctly normalized
Bug 573060 - DN normalizer: ESC HEX HEX is not normalized
Bug 574167 - An escaped space at the end of the RDN value is not handled
correctly
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The rsearch utility has an option (-i) that allows one to have a
file containing names to be used as a variable in search filters.
The way this is designed is that you would specify a partial filter
(such as "uid=") as the filter option and a random name from the
name file will be appended to the filter for each search operation.
Unfortunately, this option was broken. The format was missing
where we were creating the filter string, which caused the filter
option to be used as specified without appending a name from the
name file.
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=584109
Resolves: bug 584109
Bug Description: Slapd crashes while parsing DNA configuration
Fix Description: The dna_parse_config_entry() has been modified to duplicate
the shared_cfg_base value to avoid freeing the same memory location twice.
Reviewed by: rmeggins (and pushed by)
|
| |
|
|
| |
ldap/servers/slapd/filterentry.c (line 685) void function cannot return value
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
deleted entries)
https://bugzilla.redhat.com/show_bug.cgi?id=576644
Resolves: bug 576644
Bug Description: segfault while multimaster replication (paired node won't find deleted entries)
Reviewed by: rmeggins
Fixed by: edewata, nhosoi
Branch: HEAD
Fix Description: The delete code stores the actual entry from the entry
cache in the pblock as SLAPI_DELETE_BEPREOP_ENTRY so that the be preop
plugins can have access to the entry. SLAPI_DELETE_BEPREOP_ENTRY is an
alias for SLAPI_ENTRY_PRE_OP which is used by the front-end delete code.
When processing a replicated delete operation, and the
entry has already been deleted (converted to a tombstone), we needed to
restore the original entry in SLAPI_DELETE_BEPREOP_ENTRY so that the
front-end code can free it as SLAPI_ENTRY_PRE_OP instead of freeing the
actual entry from the cache.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The password modify extended operation was modifying the local database
on a read-only replica instead of returning a referral. The server is
designed to let the plugin ID used for updating password retry info make
local updates instead of returning a referral. This plugin ID was being
used by the password extop code, which it should not be doing.
The second issue is that we need to check if a referral needs to be sent
as early as possible when processing the extop request. We don't want
to reject the change if an entry does not exist before checking if a
referral is necessary since the server we refer to may have the target
entry present. This required adding a new helper function that allows
one to see if a write operation to a particular DN would require a
referral to be sent. The password modify extop code leverages this new
function to get the referrals and return them to the client if necessary.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
attribute returns all elements.
https://bugzilla.redhat.com/show_bug.cgi?id=572162
Resolves: bug 572162
Bug Description: the string "|*" within a search filter on a non-indexed attribute returns all elements.
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: PCRE interprets the '|' character as the start of
alternative branch. In the search filter, the other side of the '|' is
empty, which means match everything. The solution is to escape this and
other PCRE special chars before matching.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds a new managed entries plug-in. This plug-in allows
one to have the Directory Server automatically maintain a set
of entries that are based off of another type of entry (such
as user private group entries based off of user entries).
For more details, see the design document at:
http://directory.fedoraproject.org/wiki/Managed_Entry_Design
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configuring via ConfigFile
https://bugzilla.redhat.com/show_bug.cgi?id=561575
Resolves: bug 561575
Bug Description: setup-ds-admin fails to supply nsds5ReplicaName when configuring via ConfigFile
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The main problem was that the mod val was a berval, so we
needed |LDAP_MOD_BVALUES for the mod_op. The other problem is that the
mod and values were being used out of scope. While this seems to work, it's
better to make sure all of the values are in scope.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=578167
Resolves: bug 578167
Bug Description: repl. of mod/replace deletes multi-valued attrs
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: The server implements a mod/replace operation as a
mod/delete if all values, followed by a mod/add of the new values. The
mod/delete phase, since it removes all of the values, essentially deletes
the attribute, so it must set the attribute deletion_csn. This is even
true in the case when you do a mod/replace on an attribute that doesn't yet
exist. We have to create an empty attribute on the deleted_attrs list with
the deletion_csn set to the csn of the operation. This preserves the
semantics of the mod/replace operation.
When doing the add phase of the mod/replace, we have to be able to
resurrect attributes and values that may have been deleted by the mod/delete
phase. We can tell that we need to resurrect a deleted value in
resolve_attribute_state_multi_valued, in the deleted_values loop, because
the deletioncsn will be the same as the update csn, and the
delete_priority flag will be 0.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=566320
Resolves: bug 566320
Bug description: RFE: add exception to removal of attributes in cn=config for aci
Fix description: The modify_config_dse() has been modified to
check the ignore_attr_type() for all types of modify operation.
Reviewed by: rmeggins (and pushed by)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=567429
Resolves: bug 567429
Bug Description: slapd didn't close connection and get into CLOSE_WAIT state
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The JNDI code attached to the bug uses persistent search.
The connection pool code handles persistent searches differently than
regular connections. The connection pool code was acquiring a reference
to a conn, but was not releasing it in the persistent search case, assuming
the persistent search code did not also have a reference, but it does. This
caused connection_table_move_connection_out_of_active_list() to not move
the connection out of the active list, and therefore available for closing,
because there was an outstanding reference. The solution is for the
connection pool code to release its reference.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=455489
Resolves: bug 455489
Bug description: Address compiler warnings about strict-aliasing rules
Fix description: The codes that generate strict-aliasing warnings have
been changed.
Reviewed by: rmeggins (and pushed by)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=576074
Resolves: bug 576074
Bug Description: search filters with parentheses fail
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: PCRE requires '(' and ')' to be escaped to match a literal
parenthesis. Otherwise, it thinks the parenthesis is used for grouping.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=520151
Resolves: bug 520151
Bug description: Error when modifying userPassword with proxy user
Fix description: The acl_access_allowed() has been modified to
call aclplugin_preop_common() which will initialize the aclpb.
The aclplugin_preop_common() has been modified to check for the
ACLPB_INITIALIZED flag to avoid re-initializing aclpb.
Reviewed by: rmeggins (and pushed by)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conflict
https://bugzilla.redhat.com/show_bug.cgi?id=571677
Resolves: bug 571677
Bug Description: Busy replica on consumers when directly deleting a replication conflict
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: In some cases, urp fixup operations can be called from
the bepreop stage of other operations. The ldbm_back_delete() and
ldbm_back_modify() code lock the target entry in the cache. If a bepreop
then attempts to operate on the same entry and acquire the lock on the
entry, deadlock will occur.
The modrdn code does not acquire the cache lock on the target entries
before calling the bepreops. The modify and delete code does not acquire
the cache lock on the target entries before calling the bepostops.
I tried unlocking the target entry before calling the bepreops, then locking
the entry just after. This causes the problem to disappear, but I do not
know if this will lead to race conditions. The modrdn has been working this
way forever, and there are no known race conditions with that code.
I think the most robust fix for this issue would be to introduce some sort
of semaphore instead of a simple mutex on the cached entry. Then
cache_lock_entry would look something like this:
if entry->sem == 0
entry->sem++ /* acquire entry */
entry->locking_thread = this_thread
else if entry->locking_thread == this_thread
entry->sem++ /* increment count on this entry */
else
wait_for_sem(entry->sem) /* wait until released */
and cache_unlock_entry would look something like this:
entry->sem--;
if entry->sem == 0
entry->locking_thread = 0
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=548533
Description: repl5_inc_delete and repl5_tot_delete to release the
incremental and total update protocol were not implemented. This
fix implemented them. Also, it fixed a leak of connection in
private_protocol_factory.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=515805
Fix Description:
SLAPI_TASK_CANCELLED could be set in task_modify any time by
users' modifying nsTaskCancel value to TRUE. Then the following
slapi_task_status_changed destroys the task, which is called
even via a simple logging call slapi_task_log_status. After the
task is destroyed, any task related calls such as another
slapi_task_log_status or slapi_task_finish crashes the server.
This fix changes the behaviour to destroy the task only when
task_state is SLAPI_TASK_FINISHED. Once SLAPI_TASK_CANCELLED
is set to task_state, changing the state to SLAPI_TASK_FINISHED
by calling slapi_task_finish is the responsibility of the task
application (e.g., import). Until then, it is guranteed that
the task is available.
|
