| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Summary: Correct use of offset in counter ASM for passed in parameter.
|
| |
|
|
|
|
| |
Summary: (64bitcounters) rhds 7.1 - server stats use 32-bit integers - entrycachehitratio 1503%
Description: additional fix for #207457; e->ep_refcnt should have been
protected by cache->c_mutex, otherwise it breaks the lru list under the stress.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: Support server-to-server SASL - part 4 - pta, winsync
Reviewed by: nhosoi (Thanks!)
Fix Description: Allow pass through auth (PTA) to use starttls. PTA uses the old style argv config params, so I just added an optional starttls (0, 1) to the end of the list, since there is currently no way to encode the startTLS extop in the LDAP URL. NOTE: adding support for true pass through auth for sasl or external cert auth will require a lot of work - not sure it's worth it - anyone other than console users can use chaining backend instead.
For windows sync, I just ported the same slapi_ldap_init/slapi_ldap_bind changes made to regular replication to the windows specific code. The Windows code still needs the do_simple_bind function to check the windows password, but it is not used for server to server bind anymore. NOTE: Windows does support startTLS, but I did not test the SASL mechanisms with Windows.
Platforms tested: Fedora 9
Flag Day: no
Doc impact: yes
|
| |
|
|
|
|
|
|
|
| |
Bug Description: Support server-to-server SASL - part 3 - dna plugin
Reviewed by: nkinder (Thanks!)
Fix Description: Changed the DNA code to use the new slapi_ldap_init/slapi_ldap_bind code. Also changed the code to get the port number to use from the replication agreement. Added some more replication internal code knowledge to the DNA code (unfortunately).
Platforms tested: Fedora 9
Flag Day: no
Doc impact: yes
|
| |
|
|
| |
Summary: Add config setting to disable unauthenticated binds.
|
| |
|
|
|
|
|
|
|
|
|
| |
Summary: index files for database should be deleted when db is deleted.
Fix Description: The callback ldbm_instance_post_delete_instance_entry_callback
is called when the backend instance is removed. In the callback, there was a
code to cleanup the primary db (id2entry.db#), but no other index files nor the
instance directory. Also, the code included a bug to get the instance
directory path. The proposed code gets the right instance directory path and
cleans up all the files in the directory, then removes the backend instance
directory.
|
| |
|
|
|
| |
Summpary: Memory usage research: checking in the experimental code
Comment: added a missing line
|
| |
|
|
|
|
|
| |
Summary: SASL MAP: memory leak in sasl_map_init
Fix Description: sasl_map_done put just comments to free the map list and the
private structure, but not implemented them. Added the code to release the map
list and the private structure.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: vlvindex should not give an error message when the vlvindex is empty
Fix description: In ldbm_fetch_subtrees, if the parent entry to be vlvindexed
('ou=payroll,dc=example,dc=com' in this example) does not exist, then vlvindex
with the proposed code issues this warning but no further messages.
warning: entrydn not indexed on 'ou=payroll,dc=example,dc=com'; entry ou=payroll,dc=example,dc=com may not be added to the database yet.
If the parent entry exists (entry id 10 in this example), but no descendant
entries to be vlvindexed do not, then vlvindex with the proposed code issues
this warning but no further messages.
warning: ancestorid not indexed on 10; possibly, the entry id 10 has no descendants yet.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Support server-to-server SASL - part 2
Reviewed by: nhosoi (Thanks!)
Fix Description: This part focuses on chaining backend - allowing the mux server to use SASL to connect to the farm server, and allowing SASL authentication to chain. I had to add two new config parameters for chaining:
nsUseStartTLS - on or off - tell connection to use startTLS - default is off
nsBindMechanism - if absent, will just use simple auth. If present, this must be one of the supported mechanisms (EXTERNAL, GSSAPI, DIGEST-MD5) - default is absent (simple bind)
The chaining code uses a timeout, so I had to add a timeout to slapi_ldap_bind, and correct the replication code to pass in a NULL for the timeout parameter.
Fixed a bug in the starttls code in slapi_ldap_init_ext.
The sasl code uses an internal search to find the entry corresponding to the sasl user id. This search could not be chained due to the way it was coded. So I added a new chainable component called cn=sasl and changed the sasl internal search code to use this component ID. This allows the sasl code to work with a chained backend. In order to use chaining with sasl, this component must be set in the chaining configuration nsActiveChainingComponents. I also discovered that password policy must be configured too, in order for the sasl code to determine if the account is locked out.
I fixed a bug in the sasl mapping debug trace code.
Still to come - sasl mappings to work with all of this new code - kerberos code improvements - changes to pta and dna
Platforms tested: Fedora 8, Fedora 9
Flag Day: yes
Doc impact: yes
|
| |
|
|
|
| |
Description: ACL: support group filter
Fix Description: unset value for lud_scope is -1, not NULL
|
| |
|
|
| |
Summary: Use 64-bit specific SASL default plug-in path on 64-bit Linux machines.
|
| |
|
|
|
|
|
|
| |
Summary: Import of data does not record timestamps
Description: Added a static function import_add_created_attrs to add
ModifiersName, CreateTimestamp, ModifyTimestamp to each imported entry. I
also added a check if nsslapd-lastmod is on or off. It adds the created info
only if the lastmod is on.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Support server-to-server SASL - part 1
Reviewed by: nkinder, nhosoi, ssorce (Thanks!)
Fix Description: I've created two new functions to handle the client side of LDAP in the server - slapi_ldap_init_ext and slapi_ldap_bind. These two functions are designed to work with any connection type (ldap, ldaps, ldap+starttls, and eventually ldapi) and bind type (plain, sasl, client cert). The secure flag has been extended to use a value of 2 to mean use startTLS. One tricky part is that there is no place to store the startTLS flag in init to pass to bind, so we store that in the clientcontrols field which is currently unused. We do that because the semantics of ldap_init are not to do any network traffic, but defer that until the bind operation (or whatever the first actual operation is e.g. start_tls). I plan to replace all of the places in the code that do ldap init and bind with these functions.
I started with replication. I extended the transport to add tls for startTLS and the bind method to add sasl/gssapi and sasl/digest-md5. I removed a lot of code from repl5_connection that is now done with just slapi_ldap_init_ext and slapi_ldap_bind. One tricky part of the replication code is that it polls the connection for write available, using some ldap sdk internals. I had to fix that code to work within the public ldap api since nspr and sasl muck with the internals in different incompatible ways.
Finally, there is a lot of new kerberos code in the server. The way the server does sasl/gssapi auth with its keytab is similar to the way it does client cert auth with its ssl server cert. One big difference is that the server cannot pass the kerberos identity and credentials through the ldap/sasl/gssapi layers directly. Instead, we have to create a memory credentials cache and set the environment variable to point to it. This allows the sasl/gssapi layer to grab the credentials for use with kerberos. The way the code is written, it should also allow "external" kerberos auth e.g. if someone really wants to do some script which does a periodic kinit to refresh the file based cache, that should also work.
I added some kerberos configure options. configure tries to first use krb5-config to get the compiler and linker information. If that fails, it just looks for some standard system libraries. Note that Solaris does not allow direct use of the kerberos api until Solaris 11, so most likely Solaris builds will have to use --without-kerberos (--with-kerberos is on by default).
Fixed a bug in kerberos.m4 found by nkinder.
ssorce has pointed out a few problems with my kerberos usage that will be addressed in the next patch.
Changed the log level in ldap_sasl_get_val - pointed out by nkinder
Platforms tested: Fedora 9, Fedora 8
Flag Day: yes
Doc impact: oh yes
|
| |
|
|
| |
Summary: Fix crash caused by DNA shared config update event.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: ACL: support group filter
Fix Description:
. backoff the previous checkin
. check the value of groupdn is the full ldapurl or not by ldap_url_parse.
. if yes, run the search and get the search results.
otherwise, evaluate the bind dn for the value as usual.
. evaluate the bind dn against each group returned from the search.
. additionally, added the code to trim the beginning and trailig spaces from
the groupdn value, which is needed for ldap_url_parse.
|
| |
|
|
|
| |
Summary: ACL: support group filter
Description: extended userattr #GROUPDN value to support LDAPURL
|
| |
|
|
| |
Summary: Removed static specifier from __sync_*_8 atomic functions.
|
| |
|
|
| |
Summary: Added 64-bit atomic functions for platforms lacking built-ins.
|
| |
|
|
|
| |
Summary: rhds 7.1 - server stats use 32-bit integers - entrycachehitratio 1503%
Description: added '/' at the head of the semaphore name.
|
| | |
|
| |
|
|
| |
Summary: Convert counters to 64-bit capable Slapi_Counter type.
|
| |
|
|
| |
Summary: Convert counters to 64-bit capable Slapi_Counter type.
|
| |
|
|
|
|
|
| |
Summary: LDAPI: when nsslapd-ldapiautodnsuffix doesn't exist - Bind is incorrect
Description:
- introducing --enable-auto-dn-suffix option to configure (disabled by default)
- building the auto-dn-suffix code only when the option is set
|
| |
|
|
|
|
|
| |
Summary: LDAPI: when nsslapd-ldapiautodnsuffix doesn't exist - Bind is incorrect
Description:
- introducing --enable-auto-dn-suffix option to configure (disabled by default)
- building the auto-dn-suffix code only when the option is set
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Summary: (64bitcounters) rhds 7.1 - server stats use 32-bit integers -
entrycachehitratio 1503%
Change description:
1) Makefile.am: instead of the inline assembly langauge file .il, include an
independent .S file to the libslapd_la_SOURCES list.
2) add AM_PROG_AS to configure.ac to accept CCAS and CCASFLAGS.
3) slapi_counter.c: adjusted to slapi_counter_sunos_sparcv9.S.
4) add slapi_counter_sunos_sparcv9.S
5) remove slapi_counter_sunos_sparcv9.il
|
| |
|
|
| |
Summary: Add 64-bit counter support (phase 1).
|
| |
|
|
| |
Summary: Add support for 64-bit counters (phase 1).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: Need to address 64-bit compiler warnings
Fix Description: As it turns out, there is no portable format specifier
for size_t that works on all of our supported platforms. Afaict, %lu should
work everywhere. C99 uses the "z" specifier, but alas not all of the compilers
we use support C99 and/or "z".
Platforms tested: RHEL5, Solaris
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: RFE: include RFC4876 schema - Autofs does not include
LDAP schema for Fedora Directory Server
Reviewed by: nkinder (Thanks!)
Fix Description: Pieter D.J. Krul has contributed many schema files that
have been tested in production environments. They are divided into two
groups - those that conflict with existing schema in DS, CertSys, and
IPA, and those which do not. The latter are installed in the default
schema directory to be available for new instances - the former are
installed in the data directory just as the rfc2307bis schema. The
schema provided cover autofs and rfc4876, as in the bug reports, and
more. Here is the full list of new files:
60trust.ldif 60pureftpd.ldif 60sudo.ldif 60nis.ldif 60samba.ldif
60mozilla.ldif
60samba3.ldif 60krb5kdc.ldif 60sabayon.ldif 60kerberos.ldif
60rfc4876.ldif 60inetmail.ldif 60rfc3712.ldif 60eduperson.ldif
60rfc2739.ldif 60changelog.ldif 60radius.ldif 60autofs.ldif 60qmail.ldif
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes - document the new schema
|
| |
|
|
|
| |
Summary: Memory usage research: checking in the experimental code
See also: http://directory.fedoraproject.org/wiki/Memory_Usage_Research
|
| |
|
|
|
|
| |
Bug Description: Need to address 64-bit compiler warnings - part 1
Reviewed by: nhosoi (Thanks!)
Fix Description: I inadvertantly committed fixes for 463991 along with fixes for 454030, and the fixes for 463991 broke the server. This commit makes the server work again.
|
| |
|
|
|
| |
Description: Need to address 64-bit compiler warnings - part 1
Fix Description: missed one line from my previous commit
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: nhosoi (Thanks!)
Fix Description: The intptr_t and uintptr_t are types which are defined as integer types that are the same size as the pointer (void *) type. On the platforms we currently support, this is the same as long and unsigned long, respectively (ILP32 and LP64). However, intptr_t and uintptr_t are more portable. These can be used to assign a value passed as a void * to get an integer value, then "cast down" to an int or PRBool, and vice versa. This seems to be a common idiom in other applications where values must be passed as void *.
For the printf/scanf formats, there is a standard header called inttypes.h which defines formats to use for various 64 bit quantities, so that you don't need to figure out if you have to use %lld or %ld for a 64-bit value - you just use PRId64 which is set to the correct value. I also assumed that size_t is defined as the same size as a pointer so I used the PRIuPTR format macro for size_t.
I removed many unused variables and some unused functions.
I put parentheses around assignments in conditional expressions to tell the compiler not to complain about them.
I cleaned up some #defines that were defined more than once.
I commented out some unused goto labels.
Some of our header files shared among several source files define static variables. I made it so that those variables are not defined unless a macro is set in the source file. This avoids a lot of unused variable warnings.
I added some return values to functions that were declared as returning a value but did not return a value. In all of these cases no one was checking the return value anyway.
I put explicit parentheses around cases like this: expr || expr && expr - the && has greater precedence than the ||. The compiler complains because it wants you to make sure you mean expr || (expr && expr), not (expr || expr) && expr.
I cleaned up several places where the compiler was complaining about possible use of uninitialized variables. There are still a lot of these cases remaining.
There are a lot of warnings like this:
lib/ldaputil/certmap.c:1279: warning: dereferencing type-punned pointer will break strict-aliasing rules
These are due to our use of void ** to pass in addresses of addresses of structures. Many of these are calls to slapi_ch_free, but many are not - they are cases where we do not know what the type is going to be and may have to cast and modify the structure or pointer. I started replacing the calls to slapi_ch_free with slapi_ch_free_string, but there are many many more that need to be fixed.
The dblayer code also contains a fix for https://bugzilla.redhat.com/show_bug.cgi?id=463991 - instead of checking for dbenv->foo_handle to see if a db "feature" is enabled, instead check the flags passed to open the dbenv. This works for bdb 4.2 through bdb 4.7 and probably other releases as well.
Platforms tested: RHEL5 x86_64, Fedora 8 i386
Flag Day: no
Doc impact: no
|
| |
|
|
| |
Summary: Perform better config validation in the DNA plug-in.
|
| |
|
|
|
|
|
|
|
|
|
| |
Bug Description: The Windows Sync API should have plug-in points - part 3
Reviewed by: nkinder (Thanks!)
Fix Description: It turns out I was a little bit too aggressive in removing memory leaks, and broke outbound modify processing. I should not have freed new_dn since it is used elsewhere. There was an earlier memory leak related to the way new_dn was initialized, but that was fixed elsewhere. The real fix is this:
- slapi_sdn_free(&new_dn);
The other fixes are lots of log messages I added to help debug this problem.
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes - plugin guide
|
| |
|
|
| |
Summary: Make DNA plug-in auto-extended exhausted ranges.
|
| |
|
|
|
|
|
|
|
|
| |
Bug Description: The Windows Sync API should have plug-in points - part 2
Reviewed by: nkinder (Thanks!)
Fix Description: Some additional changes to the api
The modify callbacks were not sufficient to handle all cases. We need to have access to the DS entry. This changes the API to add the DS entry to the modify callbacks. I also had to change the handling of the userAccountControl - it cannot just overwrite the value, it must set the appropriate bit in the bit mask.
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes - plugin guide
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: replica_generate_next_csn opcsn adjustment errors during concurrent MMR load
Reviewed by: nhosoi (Thanks!)
Fix Description: In csngen_adjust_time, even if the time diff <= remote_offset, we still need to
keep track of it and use it so that we generate CSNs that have the same
timestamp as the remote CSN. We use the local_offset to store that time diff.
This sort of fits the semantics of local_offset as the diff is usually caused
by the sampled time update thread running slightly behind, not in sync with the remote server.
The code in _csngen_adjust_local_time will take the local_offset into
consideration when updating the sampled time. One thing we have to be careful
of is to _not_ reset the sequence number if the new generated time will be the
same as the old generated time. If the old time is the same as the new time,
we have to preserve the sequence number so that the next CSN generated will be greater than the previous one.
The sequence number must be reset if
the time was increased. The right thing to do is set the sequence number to
the remote sequence number + 1, in the case where we have advanced the time.
If we have not advanced the time, we can't make the sequence number less,
because we would then issue CSNs less than or equal to CSNs already issued.
In csngen_adjust_time, we have to take care to reset the seqnum properly - if the new timestamp is greater than the old timestamp, we
set the sequence number to be the remote + 1, regardless of whether or not the
remote seq is < or > than the current seq.
With this patch, running the replication stress test, I do not see any time
skew, I do not see any generate_next_csn error messages, I do not see any
duplicate or retrograde CSN issuance.
Platforms tested: RHEL5, Fedora 8, Fedora 9
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: various valgrind reported startup memory leaks
Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: These memory leaks are not serious, but they do create a lot of noise in
valgrind.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: The Windows Sync API should have plug-in points
Reviewed by: nkinder (Thanks!)
Fix Description: Some additional changes to the api
1) added plugin points for begin update, end update, and agreement destruction
2) added debugging code to allow a regular DS to stand in for AD
3) fixed a couple of minor memory leaks
4) added the rest of the SLAPI DSE code to the public API to allow plugins to do dynamic configuration using the SLAPI public API
Platforms tested: RHEL5
Flag Day: no
Doc impact: yes - plugin guide
|
| |
|
|
| |
debugging tools
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Memory leaks in check_trivial_words, check_pw_storagescheme_value
Reviewed by: nkinder, nhosoi (Thanks!)
Branch: HEAD
Fix Description: The first leak happens when password policy is active and trivial words
checking is being used, and the password is being modified. When getting the
list of attribute from the existing entry in the modify case, the function
slapi_attr_get_valueset is used - this function makes a duplicate of the
valueset and overwrites the valueset argument. The fix is to move the allocation of vs until after the call to slapi_attr_get_valueset, and only allocate it if it is non NULL.
The second leak happens when the password storage scheme is changed. The
function check_pw_storagescheme_value uses pw_name2scheme to check the given
scheme - this function allocates a struct pw_scheme * which must be freed with
free_pw_scheme.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: already covered by acceptance tests
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Memory leaks in index code doing indexed & range & matching rule searches
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: This leak occurs when doing ranged, indexed searches. The code calls
index2prefix to get the index prefix. In the case of a matching rule search,
this prefix is allocated. The function free_prefix was not being called in all
cases.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Memory leaks in valueset code
Reviewed by: nkinder,nhosoi (Thanks!)
Branch: HEAD
Fix Description: The first leak occurs when you are using replication and you add values to an
attribute that were previously deleted - that is, the values that you want to
add are on the attribute's deleted values list and are being "resurrected".
This leak is caused by an improper bit test (foo & bar|baz). The or | has
higher precedence and is evaluated first. The fix is to use parentheses (foo &
(bar|baz)). Note that this issue was flagged by the compiler gcc with -Wall.
The second leak is caused when several values are being added to an attribute,
and the list contains non-sequential duplicate values (e.g. foo, bar, baz,
foo). The code uses an array of Slapi_Value* called keyvals. When a valid
value is found, the Slapi_Value* is moved from keyvals to valuetreep and the
keyvals array index is set to NULL. This array is passed to valuearray_free to
free the individual Slapi_Value* and the array itself. This works fine in the
non-error case because there are no Slapi_Value* elements to free, so it just
frees the array. However, in the duplicate value case, some of the elements
have already been set to NULL, so those are skipped over by valuearray_free.
The fix is to introduce a new function valuearray_free_ext that takes an
additional argument which is the array index to start freeing from. That way
the non-NULL Slapi_Value* elements can be freed along with the array itself.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Memory leaks in ids_sasl_user_search
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: This leak occurs when we use the new regex based identity mapping to lookup the
user bind dn based on the given user and user realm. There is a pblock allocated but not freed.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Memory leak setting password with passwd extop
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: 1) if the given dn is "", that 1 byte will be leaked when the dn is reassigned
to the bind dn - so free it first in that case before reassigning
2) calling slapi_pblock_get with SLAPI_CONN_DN does a strdup, which is
different than most uses of slapi_pblock_get. That memory must be freed. So we free it at the end.
3) If we set the ORIGINAL_TARGET to a dn other than the given dn, we must free
it - grab it and compare it to dn - if not the same, free dn first, then free the original target dn
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: Memory leak setting new password storage scheme
Reviewed by: nkinder (Thanks!)
Branch: HEAD
Fix Description: In config_set_pw_storagescheme, new_schema is allocated in both the non apply
and the apply case, but it is only freed in the apply case. The solution is to free it in the non apply case.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug Description: SASL bind can leak credentials in some cases
Reviewed by: nkinder, nhosoi (Thanks!)
Branch: HEAD
Fix Description: There is this call in saslbind.c line 767:
/* can't do any harm */
if (cred->bv_len == 0) cred->bv_val = NULL;
apparently in some cases, cred bv_len is 0 but cred->bv_val is not-null. This
causes a leak of cred->bv_val.
The fix is to make sure cred->bv_val is freed if bv_len is 0. This should
catch all cases where this erroneous assumption is made.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
|
