Projects
Kolab:3.4
389-ds-base
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 7
View file
389-ds-base.changes
Changed
@@ -1,4 +1,9 @@ ------------------------------------------------------------------- +Wed May 14 14:08:16 UTC 2014 - aj@ajaissle.de + +- New upstream release 1.2.11.29 + +------------------------------------------------------------------- Tue Jul 16 08:56:37 UTC 2013 - aj@ajaissle.de - Spec file improvements
View file
389-ds-base.spec
Changed
@@ -1,7 +1,7 @@ # # spec file for package 389-ds-base # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ Name: 389-ds-base Summary: 389 Directory Server -Version: 1.2.11.15 +Version: 1.2.11.29 Release: 0 Group: Productivity/Networking/LDAP/Servers
View file
389-ds-base-1.2.11.15.tar.bz2/Makefile.am -> 389-ds-base-1.2.11.29.tar.bz2/Makefile.am
Changed
@@ -299,6 +299,7 @@ $(srcdir)/ldap/schema/50ns-value.ldif \ $(srcdir)/ldap/schema/50ns-web.ldif \ $(srcdir)/ldap/schema/60pam-plugin.ldif \ + $(srcdir)/ldap/schema/60posix-winsync-plugin.ldif \ $(srcdir)/ldap/schema/60autofs.ldif \ $(srcdir)/ldap/schema/60eduperson.ldif \ $(srcdir)/ldap/schema/60mozilla.ldif \ @@ -488,6 +489,7 @@ ldap/admin/src/scripts/50faxsyntaxplugin.ldif \ ldap/admin/src/scripts/50fixNsState.pl \ ldap/admin/src/scripts/50telexnumbersyntaxplugin.ldif \ + ldap/admin/src/scripts/50rootdnaccesscontrolplugin.ldif \ ldap/admin/src/scripts/50guidesyntaxplugin.ldif \ ldap/ldif/50replication-plugins.ldif \ ldap/admin/src/scripts/50linkedattrsplugin.ldif \
View file
389-ds-base-1.2.11.15.tar.bz2/Makefile.in -> 389-ds-base-1.2.11.29.tar.bz2/Makefile.in
Changed
@@ -1527,6 +1527,7 @@ $(srcdir)/ldap/schema/50ns-value.ldif \ $(srcdir)/ldap/schema/50ns-web.ldif \ $(srcdir)/ldap/schema/60pam-plugin.ldif \ + $(srcdir)/ldap/schema/60posix-winsync-plugin.ldif \ $(srcdir)/ldap/schema/60autofs.ldif \ $(srcdir)/ldap/schema/60eduperson.ldif \ $(srcdir)/ldap/schema/60mozilla.ldif \ @@ -1714,6 +1715,7 @@ ldap/admin/src/scripts/50faxsyntaxplugin.ldif \ ldap/admin/src/scripts/50fixNsState.pl \ ldap/admin/src/scripts/50telexnumbersyntaxplugin.ldif \ + ldap/admin/src/scripts/50rootdnaccesscontrolplugin.ldif \ ldap/admin/src/scripts/50guidesyntaxplugin.ldif \ ldap/ldif/50replication-plugins.ldif \ ldap/admin/src/scripts/50linkedattrsplugin.ldif \
View file
389-ds-base-1.2.11.15.tar.bz2/VERSION.sh -> 389-ds-base-1.2.11.29.tar.bz2/VERSION.sh
Changed
@@ -10,7 +10,7 @@ # PACKAGE_VERSION is constructed from these VERSION_MAJOR=1 VERSION_MINOR=2 -VERSION_MAINT=11.15 +VERSION_MAINT=11.29 # if this is a PRERELEASE, set VERSION_PREREL # otherwise, comment it out # be sure to include the dot prefix in the prerel
View file
389-ds-base-1.2.11.15.tar.bz2/configure -> 389-ds-base-1.2.11.29.tar.bz2/configure
Changed
@@ -20210,6 +20210,148 @@ fi if test "$enable_pam_passthru" = yes ; then + # check for pam header file used by plugins/pass_passthru/pam_ptimpl.c + if test "${ac_cv_header_security_pam_appl_h+set}" = set; then + { $as_echo "$as_me:$LINENO: checking for security/pam_appl.h" >&5 +$as_echo_n "checking for security/pam_appl.h... " >&6; } +if test "${ac_cv_header_security_pam_appl_h+set}" = set; then + $as_echo_n "(cached) " >&6 +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_security_pam_appl_h" >&5 +$as_echo "$ac_cv_header_security_pam_appl_h" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:$LINENO: checking security/pam_appl.h usability" >&5 +$as_echo_n "checking security/pam_appl.h usability... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <security/pam_appl.h> +_ACEOF +rm -f conftest.$ac_objext +if { (ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_compile") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then + ac_header_compiler=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_compiler=no +fi + +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:$LINENO: checking security/pam_appl.h presence" >&5 +$as_echo_n "checking security/pam_appl.h presence... " >&6; } +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <security/pam_appl.h> +_ACEOF +if { (ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" +$as_echo "$ac_try_echo") >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then + ac_header_preproc=yes +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no +fi + +rm -f conftest.err conftest.$ac_ext +{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: security/pam_appl.h: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: security/pam_appl.h: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: security/pam_appl.h: present but cannot be compiled" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: security/pam_appl.h: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: security/pam_appl.h: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: security/pam_appl.h: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: proceeding with the preprocessor's result" >&5 +$as_echo "$as_me: WARNING: security/pam_appl.h: proceeding with the preprocessor's result" >&2;} + { $as_echo "$as_me:$LINENO: WARNING: security/pam_appl.h: in the future, the compiler will take precedence" >&5 +$as_echo "$as_me: WARNING: security/pam_appl.h: in the future, the compiler will take precedence" >&2;} + ( cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to http://bugzilla.redhat.com/ ## +## ------------------------------------------ ## +_ASBOX + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +{ $as_echo "$as_me:$LINENO: checking for security/pam_appl.h" >&5 +$as_echo_n "checking for security/pam_appl.h... " >&6; } +if test "${ac_cv_header_security_pam_appl_h+set}" = set; then + $as_echo_n "(cached) " >&6 +else + ac_cv_header_security_pam_appl_h=$ac_header_preproc +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_header_security_pam_appl_h" >&5 +$as_echo "$ac_cv_header_security_pam_appl_h" >&6; } + +fi +if test "x$ac_cv_header_security_pam_appl_h" = x""yes; then + : +else + { { $as_echo "$as_me:$LINENO: error: Missing header file security/pam_appl.h" >&5 +$as_echo "$as_me: error: Missing header file security/pam_appl.h" >&2;} + { (exit 1); exit 1; }; } +fi + + { $as_echo "$as_me:$LINENO: result: yes" >&5 $as_echo "yes" >&6; }
View file
389-ds-base-1.2.11.15.tar.bz2/configure.ac -> 389-ds-base-1.2.11.29.tar.bz2/configure.ac
Changed
@@ -97,6 +97,8 @@ AS_HELP_STRING([--enable-pam-passthru], [enable the PAM passthrough auth plugin (default: yes)])) if test "$enable_pam_passthru" = yes ; then + # check for pam header file used by plugins/pass_passthru/pam_ptimpl.c + AC_CHECK_HEADER([security/pam_appl.h], [], [AC_MSG_ERROR([Missing header file security/pam_appl.h])]) AC_MSG_RESULT(yes) AC_DEFINE([ENABLE_PAM_PASSTHRU], [1], [enable the pam passthru auth plugin]) else
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/admin/src/logconv.pl -> 389-ds-base-1.2.11.29.tar.bz2/ldap/admin/src/logconv.pl
Changed
@@ -35,7 +35,7 @@ # # # Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. +# Copyright (C) 2013 Red Hat, Inc. # All rights reserved. # END COPYRIGHT BLOCK # @@ -43,9 +43,14 @@ # # Check for usage # +use strict; +use warnings; +use warnings 'untie'; use Time::Local; use IO::File; use Getopt::Long; +use DB_File; +use sigtrap qw(die normal-signals); Getopt::Long::Configure ("bundling"); Getopt::Long::Configure ("permute"); @@ -60,28 +65,60 @@ # # ####################################### -$x = "0"; -$fc = 0; -$sn = 0; -$logversion = "6.1"; -$sizeCount = "20"; -$startFlag = 0; -$startTime = 0; -$endFlag = 0; -$endTime = 0; -$s_stats = new_stats_block( ); -$m_stats = new_stats_block( ); +my $file_count = 0; +my $arg_count = 0; +my $logversion = "8.0"; +my $sizeCount = "20"; +my $startFlag = 0; +my $startTime = 0; +my $endFlag = 0; +my $endTime = 0; +my $reportStats = ""; +my $dataLocation = "/tmp"; +my $startTLSoid = "1.3.6.1.4.1.1466.20037"; +my @statnames=qw(last last_str results srch add mod modrdn moddn cmp del abandon + conns sslconns bind anonbind unbind notesA notesU etime); +my $s_stats = new_stats_block( ); +my $m_stats = new_stats_block( ); +my $verb = "no"; +my @excludeIP; +my $xi = 0; +my $bindReportDN; +my $usage = ""; +my @latency; +# key is conn number - val is IP address +my %openConnection; +my @errorCode; +my @errtext; +my @errornum; +my @errornum2; +my $ds6x = "false"; +my $connCodeCount = 0; +my %connList; +my %bindReport; +my @vlvconn; +my @vlvop; +my @fds; +my $fdds = 0; +my $reportBinds = "no"; +my $rootDN = ""; +my $needCleanup = 0; +my @scopeTxt = ("0 (base)", "1 (one)", "2 (subtree)"); +my $reportStatsSecFile; +my $reportStatsMinFile; GetOptions( - 'd|rootDN=s' => \$manager, + 'd|rootDN=s' => \$rootDN, 'v|version' => sub { print "Access Log Analyzer v$logversion\n"; exit (0); }, 'V|verbose' => sub { $verb = "yes"; }, - 'X|excludeIP=s' => \$exclude[$xi++], + 'D|data=s' => \$dataLocation, + 'X|excludeIP=s' => \$excludeIP[$xi++], 's|sizeLimit=s' => \$sizeCount, 'S|startTime=s' => \$startTime, 'E|endTime=s' => \$endTime, - 'm|reportFileSecs=s' => sub { my ($opt,$value) = @_; $s_stats = new_stats_block($value); }, - 'M|reportFileMins=s' => sub { my ($opt,$value) = @_; $m_stats = new_stats_block($value); }, + 'B|bind=s' => sub { $reportBinds = "yes"; $bindReportDN=($_[1]) }, + 'm|reportFileSecs=s' => \$reportStatsSecFile, + 'M|reportFileMins=s' => \$reportStatsMinFile, 'h|help' => sub { displayUsage() }, # usage options '-efcibaltnxgjuiryp' 'e' => sub { $usage = $usage . "e"; }, @@ -99,111 +136,152 @@ 'u' => sub { $usage = $usage . "u"; }, 'r' => sub { $usage = $usage . "r"; }, 'y' => sub { $usage = $usage . "y"; }, - 'p' => sub { $usage = $usage . "p"; } + 'p' => sub { $usage = $usage . "p"; }, + 'U' => sub { $usage = $usage . "U"; } ); # +# setup the report Bind DN if any +# +if($reportBinds eq "yes"){ + $bindReportDN =~ tr/A-Z/a-z/; + if($bindReportDN eq "all"){ + $bindReportDN = ""; + } + if($bindReportDN eq "anonymous"){ + $bindReportDN = "Anonymous"; + } +} + +# # set the default root DN # -if($manager eq ""){ - $manager = "cn=directory manager"; +if($rootDN eq ""){ + $rootDN = "cn=directory manager"; } # # get the logs # -while($sn <= $#ARGV){ - $files[$fc] = $ARGV[$sn]; - $fc++; - $sn++; +my @files = (); +while($arg_count <= $#ARGV){ + $files[$file_count] = $ARGV[$arg_count]; + $file_count++; + $arg_count++; +} + +if($file_count == 0){ + if($reportStatsSecFile or $reportStatsMinFile){ + print "Usage error for option -m or -M, either the output file or access log is missing!\n\n"; + } else { + print "There are no access logs specified!\n\n"; + } + exit 1; +} + +if ($reportStatsSecFile) { + $s_stats = new_stats_block($reportStatsSecFile); + $reportStats = "-m"; +} +if ($reportStatsMinFile) { + $m_stats = new_stats_block($reportStatsMinFile); + $reportStats = "-M"; } if ($sizeCount eq "all"){$sizeCount = "100000";} ####################################### # # -# Initialize Arrays and variables # +# Initialize Hashes and variables # # # ####################################### print "\nAccess Log Analyzer $logversion\n"; -print "\nCommand : logconv.pl @ARGV\n\n"; - -$dirmgr = "0"; -$notes = "0"; -$vlvnotes= "0"; -$search = "0"; -$fdtake = "0"; -$fdreturn = "0"; -$highfd = "0"; -$bind = "0"; -$unbind = "0"; -$anony = "0"; -$mod = "0"; -$delete = "0"; -$add = "0"; -$modrdn = "0"; -$moddn = "0"; -$compare = "0"; -$proxiedAuth = "0"; -$restarts = "0"; -$resource = "0"; -$broken = "0"; -$vlv = "0"; -$version2 = "0"; -$version3 = "0"; -$sortvlv = "0"; -$reset = "0";
View file
389-ds-base-1.2.11.29.tar.bz2/ldap/admin/src/scripts/50rootdnaccesscontrolplugin.ldif
Added
@@ -0,0 +1,16 @@ +dn: cn=RootDN Access Control,cn=plugins,cn=config +objectclass: top +objectclass: nsSlapdPlugin +objectclass: extensibleObject +cn: RootDN Access Control +nsslapd-pluginpath: librootdn-access-plugin.so +nsslapd-plugininitfunc: rootdn_init +nsslapd-plugintype: internalpreoperation +nsslapd-pluginenabled: off +nsslapd-plugin-depends-on-type: database +# these will be replaced when the server loads the plugin +nsslapd-pluginId: ID +nsslapd-pluginVersion: PACKAGE_VERSION +nsslapd-pluginVendor: VENDOR +nsslapd-pluginDescription: DESC +
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/admin/src/scripts/60upgradeschemafiles.pl -> 389-ds-base-1.2.11.29.tar.bz2/ldap/admin/src/scripts/60upgradeschemafiles.pl
Changed
@@ -11,7 +11,7 @@ # these schema files are obsolete, or we want to replace # them with newer versions - my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif 60sudo.ldif); + my @toremove = qw(00core.ldif 01core389.ldif 01common.ldif 02common.ldif 05rfc2247.ldif 05rfc4523.ldif 05rfc4524.ldif 06inetorgperson.ldif 10presence.ldif 28pilot.ldif 30ns-common.ldif 50ns-directory.ldif 60mozilla.ldif 60pam-plugin.ldif 60sudo.ldif); # these hashes will be used to check for obsolete schema # in 99user.ldif
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/admin/src/scripts/DSCreate.pm.in -> 389-ds-base-1.2.11.29.tar.bz2/ldap/admin/src/scripts/DSCreate.pm.in
Changed
@@ -150,9 +150,9 @@ debug(0, "WARNING: The root password is less than 8 characters long. You should choose a longer one.\n"); } - my $str = checkHostname($inf->{General}->{FullMachineName}); - if ($str) { - debug(0, $str); + if (@errs = checkHostname($inf->{General}->{FullMachineName}, 0)) { + debug(1, @errs); + return @errs; } return (); @@ -482,12 +482,16 @@ my $src = "$inf->{General}->{prefix}@configdir@/certmap.conf"; my $dest = "$inf->{slapd}->{config_dir}/certmap.conf"; $! = 0; # clear errno - copy($src, $dest); - if ($!) { - return ('error_copying_file', $src, $dest, $!); - } - if (@errs = changeOwnerMode($inf, 4, $dest)) { - return @errs; + + #in skip mode, skip files that already exist + unless ($skip and -f $dest) { + copy($src, $dest); + if ($!) { + return ('error_copying_file', $src, $dest, $!); + } + if (@errs = changeOwnerMode($inf, 4, $dest)) { + return @errs; + } } $src = "$inf->{General}->{prefix}@configdir@/slapd-collations.conf";
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/admin/src/scripts/DSUtil.pm.in -> 389-ds-base-1.2.11.29.tar.bz2/ldap/admin/src/scripts/DSUtil.pm.in
Changed
@@ -207,7 +207,8 @@ # arguments # - hostname - the hostname to look for # - res - the Resource object to use to construct messages -# returns - the error message string, or "" upon success +# returns - the error message string, or "" upon success if $res exists +# - the error message array, or () upon success otherwise sub checkHostname { my $hn = shift; my $res = shift; @@ -217,7 +218,7 @@ if ($res) { return $res->getText('warning_hostname_not_fully_qualified', $hn); } else { - return "Warning: hostname $hn is not a fully qualified host and domain name\n"; + return ('warning_hostname_not_fully_qualified', $hn); } } @@ -229,7 +230,11 @@ my %hints = (socktype => SOCK_STREAM); my ($err, @aires) = getaddrinfo($hn, "ldap", \%hints); if ($err) { - return $res->getText('warning_no_such_hostname', $hn); + if ($res) { + return $res->getText('warning_no_such_hostname', $hn); + } else { + return ('warning_no_such_hostname', $hn); + } } while (my $ai = shift @aires) { debug(1, "found for hostname $hn\n"); @@ -256,7 +261,11 @@ debug(1, "Socket6\n"); my @aires = getaddrinfo($hn, "ldap", AF_UNSPEC, SOCK_STREAM); if (scalar(@aires) < 5) { - return $res->getText('warning_no_such_hostname', $hn); + if ($res) { + return $res->getText('warning_no_such_hostname', $hn); + } else { + return ('warning_no_such_hostname', $hn); + } } my $ailen = scalar(@aires); while ($ailen >= 5) { @@ -293,7 +302,7 @@ if ($res) { return $res->getText('warning_no_such_hostname', $hn); } else { - return "Warning: could not resolve hostname $hn\n"; + return ('warning_no_such_hostname', $hn); } } debug(1, "found for hostname $hn: name=$name\n"); @@ -313,24 +322,29 @@ } if (!$found) { - my $retstr = ""; if ($res) { + my $retstr = ""; $retstr = $res->getText('warning_reverse_resolve', $hn, $hn); - } else { - $retstr = "Warning: Hostname $hn is valid, but none of the IP addresses\nresolve back to $hn\n"; - } - for my $ii (@hostip) { - if ($res) { + for my $ii (@hostip) { $retstr .= $res->getText('warning_reverse_resolve_sub', $ii->[1], $ii->[0]); - } else { - $retstr .= "\taddress $ii->[1] resolves to host $ii->[0]\n"; } + return $retstr; + } else { + my @reterrs = (); + push @reterrs, [ 'warning_reverse_resolve', $hn, $hn ]; + for my $ii (@hostip) { + push @reterrs, [ 'warning_reverse_resolve_sub', $ii->[1], $ii->[0] ]; + } + return @reterrs; } - return $retstr; } debug(1, "hostname $hn resolves correctly\n"); - return ''; + if ($res) { + return ''; + } else { + return (); + } } # delete the subtree starting from the passed entry
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/admin/src/scripts/repl-monitor.pl.in -> 389-ds-base-1.2.11.29.tar.bz2/ldap/admin/src/scripts/repl-monitor.pl.in
Changed
@@ -41,8 +41,9 @@ # FILE: repl-monitor.pl # # SYNOPSIS: -# repl-monitor.pl -f configuration-file [-h host] [-p port] [-r] -# [-u refresh-url] [-t refresh-interval] +# repl-monitor.pl [-f configuration-file] [-h host] [-p port] [-r] +# [-c connection] [-a alias] [-k color] [-u refresh-url] +# [-t refresh-interval] [-s] [-W] # # repl-monitor.pl -v # @@ -111,6 +112,22 @@ # If the color section or color entry is missing, the default color # set is: green for [0-5) minutes lag, yellow [5-60), and red 60 and more. # +# The following three options (-c, -a, -k) are used if not providing a +# configuration file: +# +# -c connection +# The connection value is the same as the configuration file value(see above): +# -c "host:port:binddn:bindpwd:bindcert" +# +# -a alias +# The alias value is the same as the configuration file value(see above): +# -a "alias=host:port" +# +# -k color +# The color value is written as "lowmark:color". Where the lowmark is in minutes. +# This option is ignored if printing a plain text report. +# -k "5=#ccffcc" +# # -h host # Initial replication supplier's host. Default to the current host. # @@ -132,6 +149,10 @@ # the output HTML file would automatically refresh itself. This # is useful for continuing monitoring. See also option -t. # +# -s Print output in plain text, instead of HTML. +# +# -W Prompt for connection passwords. +# # -v Print out the version of this script # # DIAGNOSTICS: @@ -156,11 +177,17 @@ # If using this script standalone, be sure to set the shared lib path and # the path to the perldap modules. +use strict; +use warnings; use lib qw(@perlpath@); -$usage = "\nusage: $0 -f configuration-file [-h host] [-p port] [-r] [-u refresh-url] [-t refresh-interval]\n\nor : $0 -v\n"; +my $usage = "\nusage: $0 [-f configuration-file | --configfile configuration-file] " . + "[-c connection, --conn connection] [-a alias, --alias alias] [-k color, --color color] " . + "[-h host, --host host] [-p port, --port port] [-r, --skip-header] [-s, --text] " . + "[-u refresh-url, --url refresh-url] [-t refresh-interval, --interval refresh-interval ] " . + "[-W, --prompt]\n\nor : $0 -v | --version\n"; -use Getopt::Std; # parse command line arguments +use Getopt::Long; # parse command line arguments use Mozilla::LDAP::Conn; # LDAP module for Perl use Mozilla::LDAP::Utils qw(normalizeDN); # LULU, utilities. use Mozilla::LDAP::API qw(:api :ssl :apiv3 :constant); # Direct access to C API @@ -169,29 +196,43 @@ # # Global variables # -$product = "Directory Server Replication Monitor"; -$version = "Version 1.0"; +my $product = "Directory Server Replication Monitor"; +my $version = "Version 1.1"; # # ldap servers given or discovered from the replication agreements: -# @servers = (host:port=shadowport:binddn:password:cert_db) +my @servers; # = (host:port=shadowport:binddn:password:cert_db) +my $serveridx; # # entries read from the connection section of the configuration file: -# @allconnections = (host:port=shadowport:binddn:password:cert_db) +my @allconnections; # = (host:port=shadowport:binddn:password:cert_db) # # aliases of ldap servers read from the configuration file: -# %allaliases{$host:$port}= (alias) +my %allaliases; # = {$host:$port} = (alias) +# colors +my %allcolors; +my @colorkeys; + # # replicas discovered on all ldap servers -# @allreplicas = (server#:replicaroot:replicatype:serverid:replicadn) +my @allreplicas; # = (server#:replicaroot:replicatype:serverid:replicadn) # # ruvs retrieved from all replicas -# @allruvs{replica#:masterid} = (rawcsn:decimalcsn;mon/day/year hh:mi:ss) +my %allruvs; # = {replica#:masterid} = (rawcsn:decimalcsn;mon/day/year hh:mi:ss) # # agreements discovered on all ldap supplier servers: -# @allagreements = (supplier_replica#:consumer#:conntype:schedule:status) +my @allagreements; # = (supplier_replica#:consumer#:conntype:schedule:status) # the array may take another format after the consumer replicas are located: -# @allagreements = (supplier_replica#:consumer_replica#:conntype:schedule:status) +# @allagreements; # = (supplier_replica#:consumer_replica#:conntype:schedule:status) +# +my %ld; # ldap connection hash # +my ($opt_f, $opt_h, $opt_p, $opt_u, $opt_t, $opt_r, $opt_s); +my (@conns, @alias, @color); +my ($section, $interval, $nowraw, $now, $mm, $dd, $tt, $yy, $wday); +my ($fn, $rc, $prompt, $last_sidx); +my %passwords = (); +my $passwd = ""; +$prompt = ""; #main { @@ -199,15 +240,23 @@ $| = 1; # Check for legal options - if (!getopts('h:p:f:ru:t:v')) { - print $usage; - exit -1; - } - - if ($opt_v) { - print "$product - $version\n"; - exit; - } + GetOptions( + 'h|host=s' => \$opt_h, + 'p|port=s' => \$opt_p, + 'f|configfile=s' => \$opt_f, + 'c|conn=s' => \@conns, + 'a|alias=s' => \@alias, + 'k|color=s' => \@color, + 'u|url=s' => \$opt_u, + 't|interval=s' => \$opt_t, + 'W|prompt' => sub { $prompt = "yes"; }, + 'r|skip-header' => sub { $opt_r = "1"; }, + 's|text' => sub {$opt_s = "1"; }, + 'v|version' => sub { print "$product - $version\n"; exit ;} + ) or die "Usage error: $usage\n"; + + exit -1 if &validateArgs < 0; + exit if &read_cfg_file ($opt_f) < 0; $interval = $opt_t; $interval = 300 if ( !$interval || $interval <= 0 ); @@ -221,22 +270,23 @@ if (!$opt_r) { # print the HTML header &print_html_header; - } else { - # print separator for new replication set - print "<hr width=90% size=3><br>\n"; + } else { + if($opt_s){ + print"\n"; + } else { + # print separator for new replication set + print "<hr width=90% size=3><br>\n"; + } } - exit -1 if &validateArgs < 0; - exit if &read_cfg_file ($opt_f) < 0; - # Start with the given host and port # The index names in %ld are defined in Mozilla::LDAP::Utils::ldapArgs() &add_server ("$ld{host}:$ld{port}:$ld{bind}:$ld{pswd}:$ld{cert}"); $serveridx = 0; - while ($serveridx <= $#servers) { + while ($serveridx <= $#servers) { if (&get_replicas ($serveridx) != 0 && $serveridx == 0) { - my ($host, $port, $binddn) = split (/:/, $servers[0]); + my ($host, $port, $binddn) = split (/:/, $servers[$serveridx]); print("Login to $host:$port as \"$binddn\" failed\n"); exit; } @@ -253,14 +303,19 @@ sub validateArgs { - my ($rc) = 0; + $rc = 0; %ld = Mozilla::LDAP::Utils::ldapArgs(); - - if (!$opt_v && !$opt_f) { - print "<p>Error: Missing configuration file.\n"; - print "<p>If you need help on the configuration file, Please go back and click the Help button.\n"; - #print $usage; # Don't show usage in CGI + if (!$opt_f && $#conns < 0) { + if($opt_s){ + print "Error: Missing configuration file or connection parameter.\n";
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/ldif/50posix-winsync-plugin.ldif -> 389-ds-base-1.2.11.29.tar.bz2/ldap/ldif/50posix-winsync-plugin.ldif
Changed
@@ -10,6 +10,7 @@ nsslapd-plugin-depends-on-type: database posixWinsyncMsSFUSchema: false posixWinsyncMapMemberUID: true +posixWinsyncMapNestedGrouping: false posixWinsyncCreateMemberOfTask: false posixWinsyncLowerCaseUID: false nsslapd-pluginprecedence: 25
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/libraries/libavl/avl.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/libraries/libavl/avl.c
Changed
@@ -780,8 +780,11 @@ return( 0 ); (void) avl_apply( root, avl_buildlist, (caddr_t) 0, -1, AVL_INORDER ); - - return( avl_list[ avl_nextlist++ ] ); + if(avl_list && avl_list[avl_nextlist++]){ + return avl_list[avl_nextlist]; + } else { + return( NULL ); + } } caddr_t
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/schema/01core389.ldif -> 389-ds-base-1.2.11.29.tar.bz2/ldap/schema/01core389.ldif
Changed
@@ -46,26 +46,27 @@ # attribute types: # attributeTypes: ( 2.16.840.1.113730.3.1.215 NAME 'oid' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.224 NAME 'nsslapd-pluginPath' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.225 NAME 'nsslapd-pluginInitfunc' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.226 NAME 'nsslapd-pluginType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.227 NAME 'nsslapd-pluginId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.228 NAME 'nsslapd-pluginVersion' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.229 NAME 'nsslapd-pluginVendor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.230 NAME 'nsslapd-pluginDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.231 NAME 'nsslapd-pluginEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.224 NAME 'nsslapd-pluginPath' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.225 NAME 'nsslapd-pluginInitfunc' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.226 NAME 'nsslapd-pluginType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.227 NAME 'nsslapd-pluginId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.228 NAME 'nsslapd-pluginVersion' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.229 NAME 'nsslapd-pluginVendor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.230 NAME 'nsslapd-pluginDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.231 NAME 'nsslapd-pluginEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2104 NAME 'nsslapd-pluginConfigArea' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.232 NAME 'nsSNMPEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.232 NAME 'nsSNMPEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.233 NAME 'nsSNMPOrganization' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.234 NAME 'nsSNMPLocation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.235 NAME 'nsSNMPContact' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.236 NAME 'nsSNMPDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.237 NAME 'nsSNMPMasterHost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.238 NAME 'nsSNMPMasterPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.237 NAME 'nsSNMPMasterHost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.238 NAME 'nsSNMPMasterPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.593 NAME 'nsSNMPName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.242 NAME 'nsSystemIndex' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.327 NAME 'nsIndexType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.328 NAME 'nsMatchingRule' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2161 NAME 'nsIndexIDListScanLimit' DESC 'fine grained idlistscanlimit - per index/type/value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.542 NAME 'nsUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.543 NAME 'nsState' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.544 NAME 'nsParentUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) @@ -83,14 +84,14 @@ attributeTypes: ( 2.16.840.1.113730.3.1.586 NAME 'nsDS5ReplicaUpdateSchedule' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.587 NAME 'nsds50ruv' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2027 NAME 'nsruvReplicaLastModified' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.588 NAME 'nsDS5ReplicaId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.589 NAME 'nsDS5ReplicaType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.590 NAME 'nsDS5ReplicaName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.588 NAME 'nsDS5ReplicaId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.589 NAME 'nsDS5ReplicaType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.590 NAME 'nsDS5ReplicaName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.591 NAME 'nsDS5ReplicaReferral' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.592 NAME 'nsDS5ReplicaAutoReferral' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.607 NAME 'nsDS5Flags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.607 NAME 'nsDS5Flags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.608 NAME 'nsDS5Task' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) -attributeTypes: ( 2.16.840.1.113730.3.1.609 NAME 'nsds5BeginReplicaRefresh' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.609 NAME 'nsds5BeginReplicaRefresh' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.682 NAME 'nsds5ReplicaPurgeDelay' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.684 NAME 'nsds5ReplicaChangeCount' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.683 NAME 'nsds5ReplicaTombstonePurgeInterval' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) @@ -139,12 +140,25 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2137 NAME 'nsds5ReplicaAbortCleanRUV' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2111 NAME 'tombstoneNumSubordinates' DESC 'count of immediate subordinates for tombstone entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN '389 directory server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2143 NAME 'nsslapd-sasl-mapping-fallback' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2144 NAME 'rootdn-open-time' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2145 NAME 'rootdn-close-time' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2146 NAME 'rootdn-days-allowed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2147 NAME 'rootdn-allow-host' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2148 NAME 'rootdn-deny-host' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2149 NAME 'rootdn-allow-ip' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2150 NAME 'rootdn-deny-ip' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2151 NAME 'nsslapd-plugin-depends-on-type' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2152 NAME 'nsds5ReplicaProtocolTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2154 NAME 'nsds5ReplicaBackoffMin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2155 NAME 'nsds5ReplicaBackoffMax' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2156 NAME 'nsslapd-sasl-max-buffer-size' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) # # objectclasses # objectClasses: ( 2.16.840.1.113730.3.2.40 NAME 'directoryServerFeature' DESC 'Netscape defined objectclass' SUP top MAY ( oid $ cn $ multiLineDescription ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitFunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pluginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pluginEnabled ) MAY ( nsslapd-pluginConfigArea ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSystemIndex ) MAY ( description $ nsIndexType $ nsMatchingRule ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitFunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pluginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pluginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-type ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSystemIndex ) MAY ( description $ nsIndexType $ nsMatchingRule $ nsIndexIDListScanLimit ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/schema/02common.ldif -> 389-ds-base-1.2.11.29.tar.bz2/ldap/schema/02common.ldif
Changed
@@ -94,6 +94,8 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats' 'pwdMaxRepeats' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2082 NAME ( 'passwordMinCategories' 'pwdMinCategories' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2083 NAME ( 'passwordMinTokenLength' 'pwdMinTokenLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2140 NAME ( 'passwordTrackUpdateTime' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2153 NAME ( 'passwordAdminDN' 'pwdAdminDN' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.199 NAME 'memberCertificateDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.207 NAME 'vlvBase' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' ) @@ -163,7 +165,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.1 NAME 'changeLogEntry' DESC 'LDAP changelog objectclass' SUP top MUST ( targetdn $ changeTime $ changenumber $ changeType ) MAY ( changes $ newrdn $ deleteoldrdn $ newsuperior ) X-ORIGIN 'Changelog Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'LDAP referrals objectclass' SUP top MAY ( ref ) X-ORIGIN 'LDAPv3 referrals Internet Draft' ) objectClasses: ( 2.16.840.1.113730.3.2.12 NAME 'passwordObject' DESC 'Netscape defined password policy objectclass' SUP top MAY ( pwdpolicysubentry $ passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $ retryCountResetTime $ accountUnlockTime $ passwordHistory $ passwordAllowChangeTime $ passwordGraceUserTime ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netscape defined password policy objectclass' SUP top MAY ( passwordMaxAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHistory $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFailure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ passwordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordMinAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSpecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ passwordMinTokenLength ) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netscape defined password policy objectclass' SUP top MAY ( passwordMaxAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHistory $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFailure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ passwordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordMinAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits $ passwordAdminDN $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSpecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ passwordMinTokenLength $ passwordTrackUpdateTime ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.30 NAME 'glue' DESC 'Netscape defined objectclass' SUP top X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.32 NAME 'netscapeMachineData' DESC 'Netscape defined objectclass' SUP top X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.38 NAME 'vlvSearch' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ vlvBase $ vlvScope $ vlvFilter ) MAY ( multiLineDescription ) X-ORIGIN 'Netscape Directory Server' ) @@ -179,7 +181,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosTemplateDn ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition MAY ( cosIndirectSpecifier ) X-ORIGIN 'Netscape Directory Server' ) -objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ nsds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroupSyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval $ oneWaySync $ winSyncMoveAction) X-ORIGIN 'Netscape Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ nsds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroupSyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval $ oneWaySync $ winSyncMoveAction $ nsds5ReplicaEnabled ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape defined objectclass' SUP top MAY ( cn $ cospriority ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defined objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORIGIN 'Netscape Directory Server' ) objectClasses: ( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsEncryptionAlgorithm ) X-ORIGIN 'Netscape Directory Server' )
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/schema/50ns-mail.ldif -> 389-ds-base-1.2.11.29.tar.bz2/ldap/schema/50ns-mail.ldif
Changed
@@ -73,8 +73,8 @@ attributeTypes: ( 2.16.840.1.113730.3.1.32 NAME ( 'mgrpMsgMaxSize' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.29 NAME ( 'mgrpMsgRejectText' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' ) attributeTypes: ( 2.16.840.1.113730.3.1.789 NAME ( 'mgrpNoDuplicateChecks' ) DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' ) -objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' ) -objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' ) -objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC '' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' ) -objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC '' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' ) -objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC '' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' ) +objectclasses: ( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' ) +objectclasses: ( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' ) +objectclasses: ( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' ) +objectclasses: ( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass $ cn ) MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' ) +objectclasses: ( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST ( objectClass ) X-ORIGIN 'Netscape Messaging Server 4.x' )
View file
389-ds-base-1.2.11.29.tar.bz2/ldap/schema/60posix-winsync-plugin.ldif
Added
@@ -0,0 +1,44 @@ +# +# BEGIN COPYRIGHT BLOCK +# This Program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation; version 2 of the License. +# +# This Program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple +# Place, Suite 330, Boston, MA 02111-1307 USA. +# +# In addition, as a special exception, Red Hat, Inc. gives You the additional +# right to link the code of this Program with code not covered under the GNU +# General Public License ("Non-GPL Code") and to distribute linked combinations +# including the two, subject to the limitations in this paragraph. Non-GPL Code +# permitted under this exception must only link to the code of this Program +# through those well defined interfaces identified in the file named EXCEPTION +# found in the source code files (the "Approved Interfaces"). The files of +# Non-GPL Code may instantiate templates or use macros or inline functions from +# the Approved Interfaces without causing the resulting work to be covered by +# the GNU General Public License. Only Red Hat, Inc. may make changes or +# additions to the list of Approved Interfaces. You must obey the GNU General +# Public License in all respects for all of the Program code and other code used +# in conjunction with the Program except the Non-GPL Code covered by this +# exception. If you modify this file, you may extend this exception to your +# version of the file, but you are not obligated to do so. If you do not wish to +# provide this exception without modification, you must delete this exception +# statement from your version and license this file solely under the GPL without +# exception. +# +# +# Copyright (C) 2005 Red Hat, Inc. +# All rights reserved. +# END COPYRIGHT BLOCK +# +# +# Schema for representing internal dynamically-generated group members +# +dn: cn=schema +attributeTypes: ( 2.16.840.1.113730.3.1.2141 NAME 'dsOnlyMemberUid' DESC 'Elements from a memberuid attribute created to reflect dynamic group membership' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Red Hat Directory Server' ) +objectClasses: ( 2.16.840.1.113730.3.2.326 NAME 'dynamicGroup' DESC 'Group containing internal dynamically-generated members' SUP posixGroup AUXILIARY MAY ( dsOnlyMemberUid ) X-ORIGIN 'Red Hat Directory Server' )
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/schema/60qmail.ldif -> 389-ds-base-1.2.11.29.tar.bz2/ldap/schema/60qmail.ldif
Changed
@@ -308,7 +308,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.1 NAME 'qladnmanager' - DESC '' + DESC 'qladnmanager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) @@ -318,7 +318,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.2 NAME 'qlaDomainList' - DESC '' + DESC 'qlaDomainList' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} @@ -329,7 +329,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.3 NAME 'qlaUidPrefix' - DESC '' + DESC 'qlaUidPrefix' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} @@ -341,7 +341,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.4 NAME 'qlaQmailUid' - DESC '' + DESC 'qlaQmailUid' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE @@ -352,7 +352,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.5 NAME 'qlaQmailGid' - DESC '' + DESC 'qlaQmailGid' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE @@ -363,7 +363,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.6 NAME 'qlaMailMStorePrefix' - DESC '' + DESC 'qlaMailMStorePrefix' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} @@ -375,7 +375,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.7 NAME 'qlaMailQuotaSize' - DESC '' + DESC 'qlaMailQuotaSize' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE @@ -386,7 +386,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.8 NAME 'qlaMailQuotaCount' - DESC '' + DESC 'qlaMailQuotaCount' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE @@ -397,7 +397,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.9 NAME 'qlaMailSizeMax' - DESC '' + DESC 'qlaMailSizeMax' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE @@ -408,7 +408,7 @@ attributeTypes: ( 1.3.6.1.4.1.7914.1.4.1.10 NAME 'qlaMailHostList' - DESC '' + DESC 'qlaMailHostList' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/schema/60radius.ldif -> 389-ds-base-1.2.11.29.tar.bz2/ldap/schema/60radius.ldif
Changed
@@ -14,7 +14,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -22,7 +22,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.2 NAME 'radiusArapSecurity' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -30,7 +30,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.3 NAME 'radiusArapZoneAccess' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -38,7 +38,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -46,7 +46,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.4 NAME 'radiusCallbackId' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -54,7 +54,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -62,7 +62,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -70,7 +70,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationId' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -78,14 +78,14 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddress' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -93,14 +93,14 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.9 NAME 'radiusFilterId' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.10 NAME 'radiusFramedAppleTalkLink' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -108,14 +108,14 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.11 NAME 'radiusFramedAppleTalkNetwork' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.12 NAME 'radiusFramedAppleTalkZone' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -123,14 +123,14 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.13 NAME 'radiusFramedCompression' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.14 NAME 'radiusFramedIPAddress' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -138,7 +138,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.15 NAME 'radiusFramedIPNetmask' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -146,7 +146,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.16 NAME 'radiusFramedIPXNetwork' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -154,7 +154,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -162,7 +162,7 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtocol' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -170,14 +170,14 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE @@ -185,14 +185,14 @@ attributeTypes: ( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName' - DESC '' + DESC 'radiusAttribute' EQUALITY caseIgnoreIA5Match
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/schema/60samba3.ldif -> 389-ds-base-1.2.11.29.tar.bz2/ldap/schema/60samba3.ldif
Changed
@@ -204,7 +204,7 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' - DESC '' + DESC 'sambaMungedDial' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acct_usability/acct_usability.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acct_usability/acct_usability.c
Changed
@@ -312,7 +312,7 @@ int ldapcode = LDAP_SUCCESS; const LDAPControl **reqctrls = NULL; const LDAPControl *aucctrl = NULL; - const char *ldaperrtext; + const char *ldaperrtext = "Unknown error"; const char *incompatible = NULL; int isroot = 0; int ii;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acctpolicy/acct_config.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acctpolicy/acct_config.c
Changed
@@ -82,12 +82,23 @@ newcfg->state_attr_name = get_attr_string_val( e, CFG_LASTLOGIN_STATE_ATTR ); if( newcfg->state_attr_name == NULL ) { newcfg->state_attr_name = slapi_ch_strdup( DEFAULT_LASTLOGIN_STATE_ATTR ); + } else if (!update_is_allowed_attr(newcfg->state_attr_name)) { + /* log a warning that this attribute cannot be updated */ + slapi_log_error( SLAPI_LOG_FATAL, PLUGIN_NAME, + "The configured state attribute [%s] cannot be updated, accounts will always become inactive.\n", + newcfg->state_attr_name ); } newcfg->alt_state_attr_name = get_attr_string_val( e, CFG_ALT_LASTLOGIN_STATE_ATTR ); + /* alt_state_attr_name should be optional, but for backward compatibility, + * if not specified use a default. If the attribute is "1.1", no fallback + * will be used + */ if( newcfg->alt_state_attr_name == NULL ) { newcfg->alt_state_attr_name = slapi_ch_strdup( DEFAULT_ALT_LASTLOGIN_STATE_ATTR ); - } + } else if ( !strcmp( newcfg->alt_state_attr_name, "1.1" ) ) { + slapi_ch_free_string( &newcfg->alt_state_attr_name ); /*none - NULL */ + } /* else use configured value */ newcfg->spec_attr_name = get_attr_string_val( e, CFG_SPEC_ATTR ); if( newcfg->spec_attr_name == NULL ) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acctpolicy/acct_init.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acctpolicy/acct_init.c
Changed
@@ -132,7 +132,7 @@ slapi_log_error( SLAPI_LOG_PLUGIN, PLUGIN_NAME, "acct_policy_start config: " "stateAttrName=%s altStateAttrName=%s specAttrName=%s limitAttrName=%s " "alwaysRecordLogin=%d\n", - cfg->state_attr_name, cfg->alt_state_attr_name, cfg->spec_attr_name, + cfg->state_attr_name, cfg->alt_state_attr_name?cfg->alt_state_attr_name:"not configured", cfg->spec_attr_name, cfg->limit_attr_name, cfg->always_record_login); return( CALLBACK_OK ); }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acctpolicy/acct_plugin.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acctpolicy/acct_plugin.c
Changed
@@ -44,14 +44,16 @@ cfg->state_attr_name ) ) != NULL ) { slapi_log_error( SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME, "\"%s\" login timestamp is %s\n", dn, lasttimestr ); - } else if( ( lasttimestr = get_attr_string_val( target_entry, - cfg->alt_state_attr_name ) ) != NULL ) { + } else if( cfg->alt_state_attr_name && (( lasttimestr = get_attr_string_val( target_entry, + cfg->alt_state_attr_name ) ) != NULL) ) { slapi_log_error( SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME, "\"%s\" alternate timestamp is %s\n", dn, lasttimestr ); } else { + /* the primary or alternate attribute might not yet exist eg. + * if only lastlogintime is specified and it id the first login + */ slapi_log_error( SLAPI_LOG_PLUGIN, PRE_PLUGIN_NAME, - "\"%s\" has no login or creation timestamp\n", dn ); - rc = -1; + "\"%s\" has no value for stateattr or altstateattr \n", dn ); goto done; } @@ -105,6 +107,13 @@ int skip_mod_attrs = 1; /* value doesn't matter as long as not NULL */ cfg = get_config(); + + /* if we are not allowed to modify the state attr we're done + * this could be intentional, so just return + */ + if (! update_is_allowed_attr(cfg->state_attr_name) ) + return rc; + plugin_id = get_identity(); timestr = epochtimeToGentime( time( (time_t*)0 ) ); @@ -283,7 +292,6 @@ } else { if( target_entry && has_attr( target_entry, cfg->spec_attr_name, NULL ) ) { - /* This account has a policy specifier */ tracklogin = 1; } }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acctpolicy/acct_util.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acctpolicy/acct_util.c
Changed
@@ -29,6 +29,10 @@ /* Globals */ static void* plugin_id = NULL; +/* attributes that no clients are allowed to add or modify */ +static char *protected_attrs_login_recording [] = { "createTimestamp", + NULL }; + /* Checks whether an entry has a particular attribute type, and optionally returns the value. Only for use with single-valued attributes - it returns @@ -255,3 +259,16 @@ return( gentimestr ); } +int update_is_allowed_attr (const char *attr) +{ + int i; + + /* check list of attributes that cannot be used for login recording */ + for (i = 0; protected_attrs_login_recording[i]; i ++) { + if (strcasecmp (attr, protected_attrs_login_recording[i]) == 0) { + /* this attribute is not allowed */ + return 0; + } + } + return 1; +}
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acctpolicy/acctpolicy.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acctpolicy/acctpolicy.h
Changed
@@ -74,6 +74,7 @@ void set_identity(void*); time_t gentimeToEpochtime( char *gentimestr ); char* epochtimeToGentime( time_t epochtime ); +int update_is_allowed_attr (const char *attr); /* acct_config.c */ int acct_policy_load_config_startup( Slapi_PBlock* pb, void* plugin_id );
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acl/acl.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acl/acl.c
Changed
@@ -170,9 +170,9 @@ * Test if have access to make the first rdn of dn in entry e. */ -static int check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, const char *dn, - int access) { - +static int +check_rdn_access( Slapi_PBlock *pb, Slapi_Entry *e, const char *dn, int access) +{ char **dns; char **rdns; int retCode = LDAP_INSUFFICIENT_ACCESS; @@ -655,7 +655,8 @@ } -static void print_access_control_summary( char *source, int ret_val, char *clientDn, +static void +print_access_control_summary( char *source, int ret_val, char *clientDn, struct acl_pblock *aclpb, char *right, char *attr, @@ -1357,6 +1358,9 @@ for (mod = slapi_mods_get_first_mod(&smods); mod != NULL; mod = slapi_mods_get_next_mod(&smods)) { + if (0 == strcmp(mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) { + continue; + } switch (mod->mod_op & ~LDAP_MOD_BVALUES ) { case LDAP_MOD_DELETE: @@ -1381,9 +1385,7 @@ } if (lastmod && (strcmp (mod->mod_type, "modifiersname")== 0 || - strcmp (mod->mod_type, "modifytimestamp")== 0 || - strcmp (mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)== 0) - ) { + strcmp (mod->mod_type, "modifytimestamp")== 0)) { continue; } @@ -1395,9 +1397,9 @@ while(k != -1) { attrVal = slapi_value_get_berval(sval); rv = slapi_access_allowed (pb, e, - mod->mod_type, - (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */ - ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */ + mod->mod_type, + (struct berval *)attrVal, /* XXXggood had to cast away const - BAD */ + ACLPB_SLAPI_ACL_WRITE_DEL); /* was SLAPI_ACL_WRITE */ if ( rv != LDAP_SUCCESS) { acl_gen_err_msg ( SLAPI_ACL_WRITE, @@ -1429,7 +1431,7 @@ } break; - default: + default: /* including LDAP_MOD_ADD */ break; } /* switch */ @@ -1524,11 +1526,12 @@ * **************************************************************************/ extern void -acl_modified (Slapi_PBlock *pb, int optype, char *n_dn, void *change) +acl_modified (Slapi_PBlock *pb, int optype, Slapi_DN *e_sdn, void *change) { struct berval **bvalue; char **value; int rv=0; /* returned value */ + const char* n_dn; char* new_RDN; char* parent_DN; char* new_DN; @@ -1537,10 +1540,12 @@ int j; Slapi_Attr *attr = NULL; Slapi_Entry *e = NULL; - Slapi_DN *e_sdn; aclUserGroup *ugroup = NULL; - e_sdn = slapi_sdn_new_normdn_byval ( n_dn ); + if (NULL == e_sdn) { + return; + } + n_dn = slapi_sdn_get_dn(e_sdn); /* Before we proceed, Let's first check if we are changing any groups. ** If we are, then we need to change the signature */ @@ -1768,45 +1773,64 @@ } break; - }/* case op is modify*/ - - case SLAPI_OPERATION_MODRDN: + }/* case op is modify*/ - new_RDN = (char*) change; - slapi_log_error (SLAPI_LOG_ACL, plugin_name, - "acl_modified (MODRDN %s => \"%s\"\n", - n_dn, new_RDN); + case SLAPI_OPERATION_MODRDN: + { + char **rdn_parent; + rdn_parent = (char **)change; + new_RDN = rdn_parent[0]; + parent_DN = rdn_parent[1]; /* compute new_DN: */ - parent_DN = slapi_dn_parent (n_dn); - if (parent_DN == NULL) { - new_DN = new_RDN; + if (NULL == parent_DN) { + parent_DN = slapi_dn_parent(n_dn); + } + if (NULL == parent_DN) { + if (NULL == new_RDN) { + slapi_log_error (SLAPI_LOG_ACL, plugin_name, + "acl_modified (MODRDN %s => \"no change\"\n", + n_dn); + break; + } else { + new_DN = new_RDN; + } } else { - new_DN = slapi_create_dn_string("%s,%s", new_RDN, parent_DN); + if (NULL == new_RDN) { + Slapi_RDN *rdn= slapi_rdn_new(); + slapi_sdn_get_rdn(e_sdn, rdn); + new_DN = slapi_create_dn_string("%s,%s", slapi_rdn_get_rdn(rdn), + parent_DN); + slapi_rdn_free(&rdn); + } else { + new_DN = slapi_create_dn_string("%s,%s", new_RDN, parent_DN); + } } + slapi_log_error (SLAPI_LOG_ACL, plugin_name, + "acl_modified (MODRDN %s => \"%s\"\n", n_dn, new_RDN); /* Change the acls */ - acllist_acicache_WRITE_LOCK(); + acllist_acicache_WRITE_LOCK(); /* acllist_moddn_aci_needsLock expects normalized new_DN, * which is no need to be case-ignored */ acllist_moddn_aci_needsLock ( e_sdn, new_DN ); acllist_acicache_WRITE_UNLOCK(); /* deallocat the parent_DN */ - if (parent_DN != NULL) { - slapi_ch_free ( (void **) &new_DN ); - slapi_ch_free ( (void **) &parent_DN ); + if (parent_DN != NULL) { + slapi_ch_free_string(&new_DN); + if (parent_DN != rdn_parent[1]) { + slapi_ch_free_string(&parent_DN); + } } break; - - default: + } /* case op is modrdn */ + default: /* print ERROR */ break; } /*optype switch */ - - slapi_sdn_free ( &e_sdn ); - } + /*************************************************************************** * * acl__scan_for_acis @@ -2113,7 +2137,11 @@ * calculated from the targetdn and stored judiciously there */ matched_val = (char *)acl_ht_lookup( aclpb->aclpb_macro_ht, - (PLHashNumber)aci->aci_index); + (PLHashNumber)aci->aci_index); + } else { + /* new entry, remove macro evaluation from hash table */ + acl_ht_remove_and_free( aclpb->aclpb_macro_ht, + (PLHashNumber)aci->aci_index); } if ( matched_val == NULL && (aclpb->aclpb_res_type & (ACLPB_NEW_ENTRY | ACLPB_EFFECTIVE_RIGHTS))) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acl/acl.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acl/acl.h
Changed
@@ -796,7 +796,8 @@ struct berval *val, int access); void acl_set_acllist (Slapi_PBlock *pb, int scope, char *base); void acl_gen_err_msg(int access, char *edn, char *attr, char **errbuf); -void acl_modified ( Slapi_PBlock *pb, int optype, char *dn, void *change); +void acl_modified (Slapi_PBlock *pb, int optype, Slapi_DN *e_sdn, void *change); + int acl_access_allowed_disjoint_resource( Slapi_PBlock *pb, Slapi_Entry *e, char *attr, struct berval *val, int access ); int acl_access_allowed_main ( Slapi_PBlock *pb, Slapi_Entry *e, char **attrs, @@ -865,8 +866,9 @@ void acllist_print_tree ( Avlnode *root, int *depth, char *start, char *side); AciContainer *acllist_get_aciContainer_new ( ); void acllist_done_aciContainer ( AciContainer *); +void free_targetattrfilters( Targetattrfilter ***attrFilterArray); -aclUserGroup* aclg_find_userGroup (char *n_dn); +aclUserGroup* aclg_find_userGroup (const char *n_dn); void aclg_regen_ugroup_signature( aclUserGroup *ugroup); void aclg_markUgroupForRemoval ( aclUserGroup *u_group ); void aclg_reader_incr_ugroup_refcnt(aclUserGroup* u_group); @@ -927,6 +929,7 @@ /* acl hash table functions */ void acl_ht_add_and_freeOld(acl_ht_t * acl_ht, PLHashNumber key,char *value); +void acl_ht_remove_and_free(acl_ht_t * acl_ht, PLHashNumber key); acl_ht_t *acl_ht_new(void); void acl_ht_free_all_entries_and_values( acl_ht_t *acl_ht); void acl_ht_remove( acl_ht_t *acl_ht, PLHashNumber key);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acl/acl_ext.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acl/acl_ext.c
Changed
@@ -128,7 +128,7 @@ void acl_set_ext (ext_type type, void *object, void *data) { - if ( type >= 0 && type < ACL_EXT_ALL ) + if ( type < ACL_EXT_ALL ) { struct acl_ext ext = acl_ext_list [type]; slapi_set_object_extension ( ext.object_type, object, ext.handle, data ); @@ -835,6 +835,12 @@ slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &aclpb->aclpb_max_member_sizelimit ); if ( aclpb->aclpb_max_member_sizelimit == 0 ) { aclpb->aclpb_max_member_sizelimit = SLAPD_DEFAULT_LOOKTHROUGHLIMIT; + } else if ( aclpb->aclpb_max_member_sizelimit < -1 ) { + /* handle the case of a negtive size limit either set or due + * to bug bz1065971. The member size limit should be dropped, + * but for backward compatibility to the best we can + */ + aclpb->aclpb_max_member_sizelimit = -1; } slapi_pblock_get( pb, SLAPI_OPERATION_TYPE, &aclpb->aclpb_optype );
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acl/acleffectiverights.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acl/acleffectiverights.c
Changed
@@ -130,6 +130,7 @@ } else { + slapi_ch_free_string(&proxydn); /* this could still have been set - free it */ requestor_sdn = &(pb->pb_op->o_sdn); } if ( slapi_sdn_get_dn (requestor_sdn) == NULL )
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acl/aclgroup.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acl/aclgroup.c
Changed
@@ -213,7 +213,7 @@ */ aclUserGroup* -aclg_find_userGroup(char *n_dn) +aclg_find_userGroup(const char *n_dn) { aclUserGroup *u_group = NULL; int i;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acl/acllist.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acl/acllist.c
Changed
@@ -94,7 +94,6 @@ static int __acllist_aciContainer_node_cmp ( caddr_t d1, caddr_t d2 ); static int __acllist_aciContainer_node_dup ( caddr_t d1, caddr_t d2 ); static void __acllist_free_aciContainer ( AciContainer **container); -static void free_targetattrfilters( Targetattrfilter ***input_attrFilterArray); void my_print( Avlnode *root ); @@ -565,8 +564,9 @@ slapi_ch_free ( (void **) &item ); } -static void free_targetattrfilters( Targetattrfilter ***attrFilterArray) { - +void +free_targetattrfilters( Targetattrfilter ***attrFilterArray) +{ if (*attrFilterArray) { int i = 0; Targetattrfilter *attrfilter; @@ -592,7 +592,6 @@ /* Now free the array */ slapi_ch_free ( (void **) attrFilterArray ); } - } /* SEARCH */ @@ -600,7 +599,6 @@ acllist_init_scan (Slapi_PBlock *pb, int scope, const char *base) { Acl_PBlock *aclpb; - int i; AciContainer *root; char *basedn = NULL; int index; @@ -671,11 +669,6 @@ aclpb->aclpb_state &= ~ACLPB_SEARCH_BASED_ON_LIST ; acllist_acicache_READ_UNLOCK(); - - i = 0; - while ( i < aclpb_max_selected_acls && aclpb->aclpb_base_handles_index[i] != -1 ) { - i++; - } } /* @@ -893,34 +886,50 @@ int acllist_moddn_aci_needsLock ( Slapi_DN *oldsdn, char *newdn ) { - - AciContainer *aciListHead; AciContainer *head; + aci_t *acip; + const char *oldndn; /* first get the container */ aciListHead = acllist_get_aciContainer_new ( ); slapi_sdn_free(&aciListHead->acic_sdn); - aciListHead->acic_sdn = oldsdn; - + aciListHead->acic_sdn = oldsdn; if ( NULL == (head = (AciContainer *) avl_find( acllistRoot, aciListHead, - (IFP) __acllist_aciContainer_node_cmp ) ) ) { + (IFP) __acllist_aciContainer_node_cmp ) ) ) { slapi_log_error ( SLAPI_PLUGIN_ACL, plugin_name, - "Can't find the acl in the tree for moddn operation:olddn%s\n", - slapi_sdn_get_ndn ( oldsdn )); + "Can't find the acl in the tree for moddn operation:olddn%s\n", + slapi_sdn_get_ndn ( oldsdn )); aciListHead->acic_sdn = NULL; __acllist_free_aciContainer ( &aciListHead ); - return 1; + return 1; } - - /* Now set the new DN */ - slapi_sdn_done ( head->acic_sdn ); - slapi_sdn_set_normdn_byval ( head->acic_sdn, newdn ); - + /* Now set the new DN */ + slapi_sdn_set_normdn_byval(head->acic_sdn, newdn); + + /* If necessary, reset the target DNs, as well. */ + oldndn = slapi_sdn_get_ndn(oldsdn); + for (acip = head->acic_list; acip; acip = acip->aci_next) { + const char *ndn = slapi_sdn_get_ndn(acip->aci_sdn); + char *p = PL_strstr(ndn, oldndn); + if (p) { + if (p == ndn) { + /* target dn is identical, replace it with new DN*/ + slapi_sdn_set_normdn_byval(acip->aci_sdn, newdn); + } else { + /* target dn is a descendent of olddn, merge it with new DN*/ + char *mynewdn; + *p = '\0'; + mynewdn = slapi_ch_smprintf("%s%s", ndn, newdn); + slapi_sdn_set_normdn_passin(acip->aci_sdn, mynewdn); + } + } + } + aciListHead->acic_sdn = NULL; __acllist_free_aciContainer ( &aciListHead );
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acl/aclparse.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acl/aclparse.c
Changed
@@ -1935,14 +1935,13 @@ * We need to put each component into a targetattrfilter component of * the array. * -*/ - + */ static int process_filter_list( Targetattrfilter ***input_attrFilterArray, char * input_str) { char *str, *end_attr; Targetattrfilter *attrfilter = NULL; - int numattr=0; + int numattr=0, rc = 0; Targetattrfilter **attrFilterArray = NULL; str = input_str; @@ -1974,22 +1973,20 @@ memset (attrfilter, 0, sizeof(Targetattrfilter)); if (strstr( str,":") != NULL) { - if ( __acl_init_targetattrfilter( attrfilter, str ) != 0 ) { slapi_ch_free((void**)&attrfilter); - return(ACL_SYNTAX_ERR); + rc = ACL_SYNTAX_ERR; + break; } } else { slapi_ch_free((void**)&attrfilter); - return(ACL_SYNTAX_ERR); + rc = ACL_SYNTAX_ERR; + break; } - /* - * Add the attrfilte to the targetAttrFilter list - */ - - + * Add the attrfilter to the targetAttrFilter list + */ attrFilterArray = (Targetattrfilter **) slapi_ch_realloc ( (void *) attrFilterArray, ((numattr+1)*sizeof(Targetattrfilter *)) ); @@ -1998,7 +1995,6 @@ /* Move on to the next attribute in the list */ str = end_attr; - }/* while */ /* NULL terminate the list */ @@ -2007,10 +2003,13 @@ (void *) attrFilterArray, ((numattr+1)*sizeof(Targetattrfilter *)) ); attrFilterArray[numattr] = NULL; + if(rc){ + free_targetattrfilters(&attrFilterArray); + } else { + *input_attrFilterArray = attrFilterArray; + } - *input_attrFilterArray = attrFilterArray; - return 0; - + return rc; } /*
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acl/aclplugin.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acl/aclplugin.c
Changed
@@ -197,7 +197,7 @@ int aclplugin_preop_common( Slapi_PBlock *pb ) { - char *proxy_dn; /* id being assumed */ + char *proxy_dn = NULL; /* id being assumed */ char *dn; /* proxy master */ char *errtext = NULL; int lderr; @@ -221,9 +221,7 @@ * The proxy_dn is the id being assumed, while dn * is the "proxy master". */ - proxy_dn = NULL; - if ( LDAP_SUCCESS != ( lderr = proxyauth_get_dn( pb, &proxy_dn, - &errtext ))) { + if ( LDAP_SUCCESS != ( lderr = proxyauth_get_dn( pb, &proxy_dn, &errtext ))) { /* * Fatal error -- send a result to the client and arrange to skip * any further processing. @@ -231,7 +229,7 @@ slapi_send_ldap_result( pb, lderr, NULL, errtext, 0, NULL ); TNF_PROBE_1_DEBUG(aclplugin_preop_common_end ,"ACL","", tnf_string,proxid_error,""); - + slapi_ch_free_string(&proxy_dn); return 1; /* skip any further processing */ } slapi_pblock_get ( pb, SLAPI_REQUESTOR_DN, &dn );
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/acl/aclutil.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/acl/aclutil.c
Changed
@@ -96,6 +96,7 @@ char *ptr = NULL; int rc = 0; + PR_ASSERT(NULL != dlen); if ( dest == NULL || src == NULL ) { return rc; } @@ -103,7 +104,7 @@ if (0 == slen) { slen = strlen(src); } - if (*dest && dlen > 0) { + if (*dest && *dlen > 0) { size_t dest_strlen = strlen(*dest); size_t new_len = dest_strlen + slen + 1; if (new_len > *dlen) { @@ -1396,6 +1397,16 @@ PL_HashTableAdd( acl_ht, (const void *)pkey, value); } +void acl_ht_remove_and_free(acl_ht_t * acl_ht, + PLHashNumber key){ + char *old_value = NULL; + + if ( (old_value = (char *)acl_ht_lookup( acl_ht, key)) != NULL ) { + acl_ht_remove( acl_ht, key); + slapi_ch_free_string(&old_value); + } +} + /* * Return a new acl_ht_t * */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/automember/automember.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/automember/automember.c
Changed
@@ -2333,6 +2333,7 @@ task_data *td = NULL; PRFileDesc *ldif_fd; int i = 0; + int rc = 0; td = (task_data *)slapi_task_get_data(task); slapi_task_begin(task, 1); @@ -2341,13 +2342,14 @@ /* make sure we can open the ldif file */ if (( ldif_fd = PR_Open( td->ldif_out, PR_CREATE_FILE | PR_WRONLY, DEFAULT_FILE_MODE )) == NULL ){ - slapi_task_log_notice(task, "Automember export task could not open ldif file \"%s\" for writing %d\n", - td->ldif_out, PR_GetError() ); - slapi_task_log_status(task, "Automember export task could not open ldif file \"%s\" for writing %d\n", - td->ldif_out, PR_GetError() ); + rc = PR_GetOSError(); + slapi_task_log_notice(task, "Automember export task could not open ldif file \"%s\" for writing, error %d (%s)\n", + td->ldif_out, rc, slapi_system_strerror(rc)); + slapi_task_log_status(task, "Automember export task could not open ldif file \"%s\" for writing, error %d (%s)\n", + td->ldif_out, rc, slapi_system_strerror(rc) ); slapi_log_error( SLAPI_LOG_FATAL, AUTOMEMBER_PLUGIN_SUBSYSTEM, - "Could not open ldif file \"%s\" for writing %d\n", - td->ldif_out, PR_GetError() ); + "Could not open ldif file \"%s\" for writing, error %d (%s)\n", + td->ldif_out, rc, slapi_system_strerror(rc) ); result = SLAPI_DSE_CALLBACK_ERROR; goto out; } @@ -2516,13 +2518,15 @@ task_data *td = NULL; PRFileDesc *ldif_fd_out = NULL; char *entrystr = NULL; + char *errstr = NULL; #if defined(USE_OPENLDAP) int buflen = 0; LDIFFP *ldif_fd_in = NULL; + ldif_record_lineno_t lineno = 0; #else - PRFileDesc *ldif_fd_in = NULL; -#endif + FILE *ldif_fd_in = NULL; int lineno = 0; +#endif int rc = 0; td = (task_data *)slapi_task_get_data(task); @@ -2534,29 +2538,34 @@ /* make sure we can open the ldif files */ if(( ldif_fd_out = PR_Open( td->ldif_out, PR_CREATE_FILE | PR_WRONLY, DEFAULT_FILE_MODE )) == NULL ){ - slapi_task_log_notice(task, "The ldif file %s could not be accessed, error %d. Aborting task.\n", - td->ldif_out, rc); - slapi_task_log_status(task, "The ldif file %s could not be accessed, error %d. Aborting task.\n", - td->ldif_out, rc); + rc = PR_GetOSError(); + slapi_task_log_notice(task, "The ldif file %s could not be accessed, error %d (%s). Aborting task.\n", + td->ldif_out, rc, slapi_system_strerror(rc)); + slapi_task_log_status(task, "The ldif file %s could not be accessed, error %d (%s). Aborting task.\n", + td->ldif_out, rc, slapi_system_strerror(rc)); slapi_log_error( SLAPI_LOG_FATAL, AUTOMEMBER_PLUGIN_SUBSYSTEM, - "Could not open ldif file \"%s\" for writing %d\n", - td->ldif_out, PR_GetError() ); + "Could not open ldif file \"%s\" for writing, error %d (%s)\n", + td->ldif_out, rc, slapi_system_strerror(rc) ); result = SLAPI_DSE_CALLBACK_ERROR; goto out; } #if defined(USE_OPENLDAP) if(( ldif_fd_in = ldif_open(td->ldif_in, "r")) == NULL ){ + rc = errno; + errstr = strerror(rc); #else - if(( ldif_fd_in = PR_Open( td->ldif_in, PR_RDONLY, DEFAULT_FILE_MODE )) == NULL ){ + if(( ldif_fd_in = fopen( td->ldif_in, "r")) == NULL ){ + rc = PR_GetOSError(); + errstr = (char *)slapi_system_strerror(rc); #endif - slapi_task_log_notice(task, "The ldif file %s could not be accessed, error %d. Aborting task.\n", - td->ldif_in, rc); - slapi_task_log_status(task, "The ldif file %s could not be accessed, error %d. Aborting task.\n", - td->ldif_in, rc); + slapi_task_log_notice(task, "The ldif file %s could not be accessed, error %d (%s). Aborting task.\n", + td->ldif_in, rc, errstr); + slapi_task_log_status(task, "The ldif file %s could not be accessed, error %d (%s). Aborting task.\n", + td->ldif_in, rc, errstr); slapi_log_error( SLAPI_LOG_FATAL, AUTOMEMBER_PLUGIN_SUBSYSTEM, - "Could not open ldif file \"%s\" for reading %d\n", - td->ldif_out, PR_GetError() ); + "Could not open ldif file \"%s\" for reading, error %d (%s)\n", + td->ldif_in, rc, errstr ); result = SLAPI_DSE_CALLBACK_ERROR; goto out; } @@ -2607,7 +2616,7 @@ #if defined(USE_OPENLDAP) ldif_close(ldif_fd_in); #else - PR_Close(ldif_fd_in); + fclose(ldif_fd_in); #endif } slapi_task_inc_progress(task);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/chainingdb/cb_bind.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/chainingdb/cb_bind.c
Changed
@@ -230,29 +230,27 @@ int chainingdb_bind( Slapi_PBlock *pb ) { - - int status=LDAP_SUCCESS; - int allocated_errmsg; - int rc=LDAP_SUCCESS; - cb_backend_instance *cb; - Slapi_Backend *be; - const char *dn = NULL; - Slapi_DN *sdn = NULL; - Slapi_DN *mysdn = NULL; - int method; - struct berval *creds, **urls; - char *matcheddn,*errmsg; - LDAPControl **reqctrls, **resctrls, **ctrls; - char * mechanism; - int freectrls=1; - int bind_retry; + cb_backend_instance *cb; + Slapi_Backend *be; + struct berval *creds = NULL, **urls = NULL; + const char *dn = NULL; + Slapi_DN *sdn = NULL; + Slapi_DN *mysdn = NULL; + char *matcheddn = NULL, *errmsg = NULL; + LDAPControl **reqctrls = NULL, **resctrls = NULL, **ctrls = NULL; + char *mechanism = NULL; + int status=LDAP_SUCCESS; + int allocated_errmsg = 0; + int rc = LDAP_SUCCESS; + int freectrls = 1; + int bind_retry; + int method; if ( LDAP_SUCCESS != (rc = cb_forward_operation(pb) )) { cb_send_ldap_result( pb, rc, NULL, "Chaining forbidden", 0, NULL ); return SLAPI_BIND_FAIL; } - ctrls=NULL; /* don't add proxy auth control. use this call to check for supported */ /* controls only. */ if ( LDAP_SUCCESS != ( rc = cb_update_controls( pb, NULL, &ctrls, 0 )) ) { @@ -285,11 +283,6 @@ cb_update_monitor_info(pb,cb,SLAPI_OPERATION_BIND); - matcheddn=errmsg=NULL; - allocated_errmsg = 0; - resctrls=NULL; - urls=NULL; - /* Check wether the chaining BE is available or not */ if ( cb_check_availability( cb, pb ) == FARMSERVER_UNAVAILABLE ){ slapi_sdn_free(&mysdn); @@ -307,17 +300,20 @@ rc = status; allocated_errmsg = 1; } else if ( LDAP_USER_CANCELLED != rc ) { + slapi_ch_free_string(&errmsg); errmsg = ldap_err2string( rc ); if (rc == LDAP_TIMEOUT) { cb_ping_farm(cb,NULL,0); } rc = LDAP_OPERATIONS_ERROR; + } else { + allocated_errmsg = 1; } if ( rc != LDAP_USER_CANCELLED ) { /* not abandoned */ if ( resctrls != NULL ) { slapi_pblock_set( pb, SLAPI_RESCONTROLS, resctrls ); - freectrls=0; + freectrls = 0; } if ( rc != LDAP_SUCCESS ) { @@ -331,9 +327,9 @@ if ( freectrls && ( resctrls != NULL )) { ldap_controls_free( resctrls ); } - slapi_ch_free((void **)& matcheddn ); - if ( allocated_errmsg && errmsg != NULL ) { - slapi_ch_free((void **)& errmsg ); + slapi_ch_free_string(&matcheddn); + if ( allocated_errmsg ) { + slapi_ch_free_string(&errmsg); } slapi_sdn_free(&mysdn);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/chainingdb/cb_config.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/chainingdb/cb_config.c
Changed
@@ -404,23 +404,23 @@ cb_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, int *returncode, char *returntext, void *arg) { - LDAPMod **mods; + LDAPMod **mods; char *attr_name; int i,j; - cb_backend *cb = (cb_backend *) arg; + cb_backend *cb = (cb_backend *) arg; CB_ASSERT (cb!=NULL); - slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods ); + slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods ); - for (i = 0; mods[i] ; i++) { + for (i = 0; mods[i] ; i++) { attr_name = mods[i]->mod_type; - if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS )) { + if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS )) { char * config_attr_value; int done=0; - for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) { - config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val; + for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) { + config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val; if (!cb_is_control_forwardable(cb,config_attr_value)) { slapi_log_error(SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM, "control %s can't be forwarded.\n",config_attr_value); @@ -428,106 +428,111 @@ return SLAPI_DSE_CALLBACK_ERROR; } - if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) { + if(SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) { if (!done) { cb_unregister_all_supported_control(cb); done=1; } cb_register_supported_control(cb,config_attr_value,0); - } else + } else { if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) { - cb_register_supported_control(cb,config_attr_value,0); - } else - if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { - cb_unregister_supported_control(cb,config_attr_value,0); + cb_register_supported_control(cb,config_attr_value,0); + } else { + if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { + cb_unregister_supported_control(cb,config_attr_value,0); + } + } } } - if (NULL == mods[i]->mod_bvalues) + if (NULL == mods[i]->mod_bvalues){ cb_unregister_all_supported_control(cb); - } else - if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_DEBUG )) { - /* assume single-valued */ - if (mods[i]->mod_op & LDAP_MOD_DELETE) - cb_set_debug(0); - else if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) - cb_set_debug(1); - } else - if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS )) { - char * config_attr_value; - int done=0; - - slapi_rwlock_wrlock(cb->config.rwl_config_lock); - - for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) { - config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val; - if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) { - if (!done) { - charray_free(cb->config.chaining_components); - cb->config.chaining_components=NULL; - done=1; - } - /* XXXSD assume dn. Normalize it */ - charray_add(&cb->config.chaining_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); - } else - if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) { - charray_add(&cb->config.chaining_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); - } else - if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { - charray_remove(cb->config.chaining_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value)), - 0 /* freeit */); - } - } - if (NULL == mods[i]->mod_bvalues) { - charray_free(cb->config.chaining_components); - cb->config.chaining_components=NULL; } + } else { + if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_DEBUG )) { + /* assume single-valued */ + if (mods[i]->mod_op & LDAP_MOD_DELETE){ + cb_set_debug(0); + } else if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) { + cb_set_debug(1); + } + } else { + if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_CHAINING_COMPONENTS )) { + char * config_attr_value; + int done=0; + + slapi_rwlock_wrlock(cb->config.rwl_config_lock); + + for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) { + config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val; + if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) { + if (!done) { + charray_free(cb->config.chaining_components); + cb->config.chaining_components=NULL; + done=1; + } + /* XXXSD assume dn. Normalize it */ + charray_add(&cb->config.chaining_components, + slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); + } else { + if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) { + charray_add(&cb->config.chaining_components, + slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); + } else { + if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { + char *remove_val = slapi_ch_strdup(config_attr_value); + charray_remove(cb->config.chaining_components, + slapi_dn_normalize(remove_val), 0 /* freeit */); + slapi_ch_free_string(&remove_val); + } + } + } + } + if (NULL == mods[i]->mod_bvalues) { + charray_free(cb->config.chaining_components); + cb->config.chaining_components=NULL; + } - slapi_rwlock_unlock(cb->config.rwl_config_lock); - } else - if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS )) { - char * config_attr_value; - int done=0; - - slapi_rwlock_wrlock(cb->config.rwl_config_lock); - - for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) { - config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val; - if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) { - if (!done) { - charray_free(cb->config.chainable_components); - cb->config.chainable_components=NULL; - done=1; - } - charray_add(&cb->config.chainable_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value) -)); - } else - if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) { - charray_add(&cb->config.chainable_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value) -)); - } else - if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { - charray_remove(cb->config.chainable_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value) -), - 0 /* freeit */); - } - } - if (NULL == mods[i]->mod_bvalues) { - charray_free(cb->config.chainable_components); - cb->config.chainable_components=NULL; - } - - slapi_rwlock_unlock(cb->config.rwl_config_lock); - } - - + slapi_rwlock_unlock(cb->config.rwl_config_lock); + } else { + if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_CHAINABLE_COMPONENTS )) { + char *config_attr_value; + char *attr_val; + int done=0; + + slapi_rwlock_wrlock(cb->config.rwl_config_lock); + + for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) { + config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val; + if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) { + if (!done) { + charray_free(cb->config.chainable_components);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/chainingdb/cb_conn_stateless.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
Changed
@@ -856,7 +856,7 @@ else { if (conn==pools[i]->conn.conn_list) { pools[i]->conn.conn_list=next_conn; - } else { + } else if(prev_conn){ prev_conn->next=next_conn; } cb_close_and_dispose_connection(conn);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/chainingdb/cb_controls.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/chainingdb/cb_controls.c
Changed
@@ -200,30 +200,30 @@ char * requestor,*rootdn; char * requestorCopy=NULL; - rootdn=cb_get_rootdn(); + rootdn = cb_get_rootdn(); slapi_pblock_get( pb, SLAPI_REQUESTOR_NDN, &requestor ); requestorCopy = slapi_ch_strdup(requestor); slapi_dn_ignore_case(requestorCopy); if (!strcmp( requestorCopy, rootdn )) { /* UTF8- aware */ slapi_log_error( SLAPI_LOG_PLUGIN,CB_PLUGIN_SUBSYSTEM, - "Use of user <%s> incompatible with proxied auth. control\n",rootdn); - rc=LDAP_UNAVAILABLE_CRITICAL_EXTENSION; - slapi_ch_free((void **)&requestorCopy); + "Use of user <%s> incompatible with proxied auth. control\n", + rootdn); + rc = LDAP_UNAVAILABLE_CRITICAL_EXTENSION; + slapi_ch_free_string(&rootdn); + slapi_ch_free_string(&requestorCopy); break; } - slapi_ch_free((void **)&rootdn); - slapi_ch_free((void **)&requestorCopy); + slapi_ch_free_string(&rootdn); + slapi_ch_free_string(&requestorCopy); } addauth=0; ctrls[dCount]=slapi_dup_control(reqControls[cCount]); dCount++; - } else - if (!strcmp(reqControls[cCount]->ldctl_oid,CB_LDAP_CONTROL_CHAIN_SERVER) && - reqControls[cCount]->ldctl_value.bv_val) { - + } else if (!strcmp(reqControls[cCount]->ldctl_oid,CB_LDAP_CONTROL_CHAIN_SERVER) && + BV_HAS_DATA((&(reqControls[cCount]->ldctl_value)))) { /* Max hop count reached ? */ /* Checked earlier by a call to cb_forward_operation() */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/chainingdb/cb_instance.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/chainingdb/cb_instance.c
Changed
@@ -405,7 +405,7 @@ } else if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { charray_remove(inst->illegal_attributes, - slapi_ch_strdup(config_attr_value), + config_attr_value, 0 /* freeit */); } } @@ -417,43 +417,40 @@ continue; } if ( !strcasecmp ( attr_name, CB_CONFIG_CHAINING_COMPONENTS )) { - char * config_attr_value; - int done=0; + char *config_attr_value; + char *attr_val; + int done=0; int j; - slapi_rwlock_wrlock(inst->rwl_config_lock); - for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) { - config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val; - if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) { - if (!done) { - charray_free(inst->chaining_components); - inst->chaining_components=NULL; - done=1; - } + slapi_rwlock_wrlock(inst->rwl_config_lock); + for (j = 0; mods[i]->mod_bvalues && mods[i]->mod_bvalues[j]; j++) { + config_attr_value = (char *) mods[i]->mod_bvalues[j]->bv_val; + if (SLAPI_IS_MOD_REPLACE(mods[i]->mod_op)) { + if (!done) { + charray_free(inst->chaining_components); + inst->chaining_components=NULL; + done=1; + } /* XXXSD assume dns */ - charray_add(&inst->chaining_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); - } else - if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) { - charray_add(&inst->chaining_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); - } else - if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { - charray_remove(inst->chaining_components, - slapi_dn_normalize(slapi_ch_strdup(config_attr_value)), - 0 /* freeit */); - } - } - if (NULL == mods[i]->mod_bvalues) { - charray_free(inst->chaining_components); - inst->chaining_components=NULL; - } - slapi_rwlock_unlock(inst->rwl_config_lock); - continue; + charray_add(&inst->chaining_components, + slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); + } else if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) { + charray_add(&inst->chaining_components, + slapi_dn_normalize(slapi_ch_strdup(config_attr_value))); + } else if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { + attr_val = slapi_dn_normalize(slapi_ch_strdup(config_attr_value)); + charray_remove(inst->chaining_components,attr_val, 0 /* freeit */); + slapi_ch_free_string(&attr_val); + } + } + if (NULL == mods[i]->mod_bvalues) { + charray_free(inst->chaining_components); + inst->chaining_components=NULL; + } + slapi_rwlock_unlock(inst->rwl_config_lock); + continue; } - - if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op) || SLAPI_IS_MOD_ADD(mods[i]->mod_op)) { @@ -511,15 +508,15 @@ */ int -cb_parse_instance_config_entry(cb_backend * cb, Slapi_Entry * e) { - - int rc =LDAP_SUCCESS; - Slapi_Attr *attr = NULL; - Slapi_Value *sval; - const struct berval *attrValue; - cb_backend_instance *inst=NULL; - char *instname; - char retmsg[CB_BUFSIZE]; +cb_parse_instance_config_entry(cb_backend * cb, Slapi_Entry * e) +{ + cb_backend_instance *inst = NULL; + Slapi_Attr *attr = NULL; + Slapi_Value *sval; + const struct berval *attrValue; + char *instname; + char retmsg[CB_BUFSIZE]; + int rc = LDAP_SUCCESS; CB_ASSERT(e!=NULL); @@ -529,17 +526,17 @@ */ if ( 0 == slapi_entry_attr_find( e, CB_CONFIG_INSTNAME, &attr )) { - slapi_attr_first_value(attr, &sval); - attrValue = slapi_value_get_berval(sval); - instname=attrValue->bv_val; + slapi_attr_first_value(attr, &sval); + attrValue = slapi_value_get_berval(sval); + instname = attrValue->bv_val; } else { slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM, "Malformed backend instance (<%s> missing)>\n", CB_CONFIG_INSTNAME); - return LDAP_LOCAL_ERROR; + return -1; } - /* Allocate a new backend internal data structure */ - inst = cb_instance_alloc(cb,instname,slapi_entry_get_dn(e)); + /* Allocate a new backend internal data structure */ + inst = cb_instance_alloc(cb,instname,slapi_entry_get_dn(e)); /* Emulate a add config entry to configure */ /* this backend instance. */ @@ -556,99 +553,96 @@ */ static int -cb_instance_config_initialize(cb_backend_instance * inst, Slapi_Entry * e , int phase, int apply) { - - int rc =LDAP_SUCCESS; - Slapi_Attr *attr = NULL; - Slapi_Value *sval; - struct berval * bval; - int using_def_connlifetime,i; - char err_buf[SLAPI_DSE_RETURNTEXT_SIZE]; - int urlfound=0; - char *rootdn; +cb_instance_config_initialize(cb_backend_instance * inst, Slapi_Entry * e , int phase, int apply) +{ + Slapi_Attr *attr = NULL; + Slapi_Value *sval; + Slapi_DN *suffix; + struct berval *bval; + char err_buf[SLAPI_DSE_RETURNTEXT_SIZE]; + char *attr_name = NULL; + char *rootdn; + int using_def_connlifetime, i; + int urlfound = 0; + int rc = LDAP_SUCCESS; using_def_connlifetime=1; - for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) { - char * attr_name=NULL; - slapi_attr_get_type(attr, &attr_name); + for (slapi_entry_first_attr(e, &attr); attr; slapi_entry_next_attr(e, attr, &attr)) { + attr_name = NULL; + slapi_attr_get_type(attr, &attr_name); if ( !strcasecmp ( attr_name, CB_CONFIG_SUFFIX )) { if (apply && ( inst->inst_be != NULL )) { - Slapi_DN *suffix; suffix = slapi_sdn_new(); - i = slapi_attr_first_value(attr, &sval); - while (i != -1 ) { - bval = (struct berval *) slapi_value_get_berval(sval); - slapi_sdn_set_dn_byref(suffix, bval->bv_val); - - if (!slapi_be_issuffix(inst->inst_be, suffix)) { - slapi_be_addsuffix(inst->inst_be, suffix); - } - i = slapi_attr_next_value(attr, i, &sval); - } + i = slapi_attr_first_value(attr, &sval); + while (i != -1 ) { + bval = (struct berval *) slapi_value_get_berval(sval); + slapi_sdn_set_dn_byref(suffix, bval->bv_val); + + if (!slapi_be_issuffix(inst->inst_be, suffix)) { + slapi_be_addsuffix(inst->inst_be, suffix); + } + i = slapi_attr_next_value(attr, i, &sval); + } slapi_sdn_free(&suffix); } - continue; - } else - if ( !strcasecmp ( attr_name, CB_CONFIG_CHAINING_COMPONENTS )) { - - if (apply) { - slapi_rwlock_wrlock(inst->rwl_config_lock); - i = slapi_attr_first_value(attr, &sval);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/chainingdb/cb_utils.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/chainingdb/cb_utils.c
Changed
@@ -148,7 +148,7 @@ int iscritical=0; if (slapi_control_present(ctrls,CB_LDAP_CONTROL_CHAIN_SERVER,&ctl_value,&iscritical) && - ctl_value && ctl_value->bv_val) { + BV_HAS_DATA(ctl_value)) { /* Decode control data */ /* hop INTEGER (0 .. maxInt) */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/collation/collate.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/collation/collate.c
Changed
@@ -437,11 +437,7 @@ profile->variant == NULL); UErrorCode err = U_ZERO_ERROR; if ( ! is_default) { - if (locale) { - PR_smprintf_free(locale); - locale = NULL; - } - err = s_newNamedLocaleFromComponents(&locale, + err = s_newNamedLocaleFromComponents(&locale, profile->language, profile->country, profile->variant); @@ -460,27 +456,27 @@ ucol_setAttribute (coll, UCOL_STRENGTH, profile->strength, &err); if (err != U_ZERO_ERROR && err != U_USING_FALLBACK_WARNING && (err != U_USING_DEFAULT_WARNING || !is_default)) { - LDAPDebug (LDAP_DEBUG_ANY, "collation_indexer_create: could not " + LDAPDebug (LDAP_DEBUG_ANY, "collation_indexer_create: could not " "set the collator strength for oid %s to %d: err %d\n", oid, profile->strength, err); } ucol_setAttribute (coll, UCOL_DECOMPOSITION_MODE, profile->decomposition, &err); if (err != U_ZERO_ERROR && err != U_USING_FALLBACK_WARNING && (err != U_USING_DEFAULT_WARNING || !is_default)) { - LDAPDebug (LDAP_DEBUG_ANY, "collation_indexer_create: could not " + LDAPDebug (LDAP_DEBUG_ANY, "collation_indexer_create: could not " "set the collator decomposition mode for oid %s to %d: err %d\n", oid, profile->decomposition, err); } etc->collator = coll; for (id = collation_id; *id; ++id) { - if ((*id)->profile == profile) { - break; /* found the 'official' id */ - } + if ((*id)->profile == profile) { + break; /* found the 'official' id */ + } } - if (!*id) { - LDAPDebug (LDAP_DEBUG_ANY, "collation_indexer_create: id not found\n", 0, 0, 0); - goto error; - } + if (!*id) { + LDAPDebug (LDAP_DEBUG_ANY, "collation_indexer_create: id not found\n", 0, 0, 0); + goto error; + } ix->ix_etc = etc; ix->ix_oid = (*id)->oid;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/deref/deref.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/deref/deref.c
Changed
@@ -382,7 +382,7 @@ PR_ASSERT(ctrlbv && ctrlbv->bv_val && ctrlbv->bv_len && ldapcode && ldaperrtext); - if (!ctrlbv || !ctrlbv->bv_val) { + if (!BV_HAS_DATA(ctrlbv)) { *ldapcode = LDAP_PROTOCOL_ERROR; *ldaperrtext = "Empty deref control value"; return; @@ -440,7 +440,7 @@ int ldapcode = LDAP_SUCCESS; const LDAPControl **reqctrls = NULL; const LDAPControl *derefctrl = NULL; - const char *ldaperrtext; + const char *ldaperrtext = "Unknown error"; const char *incompatible = NULL; DerefSpecList *speclist = NULL; int ii;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/dna/dna.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/dna/dna.c
Changed
@@ -93,6 +93,7 @@ #define DNA_SHARED_CFG_DN "dnaSharedCfgDN" /* Shared Config */ +#define DNA_SHAREDCONFIG "dnaSharedConfig" #define DNA_REMAINING "dnaRemainingValues" #define DNA_THRESHOLD "dnaThreshold" #define DNA_HOSTNAME "dnaHostname" @@ -219,7 +220,7 @@ * Local operation functions * */ -static int dna_load_plugin_config(); +static int dna_load_plugin_config(int use_eventq); static int dna_parse_config_entry(Slapi_Entry * e, int apply); static void dna_delete_config(); static void dna_free_config_entry(struct configEntry ** entry); @@ -571,7 +572,7 @@ slapi_ch_calloc(1, sizeof(struct configEntry)); PR_INIT_CLIST(dna_global_config); - if (dna_load_plugin_config() != DNA_SUCCESS) { + if (dna_load_plugin_config(1/* use eventq */) != DNA_SUCCESS) { slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, "dna_start: unable to load plug-in configuration\n"); return DNA_FAILURE; @@ -639,7 +640,7 @@ * ------ cn=etc etc */ static int -dna_load_plugin_config() +dna_load_plugin_config(int use_eventq) { int status = DNA_SUCCESS; int result; @@ -649,7 +650,8 @@ Slapi_Entry **entries = NULL; slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, - "--> dna_load_plugin_config\n"); + "--> dna_load_plugin_config %s\n", + use_eventq?"using event queue":""); dna_write_lock(); dna_delete_config(); @@ -664,6 +666,7 @@ if (LDAP_SUCCESS != result) { status = DNA_FAILURE; + dna_unlock(); goto cleanup; } @@ -671,6 +674,7 @@ &entries); if (NULL == entries || NULL == entries[0]) { status = DNA_SUCCESS; + dna_unlock(); goto cleanup; } @@ -680,19 +684,24 @@ * looking for valid ones. */ dna_parse_config_entry(entries[i], 1); } + dna_unlock(); - /* Setup an event to update the shared config 30 - * seconds from now. We need to do this since - * performing the operation at this point when - * starting up would cause the change to not - * get changelogged. */ - time(&now); - slapi_eq_once(dna_update_config_event, NULL, now + 30); + if (use_eventq) { + /* Setup an event to update the shared config 30 + * seconds from now. We need to do this since + * performing the operation at this point when + * starting up would cause the change to not + * get changelogged. */ + time(&now); + slapi_eq_once(dna_update_config_event, NULL, now + 30); + } else { + int arg = 0; /* not used. */ + dna_update_config_event(0, &arg); + } cleanup: slapi_free_search_results_internal(search_pb); slapi_pblock_destroy(search_pb); - dna_unlock(); slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM, "<-- dna_load_plugin_config\n"); @@ -804,10 +813,9 @@ value = slapi_entry_attr_get_charptr(e, DNA_GENERATE); if (value) { entry->generate = value; - } - - slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, + slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM, "----------> %s [%s]\n", DNA_GENERATE, entry->generate); + } value = slapi_entry_attr_get_charptr(e, DNA_FILTER); if (value) { @@ -1242,7 +1250,6 @@ struct configEntry *config_entry = NULL; PRCList *list = NULL; - /* Get read lock to prevent config changes */ dna_read_lock(); /* Bail out if the plug-in close function was just called. */ @@ -1508,11 +1515,13 @@ * to lowest. */ struct dnaServer *sitem; PRCList* item = PR_LIST_HEAD(*servers); + int inserted = 0; while (item != *servers) { sitem = (struct dnaServer *)item; if (server->remaining > sitem->remaining) { PR_INSERT_BEFORE(&(server->list), item); + inserted = 1; break; } @@ -1521,9 +1530,13 @@ if (*servers == item) { /* add to tail */ PR_INSERT_BEFORE(&(server->list), item); + inserted = 1; break; } } + if(!inserted){ + dna_free_shared_server(&server); + } } } } @@ -1654,7 +1667,7 @@ } /* Parse response */ - if (responsedata && responsedata->bv_val) { + if (BV_HAS_DATA(responsedata)) { respber = ber_init(responsedata); if (ber_scanf(respber, "{aa}", &lower_str, &upper_str) == LBER_ERROR) { ret = LDAP_PROTOCOL_ERROR; @@ -1852,7 +1865,7 @@ } else { /* This is a single-type range, so just use the first (only) * type from the list. */ - ctrls = (LDAPControl **)slapi_ch_calloc(2, sizeof(LDAPControl)); + ctrls = (LDAPControl **)slapi_ch_calloc(2, sizeof(LDAPControl *)); if (NULL == ctrls) return LDAP_OPERATIONS_ERROR; @@ -2162,7 +2175,7 @@ slapi_entry_init_ext(e, sdn, NULL); /* sdn is copied into e */ slapi_sdn_free(&sdn); - slapi_entry_add_string(e, SLAPI_ATTR_OBJECTCLASS, "dnaSharedConfig"); + slapi_entry_add_string(e, SLAPI_ATTR_OBJECTCLASS, DNA_SHAREDCONFIG); slapi_entry_add_string(e, DNA_HOSTNAME, hostname); slapi_entry_add_string(e, DNA_PORTNUM, portnum); if (secureportnum) { @@ -2760,7 +2773,7 @@ /* This function is called at BEPREOP timing to add uid/gidNumber * if modtype is missing */ static int -_dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e) +_dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e, char **errstr) { int ret = 0; PRCList *list = NULL; @@ -2809,8 +2822,7 @@ /* does the entry match the filter? */ if (config_entry->slapi_filter) { - ret = slapi_vattr_filter_test(pb, e, config_entry->slapi_filter, - 0); + ret = slapi_vattr_filter_test(pb, e, config_entry->slapi_filter, 0); if (LDAP_SUCCESS != ret) { goto next; } @@ -2820,28 +2832,23 @@ /* For a multi-type range, we only generate a value * for types where the magic value is set. We do not * generate a value for missing types. */ - for (i = 0; config_entry->types && config_entry->types[i]; - i++) { - value = slapi_entry_attr_get_charptr(e, - config_entry->types[i]); - - if (value && - !slapi_UTF8CASECMP(config_entry->generate, value)) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/http/http_impl.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/http/http_impl.c
Changed
@@ -260,7 +260,7 @@ PRInt32 port; PRInt32 errcode = 0; PRInt32 http_connection_time_out = 0; - PRInt32 sslOn; + PRInt32 sslOn = 0; LDAPDebug( LDAP_DEBUG_PLUGIN, "--> doRequest -- BEGIN\n",0,0,0); @@ -1178,7 +1178,7 @@ struct SECKEYPrivateKeyStr **pRetKey) { CERTCertificate * cert; - SECKEYPrivateKey * privKey; + SECKEYPrivateKey * privKey = NULL; char * chosenNickName = (char *)arg; void * proto_win = NULL; SECStatus secStatus = SECFailure;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/linkedattrs/linked_attrs.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/linkedattrs/linked_attrs.c
Changed
@@ -755,6 +755,7 @@ struct configEntry *config_entry = NULL; struct configIndex *index_entry = NULL; PRCList *list = PR_LIST_HEAD(g_managed_config_index); + int inserted = 0; index_entry = (struct configIndex *)slapi_ch_calloc(1, sizeof(struct configIndex)); index_entry->config = entry; @@ -769,6 +770,7 @@ slapi_log_error(SLAPI_LOG_CONFIG, LINK_PLUGIN_SUBSYSTEM, "store [%s] before [%s] \n", entry->dn, config_entry->dn); + inserted = 1; break; } @@ -779,6 +781,7 @@ PR_INSERT_BEFORE(&(index_entry->list), list); slapi_log_error(SLAPI_LOG_CONFIG, LINK_PLUGIN_SUBSYSTEM, "store [%s] at tail\n", entry->dn); + inserted = 1; break; } } @@ -787,6 +790,10 @@ slapi_log_error(SLAPI_LOG_CONFIG, LINK_PLUGIN_SUBSYSTEM, "store [%s] at head \n", entry->dn); PR_INSERT_LINK(&(index_entry->list), g_managed_config_index); + inserted = 1; + } + if(!inserted){ + slapi_ch_free((void **)&index_entry); } } @@ -1231,10 +1238,21 @@ int linked_attrs_compare(const void *a, const void *b) { + Slapi_Value *val1; + Slapi_Value *val2; + Slapi_Attr *linkattr; int rc = 0; - Slapi_Value *val1 = *((Slapi_Value **)a); - Slapi_Value *val2 = *((Slapi_Value **)b); - Slapi_Attr *linkattr = slapi_attr_new(); + + if(a == NULL && b != NULL){ + return 1; + } else if(a != NULL && b == NULL){ + return -1; + } else if(a == NULL && b == NULL){ + return 0; + } + val1 = *((Slapi_Value **)a); + val2 = *((Slapi_Value **)b); + linkattr = slapi_attr_new(); slapi_attr_init(linkattr, "distinguishedName");
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/memberof/memberof.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/memberof/memberof.c
Changed
@@ -460,7 +460,7 @@ /* Loop through each grouping attribute to find groups that have * dn as a member. For any matches, delete the dn value from the * same grouping attribute. */ - for (i = 0; config->groupattrs[i]; i++) + for (i = 0; config->groupattrs && config->groupattrs[i]; i++) { memberof_del_dn_data data = {(char *)slapi_sdn_get_dn(sdn), config->groupattrs[i]}; @@ -712,7 +712,7 @@ /* Loop through each grouping attribute to find groups that have * pre_dn as a member. For any matches, replace pre_dn with post_dn * using the same grouping attribute. */ - for (i = 0; config->groupattrs[i]; i++) + for (i = 0; config->groupattrs && config->groupattrs[i]; i++) { replace_dn_data data = {(char *)slapi_sdn_get_ndn(pre_sdn), (char *)slapi_sdn_get_ndn(post_sdn), @@ -977,7 +977,7 @@ memberof_lock(); - for (i = 0; configCopy.groupattrs[i]; i++) + for (i = 0; configCopy.groupattrs && configCopy.groupattrs[i]; i++) { if(0 == slapi_entry_attr_find(e, configCopy.groupattrs[i], &attr)) { @@ -1105,6 +1105,13 @@ const char *op_this = slapi_sdn_get_ndn(op_this_sdn); Slapi_Value *to_dn_val = slapi_value_new_string(op_to); Slapi_Value *this_dn_val = slapi_value_new_string(op_this); + + if(this_dn_val == NULL || to_dn_val == NULL){ + slapi_log_error( SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM, + "memberof_modop_one_replace_r: failed to get DN values (NULL)\n"); + goto bail; + } + /* op_this and op_to are both case-normalized */ slapi_value_set_flags(this_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS); slapi_value_set_flags(to_dn_val, SLAPI_ATTR_FLAG_NORMALIZED_CIS); @@ -2196,8 +2203,18 @@ */ int memberof_compare(MemberOfConfig *config, const void *a, const void *b) { - Slapi_Value *val1 = *((Slapi_Value **)a); - Slapi_Value *val2 = *((Slapi_Value **)b); + Slapi_Value *val1; + Slapi_Value *val2; + + if(a == NULL && b != NULL){ + return 1; + } else if(a != NULL && b == NULL){ + return -1; + } else if(a == NULL && b == NULL){ + return 0; + } + val1 = *((Slapi_Value **)a); + val2 = *((Slapi_Value **)b); /* We only need to provide a Slapi_Attr here for it's syntax. We * already validated all grouping attributes to use the Distinguished
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/memberof/memberof_config.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/memberof/memberof_config.c
Changed
@@ -486,7 +486,7 @@ slapi_ch_array_free(config->groupattrs); slapi_filter_free(config->group_filter, 1); - for (i = 0; config->group_slapiattrs[i]; i++) + for (i = 0; config->group_slapiattrs && config->group_slapiattrs[i]; i++) { slapi_attr_free(&config->group_slapiattrs[i]); }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/mep/mep.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/mep/mep.c
Changed
@@ -2637,6 +2637,7 @@ /* Bail out if the plug-in close function was just called. */ if (!g_plugin_started) { mep_config_unlock(); + slapi_ch_free_string(&managed_dn); slapi_pblock_destroy(mep_pb); return 0; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/pam_passthru/pam_ptconfig.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/pam_passthru/pam_ptconfig.c
Changed
@@ -603,6 +603,7 @@ PRCList *list; Slapi_Attr *a = NULL; char *filter_str = NULL; + int inserted = 0; pam_ident_attr = slapi_entry_attr_get_charptr(e, PAMPT_PAM_IDENT_ATTR); map_method = slapi_entry_attr_get_charptr(e, PAMPT_MAP_METHOD_ATTR); @@ -689,6 +690,7 @@ PR_INSERT_BEFORE(&(entry->list), list); slapi_log_error(SLAPI_LOG_CONFIG, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "store [%s] at tail\n", entry->dn); + inserted = 1; break; } } @@ -697,9 +699,13 @@ PR_INSERT_LINK(&(entry->list), pam_passthru_global_config); slapi_log_error(SLAPI_LOG_CONFIG, PAM_PASSTHRU_PLUGIN_SUBSYSTEM, "store [%s] at head \n", entry->dn); + inserted = 1; } bail: + if(!inserted){ + pam_passthru_free_config_entry(&entry); + } slapi_ch_free_string(&new_service); slapi_ch_free_string(&map_method); slapi_ch_free_string(&pam_ident_attr);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/pam_passthru/pam_ptimpl.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/pam_passthru/pam_ptimpl.c
Changed
@@ -263,7 +263,7 @@ MyStrBuf pam_id; const char *binddn = NULL; Slapi_DN *bindsdn = NULL; - int rc; + int rc = PAM_SUCCESS; int retcode = LDAP_SUCCESS; pam_handle_t *pam_handle; struct my_pam_conv_str my_data;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/posix-winsync/posix-group-func.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/posix-winsync/posix-group-func.c
Changed
@@ -18,13 +18,18 @@ $Id: posix-group-func.c 28 2011-05-13 14:35:29Z grzemba $ */ #include "slapi-plugin.h" +#include "slapi-private.h" #include <string.h> #include <nspr.h> #include "posix-wsp-ident.h" +#define MAX_RECURSION_DEPTH (5) + Slapi_Value ** valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */ +static int hasObjectClass(Slapi_Entry *entry, const char *objectClass); + static PRMonitor *memberuid_operation_lock = 0; void @@ -45,58 +50,100 @@ return (memberuid_operation_lock = PR_NewMonitor()) != NULL; } +void +addDynamicGroupIfNecessary(Slapi_Entry *entry, Slapi_Mods *smods) { + Slapi_Attr *oc_attr = NULL; + Slapi_Value *voc = slapi_value_new(); + + slapi_value_init_string(voc, "dynamicGroup"); + slapi_entry_attr_find(entry, "objectClass", &oc_attr); + + if (slapi_attr_value_find(oc_attr, slapi_value_get_berval(voc)) != 0) { + if (smods) { + slapi_mods_add_string(smods, LDAP_MOD_ADD, "objectClass", "dynamicGroup"); + } + else { + smods = slapi_mods_new(); + slapi_mods_add_string(smods, LDAP_MOD_ADD, "objectClass", "dynamicGroup"); + + Slapi_PBlock *mod_pb = slapi_pblock_new(); + slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(entry), slapi_mods_get_ldapmods_passout(smods), 0, 0, + posix_winsync_get_plugin_identity(), 0); + slapi_modify_internal_pb(mod_pb); + slapi_pblock_destroy(mod_pb); + + slapi_mods_free(&smods); + } + } + + slapi_value_free(&voc); +} + +Slapi_Entry * +getEntry(const char *udn, char **attrs) +{ + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "getEntry: search %s\n", udn); + + Slapi_DN *udn_sdn = slapi_sdn_new_dn_byval(udn); + Slapi_Entry *result = NULL; + int rc = slapi_search_internal_get_entry(udn_sdn, attrs, &result, posix_winsync_get_plugin_identity()); + slapi_sdn_free(&udn_sdn); + + if (rc == 0) { + if (result != NULL) { + return result; /* Must be freed */ + } + else { + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "getEntry: %s not found\n", udn); + } + } + else { + slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME, + "getEntry: error searching for uid: %d\n", rc); + } + + return NULL; +} + /* search the user with DN udn and returns uid*/ char * searchUid(const char *udn) { - Slapi_PBlock *int_search_pb = slapi_pblock_new(); - Slapi_Entry **entries = NULL; - char *attrs[] = { "uid", NULL }; + char *attrs[] = { "uid", "objectclass", NULL }; + Slapi_Entry *entry = getEntry(udn, + /* "(|(objectclass=posixAccount)(objectclass=ldapsubentry))", */ + attrs); char *uid = NULL; - slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "search Uid: search %s\n", udn); + if (entry) { + Slapi_Attr *attr = NULL; + Slapi_Value *v = NULL; - slapi_search_internal_set_pb(int_search_pb, udn, LDAP_SCOPE_BASE, - "(|(objectclass=posixAccount)(objectclass=ldapsubentry))", attrs, - 0 /* attrsonly */, NULL /* controls */, NULL /* uniqueid */, - posix_winsync_get_plugin_identity(), 0 /* actions */); - if (slapi_search_internal_pb(int_search_pb)) { - /* get result and log an error */ - int res = 0; - slapi_pblock_get(int_search_pb, SLAPI_PLUGIN_INTOP_RESULT, &res); - slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME, - "searchUid: error searching for uid: %d", res); - } else { - slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "searchUid: searched %s\n", - udn); - slapi_pblock_get(int_search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); - if (NULL != entries && NULL != entries[0]) { - Slapi_Attr *attr = NULL; - Slapi_Value *v = NULL; + if (slapi_entry_attr_find(entry, "uid", &attr) == 0 && hasObjectClass(entry, "posixAccount")) { + slapi_attr_first_value(attr, &v); + uid = slapi_ch_strdup(slapi_value_get_string(v)); + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "searchUid: return uid %s\n", uid); + } else { + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "searchUid: uid in %s not found\n", udn); + } - if (slapi_entry_attr_find(entries[0], "uid", &attr) == 0) { - slapi_attr_first_value(attr, &v); - uid = slapi_ch_strdup(slapi_value_get_string(v)); - slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, - "searchUid: return uid %s\n", uid); - /* slapi_value_free(&v); */ - } else { - slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, - "searchUid: uid in %s not found\n", udn); - } - slapi_free_search_results_internal(int_search_pb); - slapi_pblock_destroy(int_search_pb); - if (uid && posix_winsync_config_get_lowercase()) { - return slapi_dn_ignore_case(uid); - } - return uid; + if (uid && posix_winsync_config_get_lowercase()) { + uid = slapi_dn_ignore_case(uid); } + + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "searchUid: About to free entry (%s)\n", udn); + + slapi_entry_free(entry); } - slapi_free_search_results_internal(int_search_pb); - slapi_pblock_destroy(int_search_pb); + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, - "searchUid: posix user %s not found\n", udn); - return NULL; + "searchUid(%s): <==\n", udn); + + return uid; } int @@ -152,6 +199,36 @@ return false; } +int +uid_in_valueset(const char* uid, Slapi_ValueSet *uids) +{ + int i; + Slapi_Value *v = NULL; + + if (uid == NULL) + return false; + for (i = slapi_valueset_first_value(uids, &v); i != -1; + i = slapi_valueset_next_value(uids, i, &v)) { + Slapi_RDN *i_rdn = NULL; + char *i_uid = NULL; + char *t = NULL; + + const char *uid_i = slapi_value_get_string(v); + + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "uid_in_valueset: comp %s %s \n", + uid, uid_i); + i_rdn = slapi_rdn_new_dn(uid_i); + if (slapi_rdn_get_first(i_rdn, &t, &i_uid) == 1) { + if (strncasecmp(uid, i_uid, 256) == 0) { + slapi_rdn_free(&i_rdn); + return true; + } + } + slapi_rdn_free(&i_rdn); + } + return false; +} + /* return 1 if smods already has the given mod - 0 otherwise */ static int smods_has_mod(Slapi_Mods *smods, int modtype, const char *type, const char *val) @@ -185,8 +262,8 @@ return rc;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/posix-winsync/posix-group-func.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/posix-winsync/posix-group-func.h
Changed
@@ -17,5 +17,7 @@ void memberUidLock(); void memberUidUnlock(); int memberUidLockInit(); +int addUserToGroupMembership(Slapi_Entry *entry); +void propogateDeletionsUpward(Slapi_Entry *, const Slapi_DN *, Slapi_ValueSet*, Slapi_ValueSet *, int); #endif
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/posix-winsync/posix-group-task.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/posix-winsync/posix-group-task.c
Changed
@@ -1,6 +1,7 @@ #include "slapi-plugin.h" +#include "slapi-private.h" #include "nspr.h" - +#include <string.h> #include "posix-wsp-ident.h" #include "posix-group-func.h" @@ -25,11 +26,17 @@ } posix_group_data_data; */ +Slapi_Value ** +valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */ + /* interface function */ int posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int *returncode, char *returntext, void *arg); +Slapi_Entry * +getEntry(const char *udn, char **attrs); + static void posix_group_task_destructor(Slapi_Task *task); static void @@ -67,6 +74,10 @@ *returncode = LDAP_SUCCESS; + + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: ==>\n"); + /* get arg(s) */ /* default: set replication basedn */ if ((dn = fetch_attr(e, "basedn", slapi_sdn_get_dn(posix_winsync_config_get_suffix()))) == NULL) { @@ -75,12 +86,18 @@ goto out; } - if ((filter = fetch_attr(e, "filter", "(&(objectclass=posixGroup)(uniquemember=*))")) == NULL) { + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: retrieved basedn: %s\n", dn); + + if ((filter = fetch_attr(e, "filter", "(objectclass=ntGroup)")) == NULL) { *returncode = LDAP_OBJECT_CLASS_VIOLATION; rv = SLAPI_DSE_CALLBACK_ERROR; goto out; } + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: retrieved filter: %s\n", filter); + /* setup our task data */ mytaskdata = (task_data*) slapi_ch_malloc(sizeof(task_data)); if (mytaskdata == NULL) { @@ -91,19 +108,41 @@ mytaskdata->dn = slapi_ch_strdup(dn); mytaskdata->filter_str = slapi_ch_strdup(filter); + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: task data allocated\n"); + /* allocate new task now */ - task = slapi_new_task(slapi_entry_get_ndn(e)); + char * ndn = slapi_entry_get_ndn(e); + + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: creating task object: %s\n", + ndn); + + task = slapi_new_task(ndn); + + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: task object created\n"); /* register our destructor for cleaning up our private data */ slapi_task_set_destructor_fn(task, posix_group_task_destructor); + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: task destructor set\n"); + /* Stash a pointer to our data in the task */ slapi_task_set_data(task, mytaskdata); + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: task object initialized\n"); + /* start the sample task as a separate thread */ thread = PR_CreateThread(PR_USER_THREAD, posix_group_fixup_task_thread, (void *) task, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_UNJOINABLE_THREAD, SLAPD_DEFAULT_THREAD_STACKSIZE); + + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: thread created\n"); + if (thread == NULL) { slapi_log_error(SLAPI_LOG_FATAL, POSIX_WINSYNC_PLUGIN_NAME, "unable to create task thread!\n"); @@ -114,7 +153,11 @@ rv = SLAPI_DSE_CALLBACK_OK; } - out: return rv; +out: + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "posix_group_task_add: <==\n"); + + return rv; } static void @@ -131,6 +174,7 @@ } } +#ifdef USE_POSIX_GROUP_DEL_MEMBERUID static int posix_group_del_memberuid_callback(Slapi_Entry *e, void *callback_data) { @@ -165,6 +209,7 @@ return rc; } +#endif static int posix_group_fix_memberuid(char *dn, char *filter_str, void *txn) @@ -195,86 +240,175 @@ static int posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data) { - int rc = 0; + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "_fix_memberuid ==>\n"); + cb_data *the_cb_data = (cb_data *) callback_data; + + int rc; + Slapi_Attr *muid_attr = NULL; + Slapi_Value *v = NULL; + + Slapi_Mods *smods = slapi_mods_new(); + char *dn = slapi_entry_get_dn(e); Slapi_DN *sdn = slapi_entry_get_sdn(e); + LDAPMod **mods = NULL; - Slapi_Attr *obj_attr = NULL; +/* Clean out memberuids and dsonlymemberuids without a valid referant */ + rc = slapi_entry_attr_find(e, "memberuid", &muid_attr); + if (rc == 0 && muid_attr) { + Slapi_PBlock *search_pb = slapi_pblock_new(); + + Slapi_Attr *dsmuid_attr = NULL; + Slapi_ValueSet *dsmuid_vs = NULL; + + char *attrs[] = { "uid", NULL }; + + rc = slapi_entry_attr_find(e, "dsonlymemberuid", &dsmuid_attr); + if (rc == 0 && dsmuid_attr) { + slapi_attr_get_valueset(dsmuid_attr, &dsmuid_vs); + } + + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "_fix_memberuid scan for orphaned memberuids\n"); + + int i; + for (i = slapi_attr_first_value(muid_attr, &v); i != -1; + i = slapi_attr_next_value(muid_attr, i, &v)) { + const char *muid = slapi_value_get_string(v); + + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "_fix_memberuid iterating memberuid: %s\n", + muid); + size_t vallen = muid ? strlen(muid) : 0; + char *filter_escaped_value = slapi_ch_calloc(sizeof(char), vallen*3+1); + char *filter = slapi_ch_smprintf("(uid=%s)", escape_filter_value(muid, vallen, filter_escaped_value)); + slapi_ch_free_string(&filter_escaped_value); + + Slapi_Entry **search_entries = NULL; + + slapi_search_internal_set_pb(search_pb, + the_cb_data->dn, + LDAP_SCOPE_SUBTREE, + filter, + attrs, 0, NULL, NULL, + posix_winsync_get_plugin_identity(), 0); + + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "_fix_memberuid searching %s with filter: %s\n", + the_cb_data->dn, filter); + + rc = slapi_search_internal_pb(search_pb); + + slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &search_entries); + + if (!search_entries || !search_entries[0]) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/posix-winsync/posix-winsync-config.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
Changed
@@ -142,6 +142,12 @@ return theConfig.mssfuSchema; } +PRBool +posix_winsync_config_get_mapNestedGrouping() +{ + return theConfig.mapNestedGrouping; +} + Slapi_DN * posix_winsync_config_get_suffix() { @@ -182,6 +188,7 @@ theConfig.lowercase = PR_FALSE; theConfig.createMemberOfTask = PR_FALSE; theConfig.MOFTaskCreated = PR_FALSE; + theConfig.mapNestedGrouping = PR_FALSE; posix_winsync_apply_config(NULL, NULL, config_e, &returncode, returntext, NULL); /* config DSE must be initialized before we get here */ @@ -224,6 +231,7 @@ PRBool createMemberOfTask = PR_FALSE; PRBool lowercase = PR_FALSE; Slapi_Attr *testattr = NULL; + PRBool mapNestedGrouping = PR_FALSE; *returncode = LDAP_UNWILLING_TO_PERFORM; /* be pessimistic */ @@ -257,6 +265,13 @@ "_apply_config: Config paramter %s: %d\n", POSIX_WINSYNC_LOWER_CASE, lowercase); } + /* propogate memberuids in nested grouping */ + if (!slapi_entry_attr_find(e, POSIX_WINSYNC_MAP_NESTED_GROUPING, &testattr) && (NULL != testattr)) { + mapNestedGrouping = slapi_entry_attr_get_bool(e, POSIX_WINSYNC_MAP_NESTED_GROUPING); + slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, + "_apply_config: Config paramter %s: %d\n", POSIX_WINSYNC_MAP_NESTED_GROUPING, + mapNestedGrouping); + } /* if we got here, we have valid values for everything set the config entry */ slapi_lock_mutex(theConfig.lock); @@ -269,6 +284,7 @@ theConfig.mapMemberUID = mapMemberUID; theConfig.createMemberOfTask = createMemberOfTask; theConfig.lowercase = lowercase; + theConfig.mapNestedGrouping = mapNestedGrouping; /* success */ slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/posix-winsync/posix-winsync.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/posix-winsync/posix-winsync.c
Changed
@@ -63,12 +63,13 @@ #include <dirsrv/winsync-plugin.h> #endif #include <plstr.h> +#include <string.h> #include <strings.h> #include <stdlib.h> #include "posix-wsp-ident.h" #include "posix-group-func.h" -#define MEMBEROFTASK "memberof task" +#define MEMBEROFTASK "memberuid task" Slapi_Value ** valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */ void * @@ -86,14 +87,17 @@ { char *windows_attribute_name; char *ldap_attribute_name; + int isMUST; /* schema: required attribute */ } windows_attribute_map; -static windows_attribute_map user_attribute_map[] = { { "unixHomeDirectory", "homeDirectory" }, - { "loginShell", "loginShell" }, - { "uidNumber", "uidNumber" }, - { "gidNumber", "gidNumber" }, - { "gecos", "gecos" }, - { NULL, NULL } }; +static windows_attribute_map user_attribute_map[] = { + { "unixHomeDirectory", "homeDirectory", 1 }, + { "loginShell", "loginShell", 0 }, + { "uidNumber", "uidNumber", 1 }, + { "gidNumber", "gidNumber", 1 }, + { "gecos", "gecos", 0 }, + { NULL, NULL, 0 } +}; static windows_attribute_map user_mssfu_attribute_map[] = { { "msSFU30homedirectory", "homeDirectory" }, @@ -103,6 +107,7 @@ { "msSFU30gecos", "gecos" }, { NULL, NULL } }; +/* memberUid must be first element or fixup in pre_ad_mod/add_group is required */ static windows_attribute_map group_attribute_map[] = { { "memberUid", "memberUid" }, { "gidNumber", "gidNumber" }, { NULL, NULL } }; @@ -661,7 +666,34 @@ char *ad_type = NULL; int is_present_local; - slapi_attr_get_valueset(attr, &vs); + if (i == 0) { /* memberUid */ + Slapi_Attr *dsmuid_attr = NULL; + Slapi_Value *v = NULL; + slapi_entry_attr_find(ds_entry, "dsonlymemberuid", &dsmuid_attr); + + if (dsmuid_attr) { + Slapi_ValueSet *dsmuid_vs = NULL; + slapi_attr_get_valueset(dsmuid_attr, &dsmuid_vs); + if (dsmuid_vs) { + vs = slapi_valueset_new(); + + int j; + for (j = slapi_attr_first_value(attr, &v); j != -1; + j = slapi_attr_next_value(attr, i, &v)) { + if (!slapi_valueset_find(dsmuid_attr, dsmuid_vs, v)) { + slapi_valueset_add_value(vs, v); + } + } + + slapi_valueset_free(dsmuid_vs); dsmuid_vs = NULL; + } + } + } + + if (!vs) { + slapi_attr_get_valueset(attr, &vs); + } + ad_type = slapi_ch_strdup(attr_map[i].windows_attribute_name); slapi_entry_attr_find(ad_entry, ad_type, &ad_attr); is_present_local = (NULL == ad_attr) ? 0 : 1; @@ -723,7 +755,9 @@ int is_present_local = 0; int do_modify_local = 0; int rc; + int i; windows_attribute_map *attr_map = user_attribute_map; + PRBool posixval = PR_TRUE; if (posix_winsync_config_get_msSFUSchema()) attr_map = user_mssfu_attribute_map; @@ -731,15 +765,33 @@ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "--> _pre_ds_mod_user_cb -- begin\n"); + /* check all of the required attributes are in the ad_entry: + * MUST (cn $ uid $ uidNumber $ gidNumber $ homeDirectory). + * If any of the required attributes are missing, drop them before adding + * the entry to the DS. */ + for (i = 0; attr_map[i].windows_attribute_name != NULL; i++) { + Slapi_Attr *pa_attr; + if (attr_map[i].isMUST && + slapi_entry_attr_find(ad_entry, + attr_map[i].windows_attribute_name, + &pa_attr)) { + /* required attribute does not exist */ + posixval = PR_FALSE; + slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, + "AD entry %s does not have required attribute %s for posixAccount objectclass.\n", + slapi_entry_get_dn_const(ad_entry), + attr_map[i].ldap_attribute_name); + } + } + /* add objectclass: posixAccount, uidnumber ,gidnumber ,homeDirectory, loginshell */ /* in the ad to ds case we have no changelog, so we have to compare the entries */ for (rc = slapi_entry_first_attr(ad_entry, &attr); rc == 0; rc = slapi_entry_next_attr(ad_entry, attr, &attr)) { char *type = NULL; - size_t i = 0; slapi_attr_get_type(attr, &type); - for (; attr_map[i].windows_attribute_name != NULL; i++) { + for (i = 0; attr_map[i].windows_attribute_name != NULL; i++) { if (0 == slapi_attr_type_cmp(type, attr_map[i].windows_attribute_name, SLAPI_TYPE_CMP_SUBTYPE)) { Slapi_Attr *local_attr = NULL; @@ -751,7 +803,10 @@ slapi_entry_attr_find(ds_entry, local_type, &local_attr); is_present_local = (NULL == local_attr) ? 0 : 1; if (is_present_local) { + /* DS entry has the posix attrs. + * I.e., it is a posix account*/ int values_equal = 0; + posixval = PR_TRUE; values_equal = attr_compare_equal(attr, local_attr); if (!values_equal) { slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, @@ -763,8 +818,8 @@ valueset_get_valuearray(vs)); *do_modify = 1; } - } else { - + } else if (posixval) { + /* only if AD provides the all necessary attributes */ slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, local_type, valueset_get_valuearray(vs)); *do_modify = do_modify_local = 1; @@ -776,10 +831,11 @@ } } slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, - "<-- _pre_ds_mod_user_cb present %d modify %d\n", is_present_local, - do_modify_local); + "<-- _pre_ds_mod_user_cb present %d modify %d isPosixaccount %s\n", + is_present_local, do_modify_local, + posixval?"yes":"no"); - if (!is_present_local && do_modify_local) { + if (!is_present_local && do_modify_local && posixval) { Slapi_Attr *oc_attr = NULL; Slapi_Value *voc = slapi_value_new(); @@ -810,6 +866,12 @@ valueset_get_valuearray(oc_vs)); slapi_value_free(&oc_nv); slapi_valueset_free(oc_vs); + + if (posix_winsync_config_get_mapNestedGrouping()) { + memberUidLock(); + addUserToGroupMembership(ds_entry); + memberUidUnlock(); + } } } slapi_value_free(&voc); @@ -897,7 +959,7 @@ slapi_log_error(SLAPI_LOG_PLUGIN, posix_winsync_plugin_name, "_pre_ds_mod_group_cb present %d modify %d before\n", is_present_local, do_modify_local); - if (posix_winsync_config_get_mapMemberUid()) { + if (posix_winsync_config_get_mapMemberUid() || posix_winsync_config_get_mapNestedGrouping()) { memberUidLock(); modGroupMembership(ds_entry, smods, do_modify); memberUidUnlock(); @@ -954,8 +1016,9 @@ { Slapi_Attr *attr = NULL; char *type = NULL; - PRBool posixval = PR_FALSE; + PRBool posixval = PR_TRUE; windows_attribute_map *attr_map = user_attribute_map; + int i = 0; if (posix_winsync_config_get_msSFUSchema()) attr_map = user_mssfu_attribute_map; @@ -964,41 +1027,71 @@
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/posix-winsync/posix-wsp-ident.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/posix-winsync/posix-wsp-ident.h
Changed
@@ -17,7 +17,7 @@ #define POSIX_WINSYNC_MAP_MEMBERUID "posixWinsyncMapMemberUID" #define POSIX_WINSYNC_CREATE_MEMBEROFTASK "posixWinsyncCreateMemberOfTask" #define POSIX_WINSYNC_LOWER_CASE "posixWinsyncLowerCaseUID" - +#define POSIX_WINSYNC_MAP_NESTED_GROUPING "posixWinsyncMapNestedGrouping" void * posix_winsync_get_plugin_identity(); @@ -29,6 +29,7 @@ PRBool lowercase; /* store the uid in group memberuid in lower case */ PRBool createMemberOfTask; /* should memberOf Plugin Task run after AD sync */ PRBool MOFTaskCreated; + PRBool mapNestedGrouping; Slapi_DN *rep_suffix; /* namingContext in DS of the replicated suffix */ } POSIX_WinSync_Config; @@ -42,6 +43,7 @@ void posix_winsync_config_reset_MOFTaskCreated(); void posix_winsync_config_set_MOFTaskCreated(); PRBool posix_winsync_config_get_MOFTaskCreated(); +PRBool posix_winsync_config_get_mapNestedGrouping(); int posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int *returncode, char *returntext,
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/referint/referint.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/referint/referint.c
Changed
@@ -896,7 +896,7 @@ referint_thread_func(void *arg) { char **plugin_argv = (char **)arg; - PRFileDesc *prfd; + PRFileDesc *prfd = NULL; char *logfilename; char thisline[MAX_LINE]; int delay;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/cl5.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/cl5.h
Changed
@@ -73,4 +73,6 @@ /* frees the content and the config structure */ void changelog5_config_free (changelog5Config **config); +#define MAX_TRIALS 50 /* number of retries on db operations */ + #endif
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/cl5_api.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/cl5_api.c
Changed
@@ -67,7 +67,6 @@ #define GUARDIAN_FILE "guardian" /* name of the guardian file */ #define VERSION_FILE "DBVERSION" /* name of the version file */ -#define MAX_TRIALS 50 /* number of retries on db operations */ #define V_5 5 /* changelog entry version */ #define CHUNK_SIZE 64*1024 #define DBID_SIZE 64 @@ -272,8 +271,8 @@ /* changelog initialization and cleanup */ static int _cl5Open (const char *dir, const CL5DBConfig *config, CL5OpenMode openMode); -static int _cl5AppInit (PRBool *didRecovery); -static int _cl5DBOpen (); +static int _cl5AppInit (void); +static int _cl5DBOpen (void); static void _cl5SetDefaultDBConfig (); static void _cl5SetDBConfig (const CL5DBConfig *config); static int _cl5CheckDBVersion (); @@ -877,12 +876,13 @@ #if defined(USE_OPENLDAP) LDIFFP *file = NULL; int buflen; + ldif_record_lineno_t lineno = 0; #else FILE *file = NULL; + int lineno = 0; #endif int rc; char *buff = NULL; - int lineno = 0; slapi_operation_parameters op; Object *prim_replica_obj = NULL; Object *replica_obj = NULL; @@ -1474,13 +1474,13 @@ } /* Name: cl5CreateReplayIterator - Description: creates an iterator that allows to retireve changes that should - to be sent to the consumer identified by ruv. The iteration is peformed by + Description: creates an iterator that allows to retrieve changes that should + to be sent to the consumer identified by ruv. The iteration is performed by repeated calls to cl5GetNextOperationToReplay. Parameters: replica - replica whose data we wish to iterate; ruv - consumer ruv; iterator - iterator to be passed to cl5GetNextOperationToReplay call - Return: CL5_SUCCESS, if function is successfull; + Return: CL5_SUCCESS, if function is successful; CL5_MISSING_DATA, if data that should be in the changelog is missing CL5_PURGED_DATA, if some data that consumer needs has been purged. Note that the iterator can be non null if the supplier contains @@ -1488,14 +1488,14 @@ CL5_NOTFOUND if the consumer is up to data with respect to the supplier CL5_BAD_DATA if invalid parameter is passed; CL5_BAD_STATE if db has not been open; - CL5_DB_ERROR if any other db error occured; + CL5_DB_ERROR if any other db error occurred; CL5_MEMORY_ERROR if memory allocation fails. Algorithm: Build a list of csns from consumer's and supplier's ruv. For each element of the consumer's ruv put max csn into the csn list. For each element of the supplier's ruv not in the consumer's ruv put min csn from the supplier's ruv into the list. The list contains, for each known replica, the starting point for changes to be sent to the consumer. - Sort the list in accending order. + Sort the list in ascending order. Build a hash which contains, for each known replica, whether the supplier can bring the consumer up to data with respect to that replica. The hash is used to decide whether a change can be sent to the consumer @@ -1503,7 +1503,7 @@ we can bring the consumer up to date. Position the db cursor on the change entry that corresponds to this csn. Hash entries are created for each replica traversed so far. sendChanges - flag is set to FALSE for all repolicas except the last traversed. + flag is set to FALSE for all replicas except the last traversed. */ int cl5CreateReplayIteratorEx (Private_Repl_Protocol *prp, const RUV *consumerRuv, @@ -1851,7 +1851,6 @@ static int _cl5Open (const char *dir, const CL5DBConfig *config, CL5OpenMode openMode) { int rc; - PRBool didRecovery; PR_ASSERT (dir); @@ -1899,7 +1898,7 @@ s_cl5Desc.dbOpenMode = openMode; /* initialize db environment */ - rc = _cl5AppInit (&didRecovery); + rc = _cl5AppInit (); if (rc != CL5_SUCCESS) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, @@ -1914,7 +1913,7 @@ } /* open database files */ - rc = _cl5DBOpen (!didRecovery); + rc = _cl5DBOpen (); if (rc != CL5_SUCCESS) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, @@ -1990,7 +1989,7 @@ return CL5_SUCCESS; } -static int _cl5AppInit (PRBool *didRecovery) +static int _cl5AppInit (void) { int rc = -1; /* initialize to failure */ DB_ENV *dbEnv = NULL; @@ -2854,7 +2853,7 @@ backup = s_cl5Desc.dbOpenMode; s_cl5Desc.dbOpenMode = CL5_OPEN_CLEAN_RECOVER; /* CL5_OPEN_CLEAN_RECOVER does 1 and 2 */ - rc = _cl5AppInit (NULL); + rc = _cl5AppInit (); if (rc != CL5_SUCCESS) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, @@ -2944,7 +2943,7 @@ backup = s_cl5Desc.dbOpenMode; s_cl5Desc.dbOpenMode = CL5_OPEN_CLEAN_RECOVER; /* CL5_OPEN_CLEAN_RECOVER does 1 and 2 */ - rc = _cl5AppInit (NULL); + rc = _cl5AppInit (); if (rc != CL5_SUCCESS) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, @@ -3507,6 +3506,13 @@ * This change can be trimmed if it exceeds purge * parameters and has been seen by all consumers. */ + if(op.csn == NULL){ + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, "_cl5TrimFile: " + "Operation missing csn, moving on to next entry.\n"); + cl5_operation_parameters_done (&op); + finished =_cl5GetNextEntry (&entry, it); + continue; + } csn_rid = csn_get_replicaid (op.csn); if ( (*numToTrim > 0 || _cl5CanTrim (entry.time, numToTrim)) && ruv_covers_csn_strict (ruv, op.csn) ) @@ -3836,7 +3842,15 @@ rc = _cl5GetFirstEntry (obj, &entry, &iterator, NULL); while (rc == CL5_SUCCESS) { - rid = csn_get_replicaid (op.csn); + if(op.csn){ + rid = csn_get_replicaid (op.csn); + } else { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, "_cl5ConstructRUV: " + "Operation missing csn, moving on to next entry.\n"); + cl5_operation_parameters_done (&op); + rc = _cl5GetNextEntry (&entry, iterator); + continue; + } if(is_cleaned_rid(rid)){ /* skip this entry as the rid is invalid */ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "_cl5ConstructRUV: " @@ -4209,7 +4223,7 @@ int len = 2; lenstr *l = NULL; const char *strType; - char *strDeleteOldRDN; + const char *strDeleteOldRDN = "false"; char *buff, *start; LDAPMod **add_mods; char *rawDN = NULL; @@ -5027,6 +5041,7 @@ int i; CSN **csns = NULL; CSN *startCSN = NULL; + CSN *minCSN = NULL; char csnStr [CSN_STRSIZE]; int rc = CL5_SUCCESS; Object *supplierRuvObj = NULL; @@ -5116,20 +5131,24 @@ */ if ((rc == DB_NOTFOUND) && !ruv_has_csns(file->purgeRUV)) { + char mincsnStr[CSN_STRSIZE]; + /* use the supplier min csn for the buffer start csn - we know this csn is in our changelog */ - if ((RUV_SUCCESS == ruv_get_min_csn(supplierRuv, &startCSN)) && - startCSN) + if ((RUV_SUCCESS == ruv_get_min_csn_ext(supplierRuv, &minCSN, 1 /* ignore cleaned rids */)) && + minCSN) { /* must now free startCSN */ if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { - csn_as_string(startCSN, PR_FALSE, csnStr); + csn_as_string(startCSN, PR_FALSE, csnStr); + csn_as_string(minCSN, PR_FALSE, mincsnStr); slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "%s: CSN %s not found and no purging, probably a reinit\n", agmt_name, csnStr); slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl, "%s: Will try to use supplier min CSN %s to load changelog\n",
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/cl5_clcache.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/cl5_clcache.c
Changed
@@ -113,13 +113,19 @@ CSN *buf_missing_csn; /* used to detect persistent missing of CSN */ /* fields for control the CSN sequence sent to the consumer */ - struct csn_seq_ctrl_block *buf_cscbs [MAX_NUM_OF_MASTERS]; + struct csn_seq_ctrl_block **buf_cscbs; int buf_num_cscbs; /* number of csn sequence ctrl blocks */ + int buf_max_cscbs; /* fields for debugging stat */ int buf_load_cnt; /* number of loads for session */ int buf_record_cnt; /* number of changes for session */ int buf_record_skipped; /* number of changes skipped */ + int buf_skipped_new_rid; /* number of changes skipped due to new_rid */ + int buf_skipped_csn_gt_cons_maxcsn; /* number of changes skipped due to csn greater than consumer maxcsn */ + int buf_skipped_up_to_date; /* number of changes skipped due to consumer being up-to-date for the given rid */ + int buf_skipped_csn_gt_ruv; /* number of changes skipped due to preceedents are not covered by local RUV snapshot */ + int buf_skipped_csn_covered; /* number of changes skipped due to CSNs already covered by consumer RUV */ /* * fields that should be accessed via bl_lock or pl_lock @@ -251,7 +257,15 @@ (*buf)->buf_record_cnt = 0; (*buf)->buf_record_skipped = 0; (*buf)->buf_cursor = NULL; + (*buf)->buf_skipped_new_rid = 0; + (*buf)->buf_skipped_csn_gt_cons_maxcsn = 0; + (*buf)->buf_skipped_up_to_date = 0; + (*buf)->buf_skipped_csn_gt_ruv = 0; + (*buf)->buf_skipped_csn_covered = 0; + (*buf)->buf_cscbs = (struct csn_seq_ctrl_block **) slapi_ch_calloc(MAX_NUM_OF_MASTERS + 1, + sizeof(struct csn_seq_ctrl_block *)); (*buf)->buf_num_cscbs = 0; + (*buf)->buf_max_cscbs = MAX_NUM_OF_MASTERS; } else { *buf = clcache_new_buffer ( consumer_rid ); @@ -287,16 +301,21 @@ int i; slapi_log_error ( SLAPI_LOG_REPL, (*buf)->buf_agmt_name, - "session end: state=%d load=%d sent=%d skipped=%d\n", - (*buf)->buf_state, - (*buf)->buf_load_cnt, - (*buf)->buf_record_cnt - (*buf)->buf_record_skipped, - (*buf)->buf_record_skipped ); + "session end: state=%d load=%d sent=%d skipped=%d skipped_new_rid=%d " + "skipped_csn_gt_cons_maxcsn=%d skipped_up_to_date=%d " + "skipped_csn_gt_ruv=%d skipped_csn_covered=%d\n", + (*buf)->buf_state, + (*buf)->buf_load_cnt, + (*buf)->buf_record_cnt - (*buf)->buf_record_skipped, + (*buf)->buf_record_skipped, (*buf)->buf_skipped_new_rid, + (*buf)->buf_skipped_csn_gt_cons_maxcsn, + (*buf)->buf_skipped_up_to_date, (*buf)->buf_skipped_csn_gt_ruv, + (*buf)->buf_skipped_csn_covered); for ( i = 0; i < (*buf)->buf_num_cscbs; i++ ) { clcache_free_cscb ( &(*buf)->buf_cscbs[i] ); } - (*buf)->buf_num_cscbs = 0; + slapi_ch_free((void **)&(*buf)->buf_cscbs); if ( (*buf)->buf_cursor ) { @@ -380,6 +399,7 @@ DB_TXN *txn = NULL; DBC *cursor = NULL; int rc = 0; + int tries = 0; #if 0 /* txn control seems not improving anything so turn it off */ if ( *(_pool->pl_dbenv) ) { @@ -401,6 +421,7 @@ } PR_Lock ( buf->buf_busy_list->bl_lock ); +retry: if ( 0 == ( rc = clcache_open_cursor ( txn, buf, &cursor )) ) { if ( flag == DB_NEXT ) { @@ -422,10 +443,26 @@ /* * Don't keep a cursor open across the whole replication session. - * That had caused noticable DB resource contention. + * That had caused noticeable DB resource contention. */ if ( cursor ) { cursor->c_close ( cursor ); + cursor = NULL; + } + if ((rc == DB_LOCK_DEADLOCK) && (tries < MAX_TRIALS)) { + PRIntervalTime interval; + + tries++; + slapi_log_error ( SLAPI_LOG_TRACE, "clcache_load_buffer_bulk", + "deadlock number [%d] - retrying\n", tries ); + /* back off */ + interval = PR_MillisecondsToInterval(slapi_rand() % 100); + DS_Sleep(interval); + goto retry; + } + if ((rc == DB_LOCK_DEADLOCK) && (tries >= MAX_TRIALS)) { + slapi_log_error ( SLAPI_LOG_REPL, "clcache_load_buffer_bulk", + "could not load buffer from changelog after %d tries\n", tries ); } #if 0 /* txn control seems not improving anything so turn it off */ @@ -521,7 +558,7 @@ static int clcache_refresh_local_maxcsn ( const ruv_enum_data *rid_data, void *data ) { - CLC_Buffer *buf = (CLC_Buffer*) data; + struct clc_buffer *buf = (struct clc_buffer*) data; ReplicaId rid; int rc = 0; int i; @@ -542,7 +579,12 @@ break; } if ( i >= buf->buf_num_cscbs ) { - buf->buf_cscbs[i] = clcache_new_cscb (); + if( i + 1 > buf->buf_max_cscbs){ + buf->buf_cscbs = (struct csn_seq_ctrl_block **) slapi_ch_realloc((char *)buf->buf_cscbs, + (i + 2) * sizeof(struct csn_seq_ctrl_block *)); + buf->buf_max_cscbs = i + 1; + } + buf->buf_cscbs[i] = clcache_new_cscb(); if ( buf->buf_cscbs[i] == NULL ) { return -1; } @@ -658,6 +700,8 @@ ReplicaId rid; int skip = 1; int i; + char buf_cur_csn_str[CSN_STRSIZE]; + char oth_csn_str[CSN_STRSIZE]; do { @@ -679,6 +723,14 @@ * The consumer must have been "restored" and needs this newer update. */ skip = 0; + } else if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { + csn_as_string(buf->buf_current_csn, 0, buf_cur_csn_str); + csn_as_string(cons_maxcsn, 0, oth_csn_str); + slapi_log_error(SLAPI_LOG_REPL, buf->buf_agmt_name, + "Skipping update because the changelog buffer current csn [%s] is " + "less than or equal to the consumer max csn [%s]\n", + buf_cur_csn_str, oth_csn_str); + buf->buf_skipped_csn_gt_cons_maxcsn++; } csn_free(&cons_maxcsn); break; @@ -696,7 +748,14 @@ /* Skip CSN whose RID is unknown to the local RUV snapshot */ if ( i >= buf->buf_num_cscbs ) { - buf->buf_state = CLC_STATE_NEW_RID; + if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { + csn_as_string(buf->buf_current_csn, 0, buf_cur_csn_str); + slapi_log_error(SLAPI_LOG_REPL, buf->buf_agmt_name, + "Skipping update because the changelog buffer current csn [%s] rid " + "[%d] is not in the list of changelog csn buffers (length %d)\n", + buf_cur_csn_str, rid, buf->buf_num_cscbs); + } + buf->buf_skipped_new_rid++; break; } @@ -704,17 +763,20 @@ /* Skip if the consumer is already up-to-date for the RID */ if ( cscb->state == CLC_STATE_UP_TO_DATE ) { + buf->buf_skipped_up_to_date++; break; } /* Skip CSN whose preceedents are not covered by local RUV snapshot */ if ( cscb->state == CLC_STATE_CSN_GT_RUV ) { + buf->buf_skipped_csn_gt_ruv++; break; } /* Skip CSNs already covered by consumer RUV */ if ( cscb->consumer_maxcsn && csn_compare ( buf->buf_current_csn, cscb->consumer_maxcsn ) <= 0 ) { + buf->buf_skipped_csn_covered++; break; } @@ -732,15 +794,19 @@ */ if ( csn_time_difference(buf->buf_current_csn, cscb->local_maxcsn) == 0 && (csn_get_seqnum(buf->buf_current_csn) == - csn_get_seqnum(cscb->local_maxcsn) + 1) ) { + csn_get_seqnum(cscb->local_maxcsn) + 1) ) + {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/legacy_consumer.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/legacy_consumer.c
Changed
@@ -371,11 +371,12 @@ { if (mod_type == LDAP_MOD_REPLACE) { + slapi_ch_free_string(&legacy_consumer_replicationpw); legacy_consumer_replicationpw = config_copy_strval(config_attr_value); } else if (mod_type == LDAP_MOD_DELETE) { - legacy_consumer_replicationpw = NULL; + slapi_ch_free_string(&legacy_consumer_replicationpw); } else if (mod_type == LDAP_MOD_ADD) { @@ -387,6 +388,7 @@ } else { + slapi_ch_free_string(&legacy_consumer_replicationpw); legacy_consumer_replicationpw = config_copy_strval(config_attr_value); } } @@ -419,11 +421,8 @@ slapi_rwlock_wrlock (legacy_consumer_config_lock); if (legacy_consumer_replicationdn) slapi_sdn_free (&legacy_consumer_replicationdn); - if (legacy_consumer_replicationpw) - slapi_ch_free ((void**)&legacy_consumer_replicationpw); - + slapi_ch_free_string(&legacy_consumer_replicationpw); legacy_consumer_replicationdn = NULL; - legacy_consumer_replicationpw = NULL; slapi_rwlock_unlock (legacy_consumer_config_lock); *returncode = LDAP_SUCCESS; @@ -446,6 +445,7 @@ legacy_consumer_replicationdn = slapi_sdn_new_dn_passin (arg); arg= slapi_entry_attr_get_charptr(entry,CONFIG_LEGACY_REPLICATIONPW_ATTRIBUTE); + slapi_ch_free_string(&legacy_consumer_replicationpw); legacy_consumer_replicationpw = arg; slapi_rwlock_unlock (legacy_consumer_config_lock);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5.h
Changed
@@ -97,8 +97,14 @@ /* cleanallruv extended ops */ #define REPL_CLEANRUV_OID "2.16.840.1.113730.3.6.5" #define REPL_ABORT_CLEANRUV_OID "2.16.840.1.113730.3.6.6" -#define CLEANRUV_NOTIFIED 0 -#define CLEANRUV_RELEASED 1 +#define REPL_CLEANRUV_GET_MAXCSN_OID "2.16.840.1.113730.3.6.7" +#define REPL_CLEANRUV_CHECK_STATUS_OID "2.16.840.1.113730.3.6.8" + +#define CLEANRUV_ACCEPTED "accepted" +#define CLEANRUV_REJECTED "rejected" +#define CLEANRUV_FINISHED "finished" +#define CLEANRUV_CLEANING "cleaning" +#define CLEANRUV_NO_MAXCSN "no maxcsn" /* DS 5.0 replication protocol error codes */ #define NSDS50_REPL_REPLICA_READY 0x00 /* Replica ready, go ahead */ @@ -131,11 +137,13 @@ #define PROTOCOL_STATUS_TOTAL_RELEASING_REPLICA 710 #define PROTOCOL_STATUS_TOTAL_SENDING_DATA 711 -/* To Allow Consumer Initialisation when adding an agreement - */ +#define DEFAULT_PROTOCOL_TIMEOUT 120 + +/* To Allow Consumer Initialization when adding an agreement - */ #define STATE_PERFORMING_TOTAL_UPDATE 501 #define STATE_PERFORMING_INCREMENTAL_UPDATE 502 -#define MAX_NUM_OF_MASTERS 64 +#define MAX_NUM_OF_MASTERS 256 #define REPL_SESSION_ID_SIZE 64 #define REPL_GET_DN(addrp) slapi_sdn_get_dn((addrp)->sdn) @@ -230,6 +238,8 @@ int multimaster_extop_EndNSDS50ReplicationRequest(Slapi_PBlock *pb); int multimaster_extop_cleanruv(Slapi_PBlock *pb); int multimaster_extop_abort_cleanruv(Slapi_PBlock *pb); +int multimaster_extop_cleanruv_get_maxcsn(Slapi_PBlock *pb); +int multimaster_extop_cleanruv_check_status(Slapi_PBlock *pb); int extop_noop(Slapi_PBlock *pb); struct berval *NSDS50StartReplicationRequest_new(const char *protocol_oid, const char *repl_root, char **extra_referrals, CSN *csn); @@ -365,9 +375,6 @@ int agmt_set_enabled_from_entry(Repl_Agmt *ra, Slapi_Entry *e, char *returntext); char **agmt_get_attrs_to_strip(Repl_Agmt *ra); int agmt_set_attrs_to_strip(Repl_Agmt *ra, Slapi_Entry *e); -void agmt_set_cleanruv_notified_from_entry(Repl_Agmt *ra, Slapi_Entry *e); -int agmt_set_cleanruv_data(Repl_Agmt *ra, ReplicaId rid, int op); -int agmt_is_cleanruv_notified(Repl_Agmt *ra, ReplicaId rid); int agmt_set_timeout(Repl_Agmt *ra, long timeout); void agmt_update_done(Repl_Agmt *ra, int is_total); @@ -454,6 +461,7 @@ void conn_lock(Repl_Connection *conn); void conn_unlock(Repl_Connection *conn); void conn_delete_internal_ext(Repl_Connection *conn); +const char* conn_get_bindmethod(Repl_Connection *conn); /* In repl5_protocol.c */ typedef struct repl_protocol Repl_Protocol; @@ -532,7 +540,7 @@ void replica_dump(Replica *r); void replica_set_enabled (Replica *r, PRBool enable); Object *replica_get_replica_from_dn (const Slapi_DN *dn); -void replica_update_ruv(Replica *replica, const CSN *csn, const char *replica_purl); +int replica_update_ruv(Replica *replica, const CSN *csn, const char *replica_purl); Object *replica_get_replica_for_op (Slapi_PBlock *pb); /* the functions below manipulate replica hash */ int replica_init_name_hash (); @@ -564,7 +572,7 @@ void replica_set_tombstone_reap_interval (Replica *r, long interval); void replica_update_ruv_consumer (Replica *r, RUV *supplier_ruv); void replica_set_ruv_dirty (Replica *r); -void replica_write_ruv (Replica *r); +int replica_write_ruv (Replica *r); char *replica_get_dn(Replica *r); void replica_check_for_tasks(Replica*r, Slapi_Entry *e); @@ -608,7 +616,7 @@ void replica_config_destroy (); int get_replica_type(Replica *r); int replica_execute_cleanruv_task_ext(Object *r, ReplicaId rid); -void add_cleaned_rid(ReplicaId rid, Replica *r, char *maxcsn); +void add_cleaned_rid(ReplicaId rid, Replica *r, char *maxcsn, char *forcing); int is_cleaned_rid(ReplicaId rid); int replica_cleanall_ruv_abort(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int *returncode, char *returntext, void *arg); @@ -616,19 +624,18 @@ void stop_ruv_cleaning(); int task_aborted(); void replica_abort_task_thread(void *arg); -void delete_cleaned_rid(Replica *r, ReplicaId rid, CSN *maxcsn); +void remove_cleaned_rid(ReplicaId rid); int process_repl_agmts(Replica *replica, int *agmt_info, char *oid, Slapi_Task *task, struct berval *payload, int op); int decode_cleanruv_payload(struct berval *extop_value, char **payload); -struct berval *create_ruv_payload(char *value); -void replica_add_cleanruv_data(Replica *r, char *val); -void replica_remove_cleanruv_data(Replica *r, char *val); -CSN *replica_get_cleanruv_maxcsn(Replica *r, ReplicaId rid); +struct berval *create_cleanruv_payload(char *value); void ruv_get_cleaned_rids(RUV *ruv, ReplicaId *rids); void add_aborted_rid(ReplicaId rid, Replica *r, char *repl_root); int is_task_aborted(ReplicaId rid); -void delete_aborted_rid(Replica *replica, ReplicaId rid, char *repl_root); +void delete_aborted_rid(Replica *replica, ReplicaId rid, char *repl_root, int skip); +int is_pre_cleaned_rid(ReplicaId rid); void set_cleaned_rid(ReplicaId rid); void cleanruv_log(Slapi_Task *task, char *task_type, char *fmt, ...); +char * replica_cleanallruv_get_local_maxcsn(ReplicaId rid, char *base_dn); #define CLEANRIDSIZ 4 /* maximum number for concurrent CLEANALLRUV tasks */ @@ -643,6 +650,7 @@ char *repl_root; Slapi_DN *sdn; char *certify; + char *force; } cleanruv_data; /* replutil.c */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_agmt.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_agmt.c
Changed
@@ -111,8 +111,9 @@ const Slapi_RDN *rdn; /* RDN of replication agreement entry */ char *long_name; /* Long name (rdn + host, port) of entry, for logging */ Repl_Protocol *protocol; /* Protocol object - manages protocol */ - struct changecounter *changecounters[MAX_NUM_OF_MASTERS]; /* changes sent/skipped since server start up */ + struct changecounter **changecounters; /* changes sent/skipped since server start up */ int num_changecounters; + int max_changecounters; time_t last_update_start_time; /* Local start time of last update session */ time_t last_update_end_time; /* Local end time of last update session */ char last_update_status[STATUS_LEN]; /* Status of last update. Format = numeric code <space> textual description */ @@ -141,7 +142,6 @@ char **attrs_to_strip; /* for fractional replication, if a "mod" is empty, strip out these attributes: * modifiersname, modifytimestamp, internalModifiersname, internalModifyTimestamp, etc */ int agreement_type; - int cleanruv_notified[CLEANRIDSIZ + 1]; /* specifies if the replica has been notified of a CLEANALLRUV task */ } repl5agmt; /* Forward declarations */ @@ -252,7 +252,6 @@ Repl_Agmt *ra; Slapi_Attr *sattr; char *tmpstr; - char **clean_vals = NULL; char **denied_attrs = NULL; char *auto_initialize = NULL; char *val_nsds5BeginReplicaRefresh = "start"; @@ -423,27 +422,16 @@ /* Initialize status information */ ra->last_update_start_time = 0UL; ra->last_update_end_time = 0UL; - ra->num_changecounters = 0; ra->last_update_status[0] = '\0'; ra->update_in_progress = PR_FALSE; ra->stop_in_progress = PR_FALSE; ra->last_init_end_time = 0UL; ra->last_init_start_time = 0UL; ra->last_init_status[0] = '\0'; - - /* cleanruv notification */ - clean_vals = slapi_entry_attr_get_charray(e, type_nsds5ReplicaCleanRUVnotified); - if(clean_vals){ - int i; - for (i = 0; i < CLEANRIDSIZ && clean_vals[i]; i++){ - ra->cleanruv_notified[i] = atoi(clean_vals[i]); - } - if(i < CLEANRIDSIZ) - ra->cleanruv_notified[i + 1] = 0; - slapi_ch_array_free(clean_vals); - } else { - ra->cleanruv_notified[0] = 0; - } + ra->changecounters = (struct changecounter**) slapi_ch_calloc(MAX_NUM_OF_MASTERS + 1, + sizeof(struct changecounter *)); + ra->num_changecounters = 0; + ra->max_changecounters = MAX_NUM_OF_MASTERS; /* Fractional attributes */ slapi_entry_attr_find(e, type_nsds5ReplicatedAttributeList, &sattr); @@ -601,6 +589,7 @@ { slapi_ch_free((void **)&ra->changecounters[ra->num_changecounters]); } + slapi_ch_free((void **)&ra->changecounters); if (ra->agreement_type == REPLICA_TYPE_WINDOWS) { @@ -2299,7 +2288,12 @@ } else { - ra->num_changecounters ++; + ra->num_changecounters++; + if(ra->num_changecounters > ra->max_changecounters){ + ra->changecounters = (struct changecounter**) slapi_ch_realloc((char *)ra->changecounters, + (ra->num_changecounters + 1) * sizeof(struct changecounter*)); + ra->max_changecounters = ra->num_changecounters; + } ra->changecounters[i] = (struct changecounter*) slapi_ch_calloc(1, sizeof(struct changecounter)); ra->changecounters[i]->rid = rid; if ( skipped ) @@ -2623,89 +2617,6 @@ return -1; } -int -agmt_is_cleanruv_notified(Repl_Agmt *ra, ReplicaId rid){ - int notified = 0; - int i; - - PR_Lock(ra->lock); - for(i = 0; i < CLEANRIDSIZ && ra->cleanruv_notified[i]; i++){ - if(ra->cleanruv_notified[i] == rid){ - notified = 1; - break; - } - } - PR_Unlock(ra->lock); - - return notified; -} - -/* - * This will trigger agmt_set_cleanruv_notified_from_entry() to be called, - * which will update the in memory agmt. - * - * op can be: CLEANRUV_NOTIFIED or CLEANRUV_RELEASED - */ -int -agmt_set_cleanruv_data(Repl_Agmt *ra, ReplicaId rid, int op){ - Slapi_PBlock *pb; - LDAPMod *mods[2]; - LDAPMod mod; - struct berval *vals[2]; - struct berval val; - char data[6]; - int rc = 0; - - if(ra == NULL){ - return -1; - } - - if(op == CLEANRUV_NOTIFIED){ - /* add the cleanruv data */ - mod.mod_op = LDAP_MOD_ADD|LDAP_MOD_BVALUES; - } else { - /* remove the cleanruv data */ - mod.mod_op = LDAP_MOD_DELETE|LDAP_MOD_BVALUES; - } - - pb = slapi_pblock_new(); - val.bv_len = PR_snprintf(data, sizeof(data), "%d", (int)rid); - mod.mod_type = (char *)type_nsds5ReplicaCleanRUVnotified; - mod.mod_bvalues = vals; - vals [0] = &val; - vals [1] = NULL; - val.bv_val = data; - mods[0] = &mod; - mods[1] = NULL; - - slapi_modify_internal_set_pb_ext (pb, ra->dn, mods, NULL, NULL, - repl_get_plugin_identity (PLUGIN_MULTIMASTER_REPLICATION), 0); - slapi_modify_internal_pb (pb); - slapi_pblock_destroy(pb); - - return rc; -} - -void -agmt_set_cleanruv_notified_from_entry(Repl_Agmt *ra, Slapi_Entry *e){ - char **attr_vals = NULL; - int i; - - PR_Lock(ra->lock); - attr_vals = slapi_entry_attr_get_charray(e, type_nsds5ReplicaCleanRUVnotified); - if(attr_vals){ - for (i = 0; i < CLEANRIDSIZ && attr_vals[i]; i++){ - ra->cleanruv_notified[i] = atoi(attr_vals[i]); - } - if( i < CLEANRIDSIZ ) - ra->cleanruv_notified[i + 1] = 0; - slapi_ch_array_free(attr_vals); - } else { - ra->cleanruv_notified[0] = 0; - } - PR_Unlock(ra->lock); -} - /* this is called whenever an update (total/incremental) is completed */ void
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_agmtlist.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_agmtlist.c
Changed
@@ -248,7 +248,12 @@ /* we don't allow delete attribute operations unless it was issued by the replication plugin - handled above */ if (mods[i]->mod_op & LDAP_MOD_DELETE) - { + { + if(strcasecmp (mods[i]->mod_type, type_nsds5ReplicaCleanRUVnotified) == 0){ + /* allow the deletion of cleanallruv agmt attr */ + continue; + } + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: " "deletion of %s attribute is not allowed\n", type_nsds5ReplicaInitialize); *returncode = LDAP_UNWILLING_TO_PERFORM; @@ -508,10 +513,6 @@ rc = SLAPI_DSE_CALLBACK_ERROR; } } - else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_nsds5ReplicaCleanRUVnotified)) - { - agmt_set_cleanruv_notified_from_entry(agmt, e); - } else if (0 == windows_handle_modify_agreement(agmt, mods[i]->mod_type, e)) { slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: "
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_connection.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_connection.c
Changed
@@ -1760,6 +1760,12 @@ return LDAP_SASL_SIMPLE; } +const char* +conn_get_bindmethod(Repl_Connection *conn) +{ + return (bind_method_to_mech(conn->bindmethod)); +} + /* * Check the result of an ldap BIND operation to see we it * contains the expiration controls
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_inc_protocol.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_inc_protocol.c
Changed
@@ -509,6 +509,11 @@ static void repl5_inc_delete(Private_Repl_Protocol **prpp) { + repl5_inc_private *prp_priv = (repl5_inc_private *)(*prpp)->private; + /* if backoff is set, delete it (from EQ, as well) */ + if (prp_priv->backoff) { + backoff_delete(&prp_priv->backoff); + } /* First, stop the protocol if it isn't already stopped */ if (!(*prpp)->stopped) { (*prpp)->stopped = 1; @@ -839,6 +844,10 @@ state2name(current_state)); } else { /* Set up the backoff timer to wake us up at the appropriate time */ + /* if previous backoff set up, delete it. */ + if (prp_priv->backoff) { + backoff_delete(&prp_priv->backoff); + } if (use_busy_backoff_timer){ /* we received a busy signal from the consumer, wait for a while */ if (!busywaittime){ @@ -1931,6 +1940,44 @@ agmt_get_long_name(prp->agmt), PR_IntervalToSeconds(now-start)); } + if (slapi_is_loglevel_set(SLAPI_LOG_REPL)) { + if (NULL == prp->replica_object) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: repl5_inc_stop: protocol replica_object is NULL\n", + agmt_get_long_name(prp->agmt)); + } else { + Replica *replica; + object_acquire(prp->replica_object); + replica = object_get_data(prp->replica_object); + if (NULL == replica) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: repl5_inc_stop: replica is NULL\n", + agmt_get_long_name(prp->agmt)); + } else { + Object *ruv_obj = replica_get_ruv(replica); + if (NULL == ruv_obj) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: repl5_inc_stop: ruv_obj is NULL\n", + agmt_get_long_name(prp->agmt)); + } else { + RUV *ruv; + object_acquire(ruv_obj); + ruv = (RUV*)object_get_data (ruv_obj); + if (NULL == ruv) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "%s: repl5_inc_stop: ruv is NULL\n", + agmt_get_long_name(prp->agmt)); + + } else { + ruv_dump(ruv, "Database RUV", NULL); + } + object_release(ruv_obj); + } + } + object_release(prp->replica_object); + } + + } return return_value; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_init.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_init.c
Changed
@@ -123,7 +123,7 @@ NULL }; static char *cleanruv_name_list[] = { - NSDS_REPL_NAME_PREFIX " Cleanruv", + NSDS_REPL_NAME_PREFIX " CleanAllRUV", NULL }; static char *cleanruv_abort_oid_list[] = { @@ -131,9 +131,26 @@ NULL }; static char *cleanruv_abort_name_list[] = { - NSDS_REPL_NAME_PREFIX " Cleanruv Abort", + NSDS_REPL_NAME_PREFIX " CleanAllRUV Abort", NULL }; +static char *cleanruv_maxcsn_oid_list[] = { + REPL_CLEANRUV_GET_MAXCSN_OID, + NULL +}; +static char *cleanruv_maxcsn_name_list[] = { + NSDS_REPL_NAME_PREFIX " CleanAllRUV Retrieve MaxCSN", + NULL +}; +static char *cleanruv_status_oid_list[] = { + REPL_CLEANRUV_CHECK_STATUS_OID, + NULL +}; +static char *cleanruv_status_name_list[] = { + NSDS_REPL_NAME_PREFIX " CleanAllRUV Check Status", + NULL +}; + /* List of plugin identities for every plugin registered. Plugin identity is passed by the server in the plugin init function and must be supplied @@ -403,6 +420,52 @@ return rc; } +int +multimaster_cleanruv_maxcsn_extop_init( Slapi_PBlock *pb ) +{ + int rc= 0; /* OK */ + void *identity = NULL; + + /* get plugin identity and store it to pass to internal operations */ + slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &identity); + PR_ASSERT (identity); + + if (slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01 ) != 0 || + slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&multimasterextopdesc ) != 0 || + slapi_pblock_set( pb, SLAPI_PLUGIN_EXT_OP_OIDLIST, (void *)cleanruv_maxcsn_oid_list ) != 0 || + slapi_pblock_set( pb, SLAPI_PLUGIN_EXT_OP_NAMELIST, (void *)cleanruv_maxcsn_name_list ) != 0 || + slapi_pblock_set( pb, SLAPI_PLUGIN_EXT_OP_FN, (void *)multimaster_extop_cleanruv_get_maxcsn )) + { + slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name, "multimaster_cleanruv_extop_init failed\n" ); + rc= -1; + } + + return rc; +} + +int +multimaster_cleanruv_status_extop_init( Slapi_PBlock *pb ) +{ + int rc= 0; /* OK */ + void *identity = NULL; + + /* get plugin identity and store it to pass to internal operations */ + slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &identity); + PR_ASSERT (identity); + + if (slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01 ) != 0 || + slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&multimasterextopdesc ) != 0 || + slapi_pblock_set( pb, SLAPI_PLUGIN_EXT_OP_OIDLIST, (void *)cleanruv_status_oid_list ) != 0 || + slapi_pblock_set( pb, SLAPI_PLUGIN_EXT_OP_NAMELIST, (void *)cleanruv_status_name_list ) != 0 || + slapi_pblock_set( pb, SLAPI_PLUGIN_EXT_OP_FN, (void *)multimaster_extop_cleanruv_check_status )) + { + slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name, "multimaster_cleanruv_extop_init failed\n" ); + rc= -1; + } + + return rc; +} + int multimaster_total_extop_init( Slapi_PBlock *pb ) @@ -679,6 +742,8 @@ rc= slapi_register_plugin("extendedop", 1 /* Enabled */, "multimaster_response_extop_init", multimaster_response_extop_init, "Multimaster replication extended response plugin", NULL, identity); rc= slapi_register_plugin("extendedop", 1 /* Enabled */, "multimaster_cleanruv_extop_init", multimaster_cleanruv_extop_init, "Multimaster replication cleanruv extended operation plugin", NULL, identity); rc= slapi_register_plugin("extendedop", 1 /* Enabled */, "multimaster_cleanruv_abort_extop_init", multimaster_cleanruv_abort_extop_init, "Multimaster replication cleanruv abort extended operation plugin", NULL, identity); + rc= slapi_register_plugin("extendedop", 1 /* Enabled */, "multimaster_cleanruv_maxcsn_extop_init", multimaster_cleanruv_maxcsn_extop_init, "Multimaster replication cleanruv maxcsn extended operation plugin", NULL, identity); + rc= slapi_register_plugin("extendedop", 1 /* Enabled */, "multimaster_cleanruv_status_extop_init", multimaster_cleanruv_status_extop_init, "Multimaster replication cleanruv status extended operation plugin", NULL, identity); if (0 == rc) { multimaster_initialised = 1;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_mtnode_ext.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_mtnode_ext.c
Changed
@@ -110,8 +110,10 @@ ext->replica = object_new(r, replica_destroy); if (replica_add_by_name (replica_get_name (r), ext->replica) != 0) { - object_release (ext->replica); - ext->replica = NULL; + if(ext->replica){ + object_release (ext->replica); + ext->replica = NULL; + } } } }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_plugins.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_plugins.c
Changed
@@ -932,14 +932,15 @@ * locally-processed update. This is called for both replicated * and non-replicated operations. */ -static void +static int update_ruv_component(Replica *replica, CSN *opcsn, Slapi_PBlock *pb) { PRBool legacy; char *purl; + int rc = RUV_NOTFOUND; if (!replica || !opcsn) - return; + return rc; /* Replica configured, so update its ruv */ legacy = replica_is_legacy_consumer (replica); @@ -948,12 +949,13 @@ else purl = (char*)replica_get_purl_for_op (replica, pb, opcsn); - replica_update_ruv(replica, opcsn, purl); + rc = replica_update_ruv(replica, opcsn, purl); if (legacy) { slapi_ch_free ((void**)&purl); } + return rc; } /* @@ -1064,7 +1066,7 @@ op_params->target_address.uniqueid = slapi_ch_strdup (uniqueid); } - if( is_cleaned_rid(csn_get_replicaid(op_params->csn))){ + if( op_params->csn && is_cleaned_rid(csn_get_replicaid(op_params->csn))){ /* this RID has been cleaned */ object_release (repl_obj); return 0; @@ -1115,11 +1117,30 @@ just read from the changelog in either the supplier or consumer ruv */ if (0 == return_value) { + char csn_str[CSN_STRSIZE] = {'\0'}; CSN *opcsn; + int rc; + const char *dn = op_params ? REPL_GET_DN(&op_params->target_address) : "unknown"; + char *uniqueid = op_params ? op_params->target_address.uniqueid : "unknown"; + unsigned long optype = op_params ? op_params->operation_type : 0; + CSN *oppcsn = op_params ? op_params->csn : NULL; slapi_pblock_get( pb, SLAPI_OPERATION, &op ); opcsn = operation_get_csn(op); - update_ruv_component(r, opcsn, pb); + rc = update_ruv_component(r, opcsn, pb); + if (RUV_COVERS_CSN == rc) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "write_changelog_and_ruv: RUV already covers csn for " + "%s (uniqid: %s, optype: %lu) csn %s\n", + dn, uniqueid, optype, + csn_as_string(oppcsn, PR_FALSE, csn_str)); + } else if (rc != RUV_SUCCESS) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, + "write_changelog_and_ruv: failed to update RUV for " + "%s (uniqid: %s, optype: %lu) to changelog csn %s\n", + dn, uniqueid, optype, + csn_as_string(oppcsn, PR_FALSE, csn_str)); + } } object_release (repl_obj);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_protocol_util.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_protocol_util.c
Changed
@@ -603,7 +603,7 @@ struct berval *data = NULL; /* Check the message id's match */ - if (sent_message_id != sent_message_id) + if (sent_message_id != ret_message_id) { int operation, error; conn_get_error(prp->conn, &operation, &error);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_replica.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_replica.c
Changed
@@ -88,7 +88,6 @@ PRBool state_update_inprogress; /* replica state is being updated */ PRLock *agmt_lock; /* protects agreement creation, start and stop */ char *locking_purl; /* supplier who has exclusive access */ - char *repl_cleanruv_data[CLEANRIDSIZ + 1]; }; @@ -310,7 +309,6 @@ { Replica *r; void *repl_name; - int i; if (arg == NULL) return; @@ -397,10 +395,6 @@ csnplFree(&r->min_csn_pl);; } - for(i = 0;r->repl_cleanruv_data[i] != NULL; i++){ - slapi_ch_free_string(&r->repl_cleanruv_data[i]); - } - slapi_ch_free((void **)arg); } @@ -663,10 +657,11 @@ * inbound replication session operation, and needs to update its * local RUV. */ -void +int replica_update_ruv(Replica *r, const CSN *updated_csn, const char *replica_purl) { char csn_str[CSN_STRSIZE]; + int rc = RUV_SUCCESS; PR_ASSERT(NULL != r); PR_ASSERT(NULL != updated_csn); @@ -679,11 +674,13 @@ { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_update_ruv: replica " "is NULL\n"); + rc = RUV_BAD_DATA; } else if (NULL == updated_csn) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_update_ruv: csn " "is NULL when updating replica %s\n", slapi_sdn_get_dn(r->repl_root)); + rc = RUV_BAD_DATA; } else { @@ -716,8 +713,17 @@ } } /* Update max csn for local and remote replicas */ - if (ruv_update_ruv (ruv, updated_csn, replica_purl, rid == r->repl_rid) - != RUV_SUCCESS) + rc = ruv_update_ruv (ruv, updated_csn, replica_purl, rid == r->repl_rid); + if (RUV_COVERS_CSN == rc) + { + slapi_log_error(SLAPI_LOG_REPL, + repl_plugin_name, "replica_update_ruv: RUV " + "for replica %s already covers max_csn = %s\n", + slapi_sdn_get_dn(r->repl_root), + csn_as_string(updated_csn, PR_FALSE, csn_str)); + /* RUV is not dirty - no write needed */ + } + else if (RUV_SUCCESS != rc) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_update_ruv: unable " @@ -725,14 +731,18 @@ slapi_sdn_get_dn(r->repl_root), csn_as_string(updated_csn, PR_FALSE, csn_str)); } - - r->repl_ruv_dirty = PR_TRUE; + else + { + /* RUV updated - mark as dirty */ + r->repl_ruv_dirty = PR_TRUE; + } } else { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_update_ruv: unable to get RUV object for replica " "%s\n", slapi_sdn_get_dn(r->repl_root)); + rc = RUV_NOTFOUND; } } else @@ -740,9 +750,11 @@ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_update_ruv: " "unable to initialize RUV for replica %s\n", slapi_sdn_get_dn(r->repl_root)); + rc = RUV_NOTFOUND; } PR_Unlock(r->repl_lock); } + return rc; } /* @@ -1502,7 +1514,7 @@ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_check_for_data_reload: " "Warning: for replica %s there were some differences between the changelog max RUV and the " "database RUV. If there are obsolete elements in the database RUV, you " - "should remove them using CLEANRUV task. If they are not obsolete, " + "should remove them using the CLEANALLRUV task. If they are not obsolete, " "you should check their status to see why there are no changes from those " "servers in the changelog.\n", slapi_sdn_get_dn(r->repl_root)); @@ -1819,12 +1831,13 @@ PRThread *thread = NULL; struct berval *payload = NULL; CSN *maxcsn = NULL; - char *csnpart; - char *iter; + ReplicaId rid; char csnstr[CSN_STRSIZE]; - char *ridstr; char *token = NULL; - ReplicaId rid; + char *forcing; + char *csnpart; + char *ridstr; + char *iter; int i; for(i = 0; i < CLEANRIDSIZ && clean_vals[i]; i++){ @@ -1833,7 +1846,6 @@ /* * Set the cleanruv data, and add the cleaned rid */ - r->repl_cleanruv_data[i] = slapi_ch_strdup(clean_vals[i]); token = ldap_utf8strtok_r(clean_vals[i], ":", &iter); if(token){ rid = atoi(token); @@ -1851,15 +1863,18 @@ maxcsn = csn_new(); csn_init_by_string(maxcsn, csnpart); csn_as_string(maxcsn, PR_FALSE, csnstr); - add_cleaned_rid(rid, r, csnstr); + forcing = ldap_utf8strtok_r(iter, ":", &iter); + if(forcing == NULL){ + forcing = "no"; + } slapi_log_error( SLAPI_LOG_FATAL, repl_plugin_name, "CleanAllRUV Task: cleanAllRUV task found, " "resuming the cleaning of rid(%d)...\n", rid); /* * Create payload */ - ridstr = slapi_ch_smprintf("%d:%s:%s", rid, slapi_sdn_get_dn(replica_get_root(r)), csnstr); - payload = create_ruv_payload(ridstr); + ridstr = slapi_ch_smprintf("%d:%s:%s:%s", rid, slapi_sdn_get_dn(replica_get_root(r)), csnstr, forcing); + payload = create_cleanruv_payload(ridstr); slapi_ch_free_string(&ridstr); if(payload == NULL){ @@ -1882,8 +1897,10 @@ data->rid = rid; data->task = NULL; data->maxcsn = maxcsn; - data->sdn = slapi_sdn_dup(r->repl_root); data->payload = payload; + data->sdn = slapi_sdn_dup(r->repl_root); + data->force = slapi_ch_strdup(forcing); + data->repl_root = NULL; thread = PR_CreateThread(PR_USER_THREAD, replica_cleanallruv_thread_ext, (void *)data, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, @@ -1895,11 +1912,11 @@ csn_free(&maxcsn); slapi_sdn_free(&data->sdn); ber_bvfree(data->payload); + slapi_ch_free_string(&data->force); slapi_ch_free((void **)&data); } } } - r->repl_cleanruv_data[i] = NULL; done: slapi_ch_array_free(clean_vals); @@ -1909,13 +1926,12 @@ { PRThread *thread = NULL; struct berval *payload; - CSN *maxcsn = NULL; - char *iter; + ReplicaId rid; + char *certify = NULL; char *ridstr = NULL; - char *repl_root; char *token = NULL;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_replica_config.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_replica_config.c
Changed
@@ -64,6 +64,7 @@ int slapi_log_urp = SLAPI_LOG_REPL; static ReplicaId cleaned_rids[CLEANRIDSIZ + 1] = {0}; +static ReplicaId pre_cleaned_rids[CLEANRIDSIZ + 1] = {0}; static ReplicaId aborted_rids[CLEANRIDSIZ + 1] = {0}; static Slapi_RWLock *rid_lock = NULL; static Slapi_RWLock *abort_rid_lock = NULL; @@ -84,20 +85,27 @@ static int replica_execute_cl2ldif_task (Object *r, char *returntext); static int replica_execute_ldif2cl_task (Object *r, char *returntext); static int replica_execute_cleanruv_task (Object *r, ReplicaId rid, char *returntext); -static int replica_execute_cleanall_ruv_task (Object *r, ReplicaId rid, Slapi_Task *task, char *returntext); +static int replica_execute_cleanall_ruv_task (Object *r, ReplicaId rid, Slapi_Task *task, const char *force_cleaning, char *returntext); static void replica_cleanallruv_thread(void *arg); -static void replica_send_cleanruv_task(Repl_Agmt *agmt, ReplicaId rid, Slapi_Task *task); +static void replica_send_cleanruv_task(Repl_Agmt *agmt, cleanruv_data *clean_data); static int check_agmts_are_alive(Replica *replica, ReplicaId rid, Slapi_Task *task); -static int check_agmts_are_caught_up(Replica *replica, ReplicaId rid, char *maxcsn, Slapi_Task *task); -static int replica_cleanallruv_send_extop(Repl_Agmt *ra, ReplicaId rid, Slapi_Task *task, struct berval *payload, int check_result); +static int check_agmts_are_caught_up(cleanruv_data *data, char *maxcsn); +static int replica_cleanallruv_send_extop(Repl_Agmt *ra, cleanruv_data *data, int check_result); static int replica_cleanallruv_send_abort_extop(Repl_Agmt *ra, Slapi_Task *task, struct berval *payload); -static int replica_cleanallruv_check_maxcsn(Repl_Agmt *agmt, char *rid_text, char *maxcsn, Slapi_Task *task); +static int replica_cleanallruv_check_maxcsn(Repl_Agmt *agmt, char *basedn, char *rid_text, char *maxcsn, Slapi_Task *task); static int replica_cleanallruv_replica_alive(Repl_Agmt *agmt); -static int replica_cleanallruv_check_ruv(Repl_Agmt *ra, char *rid_text, Slapi_Task *task); +static int replica_cleanallruv_check_ruv(char *repl_root, Repl_Agmt *ra, char *rid_text, Slapi_Task *task); static int get_cleanruv_task_count(); static int get_abort_cleanruv_task_count(); static int replica_cleanup_task (Object *r, const char *task_name, char *returntext, int apply_mods); static int replica_task_done(Replica *replica); +static void delete_cleaned_rid_config(cleanruv_data *data); +static int replica_cleanallruv_is_finished(Repl_Agmt *agmt, char *filter, Slapi_Task *task); +static void check_replicas_are_done_cleaning(cleanruv_data *data); +static void check_replicas_are_done_aborting(cleanruv_data *data ); +static CSN* replica_cleanallruv_find_maxcsn(Replica *replica, ReplicaId rid, char *basedn); +static int replica_cleanallruv_get_replica_maxcsn(Repl_Agmt *agmt, char *rid_text, char *basedn, CSN **csn); +static void preset_cleaned_rid(ReplicaId rid); static multimaster_mtnode_extension * _replica_config_get_mtnode_ext (const Slapi_Entry *e); /* @@ -385,6 +393,12 @@ if (apply_mods) replica_set_legacy_consumer (r, PR_FALSE); } + else if (strcasecmp (config_attr, type_replicaCleanRUV) == 0 || + strcasecmp (config_attr, type_replicaAbortCleanRUV) == 0) + { + /* only allow the deletion of the cleanAllRUV config attributes */ + continue; + } else { *returncode = LDAP_UNWILLING_TO_PERFORM; @@ -402,10 +416,12 @@ } else if (strcasecmp (config_attr, attr_replicaType) == 0) { + slapi_ch_free_string(&new_repl_type); new_repl_type = slapi_ch_strdup(config_attr_value); } else if (strcasecmp (config_attr, attr_replicaId) == 0) { + slapi_ch_free_string(&new_repl_id); new_repl_id = slapi_ch_strdup(config_attr_value); } else if (strcasecmp (config_attr, attr_flags) == 0) @@ -891,7 +907,7 @@ if (apply_mods) { Slapi_Task *empty_task = NULL; - return replica_execute_cleanall_ruv_task(r, (ReplicaId)temprid, empty_task, returntext); + return replica_execute_cleanall_ruv_task(r, (ReplicaId)temprid, empty_task, returntext, "no"); } else return LDAP_SUCCESS; @@ -1006,8 +1022,6 @@ } PR_snprintf (fName, MAXPATHLEN, "%s/%s.ldif", clDir, replica_get_name (replica)); - slapi_ch_free_string (&clDir); - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Beginning changelog export of replica \"%s\"\n", replica_get_name(replica)); @@ -1026,6 +1040,8 @@ rc = LDAP_OPERATIONS_ERROR; } bail: + slapi_ch_free_string (&clDir); + return rc; } @@ -1081,7 +1097,6 @@ "Beginning changelog import of replica \"%s\"\n", replica_get_name(replica)); imprc = cl5ImportLDIF (clDir, fName, rlist); - slapi_ch_free_string (&clDir); if (CL5_SUCCESS == imprc) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, @@ -1111,8 +1126,11 @@ config.dir?config.dir:"null config dir"); rc = LDAP_OPERATIONS_ERROR; } + bail: + slapi_ch_free_string(&clDir); changelog5_config_done(&config); + /* if cl5ImportLDIF returned an error, report it first. */ return imprc?imprc:rc; } @@ -1186,7 +1204,9 @@ } rc = ruv_delete_replica(local_ruv, rid); replica_set_ruv_dirty(replica); - replica_write_ruv(replica); + if (replica_write_ruv(replica)) { + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "cleanruv_task: could not write RUV\n"); + } object_release(RUVObj); /* Update Mapping Tree to reflect RUV changes */ @@ -1225,35 +1245,52 @@ Slapi_Task *task = NULL; const Slapi_DN *task_dn; Slapi_DN *dn = NULL; + ReplicaId rid; Object *r; + const char *force_cleaning; const char *base_dn; const char *rid_str; - ReplicaId rid; int rc = SLAPI_DSE_CALLBACK_OK; /* allocate new task now */ task = slapi_new_task(slapi_entry_get_ndn(e)); + task_dn = slapi_entry_get_sdn(e); if(task == NULL){ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "cleanAllRUV_task: Failed to create new task\n"); rc = SLAPI_DSE_CALLBACK_ERROR; goto out; } - /* * Get our task settings */ if ((base_dn = fetch_attr(e, "replica-base-dn", 0)) == NULL){ + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Missing replica-base-dn attribute"); + cleanruv_log(task, CLEANALLRUV_ID, "%s", returntext); *returncode = LDAP_OBJECT_CLASS_VIOLATION; rc = SLAPI_DSE_CALLBACK_ERROR; goto out; } if ((rid_str = fetch_attr(e, "replica-id", 0)) == NULL){ + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Missing replica-id attribute"); + cleanruv_log(task, CLEANALLRUV_ID, "%s", returntext); *returncode = LDAP_OBJECT_CLASS_VIOLATION; rc = SLAPI_DSE_CALLBACK_ERROR; goto out; } - task_dn = slapi_entry_get_sdn(e); + if ((force_cleaning = fetch_attr(e, "replica-force-cleaning", 0)) != NULL){ + if(strcasecmp(force_cleaning,"yes") != 0 && strcasecmp(force_cleaning,"no") != 0){ + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Invalid value for replica-force-cleaning " + "(%s). Value must be \"yes\" or \"no\" for task - (%s)", + force_cleaning, slapi_sdn_get_dn(task_dn)); + cleanruv_log(task, CLEANALLRUV_ID, "%s", returntext); + *returncode = LDAP_OPERATIONS_ERROR; + rc = SLAPI_DSE_CALLBACK_ERROR; + goto out; + } + } else { + force_cleaning = "no"; + } /* * Check the rid */ @@ -1266,6 +1303,14 @@ rc = SLAPI_DSE_CALLBACK_ERROR; goto out; } + if(is_cleaned_rid(rid)){ + /* we are already cleaning this rid */ + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Replica id (%d) is already being cleaned", rid); + cleanruv_log(task, CLEANALLRUV_ID, "%s", returntext); + *returncode = LDAP_UNWILLING_TO_PERFORM; + rc = SLAPI_DSE_CALLBACK_ERROR; + goto out; + } /* * Get the replica object */ @@ -1279,7 +1324,7 @@ }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_ruv.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_ruv.c
Changed
@@ -208,6 +208,9 @@ Slapi_Value *value; const struct berval *bval; const char *purl = NULL; + char *localhost = get_localhost_DNS(); + size_t localhostlen = localhost ? strlen(localhost) : 0; + int port = config_get_port(); return_value = RUV_SUCCESS; @@ -236,16 +239,30 @@ RUVElement *ruve = get_ruvelement_from_berval(bval); if (NULL != ruve) { + char *ptr; /* Is the local purl already in the ruv ? */ if ( (*contain_purl==0) && ruve->replica_purl && purl && (strncmp(ruve->replica_purl, purl, strlen(purl))==0) ) { *contain_purl = ruve->rid; } + /* ticket 47362 - nsslapd-port: 0 causes replication to break */ + else if ((*contain_purl==0) && ruve->replica_purl && (port == 0) && localhost && + (ptr = strstr(ruve->replica_purl, localhost)) && (ptr != ruve->replica_purl) && + (*(ptr - 1) == '/') && (*(ptr+localhostlen) == ':')) + { + /* same hostname, but port number may have been temporarily set to 0 + * just allow it with whatever port number is already in the replica_purl + * do not reset the port number, do not tell the configure_ruv code that there + * is anything wrong + */ + *contain_purl = ruve->rid; + } dl_add ((*ruv)->elements, ruve); } } } } + slapi_ch_free_string(&localhost); } } return return_value; @@ -648,26 +665,34 @@ } static int -set_max_csn_nolock(RUV *ruv, const CSN *max_csn, const char *replica_purl) +set_max_csn_nolock_ext(RUV *ruv, const CSN *max_csn, const char *replica_purl, PRBool must_be_greater) { - int return_value; + int return_value = RUV_SUCCESS; ReplicaId rid = csn_get_replicaid (max_csn); RUVElement *replica = ruvGetReplica (ruv, rid); - if (NULL == replica) - { - replica = ruvAddReplica (ruv, max_csn, replica_purl); - if (replica) - return_value = RUV_SUCCESS; - else - return_value = RUV_MEMORY_ERROR; - } - else - { - if (replica_purl && replica->replica_purl == NULL) - replica->replica_purl = slapi_ch_strdup (replica_purl); - csn_free(&replica->csn); - replica->csn = csn_dup(max_csn); - replica->last_modified = current_time(); + if (NULL == replica) { + replica = ruvAddReplica (ruv, max_csn, replica_purl); + if (replica) + return_value = RUV_SUCCESS; + else + return_value = RUV_MEMORY_ERROR; + } else { + if (replica_purl && replica->replica_purl == NULL) + replica->replica_purl = slapi_ch_strdup (replica_purl); + if (!must_be_greater || (csn_compare(replica->csn, max_csn) < 0)) { + csn_free(&replica->csn); + replica->csn = csn_dup(max_csn); + replica->last_modified = current_time(); + } else { + char csn1[CSN_STRSIZE+1]; + char csn2[CSN_STRSIZE+1]; + slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, + "set_max_csn_nolock_ext: new CSN [%s] for replica ID [%d] " + "is less than the existing max CSN [%s] - ignoring\n", + csn_as_string(max_csn, PR_FALSE, csn1), rid, + csn_as_string(replica->csn, PR_FALSE, csn2)); + return_value = RUV_COVERS_CSN; + } return_value = RUV_SUCCESS; } return return_value; @@ -687,9 +712,15 @@ int ruv_set_max_csn(RUV *ruv, const CSN *max_csn, const char *replica_purl) { + return ruv_set_max_csn_ext(ruv, max_csn, replica_purl, PR_FALSE); +} + +int +ruv_set_max_csn_ext(RUV *ruv, const CSN *max_csn, const char *replica_purl, PRBool must_be_greater) +{ int return_value; slapi_rwlock_wrlock (ruv->lock); - return_value = set_max_csn_nolock(ruv, max_csn, replica_purl); + return_value = set_max_csn_nolock_ext(ruv, max_csn, replica_purl, must_be_greater); slapi_rwlock_unlock (ruv->lock); return return_value; } @@ -955,9 +986,9 @@ * or max{maxcsns of all ruv elements} if get_the_max != 0. */ static int -ruv_get_min_or_max_csn(const RUV *ruv, CSN **csn, int get_the_max, ReplicaId rid) +ruv_get_min_or_max_csn(const RUV *ruv, CSN **csn, int get_the_max, ReplicaId rid, int ignore_cleaned_rid) { - int return_value; + int return_value = RUV_SUCCESS; if (ruv == NULL || csn == NULL) { @@ -969,6 +1000,7 @@ CSN *found = NULL; RUVElement *replica; int cookie; + slapi_rwlock_rdlock (ruv->lock); for (replica = dl_get_first (ruv->elements, &cookie); replica; replica = dl_get_next (ruv->elements, &cookie)) @@ -985,6 +1017,10 @@ { continue; } + if(ignore_cleaned_rid && is_cleaned_rid(replica->rid)){ + continue; + } + if(rid){ /* we are only interested in this rid's maxcsn */ if(replica->rid == rid){ found = replica->csn; @@ -998,36 +1034,55 @@ found = replica->csn; } } - } + } + if (found == NULL) { - *csn = NULL; + *csn = NULL; } else { *csn = csn_dup (found); } slapi_rwlock_unlock (ruv->lock); - return_value = RUV_SUCCESS; } return return_value; } int -ruv_get_rid_max_csn(const RUV *ruv, CSN **csn, ReplicaId rid){ - return ruv_get_min_or_max_csn(ruv, csn, 1 /* get the max */, rid); +ruv_get_rid_max_csn(const RUV *ruv, CSN **csn, ReplicaId rid) +{ + return ruv_get_rid_max_csn_ext(ruv, csn, rid, 0); +} + +int +ruv_get_rid_max_csn_ext(const RUV *ruv, CSN **csn, ReplicaId rid, int ignore_cleaned_rid) +{ + return ruv_get_min_or_max_csn(ruv, csn, 1 /* get the max */, rid, ignore_cleaned_rid); } int ruv_get_max_csn(const RUV *ruv, CSN **csn) { - return ruv_get_min_or_max_csn(ruv, csn, 1 /* get the max */, 0 /* rid */); + return ruv_get_max_csn_ext(ruv, csn, 0); +} + +int +ruv_get_max_csn_ext(const RUV *ruv, CSN **csn, int ignore_cleaned_rid) +{ + return ruv_get_min_or_max_csn(ruv, csn, 1 /* get the max */, 0 /* rid */, ignore_cleaned_rid); } int ruv_get_min_csn(const RUV *ruv, CSN **csn) { - return ruv_get_min_or_max_csn(ruv, csn, 0 /* get the min */, 0 /* rid */); + return ruv_get_min_csn_ext(ruv, csn, 0); +} + +int +ruv_get_min_csn_ext(const RUV *ruv, CSN **csn, int ignore_cleaned_rid) +{
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_ruv.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_ruv.h
Changed
@@ -108,6 +108,7 @@ int ruv_set_csns(RUV *ruv, const CSN *csn, const char *replica_purl); int ruv_set_csns_keep_smallest(RUV *ruv, const CSN *csn); int ruv_set_max_csn(RUV *ruv, const CSN *max_csn, const char *replica_purl); +int ruv_set_max_csn_ext(RUV *ruv, const CSN *max_csn, const char *replica_purl, PRBool must_be_greater); int ruv_set_min_csn(RUV *ruv, const CSN *min_csn, const char *replica_purl); const char *ruv_get_purl_for_replica(const RUV *ruv, ReplicaId rid); char *ruv_get_replica_generation (const RUV *ruv); @@ -117,8 +118,11 @@ PRBool ruv_covers_csn_strict(const RUV *ruv, const CSN *csn); PRBool ruv_covers_csn_cleanallruv(const RUV *ruv, const CSN *csn); int ruv_get_min_csn(const RUV *ruv, CSN **csn); +int ruv_get_min_csn_ext(const RUV *ruv, CSN **csn, int ignore_cleaned_rid); int ruv_get_max_csn(const RUV *ruv, CSN **csn); +int ruv_get_max_csn_ext(const RUV *ruv, CSN **csn, int ignore_cleaned_rid); int ruv_get_rid_max_csn(const RUV *ruv, CSN **csn, ReplicaId rid); +int ruv_get_rid_max_csn_ext(const RUV *ruv, CSN **csn, ReplicaId rid, int ignore_cleaned_rid); int ruv_enumerate_elements (const RUV *ruv, FNEnumRUV fn, void *arg); int ruv_to_smod(const RUV *ruv, Slapi_Mod *smod); int ruv_last_modified_to_smod(const RUV *ruv, Slapi_Mod *smod);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_tot_protocol.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_tot_protocol.c
Changed
@@ -340,7 +340,6 @@ prp->stopped = 0; if (prp->terminate) { - prp->stopped = 1; goto done; } @@ -362,8 +361,7 @@ } else if (prp->terminate) { - conn_disconnect(prp->conn); - prp->stopped = 1; + conn_disconnect(prp->conn); goto done; } @@ -646,7 +644,6 @@ if (prp->terminate) { conn_disconnect(prp->conn); - prp->stopped = 1; ((callback_data*)cb_data)->rc = -1; return -1; } @@ -659,7 +656,6 @@ if (rc) { conn_disconnect(prp->conn); - prp->stopped = 1; ((callback_data*)cb_data)->rc = -1; return -1; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl5_total.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl5_total.c
Changed
@@ -726,10 +726,10 @@ slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &extop_oid); slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value); - if (NULL == extop_oid || + if ((NULL == extop_oid) || ((strcmp(extop_oid, REPL_NSDS50_REPLICATION_ENTRY_REQUEST_OID) != 0) && - (strcmp(extop_oid, REPL_NSDS71_REPLICATION_ENTRY_REQUEST_OID) != 0)) || - NULL == extop_value || NULL == extop_value->bv_val) + (strcmp(extop_oid, REPL_NSDS71_REPLICATION_ENTRY_REQUEST_OID) != 0)) || + !BV_HAS_DATA(extop_value)) { /* Bogus */ goto loser;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl_controls.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl_controls.c
Changed
@@ -216,7 +216,7 @@ if (slapi_control_present(controlsp, REPL_NSDS50_UPDATE_INFO_CONTROL_OID, &ctl_value, &iscritical)) { - if ((ctl_value->bv_val == NULL) || (tmp_bere = ber_init(ctl_value)) == NULL) + if (!BV_HAS_DATA(ctl_value) || (tmp_bere = ber_init(ctl_value)) == NULL) { rc = -1; goto loser;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/repl_extop.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/repl_extop.c
Changed
@@ -343,10 +343,10 @@ slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &extop_oid); slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value); - if (NULL == extop_oid || + if ((NULL == extop_oid) || ((strcmp(extop_oid, REPL_START_NSDS50_REPLICATION_REQUEST_OID) != 0) && - (strcmp(extop_oid, REPL_START_NSDS90_REPLICATION_REQUEST_OID) != 0)) || - NULL == extop_value || NULL == extop_value->bv_val) + (strcmp(extop_oid, REPL_START_NSDS90_REPLICATION_REQUEST_OID) != 0)) || + !BV_HAS_DATA(extop_value)) { /* bogus */ rc = -1; @@ -480,9 +480,9 @@ slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &extop_oid); slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value); - if (NULL == extop_oid || - strcmp(extop_oid, REPL_END_NSDS50_REPLICATION_REQUEST_OID) != 0 || - NULL == extop_value || NULL == extop_value->bv_val) + if ((NULL == extop_oid) || + (strcmp(extop_oid, REPL_END_NSDS50_REPLICATION_REQUEST_OID) != 0) || + !BV_HAS_DATA(extop_value)) { /* bogus */ rc = -1; @@ -545,8 +545,8 @@ PR_ASSERT(NULL != response_code); PR_ASSERT(NULL != ruv_bervals); - if (NULL == bvdata || NULL == response_code || NULL == ruv_bervals || - NULL == data_guid || NULL == data || NULL == bvdata->bv_val) + if ((NULL == response_code) || (NULL == ruv_bervals) || + (NULL == data_guid) || (NULL == data) || !BV_HAS_DATA(bvdata)) { return_value = -1; } @@ -835,11 +835,11 @@ rc = replica_update_csngen_state_ext (replica, supplier_ruv, replicacsn); /* too much skew */ if (rc == CSN_LIMIT_EXCEEDED) { - response = NSDS50_REPL_EXCESSIVE_CLOCK_SKEW; slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "conn=%" NSPRIu64 " op=%d repl=\"%s\": " "Excessive clock skew from supplier RUV\n", connid, opid, repl_root); + response = NSDS50_REPL_EXCESSIVE_CLOCK_SKEW; goto send_response; } else if (rc != 0) @@ -1412,6 +1412,11 @@ { BerElement *tmp_bere = NULL; int rc = 0; + + if (!BV_HAS_DATA(extop_value)) { + rc = -1; + goto free_and_return; + } if ((tmp_bere = ber_init(extop_value)) == NULL){ rc = -1; @@ -1445,24 +1450,24 @@ int multimaster_extop_abort_cleanruv(Slapi_PBlock *pb) { - multimaster_mtnode_extension *mtnode_ext; + multimaster_mtnode_extension *mtnode_ext = NULL; + int release_it = 0; PRThread *thread = NULL; cleanruv_data *data; Replica *r; ReplicaId rid; - CSN *maxcsn; - struct berval *extop_payload; + struct berval *extop_payload = NULL; char *extop_oid; char *repl_root; char *payload = NULL; char *certify_all; char *iter; - int rc = 0; + int rc = LDAP_SUCCESS; slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &extop_oid); slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_payload); - if (NULL == extop_oid || strcmp(extop_oid, REPL_CLEANRUV_OID) != 0 || + if (NULL == extop_oid || strcmp(extop_oid, REPL_ABORT_CLEANRUV_OID) != 0 || NULL == extop_payload || NULL == extop_payload->bv_val){ /* something is wrong, error out */ return LDAP_OPERATIONS_ERROR; @@ -1471,39 +1476,40 @@ * Decode the payload, and grab our settings */ if(decode_cleanruv_payload(extop_payload, &payload)){ - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort cleanAllRUV task: failed to decode payload. Aborting ext op\n"); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort CleanAllRUV Task: failed to decode payload. Aborting ext op\n"); return LDAP_OPERATIONS_ERROR; } rid = atoi(ldap_utf8strtok_r(payload, ":", &iter)); repl_root = ldap_utf8strtok_r(iter, ":", &iter); certify_all = ldap_utf8strtok_r(iter, ":", &iter); - if(!is_cleaned_rid(rid) || is_task_aborted(rid)){ + if(!is_cleaned_rid(rid) || !is_pre_cleaned_rid(rid) || is_task_aborted(rid)){ /* This replica has already been aborted, or was never cleaned, or already finished cleaning */ goto out; } else { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort cleanAllRUV task: aborting cleanallruv task for rid(%d)\n", rid); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort CleanAllRUV Task: aborting cleanallruv task for rid(%d)\n", rid); } /* * Get the node, so we can get the replica and its agreements */ if((mtnode_ext = replica_config_get_mtnode_by_dn(repl_root)) == NULL){ - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort cleanAllRUV task: failed to get replication node " + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort CleanAllRUV Task: failed to get replication node " "from (%s), aborting operation\n", repl_root); rc = LDAP_OPERATIONS_ERROR; goto out; } if (mtnode_ext->replica){ object_acquire (mtnode_ext->replica); + release_it = 1; } else { - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort cleanAllRUV task: replica is missing from (%s), " + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort CleanAllRUV Task: replica is missing from (%s), " "aborting operation\n",repl_root); rc = LDAP_OPERATIONS_ERROR; goto out; } r = (Replica*)object_get_data (mtnode_ext->replica); if(r == NULL){ - slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort cleanAllRUV task: replica is NULL, aborting task\n"); + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Abort CleanAllRUV Task: replica is NULL, aborting task\n"); rc = LDAP_OPERATIONS_ERROR; goto out; } @@ -1512,12 +1518,13 @@ */ data = (cleanruv_data*)slapi_ch_calloc(1, sizeof(cleanruv_data)); if (data == NULL) { - slapi_log_error( SLAPI_LOG_REPL, repl_plugin_name, "Abort cleanAllRUV task: failed to allocate " + slapi_log_error( SLAPI_LOG_REPL, repl_plugin_name, "Abort CleanAllRUV Task: failed to allocate " "abort_cleanruv_data. Aborting task.\n"); rc = LDAP_OPERATIONS_ERROR; goto out; } data->repl_obj = mtnode_ext->replica; /* released in replica_abort_task_thread() */ + release_it = 0; /* thread owns it now */ data->replica = r; data->task = NULL; data->payload = slapi_ch_bvdup(extop_payload); @@ -1525,11 +1532,8 @@ data->repl_root = slapi_ch_strdup(repl_root); data->certify = slapi_ch_strdup(certify_all); /* - * Stop the cleaning, and delete the rid + * Set the aborted rid and stop the cleaning */ - maxcsn = replica_get_cleanruv_maxcsn(r, rid); - delete_cleaned_rid(r, rid, maxcsn); - csn_free(&maxcsn); add_aborted_rid(rid, r, repl_root); stop_ruv_cleaning(); /* @@ -1539,17 +1543,20 @@ (void *)data, PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_UNJOINABLE_THREAD, SLAPD_DEFAULT_THREAD_STACKSIZE); if (thread == NULL) { - if(mtnode_ext->replica){ - object_release(mtnode_ext->replica); - } - slapi_log_error( SLAPI_LOG_REPL, repl_plugin_name, "Abort cleanAllRUV task: unable to create abort " + slapi_log_error( SLAPI_LOG_REPL, repl_plugin_name, "Abort CleanAllRUV Task: unable to create abort " "thread. Aborting task.\n"); + release_it = 1; /* have to release mtnode_ext->replica now */ slapi_ch_free_string(&data->repl_root); slapi_ch_free_string(&data->certify); + ber_bvfree(data->payload); + slapi_ch_free((void **)&data); rc = LDAP_OPERATIONS_ERROR; } out: + if (release_it && mtnode_ext && mtnode_ext->replica) { + object_release(mtnode_ext->replica); + } slapi_ch_free_string(&payload); return rc; @@ -1569,7 +1576,7 @@ int multimaster_extop_cleanruv(Slapi_PBlock *pb) { - multimaster_mtnode_extension *mtnode_ext; + multimaster_mtnode_extension *mtnode_ext = NULL; PRThread *thread = NULL;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/replutil.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/replutil.c
Changed
@@ -765,33 +765,32 @@ ldap_free_urldesc(lud); } - if (!referrals_to_set) { /* deleting referrals */ - /* Set state before */ - if (!chain_on_update) { - slapi_mtn_set_state(repl_root_sdn, (char *)mtn_state); + if (!referrals_to_set) { /* deleting referrals */ + /* Set state before */ + if (!chain_on_update) { + slapi_mtn_set_state(repl_root_sdn, (char *)mtn_state); + } + /* We should delete referral only if we want to set the + replica database in backend state mode */ + /* if chain on update mode, go ahead and set the referrals anyway */ + if (strcasecmp(mtn_state, STATE_BACKEND) == 0 || chain_on_update) { + rc = slapi_mtn_set_referral(repl_root_sdn, referrals_to_set); + if (rc == LDAP_NO_SUCH_ATTRIBUTE) { + /* we will get no such attribute (16) if we try to set the referrals to NULL if + there are no referrals - not an error */ + rc = LDAP_SUCCESS; } - /* We should delete referral only if we want to set the - replica database in backend state mode */ - /* if chain on update mode, go ahead and set the referrals anyway */ - if (strcasecmp(mtn_state, STATE_BACKEND) == 0 || chain_on_update) { - rc = slapi_mtn_set_referral(repl_root_sdn, referrals_to_set); - if (rc == LDAP_NO_SUCH_ATTRIBUTE) { - /* we will get no such attribute (16) if we try to set the referrals to NULL if - there are no referrals - not an error */ - rc = LDAP_SUCCESS; - } - } - } else { /* Replacing */ - rc = slapi_mtn_set_referral(repl_root_sdn, referrals_to_set); - if (rc == LDAP_SUCCESS && !chain_on_update){ - slapi_mtn_set_state(repl_root_sdn, (char *)mtn_state); - } - } + } + } else { /* Replacing */ + rc = slapi_mtn_set_referral(repl_root_sdn, referrals_to_set); + if (rc == LDAP_SUCCESS && !chain_on_update){ + slapi_mtn_set_state(repl_root_sdn, (char *)mtn_state); + } + } - if (rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS) { + if (rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "repl_set_mtn_referrals: could " - "not set referrals for replica %s: %d\n", - slapi_sdn_get_dn(repl_root_sdn), rc); + "not set referrals for replica %s: %d\n", slapi_sdn_get_dn(repl_root_sdn), rc); } charray_free(referrals_to_set);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/urp.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/urp.c
Changed
@@ -57,7 +57,7 @@ static int urp_naming_conflict_removal (Slapi_PBlock *pb, char *sessionid, CSN *opcsn, const char *optype); static int mod_namingconflict_attr (const char *uniqueid, const Slapi_DN *entrysdn, const Slapi_DN *conflictsdn, CSN *opcsn); static int del_replconflict_attr (Slapi_Entry *entry, CSN *opcsn, int opflags); -static char *get_dn_plus_uniqueid(char *sessionid,const char *olddn,const char *uniqueid); +static char *get_dn_plus_uniqueid(char *sessionid,const Slapi_DN *oldsdn,const char *uniqueid); static char *get_rdn_plus_uniqueid(char *sessionid,const char *olddn,const char *uniqueid); static int is_suffix_entry (Slapi_PBlock *pb, Slapi_Entry *entry, Slapi_DN **parenddn); @@ -180,7 +180,7 @@ if (r<0) { /* Entry to be added is a loser */ - char *newdn= get_dn_plus_uniqueid (sessionid, basedn, adduniqueid); + char *newdn = get_dn_plus_uniqueid (sessionid, (const Slapi_DN *)addentry, adduniqueid); if(newdn==NULL) { op_result= LDAP_OPERATIONS_ERROR; @@ -1222,16 +1222,15 @@ /* The returned value is either null or "uniqueid=<uniqueid>+<basedn>" */ static char * -get_dn_plus_uniqueid(char *sessionid, const char *olddn, const char *uniqueid) +get_dn_plus_uniqueid(char *sessionid, const Slapi_DN *oldsdn, const char *uniqueid) { - Slapi_DN *sdn= slapi_sdn_new_dn_byval(olddn); Slapi_RDN *rdn= slapi_rdn_new(); char *newdn; PR_ASSERT(uniqueid!=NULL); /* Check if the RDN already contains the Unique ID */ - slapi_sdn_get_rdn(sdn,rdn); + slapi_rdn_set_dn(rdn, slapi_sdn_get_dn(oldsdn)); if(slapi_rdn_contains(rdn,SLAPI_ATTR_UNIQUEID,uniqueid,strlen(uniqueid))) { /* The Unique ID is already in the RDN. @@ -1241,16 +1240,16 @@ * require admin intercession */ slapi_log_error(SLAPI_LOG_FATAL, sessionid, - "Annotated DN %s has naming conflict\n", olddn ); + "Annotated DN %s has naming conflict\n", slapi_sdn_get_dn(oldsdn) ); newdn= NULL; } else { - slapi_rdn_add(rdn,SLAPI_ATTR_UNIQUEID,uniqueid); - slapi_sdn_set_rdn(sdn, rdn); - newdn= slapi_ch_strdup(slapi_sdn_get_dn(sdn)); + char *parentdn = slapi_dn_parent(slapi_sdn_get_dn(oldsdn)); + slapi_rdn_add(rdn, SLAPI_ATTR_UNIQUEID, uniqueid); + newdn = slapi_ch_smprintf("%s,%s", slapi_rdn_get_rdn(rdn), parentdn); + slapi_ch_free_string(&parentdn); } - slapi_sdn_free(&sdn); slapi_rdn_free(&rdn); return newdn; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/urp_glue.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/urp_glue.c
Changed
@@ -169,7 +169,6 @@ sdn = slapi_sdn_new_dn_byval(slapi_sdn_get_ndn(superiordn)); slapi_sdn_add_rdn(sdn,rdn); - /* must take care of multi-valued rdn: split rdn into different lines introducing * '\n' between each type/value pair. */ @@ -187,8 +186,7 @@ rdnstr = slapi_ch_realloc(rdnstr, alloc_len); rdnpair = &rdnstr[rdnstr_len]; } - slapi_ldif_put_type_and_value_with_options(&rdnpair, rdntype, - rdnval, rdnval_len, LDIF_OPT_NOWRAP); + slapi_ldif_put_type_and_value_with_options(&rdnpair, rdntype, rdnval, rdnval_len, LDIF_OPT_NOWRAP); *rdnpair = '\0'; } estr= slapi_ch_smprintf(glue_entry, slapi_sdn_get_ndn(sdn), rdnstr, uniqueid, @@ -247,6 +245,12 @@ sessionid, dnstr, uniqueid); done= 1; break; + case LDAP_ALREADY_EXISTS: + slapi_log_error ( SLAPI_LOG_FATAL, repl_plugin_name, + "%s: Skipped creating glue entry %s uniqueid=%s reason Entry Already Exists\n", + sessionid, dnstr, uniqueid); + done= 1; + break; case LDAP_NO_SUCH_OBJECT: /* The parent is missing */ {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/windows_connection.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/windows_connection.c
Changed
@@ -1333,7 +1333,7 @@ if (CONN_IS_WIN2K3 == supports) { windows_private_set_iswin2k3(conn->agmt,1); - LDAPDebug( LDAP_DEBUG_REPL, "windows_conn_connect : detected Win2k3 peer\n", 0, 0, 0 ); + LDAPDebug( LDAP_DEBUG_REPL, "windows_conn_connect : detected Win2k3 or later peer\n", 0, 0, 0 ); } else { windows_private_set_iswin2k3(conn->agmt,0);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/windows_inc_protocol.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/windows_inc_protocol.c
Changed
@@ -157,27 +157,34 @@ static void windows_inc_delete(Private_Repl_Protocol **prpp) { - LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_delete\n" ); - /* First, stop the protocol if it isn't already stopped */ - /* Then, delete all resources used by the protocol */ - slapi_eq_cancel(dirsync); - - if (!(*prpp)->stopped) { - (*prpp)->stopped = 1; - (*prpp)->stop(*prpp); - } - if ((*prpp)->lock) { - PR_DestroyLock((*prpp)->lock); - (*prpp)->lock = NULL; - } - if ((*prpp)->cvar) { - PR_DestroyCondVar((*prpp)->cvar); - (*prpp)->cvar = NULL; - } - slapi_ch_free((void **)&(*prpp)->private); - slapi_ch_free((void **)prpp); - - LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_delete\n" ); + int rc; + windows_inc_private *prp_priv = (windows_inc_private *)(*prpp)->private; + LDAPDebug0Args( LDAP_DEBUG_TRACE, "=> windows_inc_delete\n" ); + /* First, stop the protocol if it isn't already stopped */ + /* Then, delete all resources used by the protocol */ + rc = slapi_eq_cancel(dirsync); + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "windows_inc_delete: dirsync: %p, rval: %d\n", dirsync, rc); + /* if backoff is set, delete it (from EQ, as well) */ + if (prp_priv->backoff) { + backoff_delete(&prp_priv->backoff); + } + if (!(*prpp)->stopped) { + (*prpp)->stopped = 1; + (*prpp)->stop(*prpp); + } + if ((*prpp)->lock) { + PR_DestroyLock((*prpp)->lock); + (*prpp)->lock = NULL; + } + if ((*prpp)->cvar) { + PR_DestroyCondVar((*prpp)->cvar); + (*prpp)->cvar = NULL; + } + slapi_ch_free((void **)&(*prpp)->private); + slapi_ch_free((void **)prpp); + + LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_delete\n" ); } /* helper function */ @@ -357,7 +364,6 @@ w_set_pause_and_busy_time(&pausetime, &busywaittime); } - if (is_first_start) { unsigned long interval = windows_private_get_sync_interval(prp->agmt) * 1000; /* @@ -365,6 +371,12 @@ * and the repeat interval. */ /* DBDB: we should probably make this polling interval configurable */ + if(dirsync){ + int rc = slapi_eq_cancel(dirsync); + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "windows_inc_runs: cancelled dirsync: %p, rval: %d\n", + dirsync, rc); + } dirsync = slapi_eq_repeat(periodic_dirsync, (void*) prp, (time_t)0 , interval); is_first_start = PR_FALSE; } @@ -606,7 +618,11 @@ } else { - /* Set up the backoff timer to wake us up at the appropriate time */ + /* Set up the backoff timer to wake us up at the appropriate time */ + /* if previous backoff set up, delete it. */ + if (prp_priv->backoff) { + backoff_delete(&prp_priv->backoff); + } if (use_busy_backoff_timer) { /* we received a busy signal from the consumer, wait for a while */ @@ -651,14 +667,14 @@ run_dirsync = PR_TRUE; windows_conn_set_agmt_changed(prp->conn); - /* Destroy the backoff timer, since we won't need it anymore */ + /* Destroy the backoff timer, since we won't need it anymore */ if (prp_priv->backoff) backoff_delete(&prp_priv->backoff); } else if (event_occurred(prp, EVENT_WINDOW_CLOSED)) { next_state = STATE_WAIT_WINDOW_OPEN; - /* Destroy the backoff timer, since we won't need it anymore */ + /* Destroy the backoff timer, since we won't need it anymore */ if (prp_priv->backoff) backoff_delete(&prp_priv->backoff); } @@ -1026,6 +1042,7 @@ windows_conn_cancel_linger(prp->conn); /* ... and disconnect, if currently connected */ windows_conn_disconnect(prp->conn); + ruv_destroy ( &ruv ); LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_run\n" ); } @@ -1175,7 +1192,7 @@ { CL5Entry entry; slapi_operation_parameters op; - int return_value; + int return_value = UPDATE_NO_MORE_UPDATES; int rc; int set_mincsn = 0; CL5ReplayIterator *changelog_iterator = NULL;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/windows_private.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/windows_private.c
Changed
@@ -782,6 +782,13 @@ dirsync = slapi_dup_control( controls[i-1]); } + if (!dirsync || !BV_HAS_DATA((&(dirsync->ldctl_value)))) { +#ifdef FOR_DEBUGGING + return_value = LDAP_CONTROL_NOT_FOUND; +#endif + goto choke; + } + ber = ber_init( &dirsync->ldctl_value ) ; if (ber_scanf( ber, "{iiO}", &hasMoreData, &maxAttributeCount, &serverCookie) == LBER_ERROR) @@ -1337,11 +1344,16 @@ { struct winsync_plugin_cookie *list = NULL; void *cookie = NULL; - PRStatus rv; LDAPDebug0Args( LDAP_DEBUG_PLUGIN, "--> windows_plugin_init_start -- begin\n"); - rv = PR_CallOnce(&winsync_callOnce, windows_plugin_callonce); + if (PR_CallOnce(&winsync_callOnce, windows_plugin_callonce)) { + PRErrorCode prerr = PR_GetError(); + slapi_log_error(SLAPI_LOG_FATAL, "windows_plugin_init", + "cannot initialize plugin: %d:%s\n", prerr, + slapi_pr_strerror(prerr)); + return; + } /* call each plugin init function in turn - store the returned cookie indexed by the api */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/replication/windows_protocol_util.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/replication/windows_protocol_util.c
Changed
@@ -70,7 +70,7 @@ static int windows_get_local_entry_by_uniqueid(Private_Repl_Protocol *prp,const char* uniqueid,Slapi_Entry **local_entry, int is_global); static int windows_get_local_tombstone_by_uniqueid(Private_Repl_Protocol *prp,const char* uniqueid,Slapi_Entry **local_entry); static int windows_search_local_entry_by_uniqueid(Private_Repl_Protocol *prp, const char *uniqueid, char ** attrs, Slapi_Entry **ret_entry, int tombstone, void * component_identity, int is_global); -static int map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int want_guid); +static int map_entry_dn_outbound(Slapi_Entry *e, Slapi_DN **dn, Private_Repl_Protocol *prp, int *missing_entry, int want_guid, Slapi_Entry **remote_entry); static char* extract_ntuserdomainid_from_entry(Slapi_Entry *e); static char* extract_container(const Slapi_DN *entry_dn, const Slapi_DN *suffix_dn); static int windows_get_remote_entry (Private_Repl_Protocol *prp, const Slapi_DN* remote_dn,Slapi_Entry **remote_entry); @@ -409,12 +409,19 @@ int retval = 0; int i = 0; + if (NULL == mapped_values) { + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "%s: map_dn_values: arg mapped_values is NULL.\n", + agmt_get_long_name(prp->agmt)); + return; + } + /* Set the keep raw entry flag to avoid overwriting the existing raw entry. */ windows_private_set_keep_raw_entry(prp->agmt, 1); /* For each value: */ - i= slapi_valueset_first_value(original_values,&original_value); - while ( i != -1 ) { + i= slapi_valueset_first_value(original_values,&original_value); + while ( i != -1 ) { int is_ours = 0; char *new_dn_string = NULL; @@ -448,7 +455,7 @@ is_ours = is_subject_of_agreement_local(local_entry,prp->agmt); if (is_ours) { - map_entry_dn_outbound(local_entry,&remote_dn,prp,&missing_entry, 0 /* don't want GUID form here */); + map_entry_dn_outbound(local_entry,&remote_dn,prp,&missing_entry, 0 /* don't want GUID form here */, NULL); if (remote_dn) { if (!missing_entry) @@ -480,7 +487,7 @@ local_entry = NULL; } } else - { + { /* from windows */ Slapi_Entry *remote_entry = NULL; Slapi_DN *local_dn = NULL; /* Try to get the remote entry */ @@ -768,7 +775,10 @@ /* this entry had a password, handle it seperately */ /* http://support.microsoft.com/?kbid=269190 */ static int -send_password_modify(Slapi_DN *sdn, char *password, Private_Repl_Protocol *prp) +send_password_modify(Slapi_DN *sdn, + char *password, + Private_Repl_Protocol *prp, + Slapi_Entry *remote_entry) { ConnResult pw_return = 0; @@ -791,6 +801,35 @@ } else { + Slapi_Attr *attr = NULL; + int force_reset_pw = 0; + /* + * If AD entry has password must change flag is set, + * we keep the flag (pwdLastSet == 0). + * msdn.microsoft.com: Windows Dev Centor - Desktop + * To force a user to change their password at next logon, + * set the pwdLastSet attribute to zero (0). + */ + if (remote_entry && + (0 == slapi_entry_attr_find(remote_entry, "pwdLastSet", &attr)) && + attr) { + Slapi_Value *v = NULL; + int i = 0; + for (i = slapi_attr_first_value(attr, &v); + v && (i != -1); + i = slapi_attr_next_value(attr, i, &v)) { + const char *s = slapi_value_get_string(v); + if (NULL == s) { + continue; + } + if (0 == strcmp(s, "0")) { + slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name, + "%s: AD entry %s set \"user must change password at next logon\". ", + agmt_get_long_name(prp->agmt), slapi_entry_get_dn(remote_entry)); + force_reset_pw = 1; + } + } + } /* We will attempt to bind to AD with the new password first. We do * this to avoid playing a password change that originated from AD * back to AD. If we just played the password change back, then @@ -803,38 +842,53 @@ quoted_password = PR_smprintf("\"%s\"",password); if (quoted_password) { - LDAPMod *pw_mods[2]; - LDAPMod pw_mod; - struct berval bv = {0}; UChar *unicode_password = NULL; int32_t unicode_password_length = 0; /* Length in _characters_ */ int32_t buffer_size = 0; /* Size in _characters_ */ UErrorCode error = U_ZERO_ERROR; - struct berval *bvals[2]; /* Need to UNICODE encode the password here */ /* It's one of those 'ask me first and I will tell you the buffer size' functions */ u_strFromUTF8(NULL, 0, &unicode_password_length, quoted_password, strlen(quoted_password), &error); buffer_size = unicode_password_length; unicode_password = (UChar *)slapi_ch_malloc(unicode_password_length * sizeof(UChar)); if (unicode_password) { + LDAPMod *pw_mods[3]; + LDAPMod pw_mod; + LDAPMod reset_pw_mod; + struct berval bv = {0}; + struct berval *bvals[2]; + struct berval reset_bv = {0}; + struct berval *reset_bvals[2]; error = U_ZERO_ERROR; u_strFromUTF8(unicode_password, buffer_size, &unicode_password_length, quoted_password, strlen(quoted_password), &error); - + /* As an extra special twist, we need to send the unicode in little-endian order for AD to be happy */ to_little_endian_double_bytes(unicode_password, unicode_password_length); - + bv.bv_len = unicode_password_length * sizeof(UChar); bv.bv_val = (char*)unicode_password; - + bvals[0] = &bv; bvals[1] = NULL; pw_mod.mod_type = "UnicodePwd"; pw_mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES; pw_mod.mod_bvalues = bvals; - + pw_mods[0] = &pw_mod; - pw_mods[1] = NULL; + if (force_reset_pw) { + reset_bv.bv_len = 1; + reset_bv.bv_val = "0"; + reset_bvals[0] = &reset_bv; + reset_bvals[1] = NULL; + reset_pw_mod.mod_type = "pwdLastSet"; + reset_pw_mod.mod_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES; + reset_pw_mod.mod_bvalues = reset_bvals; + pw_mods[1] = &reset_pw_mod; + pw_mods[2] = NULL; + } else { + pw_mods[1] = NULL; + } pw_return = windows_conn_send_modify(prp->conn, slapi_sdn_get_dn(sdn), pw_mods, NULL, NULL ); @@ -1414,6 +1468,7 @@ Slapi_DN *remote_dn = NULL; Slapi_DN *local_dn = NULL; Slapi_Entry *local_entry = NULL; + Slapi_Entry *remote_entry = NULL; LDAPDebug( LDAP_DEBUG_TRACE, "=> windows_replay_update\n", 0, 0, 0 ); @@ -1488,7 +1543,7 @@ if (is_ours && (is_user || is_group) ) { int missing_entry = 0; /* Make the entry's DN */ - rc = map_entry_dn_outbound(local_entry,&remote_dn,prp,&missing_entry, 1); + rc = map_entry_dn_outbound(local_entry,&remote_dn,prp,&missing_entry, 1, &remote_entry); if (rc || NULL == remote_dn) { slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, @@ -1536,89 +1591,111 @@ slapi_entry_free(ad_entry); /* getting sets windows_private_get_raw_entry */ } + /* + * If the magic objectclass and attributes have been added to the entry + * to make the entry sync-able, add the entry first, then apply the other + * mods + */ + if (sync_attrs_added(op->p.p_modify.modify_mods, local_entry)) { + Slapi_Entry *ad_entry = NULL; - windows_map_mods_for_replay(prp,op->p.p_modify.modify_mods, &mapped_mods, is_user, &password); - if (is_user) { - winsync_plugin_call_pre_ad_mod_user_mods_cb(prp->agmt, - windows_private_get_raw_entry(prp->agmt), - local_dn, - local_entry, - op->p.p_modify.modify_mods, - remote_dn, - &mapped_mods); - } else if (is_group) { - winsync_plugin_call_pre_ad_mod_group_mods_cb(prp->agmt,
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/roles/roles_cache.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/roles/roles_cache.c
Changed
@@ -1224,6 +1224,7 @@ (char*)slapi_sdn_get_ndn(this_role->dn), ROLE_FILTER_ATTR_NAME, filter_attr_value, ROLE_FILTER_ATTR_NAME); + slapi_ch_free_string(&filter_attr_value); slapi_ch_free((void**)&this_role); return SLAPI_ROLE_ERROR_FILTER_BAD; } @@ -1233,7 +1234,7 @@ /* Turn it into a slapi filter object */ filter = slapi_str2filter(filter_attr_value); - slapi_ch_free((void**)&filter_attr_value); + slapi_ch_free_string(&filter_attr_value); if ( filter == NULL ) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/rootdn_access/rootdn_access.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/rootdn_access/rootdn_access.c
Changed
@@ -46,6 +46,7 @@ #include <nspr.h> #include <time.h> #include <ctype.h> +#include <string.h> /* * Add an entry like the following to dse.ldif to enable this plugin:
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/rootdn_access/rootdn_access.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/rootdn_access/rootdn_access.h
Changed
@@ -47,6 +47,8 @@ #include <nspr.h> #include <time.h> #include <ctype.h> +#include <string.h> +#include <strings.h> #define ROOTDN_PLUGIN_SUBSYSTEM "rootdn-access-control-plugin" #define ROOTDN_FEATURE_DESC "Root DN Access Control"
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/syntaxes/string.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/syntaxes/string.c
Changed
@@ -84,7 +84,11 @@ bvfilter_norm.bv_val = alt; alt = NULL; } - bvfilter_norm.bv_len = strlen(bvfilter_norm.bv_val); + if(bvfilter_norm.bv_val){ + bvfilter_norm.bv_len = strlen(bvfilter_norm.bv_val); + } else { + bvfilter_norm.bv_len = 0; + } } for ( i = 0; (bvals != NULL) && (bvals[i] != NULL); i++ ) { @@ -103,7 +107,7 @@ if(retVal) { *retVal = bvals[i]; } - slapi_ch_free ((void**)&bvfilter_norm.bv_val); + slapi_ch_free_string(&bvfilter_norm.bv_val); return( 0 ); } break; @@ -112,7 +116,7 @@ if(retVal) { *retVal = bvals[i]; } - slapi_ch_free ((void**)&bvfilter_norm.bv_val); + slapi_ch_free_string(&bvfilter_norm.bv_val); return( 0 ); } break; @@ -121,14 +125,14 @@ if(retVal) { *retVal = bvals[i]; } - slapi_ch_free ((void**)&bvfilter_norm.bv_val); + slapi_ch_free_string(&bvfilter_norm.bv_val); return( 0 ); } break; } } - slapi_ch_free ((void**)&bvfilter_norm.bv_val); + slapi_ch_free_string(&bvfilter_norm.bv_val); return( -1 ); }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/syntaxes/value.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/syntaxes/value.c
Changed
@@ -282,10 +282,13 @@ value_normalize_ext( v1->bv_val, syntax, 1 /* trim leading blanks */, &alt ); if (alt) { + int inserted = 0; + if (free_v1) { slapi_ch_free_string(&v1->bv_val); v1->bv_val = alt; v1->bv_len = strlen(alt); + inserted = 1; } else { if (strlen(alt) < buffer_space) { v1->bv_len = strlen(alt); @@ -297,8 +300,12 @@ v1 = (struct berval *)slapi_ch_malloc(sizeof(struct berval)); v1->bv_val = alt; v1->bv_len = strlen(alt); + inserted = 1; } } + if(!inserted){ + slapi_ch_free_string(&alt); + } } if (!free_v1) { buffer_space -= v1->bv_len + 1; @@ -320,10 +327,13 @@ value_normalize_ext( v2->bv_val, syntax, 1 /* trim leading blanks */, &alt ); if (alt) { + int inserted = 0; + if (free_v2) { slapi_ch_free_string(&v2->bv_val); v2->bv_val = alt; v2->bv_len = strlen(alt); + inserted = 1; } else { if (strlen(alt) < buffer_space) { v2->bv_len = strlen(alt); @@ -335,8 +345,12 @@ v2 = (struct berval *)slapi_ch_malloc(sizeof(struct berval)); v2->bv_val = alt; v2->bv_len = strlen(alt); + inserted = 1; } } + if(!inserted){ + slapi_ch_free_string(&alt); + } } if (!free_v2) { buffer_space -= v2->bv_len + 1;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/uiduniq/7bit.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/uiduniq/7bit.c
Changed
@@ -544,7 +544,7 @@ char **argv; char **attrName; Slapi_DN *target_sdn = NULL; - Slapi_DN *superior; + Slapi_DN *superior = NULL; char *rdn; Slapi_Attr *attr; char **firstSubtree; @@ -584,7 +584,7 @@ * its current level in the tree. Use the target DN for * determining which managed tree this belongs to */ - if (!superior) superior = target_sdn; + if (!slapi_sdn_get_dn(superior)) superior = target_sdn; /* Get the new RDN - this has the attribute values */ err = slapi_pblock_get(pb, SLAPI_MODRDN_NEWRDN, &rdn); @@ -618,7 +618,7 @@ } /* - * arguments before "," are the 7-bit clean attribute names. Arguemnts + * arguments before "," are the 7-bit clean attribute names. Arguments * after "," are subtreeDN's. */ for ( firstSubtree = argv; strcmp(*firstSubtree, ",") != 0; @@ -633,7 +633,7 @@ for (attrName = argv; strcmp(*attrName, ",") != 0; attrName++ ) { /* - * If the attribut type is userpassword, do not replace it by + * If the attribute type is userpassword, do not replace it by * unhashed#user#password because unhashed#user#password does not exist * in this case. */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/uiduniq/uid.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/uiduniq/uid.c
Changed
@@ -509,7 +509,7 @@ Slapi_DN *newpar = NULL; slapi_sdn_get_parent(parentDN, curpar); - while ((curpar != NULL) && (slapi_sdn_get_dn(curpar) != NULL)) + while (slapi_sdn_get_dn(curpar) != NULL) { if ((spb = dnHasObjectClass(curpar, markerObjectClass))) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/plugins/usn/usn.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/plugins/usn/usn.c
Changed
@@ -672,9 +672,13 @@ } if (be && be->be_usn_counter) { /* get a next USN counter from be_usn_counter; - * then minus 1 from it */ - PR_snprintf(usn_berval.bv_val, USN_COUNTER_BUF_LEN, "%" NSPRI64 "d", - slapi_counter_get_value(be->be_usn_counter)-1); + * then minus 1 from it (except if be_usn_counter has value 0) */ + if (slapi_counter_get_value(be->be_usn_counter)) { + PR_snprintf(usn_berval.bv_val, USN_COUNTER_BUF_LEN, "%" NSPRIu64, + slapi_counter_get_value(be->be_usn_counter)-1); + } else { + PR_snprintf(usn_berval.bv_val, USN_COUNTER_BUF_LEN, "-1"); + } usn_berval.bv_len = strlen(usn_berval.bv_val); slapi_entry_attr_replace(e, attr, vals); } @@ -691,9 +695,13 @@ continue; } /* get a next USN counter from be_usn_counter; - * then minus 1 from it */ - PR_snprintf(usn_berval.bv_val, USN_COUNTER_BUF_LEN, "%" NSPRI64 "d", - slapi_counter_get_value(be->be_usn_counter)-1); + * then minus 1 from it (except if be_usn_counter has value 0) */ + if (slapi_counter_get_value(be->be_usn_counter)) { + PR_snprintf(usn_berval.bv_val, USN_COUNTER_BUF_LEN, "%" NSPRIu64, + slapi_counter_get_value(be->be_usn_counter)-1); + } else { + PR_snprintf(usn_berval.bv_val, USN_COUNTER_BUF_LEN, "-1"); + } usn_berval.bv_len = strlen(usn_berval.bv_val); if (USN_LAST_USN_ATTR_CORE_LEN+strlen(be->be_name)+2 > attr_len) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/abandon.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/abandon.c
Changed
@@ -152,12 +152,10 @@ 0 ); } - if ( op_is_pagedresults(o) ) { - if ( 0 == pagedresults_free_one_msgid(pb->pb_conn, id) ) { - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 - " op=%d ABANDON targetop=Simple Paged Results\n", - pb->pb_conn->c_connid, pb->pb_op->o_opid ); - } + if ( 0 == pagedresults_free_one_msgid_nolock(pb->pb_conn, id) ) { + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 + " op=%d ABANDON targetop=Simple Paged Results\n", + pb->pb_conn->c_connid, pb->pb_op->o_opid ); } else if ( NULL == o ) { slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON" " targetop=NOTFOUND msgid=%d\n",
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/add.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/add.c
Changed
@@ -73,7 +73,7 @@ /* Forward declarations */ static int add_internal_pb (Slapi_PBlock *pb); static void op_shared_add (Slapi_PBlock *pb); -static int add_created_attrs(Operation *op, Slapi_Entry *e); +static int add_created_attrs(Slapi_PBlock *pb, Slapi_Entry *e); static int check_rdn_for_created_attrs(Slapi_Entry *e); static void handle_fast_add(Slapi_PBlock *pb, Slapi_Entry *entry); static int add_uniqueid (Slapi_Entry *e); @@ -631,7 +631,7 @@ /* can get lastmod only after backend is selected */ slapi_pblock_get(pb, SLAPI_BE_LASTMOD, &lastmod); - if (lastmod && add_created_attrs(operation, e) != 0) + if (lastmod && add_created_attrs(pb, e) != 0) { send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, "cannot insert computed attributes", 0, NULL); @@ -745,20 +745,25 @@ } static int -add_created_attrs(Operation *op, Slapi_Entry *e) +add_created_attrs(Slapi_PBlock *pb, Slapi_Entry *e) { char buf[20]; char *binddn = NULL; + char *plugin_dn = NULL; struct berval bv; struct berval *bvals[2]; time_t curtime; struct tm ltm; + Operation *op; + struct slapdplugin *plugin = NULL; + struct slapi_componentid *cid = NULL; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); LDAPDebug(LDAP_DEBUG_TRACE, "add_created_attrs\n", 0, 0, 0); bvals[0] = &bv; bvals[1] = NULL; + slapi_pblock_get(pb, SLAPI_OPERATION, &op); if(slapdFrontendConfig->plugin_track){ /* plugin bindDN tracking is enabled, grab the dn from thread local storage */ @@ -766,11 +771,25 @@ bv.bv_val = ""; bv.bv_len = strlen(bv.bv_val); } else { - bv.bv_val = (char*)slapi_sdn_get_dn(&op->o_sdn); - bv.bv_len = strlen(bv.bv_val); + slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &cid); + if (cid){ + plugin=(struct slapdplugin *) cid->sci_plugin; + } else { + slapi_pblock_get (pb, SLAPI_PLUGIN, &plugin); + } + if(plugin) + plugin_dn = plugin_get_dn (plugin); + if(plugin_dn){ + bv.bv_val = plugin_dn; + bv.bv_len = strlen(bv.bv_val); + } else { + bv.bv_val = (char*)slapi_sdn_get_dn(&op->o_sdn); + bv.bv_len = strlen(bv.bv_val); + } } slapi_entry_attr_replace(e, "internalCreatorsName", bvals); slapi_entry_attr_replace(e, "internalModifiersName", bvals); + slapi_ch_free_string(&plugin_dn); /* Grab the thread data(binddn) */ slapi_td_get_dn(&binddn); @@ -971,3 +990,32 @@ } return subentry; } + +/* + * Used by plugins that modify entries on add operations, otherwise the internalModifiersname + * would be incorrect. + */ +void +add_internal_modifiersname(Slapi_PBlock *pb, Slapi_Entry *e) +{ + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + struct slapi_componentid *cid = NULL; + struct slapdplugin *plugin = NULL; + char *plugin_dn = NULL; + + if(slapdFrontendConfig->plugin_track){ + /* plugin bindDN tracking is enabled, grab the bind dn from thread local storage */ + slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &cid); + if (cid){ + plugin=(struct slapdplugin *) cid->sci_plugin; + } else { + slapi_pblock_get (pb, SLAPI_PLUGIN, &plugin); + } + if(plugin) + plugin_dn = plugin_get_dn (plugin); + if(plugin_dn){ + slapi_entry_attr_set_charptr(e, "internalModifiersname", plugin_dn); + slapi_ch_free_string(&plugin_dn); + } + } +}
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/agtmmap.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/agtmmap.c
Changed
@@ -187,46 +187,50 @@ if ( fd < 0 ) { - err = errno; + err = errno; #if (0) - fprintf (stderr, "returning errno =%d from %s(line: %d)\n", err, __FILE__, __LINE__); + fprintf (stderr, "returning errno =%d from %s(line: %d)\n", err, __FILE__, __LINE__); #endif - rc = err; - goto bail; - } + rc = err; + goto bail; + } - fstat (fd, &fileinfo); - - sz = sizeof (struct agt_stats_t); - - if (fileinfo.st_size < sz) - { - /* Without this we will get segv when we try to read/write later */ - buf = calloc (1, sz); - (void)write (fd, buf, sz); - free (buf); - } - - fp = mmap (NULL, sz, (PROT_READ | PROT_WRITE), MAP_SHARED, fd, 0); - - if (fp == (caddr_t) -1) - { - err = errno; - close (fd); + if(fstat (fd, &fileinfo) != 0){ + close(fd); + rc = errno; + goto bail; + } + + sz = sizeof (struct agt_stats_t); + + if (fileinfo.st_size < sz) + { + /* Without this we will get segv when we try to read/write later */ + buf = calloc (1, sz); + (void)write (fd, buf, sz); + free (buf); + } + + fp = mmap (NULL, sz, (PROT_READ | PROT_WRITE), MAP_SHARED, fd, 0); + + if (fp == (caddr_t) -1) + { + err = errno; + close (fd); #if (0) - fprintf (stderr, "returning errno =%d from %s(line: %d)\n", err, __FILE__, __LINE__); + fprintf (stderr, "returning errno =%d from %s(line: %d)\n", err, __FILE__, __LINE__); #endif - rc = err; - goto bail; - } + rc = err; + goto bail; + } - mmap_tbl [1].maptype = AGT_MAP_RDWR; - mmap_tbl [1].fd = fd; - mmap_tbl [1].fp = fp; - *hdl = 1; + mmap_tbl [1].maptype = AGT_MAP_RDWR; + mmap_tbl [1].fd = fd; + mmap_tbl [1].fp = fp; + *hdl = 1; - rc = 0; - break; + rc = 0; + break; } /* end switch */ #else /* _WIN32 */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/attr.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/attr.c
Changed
@@ -229,6 +229,34 @@ return slapi_attr_init_locking_optional(a, type, PR_TRUE); } +int +slapi_attr_init_syntax(Slapi_Attr *a) +{ + int rc = 1; + struct asyntaxinfo *asi = NULL; + char *tmp = 0; + const char *basetype= NULL; + char buf[SLAPD_TYPICAL_ATTRIBUTE_NAME_MAX_LENGTH]; + + basetype = buf; + tmp = slapi_attr_basetype(a->a_type, buf, sizeof(buf)); + if (tmp) { + basetype = buf; + } + asi = attr_syntax_get_by_name_with_default (basetype); + if (asi) { + rc = 0; + a->a_plugin = asi->asi_plugin; + a->a_flags = asi->asi_flags; + a->a_mr_eq_plugin = asi->asi_mr_eq_plugin; + a->a_mr_ord_plugin = asi->asi_mr_ord_plugin; + a->a_mr_sub_plugin = asi->asi_mr_sub_plugin; + } + if (tmp) + slapi_ch_free_string(&tmp); + return rc; +} + Slapi_Attr * slapi_attr_init_locking_optional(Slapi_Attr *a, const char *type, PRBool use_lock) { @@ -323,11 +351,9 @@ slapi_attr_dup(const Slapi_Attr *attr) { Slapi_Attr *newattr= slapi_attr_new(); - Slapi_Value **present_va= valueset_get_valuearray(&attr->a_present_values); /* JCM Mucking about inside the value set */ - Slapi_Value **deleted_va= valueset_get_valuearray(&attr->a_deleted_values); /* JCM Mucking about inside the value set */ slapi_attr_init(newattr, attr->a_type); - valueset_add_valuearray( &newattr->a_present_values, present_va ); - valueset_add_valuearray( &newattr->a_deleted_values, deleted_va ); + slapi_valueset_set_valueset( &newattr->a_deleted_values, &attr->a_deleted_values ); + slapi_valueset_set_valueset( &newattr->a_present_values, &attr->a_present_values ); newattr->a_deletioncsn= csn_dup(attr->a_deletioncsn); return newattr; } @@ -410,6 +436,10 @@ return( -1 ); } + if ( a->a_flags == 0 && a->a_plugin == NULL ) { + slapi_attr_init_syntax ((Slapi_Attr *)a); + } + ava.ava_type = a->a_type; ava.ava_value = *v; if (a->a_flags & SLAPI_ATTR_FLAG_NORMALIZED) { @@ -521,6 +551,9 @@ int slapi_attr_get_flags( const Slapi_Attr *a, unsigned long *flags ) { + if ( a->a_flags == 0 && a->a_plugin == NULL ) { + slapi_attr_init_syntax ((Slapi_Attr *)a); + } *flags = a->a_flags; return( 0 ); } @@ -528,82 +561,62 @@ int slapi_attr_flag_is_set( const Slapi_Attr *a, unsigned long flag ) { + if ( a->a_flags == 0 && a->a_plugin == NULL ) { + slapi_attr_init_syntax ((Slapi_Attr *)a); + } return( a->a_flags & flag ); } int slapi_attr_value_cmp( const Slapi_Attr *a, const struct berval *v1, const struct berval *v2 ) { - int retVal; + Slapi_Attr a2 = *a; + struct ava ava; + Slapi_Value *cvals[2]; + Slapi_Value tmpcval; - if ( a->a_flags & SLAPI_ATTR_FLAG_CMP_BITBYBIT ) - { - int cmplen = ( v1->bv_len <= v2->bv_len ? v1->bv_len : v2->bv_len ); - retVal = memcmp(v1->bv_val, v2->bv_val, cmplen); - if ( retVal == 0 && v1->bv_len < v2->bv_len ) - { - retVal = -1; - } - else if ( retVal == 0 && v1->bv_len > v2->bv_len ) - { - retVal = 1; - } - } - else - { - Slapi_Attr a2; - struct ava ava; - Slapi_Value *cvals[2]; - Slapi_Value tmpcval; - - a2 = *a; - cvals[0] = &tmpcval; - cvals[0]->v_csnset = NULL; - cvals[0]->bv = *v1; - cvals[0]->v_flags = 0; - cvals[1] = NULL; - a2.a_present_values.va = cvals; /* JCM - PUKE */ - ava.ava_type = a->a_type; - ava.ava_value = *v2; - ava.ava_private = NULL; - retVal = plugin_call_syntax_filter_ava(&a2, LDAP_FILTER_EQUALITY, &ava); - } - return retVal; + if ( a->a_flags == 0 && a->a_plugin == NULL ) { + slapi_attr_init_syntax ((Slapi_Attr *)a); + } + + cvals[0] = &tmpcval; + cvals[0]->v_csnset = NULL; + cvals[0]->bv = *v1; + cvals[0]->v_flags = 0; + cvals[1] = NULL; + a2.a_present_values.va = cvals; /* JCM - PUKE */ + ava.ava_type = a->a_type; + ava.ava_value = *v2; + ava.ava_private = NULL; + + return( plugin_call_syntax_filter_ava(&a2, LDAP_FILTER_EQUALITY, &ava)); } int slapi_attr_value_cmp_ext(const Slapi_Attr *a, Slapi_Value *v1, Slapi_Value *v2) { - int retVal; - const struct berval *bv2 = slapi_value_get_berval(v2); + struct ava ava; + Slapi_Attr a2 = *a; + Slapi_Value *cvals[2]; + unsigned long v2_flags = v2->v_flags; + const struct berval *bv2 = slapi_value_get_berval(v2); + + if ( a->a_flags == 0 && a->a_plugin == NULL ) { + slapi_attr_init_syntax ((Slapi_Attr *)a); + } + + cvals[0] = v1; + cvals[1] = NULL; + a2.a_present_values.va = cvals; + ava.ava_type = a->a_type; + ava.ava_value = *bv2; + if (v2_flags) { + ava.ava_private = &v2_flags; + } else { + ava.ava_private = NULL; + } - if ( a->a_flags & SLAPI_ATTR_FLAG_CMP_BITBYBIT ) - { - const struct berval *bv1 = slapi_value_get_berval(v1); - return slapi_attr_value_cmp(a, bv1, bv2); - } - else - { - Slapi_Attr a2; - struct ava ava; - Slapi_Value *cvals[2]; - unsigned long v2_flags = v2->v_flags; - - a2 = *a; - cvals[0] = v1; - cvals[1] = NULL; - a2.a_present_values.va = cvals; /* JCM - PUKE */ - - ava.ava_type = a->a_type; - ava.ava_value = *bv2; - if (v2_flags) { - ava.ava_private = &v2_flags; - } else { - ava.ava_private = NULL; - } - retVal = plugin_call_syntax_filter_ava(&a2, LDAP_FILTER_EQUALITY, &ava); - } - return retVal; + return (plugin_call_syntax_filter_ava(&a2, LDAP_FILTER_EQUALITY, &ava)); } /* @@ -798,7 +811,6 @@ int i = 0; int numofvals = 0; int duplicate_index = -1;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/attrlist.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/attrlist.c
Changed
@@ -112,7 +112,7 @@ Slapi_Attr **a= NULL; if (!vals) return; attrlist_find_or_create(alist, type, &a); - valueset_add_valuearray( &(*a)->a_present_values, vals ); + slapi_valueset_add_valuearray( *a, &(*a)->a_present_values, vals ); }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/attrsyntax.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/attrsyntax.c
Changed
@@ -74,6 +74,7 @@ #define AS_UNLOCK_WRITE(l) slapi_rwlock_unlock(l) +static struct asyntaxinfo *default_asi = NULL; static void *attr_syntax_get_plugin_by_name_with_default( const char *type ); static void attr_syntax_delete_no_lock( struct asyntaxinfo *asip, @@ -96,12 +97,27 @@ } void +attr_syntax_write_lock(void) +{ + if (0 != attr_syntax_init()) return; + + AS_LOCK_WRITE(oid2asi_lock); + AS_LOCK_WRITE(name2asi_lock); +} + +void attr_syntax_unlock_read(void) { - if(name2asi_lock) AS_UNLOCK_READ(name2asi_lock); - if(oid2asi_lock) AS_UNLOCK_READ(oid2asi_lock); + AS_UNLOCK_READ(name2asi_lock); + AS_UNLOCK_READ(oid2asi_lock); } +void +attr_syntax_unlock_write(void) +{ + AS_UNLOCK_WRITE(name2asi_lock); + AS_UNLOCK_WRITE(oid2asi_lock); +} #if 0 @@ -255,13 +271,17 @@ struct asyntaxinfo *asi = 0; if (oid2asi) { - if ( use_lock ) AS_LOCK_READ(oid2asi_lock); + if ( use_lock ) { + AS_LOCK_READ(oid2asi_lock); + } asi = (struct asyntaxinfo *)PL_HashTableLookup_const(oid2asi, oid); if (asi) { PR_AtomicIncrement( &asi->asi_refcnt ); } - if ( use_lock ) AS_UNLOCK_READ(oid2asi_lock); + if ( use_lock ) { + AS_UNLOCK_READ(oid2asi_lock); + } } return asi; @@ -279,13 +299,15 @@ { if (0 != attr_syntax_init()) return; - if (lock) + if (lock) { AS_LOCK_WRITE(oid2asi_lock); + } PL_HashTableAdd(oid2asi, oid, a); - if (lock) + if (lock) { AS_UNLOCK_WRITE(oid2asi_lock); + } } /* @@ -302,6 +324,17 @@ return attr_syntax_get_by_name_locking_optional(name, PR_TRUE); } +struct asyntaxinfo * +attr_syntax_get_by_name_with_default(const char *name) +{ + struct asyntaxinfo *asi = NULL; + asi = attr_syntax_get_by_name_locking_optional(name, PR_TRUE); + if (asi == NULL) + asi = attr_syntax_get_by_name(ATTR_WITH_OCTETSTRING_SYNTAX); + if ( asi == NULL ) + asi = default_asi; + return asi; +} /* * A version of attr_syntax_get_by_name() that allows you to bypass using @@ -317,12 +350,16 @@ struct asyntaxinfo *asi = 0; if (name2asi) { - if ( use_lock ) AS_LOCK_READ(name2asi_lock); + if ( use_lock ) { + AS_LOCK_READ(name2asi_lock); + } asi = (struct asyntaxinfo *)PL_HashTableLookup_const(name2asi, name); if ( NULL != asi ) { PR_AtomicIncrement( &asi->asi_refcnt ); } - if ( use_lock ) AS_UNLOCK_READ(name2asi_lock); + if ( use_lock ) { + AS_UNLOCK_READ(name2asi_lock); + } } if (!asi) /* given name may be an OID */ asi = attr_syntax_get_by_oid_locking_optional(name, use_lock); @@ -344,30 +381,38 @@ } void -attr_syntax_return_locking_optional( struct asyntaxinfo *asi, PRBool use_lock ) +attr_syntax_return_locking_optional(struct asyntaxinfo *asi, PRBool use_lock) { + int locked = 0; + if(use_lock) { + AS_LOCK_READ(name2asi_lock); + locked = 1; + } if ( NULL != asi ) { - if ( 0 == PR_AtomicDecrement( &asi->asi_refcnt )) - { - PRBool delete_it; - - if(use_lock) AS_LOCK_READ(name2asi_lock); + PRBool delete_it = PR_FALSE; + if ( 0 == PR_AtomicDecrement( &asi->asi_refcnt )) { delete_it = asi->asi_marked_for_delete; - if(use_lock) AS_UNLOCK_READ(name2asi_lock); - - if ( delete_it ) - { - AS_LOCK_WRITE(name2asi_lock); /* get a write lock */ - if ( asi->asi_marked_for_delete ) /* one final check */ - { - /* ref count is 0 and it's flagged for - * deletion, so it's safe to free now */ - attr_syntax_free(asi); + } + + if (delete_it) { + if ( asi->asi_marked_for_delete ) { /* one final check */ + if(use_lock) { + AS_UNLOCK_READ(name2asi_lock); + AS_LOCK_WRITE(name2asi_lock); + } + /* ref count is 0 and it's flagged for + * deletion, so it's safe to free now */ + attr_syntax_free(asi); + if(use_lock) { + AS_UNLOCK_WRITE(name2asi_lock); + locked = 0; } - AS_UNLOCK_WRITE(name2asi_lock); } } } + if(locked) { + AS_UNLOCK_READ(name2asi_lock); + } } /* @@ -384,8 +429,9 @@ { if (0 != attr_syntax_init()) return; - if (lock) + if (lock) { AS_LOCK_WRITE(name2asi_lock); + } PL_HashTableAdd(name2asi, a->asi_name, a); if ( a->asi_aliases != NULL ) { @@ -396,8 +442,9 @@ } } - if (lock) + if (lock) { AS_UNLOCK_WRITE(name2asi_lock); + } } @@ -503,6 +550,154 @@ return 0; } +static void default_dirstring_normalize_int(char *s, int trim_spaces); + +static +int default_dirstring_filter_ava( struct berval *bvfilter, Slapi_Value **bvals,int ftype, Slapi_Value **retVal ) +{
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ancestorid.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ancestorid.c
Changed
@@ -1008,7 +1008,7 @@ bv.bv_val = keybuf; bv.bv_len = PR_snprintf(keybuf, sizeof(keybuf), "%lu", (u_long)id); - *idl = index_read_ext_allids(be, LDBM_ANCESTORID_STR, indextype_EQUALITY, &bv, txn, &ret, NULL, allidslimit); + *idl = index_read_ext_allids(NULL, be, LDBM_ANCESTORID_STR, indextype_EQUALITY, &bv, txn, &ret, NULL, allidslimit); return ret; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/back-ldbm.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/back-ldbm.h
Changed
@@ -210,7 +210,6 @@ #define DEFAULT_DBCACHE_SIZE 1000000 #define DEFAULT_MODE 0600 #define DEFAULT_ALLIDSTHRESHOLD 4000 -#define DEFAULT_LOOKTHROUGHLIMIT 5000 #define DEFAULT_IDL_TUNE 1 #define DEFAULT_SEARCH_TUNE 0 #define DEFAULT_IMPORT_INDEX_BUFFER_SIZE 0 @@ -409,6 +408,8 @@ #define CACHE_ADD(cache, p, a) cache_add((cache), (void *)(p), (void **)(a)) #define CACHE_RETURN(cache, p) cache_return((cache), (void **)(p)) #define CACHE_REMOVE(cache, p) cache_remove((cache), (void *)(p)) +#define CACHE_LOCK(cache) cache_lock((cache)) +#define CACHE_UNLOCK(cache) cache_unlock((cache)) /* various modules keep private data inside the attrinfo structure */ typedef struct dblayer_private dblayer_private; @@ -462,6 +463,14 @@ #endif const DBT *,const DBT *); +struct index_idlistsizeinfo { + int ai_idlistsizelimit; /* max id list size */ + int ai_indextype; /* index type */ + unsigned int ai_flags; +#define INDEX_ALLIDS_FLAG_AND 0x01 + Slapi_ValueSet *ai_values; /* index keys to apply the max id list size to */ +}; + /* for the cache of attribute information (which are indexed, etc.) */ struct attrinfo { char *ai_type; /* type name (cn, sn, ...) */ @@ -510,6 +519,7 @@ * the default length triplet is 2, 3, 2. */ Slapi_Attr ai_sattr; /* interface to syntax and matching rule plugins */ + DataList *ai_idlistinfo; /* fine grained id list */ }; #define MAXDBCACHE 20 @@ -645,11 +655,15 @@ int li_fat_lock; /* 608146 -- make this configurable, first */ int li_legacy_errcode; /* 615428 -- in case legacy err code is expected */ Slapi_Counter *li_global_usn_counter; /* global USN counter */ - int li_reslimit_allids_handle; /* allids aka idlistscan */ - int li_pagedlookthroughlimit; - int li_pagedallidsthreshold; - int li_reslimit_pagedlookthrough_handle; - int li_reslimit_pagedallids_handle; /* allids aka idlistscan */ + int li_reslimit_allids_handle; /* allids aka idlistscan */ + int li_pagedlookthroughlimit; + int li_pagedallidsthreshold; + int li_reslimit_pagedlookthrough_handle; + int li_reslimit_pagedallids_handle; /* allids aka idlistscan */ + int li_rangelookthroughlimit; + int li_reslimit_rangelookthrough_handle; + int li_online_import_encrypt; /* toggle attribute encryption during ldbm_back_wire_import */ + }; /* li_flags could store these bits defined in ../slapi-plugin.h @@ -819,6 +833,8 @@ /* Name of attribute type used for binder-based look through limit */ #define LDBM_LOOKTHROUGHLIMIT_AT "nsLookThroughLimit" /* Name of attribute type used for binder-based look through limit */ +#define LDBM_RANGELOOKTHROUGHLIMIT_AT "nsRangeSearchLookThroughLimit" +/* Name of attribute type used for binder-based look through limit */ #define LDBM_ALLIDSLIMIT_AT "nsIDListScanLimit" /* Name of attribute type used for binder-based look through simple paged limit */ #define LDBM_PAGEDLOOKTHROUGHLIMIT_AT "nsPagedLookThroughLimit" @@ -863,6 +879,7 @@ #define LDBM_ERROR_FOUND_DUPDN 9999 /* Initial entryusn value */ +#define SIGNEDINITIALUSN (-1) #define INITIALUSN (PRUint64)(-1) /* changelog backup dir name
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/cache.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/cache.c
Changed
@@ -1460,6 +1460,14 @@ { return entrycache_add_int(cache, e, ENTRY_STATE_CREATING, alt); } +void cache_lock(struct cache *cache) +{ + PR_Lock(cache->c_mutex); +} +void cache_unlock(struct cache *cache) +{ + PR_Unlock(cache->c_mutex); +} /* locks an entry so that it can be modified (you should have gotten the * entry via cache_find_*).
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/dbhelp.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/dbhelp.c
Changed
@@ -49,7 +49,13 @@ #include "back-ldbm.h" #include "dblayer.h" -static int dblayer_copy_file_keybykey(DB_ENV *env, char *source_file_name, char *destination_file_name, int overwrite, dblayer_private *priv) +static int +dblayer_copy_file_keybykey(DB_ENV *env, + char *source_file_name, + char *destination_file_name, + int overwrite, + dblayer_private *priv, + ldbm_instance *inst) { int retval = 0; int retval_cleanup = 0; @@ -62,6 +68,7 @@ int cursor_flag = 0; int finished = 0; int mode = 0; + char *p = NULL; LDAPDebug( LDAP_DEBUG_TRACE, "=> dblayer_copy_file_keybykey\n", 0, 0, 0 ); @@ -119,6 +126,40 @@ LDAPDebug(LDAP_DEBUG_ANY, "dblayer_copy_file_keybykey, set_pagesize error %d: %s\n", retval, db_strerror(retval), 0); goto error; } + + /* TEL 20130412: Make sure to set the dup comparison function if needed. + * We key our decision off of the presence of new IDL and dup flags on + * the source database. This is similar dblayer_open_file, except that + * we don't have the attribute info index mask for VLV. That should be OK + * since the DB_DUP and DB_DUPSORT flags wouldn't have been toggled on + * unless they passed the check on the source. + */ + /* Entryrdn index has its own dup compare function */ + if ((p = PL_strcasestr(source_file_name, LDBM_ENTRYRDN_STR)) && + (*(p + sizeof(LDBM_ENTRYRDN_STR) - 1) == '.')) { + /* entryrdn.db */ + struct attrinfo *ai = NULL; + ainfo_get(inst->inst_be, LDBM_ENTRYRDN_STR, &ai); + if (ai->ai_dup_cmp_fn) { + /* If set, use the special dup compare callback */ + retval = destination_file->set_dup_compare(destination_file, ai->ai_dup_cmp_fn); + if (retval) { + LDAPDebug2Args(LDAP_DEBUG_ANY, + "dblayer_copy_file_keybykey(entryrdn), set_dup_compare error %d: %s\n", + retval, db_strerror(retval)); + goto error; + } + } + } else if (idl_get_idl_new() && (dbflags & DB_DUP) && (dbflags & DB_DUPSORT)) { + retval = destination_file->set_dup_compare(destination_file, idl_new_compare_dups); + if (retval) { + LDAPDebug2Args(LDAP_DEBUG_ANY, + "dblayer_copy_file_keybykey, set_dup_compare error %d: %s\n", + retval, db_strerror(retval)); + goto error; + } + } + retval = (destination_file->open)(destination_file, NULL, destination_file_name, NULL, dbtype, DB_CREATE | DB_EXCL, mode); if (retval) { LDAPDebug(LDAP_DEBUG_ANY, "dblayer_copy_file_keybykey, Open error %d: %s\n", retval, db_strerror(retval), 0); @@ -190,7 +231,13 @@ return retval; } -int dblayer_copy_file_resetlsns(char *home_dir ,char *source_file_name, char *destination_file_name, int overwrite, dblayer_private *priv) +int +dblayer_copy_file_resetlsns(char *home_dir, + char *source_file_name, + char *destination_file_name, + int overwrite, + dblayer_private *priv, + ldbm_instance *inst) { int retval = 0; DB_ENV *env = NULL; @@ -205,7 +252,7 @@ goto out; } /* Do the copy */ - retval = dblayer_copy_file_keybykey(env, source_file_name, destination_file_name, overwrite, priv); + retval = dblayer_copy_file_keybykey(env, source_file_name, destination_file_name, overwrite, priv, inst); if (retval) { LDAPDebug(LDAP_DEBUG_ANY, "dblayer_copy_file_resetlsns: Copy not completed successfully.", 0, 0, 0); }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/dblayer.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/dblayer.c
Changed
@@ -136,7 +136,7 @@ #define LOG_FLUSH(env, lsn) (env)->log_flush((env), (lsn)) #define LOCK_DETECT(env, flags, atype, aborted) \ (env)->lock_detect((env), (flags), (atype), (aborted)) -#if 1000*DB_VERSION_MAJOR + 100*DB_VERSION_MINOR >= 4000 /* db4.4 or later */ +#if 1000*DB_VERSION_MAJOR + 100*DB_VERSION_MINOR >= 4400 /* db4.4 or later */ #define DB_ENV_SET_TAS_SPINS(env, tas_spins) \ (env)->mutex_set_tas_spins((env), (tas_spins)) #else /* < 4.4 */ @@ -414,7 +414,7 @@ if (NULL == home_dir) { LDAPDebug(LDAP_DEBUG_ANY,"Db home directory is not set. " - "Possibly %s (optinally %s) is missing in the config file.\n", + "Possibly %s (optionally %s) is missing in the config file.\n", CONFIG_DIRECTORY, CONFIG_DB_HOME_DIRECTORY, 0); } return home_dir; @@ -1897,9 +1897,9 @@ { struct ldbminfo *li = NULL; char *id2entry_file = NULL; - PRFileInfo info; + PRFileInfo64 info; int rc; - char inst_dir[MAXPATHLEN], *inst_dirp; + char inst_dir[MAXPATHLEN], *inst_dirp = NULL; if (NULL == inst) { return 0; @@ -1908,8 +1908,13 @@ inst_dirp = dblayer_get_full_inst_dir(li, inst, inst_dir, MAXPATHLEN); id2entry_file = slapi_ch_smprintf("%s/%s", inst_dirp, ID2ENTRY LDBM_FILENAME_SUFFIX); - rc = PR_GetFileInfo(id2entry_file, &info); + if(inst_dirp != inst_dir){ + slapi_ch_free_string(&inst_dirp); + } + rc = PR_GetFileInfo64(id2entry_file, &info); slapi_ch_free_string(&id2entry_file); + if (inst_dirp != inst_dir) + slapi_ch_free_string(&inst_dirp); if (rc) { return 0; } @@ -2991,6 +2996,8 @@ int return_value = 0; DB *dbp = NULL; char *subname = NULL; + char inst_dir[MAXPATHLEN]; + char *inst_dirp = NULL; PR_ASSERT(NULL != li); priv = (dblayer_private*)li->li_dblayer_private; @@ -3054,8 +3061,6 @@ inst->inst_parent_dir_name) > 0) && !dblayer_inst_exists(inst, file_name)) { - char inst_dir[MAXPATHLEN]; - char *inst_dirp = NULL; char *abs_file_name = NULL; /* create a file with abs path, then try again */ @@ -3082,8 +3087,6 @@ goto out; slapi_ch_free_string(&abs_file_name); - if (inst_dirp != inst_dir) - slapi_ch_free_string(&inst_dirp); } DB_OPEN(pENV->dblayer_openflags, dbp, NULL, /* txnid */ rel_path, subname, DB_BTREE, @@ -3101,6 +3104,9 @@ out: slapi_ch_free((void**)&file_name); slapi_ch_free((void**)&rel_path); + if (inst_dirp != inst_dir){ + slapi_ch_free_string(&inst_dirp); + } /* close the database handle to avoid handle leak */ if (dbp && (return_value != 0)) { dblayer_close_file(dbp); @@ -4204,6 +4210,7 @@ dblayer_private *priv = NULL; struct ldbminfo *li = NULL; PRIntervalTime interval; /*NSPR timeout stuffy*/ + u_int32_t flags = 0; PR_ASSERT(NULL != param); li = (struct ldbminfo*)param; @@ -4218,13 +4225,19 @@ { if (priv->dblayer_enable_transactions) { - if (dblayer_db_uses_locking(priv->dblayer_env->dblayer_DB_ENV)) { - int aborted; - if ((rval = LOCK_DETECT(priv->dblayer_env->dblayer_DB_ENV, - 0, DB_LOCK_YOUNGEST, &aborted)) != 0) { + DB_ENV *db_env = priv->dblayer_env->dblayer_DB_ENV; + u_int32_t deadlock_policy = priv->dblayer_deadlock_policy; + + if (dblayer_db_uses_locking(db_env) && (deadlock_policy > DB_LOCK_NORUN)) { + int rejected = 0; + + if ((rval = LOCK_DETECT(db_env, flags, deadlock_policy, &rejected)) != 0) { LDAPDebug(LDAP_DEBUG_ANY, - "Serious Error---Failed in deadlock detect (aborted at 0x%x), err=%d (%s)\n", - aborted, rval, dblayer_strerror(rval)); + "Serious Error---Failed in deadlock detect (aborted at 0x%x), err=%d (%s)\n", + rejected, rval, dblayer_strerror(rval)); + } else if (rejected) { + LDAPDebug1Arg(LDAP_DEBUG_TRACE, "deadlock_threadmain: found and rejected %d lock requests\n", rejected); + } } } @@ -4469,7 +4482,12 @@ "%s.old", *listp); checkpoint_debug_message(debug_checkpointing, "Renaming %s -> %s\n",*listp, new_filename, 0); - rename(*listp, new_filename); + if(rename(*listp, new_filename) != 0){ + LDAPDebug(LDAP_DEBUG_ANY, "checkpoint_threadmain: failed to rename log (%s) to (%s)\n", + *listp, new_filename, 0); + rval = -1; + goto error_return; + } } } slapi_ch_free((void**)&list); @@ -5528,6 +5546,7 @@ char inst_dir[MAXPATHLEN]; char sep; int suffix_len = 0; + ldbm_instance *inst = NULL; if (!src_dir || '\0' == *src_dir) { @@ -5551,6 +5570,14 @@ else relative_instance_name++; + inst = ldbm_instance_find_by_name(li, relative_instance_name); + if (NULL == inst) { + LDAPDebug(LDAP_DEBUG_ANY, "Backend instance \"%s\" does not exist; " + "Instance path %s could be invalid.\n", + relative_instance_name, src_dir, 0); + return return_value; + } + if (is_fullpath(src_dir)) { new_src_dir = src_dir; @@ -5558,15 +5585,6 @@ else { int len; - ldbm_instance *inst = - ldbm_instance_find_by_name(li, relative_instance_name); - if (NULL == inst) - { - LDAPDebug(LDAP_DEBUG_ANY, "Backend instance \"%s\" does not exist; " - "Instance path %s could be invalid.\n", - relative_instance_name, src_dir, 0); - return return_value; - } inst_dirp = dblayer_get_full_inst_dir(inst->inst_li, inst, inst_dir, MAXPATHLEN); @@ -5624,7 +5642,7 @@ if (NULL == new_dest_dir) { /* Need to create the new directory where the files will be * copied to. */ - PRFileInfo info; + PRFileInfo64 info; char *prefix = ""; char mysep = 0; @@ -5645,7 +5663,7 @@ new_dest_dir = slapi_ch_smprintf("%s/%s", dest_dir, relative_instance_name); /* } */ - if (PR_SUCCESS == PR_GetFileInfo(new_dest_dir, &info)) + if (PR_SUCCESS == PR_GetFileInfo64(new_dest_dir, &info)) { ldbm_delete_dirs(new_dest_dir); } @@ -5686,13 +5704,12 @@ /* If the file is a database file, and resetlsns is set, then we need to do a key by key copy */ /* PL_strcmp takes NULL arg */ if (resetlsns && - (PL_strcmp(LDBM_FILENAME_SUFFIX, strrchr(filename1, '.')) - == 0)) { + (PL_strcmp(LDBM_FILENAME_SUFFIX, strrchr(filename1, '.')) == 0)) { return_value = dblayer_copy_file_resetlsns(src_dir, filename1, filename2, - 0, priv); + 0, priv, inst); } else { return_value = dblayer_copyfile(filename1, filename2, - 0, priv->dblayer_file_mode);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/dblayer.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/dblayer.h
Changed
@@ -178,6 +178,7 @@ PRCondVar *thread_count_cv; /* condition variable for housekeeping thread shutdown */ int dblayer_lockdown; /* use DB_LOCKDOWN */ int dblayer_lock_config; + u_int32_t dblayer_deadlock_policy; /* i.e. the atype to DB_ENV->lock_detect in deadlock_threadmain */ }; #if 1000*DB_VERSION_MAJOR + 100*DB_VERSION_MINOR >= 4300 @@ -200,7 +201,7 @@ /* Copy a database file, preserving all its contents (used to reset the LSNs in the file in order to move * it from one transacted environment to another. */ -int dblayer_copy_file_resetlsns(char *home_dir, char *source_file_name, char *destination_file_name, int overwrite, dblayer_private *priv); +int dblayer_copy_file_resetlsns(char *home_dir, char *source_file_name, char *destination_file_name, int overwrite, dblayer_private *priv, ldbm_instance *inst); /* Turn on the various logging and debug options for DB */ void dblayer_set_env_debugging(DB_ENV *pEnv, dblayer_private *priv);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/dbverify.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/dbverify.c
Changed
@@ -119,9 +119,11 @@ char *p = NULL; p = strstr(filep, LDBM_FILENAME_SUFFIX); /* since already checked, it must have it */ - *p = '\0'; + if(p) + *p = '\0'; ainfo_get( inst->inst_be, filep+1, &ai ); - *p = '.'; + if(p) + *p = '.'; if (ai->ai_key_cmp_fn) { dbp->app_private = (void *)ai->ai_key_cmp_fn; dbp->set_bt_compare(dbp, dblayer_bt_compare);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/filterindex.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/filterindex.c
Changed
@@ -67,6 +67,7 @@ ); static IDList * keys2idl( + Slapi_PBlock *pb, backend *be, char *type, const char *indextype, @@ -313,11 +314,11 @@ ivals=ptr; slapi_attr_assertion2keys_ava_sv( &sattr, &tmp, (Slapi_Value ***)&ivals, LDAP_FILTER_EQUALITY_FAST); - idl = keys2idl( be, type, indextype, ivals, err, &unindexed, &txn, allidslimit ); + idl = keys2idl( pb, be, type, indextype, ivals, err, &unindexed, &txn, allidslimit ); if ( unindexed ) { unsigned int opnote = SLAPI_OP_NOTE_UNINDEXED; slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); - pagedresults_set_unindexed( pb->pb_conn, pr_idx ); + pagedresults_set_unindexed( pb->pb_conn, pb->pb_op, pr_idx ); } /* We don't use valuearray_free here since the valueset, berval @@ -345,11 +346,11 @@ idl = idl_allids( be ); goto done; } - idl = keys2idl( be, type, indextype, ivals, err, &unindexed, &txn, allidslimit ); + idl = keys2idl( pb, be, type, indextype, ivals, err, &unindexed, &txn, allidslimit ); if ( unindexed ) { unsigned int opnote = SLAPI_OP_NOTE_UNINDEXED; slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); - pagedresults_set_unindexed( pb->pb_conn, pr_idx ); + pagedresults_set_unindexed( pb->pb_conn, pb->pb_op, pr_idx ); } valuearray_free( &ivals ); LDAPDebug( LDAP_DEBUG_TRACE, "<= ava_candidates %lu\n", @@ -382,7 +383,7 @@ return( NULL ); } slapi_pblock_get(pb, SLAPI_TXN, &txn.back_txn_txn); - idl = index_read_ext_allids( be, type, indextype_PRESENCE, + idl = index_read_ext_allids( pb, be, type, indextype_PRESENCE, NULL, &txn, err, &unindexed, allidslimit ); if ( unindexed ) { @@ -390,7 +391,7 @@ unsigned int opnote = SLAPI_OP_NOTE_UNINDEXED; slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx); - pagedresults_set_unindexed( pb->pb_conn, pr_idx ); + pagedresults_set_unindexed(pb->pb_conn, pb->pb_op, pr_idx); } if (idl != NULL && ALLIDS(idl) && strcasecmp(type, "nscpentrydn") == 0) { @@ -491,7 +492,7 @@ { int unindexed = 0; IDList* idl3 = (mrOP == SLAPI_OP_EQUAL) ? - index_read_ext_allids(be, mrTYPE, mrOID, *key, &txn, + index_read_ext_allids(pb, be, mrTYPE, mrOID, *key, &txn, err, &unindexed, allidslimit) : index_range_read_ext(pb, be, mrTYPE, mrOID, mrOP, *key, NULL, 0, &txn, err, allidslimit); @@ -504,6 +505,7 @@ SLAPI_PAGED_RESULTS_INDEX, &pr_idx ); pagedresults_set_unindexed( glob_pb->pb_conn, + glob_pb->pb_op, pr_idx ); } if (idl2 == NULL) @@ -916,7 +918,7 @@ slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx); if ( ivals == NULL || *ivals == NULL ) { slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); - pagedresults_set_unindexed( pb->pb_conn, pr_idx ); + pagedresults_set_unindexed( pb->pb_conn, pb->pb_op, pr_idx ); LDAPDebug( LDAP_DEBUG_TRACE, "<= sub_candidates ALLIDS (no keys)\n", 0, 0, 0 ); return( idl_allids( be ) ); @@ -927,10 +929,10 @@ * IDLists together. */ slapi_pblock_get(pb, SLAPI_TXN, &txn.back_txn_txn); - idl = keys2idl( be, type, indextype_SUB, ivals, err, &unindexed, &txn, allidslimit ); + idl = keys2idl( pb, be, type, indextype_SUB, ivals, err, &unindexed, &txn, allidslimit ); if ( unindexed ) { slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); - pagedresults_set_unindexed( pb->pb_conn, pr_idx ); + pagedresults_set_unindexed( pb->pb_conn, pb->pb_op, pr_idx ); } valuearray_free( &ivals ); @@ -941,6 +943,7 @@ static IDList * keys2idl( + Slapi_PBlock *pb, backend *be, char *type, const char *indextype, @@ -960,7 +963,7 @@ for ( i = 0; ivals[i] != NULL; i++ ) { IDList *idl2; - idl2 = index_read_ext_allids( be, type, indextype, slapi_value_get_berval(ivals[i]), txn, err, unindexed, allidslimit ); + idl2 = index_read_ext_allids( pb, be, type, indextype, slapi_value_get_berval(ivals[i]), txn, err, unindexed, allidslimit ); #ifdef LDAP_DEBUG /* XXX if ( slapd_ldap_debug & LDAP_DEBUG_TRACE ) { XXX */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/id2entry.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/id2entry.c
Changed
@@ -167,10 +167,12 @@ if (myparentdn && PL_strcmp(parentdn, myparentdn)) { Slapi_DN *sdn = slapi_entry_get_sdn(e->ep_entry); char *newdn = NULL; + CACHE_LOCK(&inst->inst_cache); slapi_sdn_done(sdn); newdn = slapi_ch_smprintf("%s,%s", myrdn, parentdn); slapi_sdn_init_dn_passin(sdn, newdn); slapi_sdn_get_ndn(sdn); /* to set ndn */ + CACHE_UNLOCK(&inst->inst_cache); } slapi_ch_free_string(&myparentdn); }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/idl.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/idl.c
Changed
@@ -1247,7 +1247,7 @@ (*idl)->b_nmax *= 2; (*idl) = (IDList *) slapi_ch_realloc( (char *) (*idl), - ((*idl)->b_nmax + 2) * sizeof(ID) ); + ((*idl)->b_nmax + 2) * sizeof(ID) + sizeof(IDList) ); } /* make a slot for the new id */ @@ -1345,7 +1345,7 @@ (*idl)->b_nmax = maxids; } *idl = (IDList *) slapi_ch_realloc( (char *) *idl, - ((*idl)->b_nmax + 2) * sizeof(ID) ); + ((*idl)->b_nmax + 2) * sizeof(ID) + sizeof(IDList)); } /* make a slot for the new id */ @@ -1620,3 +1620,10 @@ sprintf( contkey->dptr, "%c%s%lu", CONT_PREFIX, (char *)key->dptr, (u_long)id ); contkey->dsize = strlen( contkey->dptr ) + 1; } + +int +idl_sort_cmp(const void *x, const void *y) +{ + return *(ID *)x - *(ID *)y; +} +
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/idl_new.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/idl_new.c
Changed
@@ -266,7 +266,7 @@ } memcpy(&id, dataret.data, sizeof(ID)); if (id == lastid) { /* dup */ - LDAPDebug1Arg(LDAP_DEBUG_TRACE, "Detedted duplicate id " + LDAPDebug1Arg(LDAP_DEBUG_TRACE, "Detected duplicate id " "%d due to DB_MULTIPLE error - skipping\n", id); continue; /* get next one */ @@ -286,14 +286,17 @@ LDAPDebug(LDAP_DEBUG_TRACE, "bulk fetch buffer nids=%d\n", count, 0, 0); #if defined(DB_ALLIDS_ON_READ) - /* enforce the allids read limit */ - if ((NEW_IDL_NO_ALLID != *flag_err) && (NULL != a) && - (idl != NULL) && idl_new_exceeds_allidslimit(count, a, allidslimit)) { - idl->b_nids = 1; - idl->b_ids[0] = ALLID; - ret = DB_NOTFOUND; /* fool the code below into thinking that we finished the dups */ - break; - } + /* enforce the allids read limit */ + if ((NEW_IDL_NO_ALLID != *flag_err) && (NULL != a) && + (idl != NULL) && idl_new_exceeds_allidslimit(count, a, allidslimit)) { + idl->b_nids = 1; + idl->b_ids[0] = ALLID; + ret = DB_NOTFOUND; /* fool the code below into thinking that we finished the dups */ + LDAPDebug(LDAP_DEBUG_BACKLDBM, "search for key for attribute index %s " + "exceeded allidslimit %d - count is %d\n", + a->ai_type, allidslimit, count); + break; + } #endif ret = cursor->c_get(cursor,&key,&data,DB_NEXT_DUP|DB_MULTIPLE); if (0 != ret) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/import-threads.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/import-threads.c
Changed
@@ -2256,6 +2256,7 @@ "of the duplicated entry %s; " "Entry ID: %d", orig_dn, fi->entry->ep_id); + slapi_ch_free_string(&orig_dn); goto cont; } new_entrydn = slapi_attr_new(); @@ -2274,7 +2275,7 @@ /* Setting new entrydn attribute value */ slapi_attr_init(new_entrydn, "entrydn"); - valueset_add_string(&new_entrydn->a_present_values, + valueset_add_string(new_entrydn, &new_entrydn->a_present_values, /* new_dn: duped in valueset_add_string */ (const char *)new_dn, CSN_TYPE_UNKNOWN, NULL); @@ -2715,6 +2716,7 @@ } slapi_pblock_get(pb, SLAPI_BACKEND, &be); + slapi_pblock_get(pb, SLAPI_LDIF2DB_ENCRYPT, &job->encrypt); PR_ASSERT(be != NULL); li = (struct ldbminfo *)(be->be_database->plg_private); job->inst = (ldbm_instance *)be->be_instance_info; @@ -3046,6 +3048,7 @@ PR_ASSERT(be != NULL); li = (struct ldbminfo *)(be->be_database->plg_private); slapi_pblock_get(pb, SLAPI_BULK_IMPORT_STATE, &state); + slapi_pblock_set(pb, SLAPI_LDIF2DB_ENCRYPT, &li->li_online_import_encrypt); if (state == SLAPI_BI_STATE_START) { /* starting a new import */ int rc = bulk_import_start(pb); @@ -3620,7 +3623,7 @@ * Use the counter which stores the old DB's * next entryusn. */ PR_snprintf(counter_buf, USN_COUNTER_BUF_LEN, - "%" NSPRI64 "d", + "%" NSPRIu64, slapi_counter_get_value(be->be_usn_counter)); } else { /* import_init value is digit.
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/index.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/index.c
Changed
@@ -52,6 +52,8 @@ static const char *errmsg = "database index operation failed"; static int is_indexed (const char* indextype, int indexmask, char** index_rules); +static int index_get_allids( int *allids, const char *indextype, struct attrinfo *ai, const struct berval *val, unsigned int flags ); + static Slapi_Value ** valuearray_minus_valuearray( const Slapi_Attr *sattr, @@ -545,7 +547,7 @@ for (curr_attr = newe->ep_entry->e_attrs; curr_attr != NULL; curr_attr = curr_attr->a_next) { if (slapi_attr_type_cmp( basetype, curr_attr->a_type, SLAPI_TYPE_CMP_BASE ) == 0) { - valueset_add_valuearray(all_vals, attr_get_present_values(curr_attr)); + slapi_valueset_join_attr_valueset(curr_attr, all_vals, &curr_attr->a_present_values); } } @@ -566,7 +568,7 @@ for (curr_attr = olde->ep_entry->e_attrs; curr_attr != NULL; curr_attr = curr_attr->a_next) { if (slapi_attr_type_cmp( mods[i]->mod_type, curr_attr->a_type, SLAPI_TYPE_CMP_EXACT ) == 0) { - valueset_add_valuearray(mod_vals, attr_get_present_values(curr_attr)); + slapi_valueset_join_attr_valueset(curr_attr, mod_vals, &curr_attr->a_present_values); } } @@ -584,7 +586,7 @@ slapi_entry_attr_find( olde->ep_entry, mods[i]->mod_type, &curr_attr ); if ( mods_valueArray != NULL ) { for ( j = 0; mods_valueArray[j] != NULL; j++ ) { - Slapi_Value *rval = valuearray_remove_value(curr_attr, evals, mods_valueArray[j]); + Slapi_Value *rval = valueset_remove_value(curr_attr, all_vals, mods_valueArray[j]); slapi_value_free( &rval ); } } @@ -593,12 +595,12 @@ * they don't exist, delete the equality index. */ for ( j = 0; deleted_valueArray[j] != NULL; j++ ) { - if (valuearray_find(curr_attr, evals, deleted_valueArray[j]) == -1) { + if ( !slapi_valueset_find(curr_attr, all_vals, deleted_valueArray[j])) { if (!(flags & BE_INDEX_EQUALITY)) { flags |= BE_INDEX_EQUALITY; } } else { - Slapi_Value *rval = valuearray_remove_value(curr_attr, deleted_valueArray, deleted_valueArray[j]); + Slapi_Value *rval = valueset_remove_value(curr_attr, mod_vals, deleted_valueArray[j]); slapi_value_free( &rval ); j--; /* indicates there was some conflict */ @@ -637,8 +639,8 @@ if (curr_attr) { /* found the type */ for (j = 0; mods_valueArray[j] != NULL; j++) { /* mods_valueArray[j] is in curr_attr ==> return 0 */ - if (slapi_attr_value_find(curr_attr, - slapi_value_get_berval(mods_valueArray[j]))) { + if ( !slapi_valueset_find(curr_attr, &curr_attr->a_present_values, + mods_valueArray[j])) { /* The value is NOT in newe, remove it. */ Slapi_Value *rval; rval = valuearray_remove_value(curr_attr, @@ -649,18 +651,17 @@ mods[i]->mod_op |= LDAP_MOD_IGNORE; } } - if (mods_valueArray) { - rc = index_addordel_values_sv( be, - mods[i]->mod_type, - mods_valueArray, NULL, - id, BE_INDEX_ADD, txn ); - if (rc) { - ldbm_nasty(errmsg, 1042, rc); - goto error; - } + if(mods_valueArray[0]){ + rc = index_addordel_values_sv( be, mods[i]->mod_type, + mods_valueArray, NULL, + id, BE_INDEX_ADD, txn ); } else { rc = 0; } + if (rc) { + ldbm_nasty(errmsg, 1042, rc); + goto error; + } } } break; @@ -677,9 +678,9 @@ mod_vals = slapi_valueset_new(); for (curr_attr = olde->ep_entry->e_attrs; curr_attr != NULL; curr_attr = curr_attr->a_next) { - if (slapi_attr_type_cmp( mods[i]->mod_type, curr_attr->a_type, SLAPI_TYPE_CMP_EXACT ) == 0) { - valueset_add_valuearray(mod_vals, attr_get_present_values(curr_attr)); - } + if (slapi_attr_type_cmp( mods[i]->mod_type, curr_attr->a_type, SLAPI_TYPE_CMP_EXACT ) == 0) { + slapi_valueset_join_attr_valueset(curr_attr, mod_vals, &curr_attr->a_present_values); + } } deleted_valueArray = valueset_get_valuearray(mod_vals); @@ -694,15 +695,15 @@ /* Check if the any values being deleted * also exist in a subtype. */ - for ( j=0; deleted_valueArray[j] != NULL; j++) { - if ( valuearray_find(curr_attr, evals, deleted_valueArray[j]) == -1 ) { + for (j = 0; deleted_valueArray && deleted_valueArray[j]; j++) { + if ( !slapi_valueset_find(curr_attr, all_vals, deleted_valueArray[j])) { /* If the equality flag isn't already set, set it */ if (!(flags & BE_INDEX_EQUALITY)) { flags |= BE_INDEX_EQUALITY; } } else { /* Remove duplicate value from the mod list */ - Slapi_Value *rval = valuearray_remove_value(curr_attr, deleted_valueArray, deleted_valueArray[j]); + Slapi_Value *rval = valueset_remove_value(curr_attr, mod_vals, deleted_valueArray[j]); slapi_value_free( &rval ); j--; } @@ -751,7 +752,7 @@ if (curr_attr) { int found = 0; for (j = 0; mods_valueArray[j] != NULL; j++ ) { - if ( valuearray_find(curr_attr, evals, mods_valueArray[j]) > -1 ) { + if ( slapi_valueset_find(curr_attr, all_vals, mods_valueArray[j])) { /* The same value found in evals. * We don't touch the equality index. */ found = 1; @@ -889,6 +890,7 @@ */ IDList * index_read_ext_allids( + Slapi_PBlock *pb, backend *be, char *type, const char *indextype, @@ -911,6 +913,8 @@ char *basetmp, *basetype; int retry_count = 0; struct berval *encrypted_val = NULL; + int is_and = 0; + unsigned int ai_flags = 0; *err = 0; @@ -977,6 +981,26 @@ slapi_ch_free_string( &basetmp ); return( idl ); } + if (pb) { + slapi_pblock_get(pb, SLAPI_SEARCH_IS_AND, &is_and); + } + ai_flags = is_and ? INDEX_ALLIDS_FLAG_AND : 0; + /* the caller can pass in a value of 0 - just ignore those - but if the index + * config sets the allidslimit to 0, this means to skip the index + */ + if (index_get_allids( &allidslimit, indextype, ai, val, ai_flags ) && + (allidslimit == 0)) { + idl = idl_allids( be ); + if (unindexed != NULL) *unindexed = 1; + LDAPDebug1Arg( LDAP_DEBUG_BACKLDBM, "<= index_read %lu candidates " + "(do not use index)\n", (u_long)IDL_NIDS(idl) ); + LDAPDebug( LDAP_DEBUG_BACKLDBM, "<= index_read index attr %s type %s " + "for value %s does not use index\n", basetype, indextype, + (val && val->bv_val) ? val->bv_val : "ALL" ); + index_free_prefix( prefix ); + slapi_ch_free_string( &basetmp ); + return( idl ); + } if ( (*err = dblayer_get_index_file( be, ai, &db, DBOPEN_CREATE )) != 0 ) { LDAPDebug( LDAP_DEBUG_TRACE, "<= index_read NULL (index file open for attr %s)\n", @@ -1064,7 +1088,7 @@ int *unindexed ) { - return index_read_ext_allids(be, type, indextype, val, txn, err, unindexed, 0); + return index_read_ext_allids(NULL, be, type, indextype, val, txn, err, unindexed, 0); } /* This function compares two index keys. It is assumed @@ -1236,6 +1260,7 @@ time_t curtime, stoptime, optime; int timelimit = -1; back_search_result_set *sr = NULL; + int isroot = 0; if (!pb) { LDAPDebug(LDAP_DEBUG_ANY, "index_range_read: NULL pblock\n", @@ -1270,11 +1295,11 @@ if (sr != NULL) { /* the normal case */ lookthrough_limit = sr->sr_lookthroughlimit; - } else { - int isroot = 0; - slapi_pblock_get( pb, SLAPI_REQUESTOR_ISROOT, &isroot ); - if (!isroot) { - lookthrough_limit = li->li_lookthroughlimit;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_add.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_add.c
Changed
@@ -159,7 +159,7 @@ * operations that the URP code in the Replication * plugin generates. */ - if(SERIALLOCK(li) && !is_fixup_operation) + if(SERIALLOCK(li) && (!is_fixup_operation || is_ruv)) { dblayer_lock_backend(be); dblock_acquired= 1; @@ -668,19 +668,6 @@ parententry = NULL; } - if (!is_ruv && !is_fixup_operation) { - ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c ); - if (-1 == ruv_c_init) { - LDAPDebug( LDAP_DEBUG_ANY, - "ldbm_back_add: ldbm_txn_ruv_modify_context " - "failed to construct RUV modify context\n", - 0, 0, 0); - ldap_result_code= LDAP_OPERATIONS_ERROR; - retval = 0; - goto error_return; - } - } - if ( (originalentry = backentry_dup(addingentry )) == NULL ) { ldap_result_code= LDAP_OPERATIONS_ERROR; goto error_return; @@ -718,6 +705,11 @@ goto error_return; } } + if (ruv_c_init) { + /* reset the ruv txn stuff */ + modify_term(&ruv_c, be); + ruv_c_init = 0; + } /* We're re-trying */ LDAPDebug0Args(LDAP_DEBUG_BACKLDBM, "Add Retrying Transaction\n"); @@ -910,6 +902,19 @@ } } + if (!is_ruv && !is_fixup_operation) { + ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c ); + if (-1 == ruv_c_init) { + LDAPDebug( LDAP_DEBUG_ANY, + "ldbm_back_add: ldbm_txn_ruv_modify_context " + "failed to construct RUV modify context\n", + 0, 0, 0); + ldap_result_code= LDAP_OPERATIONS_ERROR; + retval = 0; + goto error_return; + } + } + if (ruv_c_init) { retval = modify_update_all( be, pb, &ruv_c, &txn ); if (DB_LOCK_DEADLOCK == retval) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_attr.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_attr.c
Changed
@@ -44,6 +44,22 @@ #include "back-ldbm.h" +static void +attr_index_idlistsize_done(struct index_idlistsizeinfo *idlinfo) +{ + if (idlinfo) { + slapi_valueset_free(idlinfo->ai_values); + idlinfo->ai_values = NULL; + } +} + +static void +attr_index_idlistsize_free(struct index_idlistsizeinfo **idlinfo) +{ + attr_index_idlistsize_done(*idlinfo); + slapi_ch_free((void **)idlinfo); +} + struct attrinfo * attrinfo_new() { @@ -52,6 +68,15 @@ } void +attrinfo_delete_idlistinfo(DataList **idlinfo_dl) +{ + if (idlinfo_dl && *idlinfo_dl) { + dl_cleanup(*idlinfo_dl, (FREEFN)attr_index_idlistsize_free); + dl_free(idlinfo_dl); + } +} + +void attrinfo_delete(struct attrinfo **pp) { if(pp!=NULL && *pp!=NULL) @@ -62,6 +87,7 @@ slapi_ch_free((void**)(*pp)->ai_index_rules); slapi_ch_free((void**)&((*pp)->ai_attrcrypt)); attr_done(&((*pp)->ai_sattr)); + attrinfo_delete_idlistinfo(&(*pp)->ai_idlistinfo); slapi_ch_free((void**)pp); *pp= NULL; } @@ -126,6 +152,10 @@ if ( b->ai_indexmask & INDEX_RULES ) { charray_merge( &a->ai_index_rules, b->ai_index_rules, 1 ); } + /* free the old idlistinfo from a - transfer the list from b to a */ + attrinfo_delete_idlistinfo(&a->ai_idlistinfo); + a->ai_idlistinfo = b->ai_idlistinfo; + b->ai_idlistinfo = NULL; return( 1 ); } @@ -166,6 +196,464 @@ } } +#define NS_INDEX_IDLISTSCANLIMIT "nsIndexIDListScanLimit" +#define LIMIT_KW "limit=" +#define LIMIT_LEN sizeof(LIMIT_KW)-1 +#define TYPE_KW "type=" +#define TYPE_LEN sizeof(TYPE_KW)-1 +#define FLAGS_KW "flags=" +#define FLAGS_LEN sizeof(FLAGS_KW)-1 +#define VALUES_KW "values=" +#define VALUES_LEN sizeof(VALUES_KW)-1 +#define FLAGS_AND_KW "AND" +#define FLAGS_AND_LEN sizeof(FLAGS_AND_KW)-1 + +static int +attr_index_parse_idlistsize_values(Slapi_Attr *attr, struct index_idlistsizeinfo *idlinfo, char *values, const char *strval, char *returntext) +{ + int rc = 0; + /* if we are here, values is non-NULL and not an empty string - parse it */ + char *ptr = NULL; + char *lasts = NULL; + char *val; + int syntaxcheck = config_get_syntaxcheck(); + IFP syntax_validate_fn = syntaxcheck ? attr->a_plugin->plg_syntax_validate : NULL; + char staticfiltstrbuf[1024]; /* for small filter strings */ + char *filtstrbuf = staticfiltstrbuf; /* default if not malloc'd */ + size_t filtstrbuflen = sizeof(staticfiltstrbuf); /* default if not malloc'd */ + Slapi_Filter *filt = NULL; /* for filter converting/unescaping config values */ + + /* caller should have already checked that values is valid and contains a "=" */ + PR_ASSERT(values); + ptr = PL_strchr(values, '='); + PR_ASSERT(ptr); + ++ptr; + for (val = ldap_utf8strtok_r(ptr, ",", &lasts); val; + val = ldap_utf8strtok_r(NULL, ",", &lasts)) { + Slapi_Value **ivals= NULL; /* for config values converted to keys */ + int ii; +#define FILT_TEMPL_BEGIN "(a=" +#define FILT_TEMPL_END ")" + size_t filttemplen = sizeof(FILT_TEMPL_BEGIN) - 1 + sizeof(FILT_TEMPL_END) - 1; + size_t vallen = strlen(val); + + if ((vallen + filttemplen + 1) > filtstrbuflen) { + filtstrbuflen = vallen + filttemplen + 1; + if (filtstrbuf == staticfiltstrbuf) { + filtstrbuf = (char *)slapi_ch_malloc(sizeof(char) * filtstrbuflen); + } else { + filtstrbuf = (char *)slapi_ch_realloc(filtstrbuf, sizeof(char) * filtstrbuflen); + } + } + /* each value is a value from a filter which should be escaped like a filter value + * for each value, create a dummy filter string, then parse and unescape it just + * like a filter + */ + PR_snprintf(filtstrbuf, filtstrbuflen, FILT_TEMPL_BEGIN "%s" FILT_TEMPL_END, val); + filt = slapi_str2filter(filtstrbuf); + if (!filt) { + rc = LDAP_UNWILLING_TO_PERFORM; + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "attr_index_parse_idlistsize: invalid value %s in %s", + val, strval); + break; + } + + if (idlinfo->ai_indextype == INDEX_SUB) { + if (syntax_validate_fn) { + /* see if the values match the syntax, but only if checking is enabled */ + char **subany = filt->f_sub_any; + struct berval bv; + + if (filt->f_sub_initial && *filt->f_sub_initial) { + bv.bv_val = filt->f_sub_initial; + bv.bv_len = strlen(bv.bv_val); + if ((rc = syntax_validate_fn(&bv))) { + rc = LDAP_UNWILLING_TO_PERFORM; + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "attr_index_parse_idlistsize: initial substring value %s " + "in value %s violates syntax for attribute %s", + bv.bv_val, val, attr->a_type); + break; + } + } + for (; !rc && subany && *subany; ++subany) { + char *subval = *subany; + if (*subval) { + bv.bv_val = subval; + bv.bv_len = strlen(bv.bv_val); + if ((rc = syntax_validate_fn(&bv))) { + rc = LDAP_UNWILLING_TO_PERFORM; + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "attr_index_parse_idlistsize: initial substring value %s in " + "value %s violates syntax for attribute %s", + bv.bv_val, val, attr->a_type); + break; + } + } + } + if (rc) { + break; + } + if (filt->f_sub_final) { + bv.bv_val = filt->f_sub_final; + bv.bv_len = strlen(bv.bv_val); + if ((rc = syntax_validate_fn(&bv))) { + rc = LDAP_UNWILLING_TO_PERFORM; + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "attr_index_parse_idlistsize: final substring value %s in value " + "%s violates syntax for attribute %s", + bv.bv_val, val, attr->a_type); + break; + } + } + } + /* if we are here, values passed syntax or no checking */ + /* generate index keys */ + (void)slapi_attr_assertion2keys_sub_sv(attr, filt->f_sub_initial, filt->f_sub_any, filt->f_sub_final, &ivals); + + } else if (idlinfo->ai_indextype == INDEX_EQUALITY) { + Slapi_Value sval; + /* see if the value matches the syntax, but only if checking is enabled */ + if (syntax_validate_fn && ((rc = syntax_validate_fn(&filt->f_avvalue)))) { + rc = LDAP_UNWILLING_TO_PERFORM; + PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, + "attr_index_parse_idlistsize: value %s violates syntax for attribute %s", + val, attr->a_type); + break; + } + + sval.bv.bv_val = filt->f_avvalue.bv_val; + sval.bv.bv_len = filt->f_avvalue.bv_len; + sval.v_flags = 0; + sval.v_csnset = NULL; + (void)slapi_attr_assertion2keys_ava_sv(attr, &sval, (Slapi_Value ***)&ivals, LDAP_FILTER_EQUALITY); + } + /* don't need filter any more */ + slapi_filter_free(filt, 1); + filt = NULL; + + /* add value(s) in ivals to our value set - disallow duplicates with error */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
Changed
@@ -425,7 +425,7 @@ LDAPDebug(LDAP_DEBUG_ANY,"Can't find certificate %s in attrcrypt_fetch_private_key: %d - %s\n", cert_name, errorCode, slapd_pr_strerror(errorCode)); } if( cert != NULL ) { - key = slapd_pk11_findKeyByAnyCert(cert, NULL); + key = slapd_get_unlocked_key_for_cert(cert, NULL); } if (key == NULL) { errorCode = PR_GetError();
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_config.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_config.c
Changed
@@ -187,6 +187,28 @@ return retval; } +static void *ldbm_config_rangelookthroughlimit_get(void *arg) +{ + struct ldbminfo *li = (struct ldbminfo *) arg; + + return (void *) ((uintptr_t)(li->li_rangelookthroughlimit)); +} + +static int ldbm_config_rangelookthroughlimit_set(void *arg, void *value, char *errorbuf, int phase, int apply) +{ + struct ldbminfo *li = (struct ldbminfo *) arg; + int retval = LDAP_SUCCESS; + int val = (int) ((uintptr_t)value); + + /* Do whatever we can to make sure the data is ok. */ + + if (apply) { + li->li_rangelookthroughlimit = val; + } + + return retval; +} + static void *ldbm_config_mode_get(void *arg) { struct ldbminfo *li = (struct ldbminfo *) arg; @@ -843,6 +865,26 @@ return retval; } +static void *ldbm_config_db_online_import_encrypt_get(void *arg) +{ + struct ldbminfo *li = (struct ldbminfo *) arg; + + return (void *) ((uintptr_t)li->li_online_import_encrypt); +} + +static int ldbm_config_db_online_import_encrypt_set(void *arg, void *value, char *errorbuf, int phase, int apply) +{ + struct ldbminfo *li = (struct ldbminfo *) arg; + int retval = LDAP_SUCCESS; + int val = (int) ((uintptr_t)value); + + if (apply) { + li->li_online_import_encrypt = val; + } + + return retval; +} + static void *ldbm_config_db_private_import_mem_get(void *arg) { struct ldbminfo *li = (struct ldbminfo *) arg; @@ -1284,6 +1326,40 @@ return retval; } +static void *ldbm_config_db_deadlock_policy_get(void *arg) +{ + struct ldbminfo *li = (struct ldbminfo *) arg; + + return (void *) ((uintptr_t)li->li_dblayer_private->dblayer_deadlock_policy); +} + +static int ldbm_config_db_deadlock_policy_set(void *arg, void *value, char *errorbuf, int phase, int apply) +{ + struct ldbminfo *li = (struct ldbminfo *) arg; + int retval = LDAP_SUCCESS; + u_int32_t val = (u_int32_t) ((uintptr_t)value); + + if (val > DB_LOCK_YOUNGEST) { + PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, + "Error: Invalid value for %s (%d). Must be between %d and %d inclusive", + CONFIG_DB_DEADLOCK_POLICY, val, DB_LOCK_DEFAULT, DB_LOCK_YOUNGEST); + LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s\n", errorbuf); + return LDAP_UNWILLING_TO_PERFORM; + } + if (val == DB_LOCK_NORUN) { + PR_snprintf(errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, + "Warning: Setting value for %s to (%d) will disable deadlock detection", + CONFIG_DB_DEADLOCK_POLICY, val); + LDAPDebug1Arg(LDAP_DEBUG_ANY, "%s\n", errorbuf); + } + + if (apply) { + li->li_dblayer_private->dblayer_deadlock_policy = val; + } + + return retval; +} + /*------------------------------------------------------------------------ * Configuration array for ldbm and dblayer variables @@ -1317,6 +1393,7 @@ {CONFIG_DB_LOCK, CONFIG_TYPE_INT, "10000", &ldbm_config_db_lock_get, &ldbm_config_db_lock_set, 0}, {CONFIG_DB_PRIVATE_MEM, CONFIG_TYPE_ONOFF, "off", &ldbm_config_db_private_mem_get, &ldbm_config_db_private_mem_set, 0}, {CONFIG_DB_PRIVATE_IMPORT_MEM, CONFIG_TYPE_ONOFF, "on", &ldbm_config_db_private_import_mem_get, &ldbm_config_db_private_import_mem_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, + {CONDIF_DB_ONLINE_IMPORT_ENCRYPT, CONFIG_TYPE_ONOFF, "on", &ldbm_config_db_online_import_encrypt_get, &ldbm_config_db_online_import_encrypt_set, 0}, {CONFIG_DB_SHM_KEY, CONFIG_TYPE_LONG, "389389", &ldbm_config_db_shm_key_get, &ldbm_config_db_shm_key_set, 0}, {CONFIG_DB_CACHE, CONFIG_TYPE_INT, "0", &ldbm_config_db_cache_get, &ldbm_config_db_cache_set, 0}, {CONFIG_DB_DEBUG_CHECKPOINTING, CONFIG_TYPE_ONOFF, "off", &ldbm_config_db_debug_checkpointing_get, &ldbm_config_db_debug_checkpointing_set, 0}, @@ -1341,6 +1418,8 @@ {CONFIG_ENTRYRDN_NOANCESTORID, CONFIG_TYPE_ONOFF, "off", &ldbm_config_entryrdn_noancestorid_get, &ldbm_config_entryrdn_noancestorid_set, 0 /* no show */}, {CONFIG_PAGEDLOOKTHROUGHLIMIT, CONFIG_TYPE_INT, "0", &ldbm_config_pagedlookthroughlimit_get, &ldbm_config_pagedlookthroughlimit_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, {CONFIG_PAGEDIDLISTSCANLIMIT, CONFIG_TYPE_INT, "0", &ldbm_config_pagedallidsthreshold_get, &ldbm_config_pagedallidsthreshold_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, + {CONFIG_RANGELOOKTHROUGHLIMIT, CONFIG_TYPE_INT, "5000", &ldbm_config_rangelookthroughlimit_get, &ldbm_config_rangelookthroughlimit_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, + {CONFIG_DB_DEADLOCK_POLICY, CONFIG_TYPE_INT, STRINGIFYDEFINE(DB_LOCK_YOUNGEST), &ldbm_config_db_deadlock_policy_get, &ldbm_config_db_deadlock_policy_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, {NULL, 0, NULL, NULL, NULL, 0} };
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_config.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_config.h
Changed
@@ -85,6 +85,7 @@ #define CONFIG_INSTANCE "nsslapd-instance" #define CONFIG_LOOKTHROUGHLIMIT "nsslapd-lookthroughlimit" +#define CONFIG_RANGELOOKTHROUGHLIMIT "nsslapd-rangelookthroughlimit" #define CONFIG_PAGEDLOOKTHROUGHLIMIT "nsslapd-pagedlookthroughlimit" #define CONFIG_IDLISTSCANLIMIT "nsslapd-idlistscanlimit" #define CONFIG_PAGEDIDLISTSCANLIMIT "nsslapd-pagedidlistscanlimit" @@ -135,6 +136,7 @@ #define CONFIG_DB_HOME_DIRECTORY "nsslapd-db-home-directory" #define CONFIG_DB_LOCKDOWN "nsslapd-db-lockdown" #define CONFIG_DB_TX_MAX "nsslapd-db-tx-max" +#define CONDIF_DB_ONLINE_IMPORT_ENCRYPT "nsslapd-online-import-encrypt" #define CONFIG_IDL_SWITCH "nsslapd-idl-switch" #define CONFIG_BYPASS_FILTER_TEST "nsslapd-search-bypass-filter-test" @@ -157,6 +159,8 @@ #define CONFIG_USE_LEGACY_ERRORCODE "nsslapd-do-not-use-vlv-error" +#define CONFIG_DB_DEADLOCK_POLICY "nsslapd-db-deadlock-policy" + #define CONFIG_LDBM_DN "cn=config,cn=ldbm database,cn=plugins,cn=config" #define LDBM_INSTANCE_CONFIG_DONT_WRITE 1
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_delete.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_delete.c
Changed
@@ -242,14 +242,12 @@ */ is_tombstone_entry = slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE); if (delete_tombstone_entry) { - PR_ASSERT(is_tombstone_entry); if (!is_tombstone_entry) { slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_delete", "Attempt to delete a non-tombstone entry %s\n", dn); delete_tombstone_entry = 0; } } else { - PR_ASSERT(!is_tombstone_entry); if (is_tombstone_entry) { slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_delete", "Attempt to Tombstone again a tombstone entry %s\n", dn); @@ -290,6 +288,13 @@ create_tombstone_entry = (create_tombstone_entry < 0) ? 0 : 1; } } + if (create_tombstone_entry && is_tombstone_entry) { + slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_delete", + "Attempt to convert a tombstone entry %s to tombstone\n", dn); + retval = -1; + ldap_result_code = LDAP_UNWILLING_TO_PERFORM; + goto error_return; + } #if DEBUG slapi_log_error(SLAPI_LOG_REPL, "ldbm_back_delete", @@ -321,12 +326,33 @@ if ( !slapi_sdn_isempty(&parentsdn) ) { struct backentry *parent = NULL; - entry_address parent_addr; + char *pid_str = slapi_entry_attr_get_charptr(e->ep_entry, LDBM_PARENTID_STR); + if (pid_str) { + /* First, try to get the direct parent. */ + /* + * Although a rare case, multiple parents from repl conflict could exist. + * In such case, if a parent entry is found just by parentsdn + * (find_entry2modify_only_ext), a wrong parent could be found, + * and numsubordinate count could get confused. + */ + ID pid = (ID)strtol(pid_str, (char **)NULL, 10); + slapi_ch_free_string(&pid_str); + parent = id2entry(be, pid ,NULL, &retval); + if (parent && cache_lock_entry(&inst->inst_cache, parent)) { + /* Failed to obtain parent entry's entry lock */ + CACHE_RETURN(&(inst->inst_cache), &parent); + retval = -1; + goto error_return; + } + } + if (NULL == parent) { + entry_address parent_addr; - parent_addr.sdn = &parentsdn; - parent_addr.uniqueid = NULL; - parent = find_entry2modify_only_ext(pb, be, &parent_addr, - TOMBSTONE_INCLUDED, &txn); + parent_addr.sdn = &parentsdn; + parent_addr.uniqueid = NULL; + parent = find_entry2modify_only_ext(pb, be, &parent_addr, + TOMBSTONE_INCLUDED, &txn); + } if (NULL != parent) { int isglue; size_t haschildren = 0; @@ -427,19 +453,6 @@ } } - if (!is_ruv && !is_fixup_operation && !delete_tombstone_entry) { - ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c ); - if (-1 == ruv_c_init) { - LDAPDebug( LDAP_DEBUG_ANY, - "ldbm_back_delete: ldbm_txn_ruv_modify_context " - "failed to construct RUV modify context\n", - 0, 0, 0); - ldap_result_code= LDAP_OPERATIONS_ERROR; - retval = 0; - goto error_return; - } - } - /* * So, we believe that no code up till here actually added anything * to the persistent store. From now on, we're transacted @@ -487,14 +500,20 @@ e_in_cache = 1; } + if (ruv_c_init) { + /* reset the ruv txn stuff */ + modify_term(&ruv_c, be); + ruv_c_init = 0; + } + /* We're re-trying */ LDAPDebug0Args(LDAP_DEBUG_BACKLDBM, "Delete Retrying Transaction\n"); #ifndef LDBM_NO_BACKOFF_DELAY { - PRIntervalTime interval; - interval = PR_MillisecondsToInterval(slapi_rand() % 100); - DS_Sleep(interval); + PRIntervalTime interval; + interval = PR_MillisecondsToInterval(slapi_rand() % 100); + DS_Sleep(interval); } #endif } @@ -967,6 +986,19 @@ } } + if (!is_ruv && !is_fixup_operation && !delete_tombstone_entry) { + ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c ); + if (-1 == ruv_c_init) { + LDAPDebug( LDAP_DEBUG_ANY, + "ldbm_back_delete: ldbm_txn_ruv_modify_context " + "failed to construct RUV modify context\n", + 0, 0, 0); + ldap_result_code= LDAP_OPERATIONS_ERROR; + retval = 0; + goto error_return; + } + } + if (ruv_c_init) { retval = modify_update_all( be, pb, &ruv_c, &txn ); if (DB_LOCK_DEADLOCK == retval) { @@ -1164,9 +1196,9 @@ } diskfull_return: - if(ldap_result_code!=-1) + if(ldap_result_code!=-1) { - slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL ); + slapi_send_ldap_result( pb, ldap_result_code, NULL, ldap_result_message, 0, NULL ); } modify_term(&parent_modify_c,be); if(dblock_acquired)
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_entryrdn.c
Changed
@@ -747,7 +747,7 @@ renamedata.data = (void *)newelem; renamedata.flags = DB_DBT_USERMEM; rc = _entryrdn_put_data(cursor, &key, &renamedata, RDN_INDEX_SELF, db_txn); - if (rc) { + if (rc && (DB_KEYEXIST != rc)) { /* failed && ignore already exists */ slapi_log_error(ENTRYRDN_LOGLEVEL(rc), ENTRYRDN_TAG, "entryrdn_rename_subtree: Adding %s failed; " "%s(%d)\n", keybuf, dblayer_strerror(rc), rc); @@ -768,7 +768,7 @@ renamedata.flags = DB_DBT_USERMEM; rc = _entryrdn_put_data(cursor, &key, &renamedata, RDN_INDEX_CHILD, db_txn); - if (rc) { + if (rc && (DB_KEYEXIST != rc)) { /* failed && ignore already exists */ goto bail; } } @@ -809,17 +809,11 @@ renamedata.data = (void *)oldsupelem; } } else { - if (mynewsupsdn) { - renamedata.ulen = renamedata.size = newsupelemlen; - renamedata.data = (void *)newsupelem; - } else { - /* never comes here */ - rc = -1; - goto bail; - } + renamedata.ulen = renamedata.size = newsupelemlen; + renamedata.data = (void *)newsupelem; } rc = _entryrdn_put_data(cursor, &key, &renamedata, RDN_INDEX_PARENT, db_txn); - if (rc) { + if (rc && (DB_KEYEXIST != rc)) { /* failed && ignore already exists */ slapi_log_error(ENTRYRDN_LOGLEVEL(rc), ENTRYRDN_TAG, "entryrdn_rename_subtree: Adding " "%s failed; %s(%d)\n", @@ -854,7 +848,7 @@ renamedata.data = (void *)newelem; renamedata.flags = DB_DBT_USERMEM; rc = _entryrdn_put_data(cursor, &key, &renamedata, RDN_INDEX_SELF, db_txn); - if (rc) { + if (rc && (DB_KEYEXIST != rc)) { /* failed && ignore already exists */ slapi_log_error(ENTRYRDN_LOGLEVEL(rc), ENTRYRDN_TAG, "entryrdn_rename_subtree: Adding %s failed; " "%s(%d)\n", keybuf, dblayer_strerror(rc), rc); @@ -901,19 +895,13 @@ renamedata.data = (void *)targetelem; } } else { - if (mynewsrdn) { - memset(&renamedata, 0, sizeof(renamedata)); - renamedata.ulen = renamedata.size = newelemlen; - renamedata.data = (void *)newelem; - renamedata.flags = DB_DBT_USERMEM; - } else { - /* never comes here */ - rc = -1; - goto bail; - } + memset(&renamedata, 0, sizeof(renamedata)); + renamedata.ulen = renamedata.size = newelemlen; + renamedata.data = (void *)newelem; + renamedata.flags = DB_DBT_USERMEM; } rc = _entryrdn_put_data(cursor, &key, &renamedata, RDN_INDEX_CHILD, db_txn); - if (rc) { + if (rc && (DB_KEYEXIST != rc)) { /* failed && ignore already exists */ goto bail; } } @@ -1960,12 +1948,11 @@ rc = cursor->c_put(cursor, key, data, DB_NODUPDATA); if (rc) { if (DB_KEYEXIST == rc) { - /* this is okay */ + /* this is okay, but need to return DB_KEYEXIST to caller */ slapi_log_error(SLAPI_LOG_BACKLDBM, ENTRYRDN_TAG, "_entryrdn_put_data: The same key (%s) and the " "data exists in index\n", (char *)key->data); - rc = 0; break; } else { char *keyword = NULL; @@ -2114,7 +2101,7 @@ /* adding RDN to the child key */ rc = _entryrdn_put_data(cursor, key, &adddata, RDN_INDEX_CHILD, db_txn); keybuf = key->data; - if (rc) { /* failed */ + if (rc && (DB_KEYEXIST != rc)) { /* failed && ignore already exists */ goto bail; } @@ -2130,7 +2117,7 @@ key->flags = DB_DBT_USERMEM; rc = _entryrdn_put_data(cursor, key, &adddata, RDN_INDEX_SELF, db_txn); - if (rc) { /* failed */ + if (rc && (DB_KEYEXIST != rc)) { /* failed && ignore already exists */ goto bail; } @@ -2150,6 +2137,9 @@ adddata.flags = DB_DBT_USERMEM; /* adding RDN to the self key */ rc = _entryrdn_put_data(cursor, key, &adddata, RDN_INDEX_PARENT, db_txn); + if (DB_KEYEXIST == rc) { /* failed && ignore already exists */ + rc = 0; + } /* Succeeded or failed, it's done. */ bail: slapi_ch_free_string(&keybuf); @@ -2273,7 +2263,7 @@ /* Add it back */ rc = _entryrdn_put_data(cursor, &realkey, &moddata, RDN_INDEX_CHILD, db_txn); - if (rc) { + if (rc && (DB_KEYEXIST != rc)) { /* failed && ignore already exists */ goto bail0; } if (curr_childnum + 1 == childnum) { @@ -2536,7 +2526,7 @@ slapi_ch_free_string(&dn); goto bail; } - elem = _entryrdn_new_rdn_elem(be, 0 /*fake id*/, tmpsrdn, &len); + elem = _entryrdn_new_rdn_elem(be, TMPID, tmpsrdn, &len); if (NULL == elem) { char *dn = NULL; slapi_rdn_get_dn(tmpsrdn, &dn); @@ -2556,12 +2546,13 @@ rc = _entryrdn_get_elem(cursor, &key, &data, nrdn, &elem); if (rc) { const char *myrdn = slapi_rdn_get_nrdn(srdn); - const char *ep = NULL; + const char **ep = NULL; int isexception = 0; /* Check the RDN is in the exception list */ - for (ep = *rdn_exceptions; ep && *ep; ep++) { - if (!strcmp(ep, myrdn)) { + for (ep = rdn_exceptions; ep && *ep; ep++) { + if (!strcmp(*ep, myrdn)) { isexception = 1; + break; } } @@ -2641,7 +2632,7 @@ goto bail; } } - elem = _entryrdn_new_rdn_elem(be, 0 /*fake id*/, tmpsrdn, &len); + elem = _entryrdn_new_rdn_elem(be, TMPID, tmpsrdn, &len); if (NULL == elem) { char *dn = NULL; slapi_rdn_get_dn(tmpsrdn, &dn); @@ -2896,7 +2887,7 @@ slapi_ch_free_string(&dn); goto bail; } - elem = _entryrdn_new_rdn_elem(be, 0 /*fake id*/, tmpsrdn, &len); + elem = _entryrdn_new_rdn_elem(be, TMPID, tmpsrdn, &len); if (NULL == elem) { char *dn = NULL; slapi_rdn_get_dn(tmpsrdn, &dn); @@ -3139,7 +3130,7 @@ slapi_ch_free_string(&dn); goto bail; } - *elem = _entryrdn_new_rdn_elem(be, 0 /*fake id*/, tmpsrdn, &len); + *elem = _entryrdn_new_rdn_elem(be, TMPID, tmpsrdn, &len); if (NULL == *elem) { char *dn = NULL; slapi_rdn_get_dn(tmpsrdn, &dn); @@ -3164,6 +3155,7 @@ /* Node might be a tombstone. */ rc = _entryrdn_get_tombstone_elem(cursor, tmpsrdn, &key, nrdn, elem); + rdnidx--; /* consider nsuniqueid=..,<RDN> one RDN */ } if (rc || NULL == *elem) { slapi_log_error(SLAPI_LOG_BACKLDBM, ENTRYRDN_TAG, @@ -3216,7 +3208,7 @@ goto bail; } } - tmpelem = _entryrdn_new_rdn_elem(be, 0 /*fake id*/, tmpsrdn, &len); + tmpelem = _entryrdn_new_rdn_elem(be, TMPID, tmpsrdn, &len); if (NULL == tmpelem) { char *dn = NULL; slapi_rdn_get_dn(tmpsrdn, &dn); @@ -3270,6 +3262,7 @@ } goto bail; } + rdnidx--; /* consider nsuniqueid=..,<RDN> one RDN */ } else {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_modify.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_modify.c
Changed
@@ -71,6 +71,11 @@ int modify_apply_mods(modify_context *mc, Slapi_Mods *smods) { + return modify_apply_mods_ignore_error(mc, smods, -1); +} + +int modify_apply_mods_ignore_error(modify_context *mc, Slapi_Mods *smods, int error) +{ int ret = 0; /* Make a copy of the entry */ PR_ASSERT(mc->old_entry != NULL); @@ -78,7 +83,7 @@ mc->new_entry = backentry_dup(mc->old_entry); PR_ASSERT(smods!=NULL); if ( mods_have_effect (mc->new_entry->ep_entry, smods) ) { - ret = entry_apply_mods( mc->new_entry->ep_entry, slapi_mods_get_ldapmods_byref(smods)); + ret = entry_apply_mods_ignore_error( mc->new_entry->ep_entry, slapi_mods_get_ldapmods_byref(smods), error); } mc->smods= smods; return ret; @@ -389,7 +394,7 @@ * operations that the URP code in the Replication * plugin generates. */ - if(SERIALLOCK(li) && !operation_is_flag_set(operation,OP_FLAG_REPL_FIXUP)) { + if(SERIALLOCK(li) && (!is_fixup_operation || is_ruv)) { dblayer_lock_backend(be); dblock_acquired= 1; } @@ -400,8 +405,14 @@ goto error_return; /* error result sent by find_entry2modify() */ } - if ( !is_fixup_operation ) - { + if (!is_fixup_operation) { + if (slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE)) { + ldap_result_code = LDAP_UNWILLING_TO_PERFORM; + ldap_result_message = "Operation not allowed on tombstone entry."; + slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_modify", + "Attempt to modify a tombstone entry %s\n", slapi_sdn_get_dn(slapi_entry_get_sdn_const( e->ep_entry ))); + goto error_return; + } opcsn = operation_get_csn (operation); if (NULL == opcsn && operation->o_csngen_handler) { @@ -465,19 +476,6 @@ goto error_return; } - if (!is_ruv && !is_fixup_operation) { - ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c ); - if (-1 == ruv_c_init) { - LDAPDebug( LDAP_DEBUG_ANY, - "ldbm_back_modify: ldbm_txn_ruv_modify_context " - "failed to construct RUV modify context\n", - 0, 0, 0); - ldap_result_code= LDAP_OPERATIONS_ERROR; - retval = 0; - goto error_return; - } - } - /* * Grab a copy of the mods and the entry in case the be_txn_preop changes * the them. If we have a failure, then we need to reset the mods to their @@ -515,6 +513,12 @@ goto error_return; } + if (ruv_c_init) { + /* reset the ruv txn stuff */ + modify_term(&ruv_c, be); + ruv_c_init = 0; + } + LDAPDebug0Args(LDAP_DEBUG_BACKLDBM, "Modify Retrying Transaction\n"); #ifndef LDBM_NO_BACKOFF_DELAY @@ -627,6 +631,19 @@ } + if (!is_ruv && !is_fixup_operation) { + ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c ); + if (-1 == ruv_c_init) { + LDAPDebug( LDAP_DEBUG_ANY, + "ldbm_back_modify: ldbm_txn_ruv_modify_context " + "failed to construct RUV modify context\n", + 0, 0, 0); + ldap_result_code= LDAP_OPERATIONS_ERROR; + retval = 0; + goto error_return; + } + } + if (ruv_c_init) { retval = modify_update_all( be, pb, &ruv_c, &txn ); if (DB_LOCK_DEADLOCK == retval) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
Changed
@@ -352,6 +352,13 @@ goto error_return; /* error result sent by find_entry2modify() */ } e_in_cache = 1; /* e is in the cache and locked */ + if (slapi_entry_flag_is_set(e->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE) ) { + ldap_result_code = LDAP_UNWILLING_TO_PERFORM; + ldap_result_message = "Operation not allowed on tombstone entry."; + slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_modrdn", + "Attempt to rename a tombstone entry %s\n", slapi_sdn_get_dn(slapi_entry_get_sdn_const( e->ep_entry ))); + goto error_return; + } /* Check that an entry with the same DN doesn't already exist. */ { Slapi_Entry *entry; @@ -426,10 +433,11 @@ if ( newparententry == NULL ) { /* There may not be a new parent because we don't intend there to be one. */ - if(slapi_sdn_get_ndn(dn_newsuperiordn)!=NULL) + if (slapi_sdn_get_ndn(dn_newsuperiordn)) { - /* If the new entry is to be a suffix, and we're root, then it's OK that the new parent doesn't exist */ - if (!(slapi_be_issuffix(pb->pb_backend, &dn_newdn)) && isroot) + /* If the new entry is not to be a suffix, + * return an error no matter who requested this modrdn */ + if (!slapi_be_issuffix(pb->pb_backend, &dn_newdn)) { /* Here means that we didn't find the parent */ int err = 0; @@ -447,7 +455,7 @@ slapi_sdn_get_ndn(dn_newsuperiordn), 0 ); slapi_sdn_done(&ancestorsdn); goto error_return; - } + } } } else @@ -465,7 +473,7 @@ if ( parententry == NULL ) { /* If the entry a suffix, and we're root, then it's OK that the parent doesn't exist */ - if (!(slapi_be_issuffix(pb->pb_backend, sdn)) && isroot) + if (!(slapi_be_issuffix(pb->pb_backend, sdn)) && !isroot) { /* Here means that we didn't find the parent */ ldap_result_matcheddn = "NULL"; @@ -711,19 +719,6 @@ /* JCM - A subtree move could break ACIs, static groups, and dynamic groups. */ } - if (!is_ruv && !is_fixup_operation) { - ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c ); - if (-1 == ruv_c_init) { - LDAPDebug( LDAP_DEBUG_ANY, - "ldbm_back_modrdn: ldbm_txn_ruv_modify_context " - "failed to construct RUV modify context\n", - 0, 0, 0); - ldap_result_code = LDAP_OPERATIONS_ERROR; - retval = 0; - goto error_return; - } - } - /* * make copies of the originals, no need to copy the mods because * we have already copied them @@ -825,6 +820,11 @@ goto error_return; } + if (ruv_c_init) { + /* reset the ruv txn stuff */ + modify_term(&ruv_c, be); + ruv_c_init = 0; + } /* We're re-trying */ LDAPDebug0Args(LDAP_DEBUG_BACKLDBM, "Modrdn Retrying Transaction\n"); @@ -1027,6 +1027,19 @@ goto error_return; } + if (!is_ruv && !is_fixup_operation) { + ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c ); + if (-1 == ruv_c_init) { + LDAPDebug( LDAP_DEBUG_ANY, + "ldbm_back_modrdn: ldbm_txn_ruv_modify_context " + "failed to construct RUV modify context\n", + 0, 0, 0); + ldap_result_code = LDAP_OPERATIONS_ERROR; + retval = 0; + goto error_return; + } + } + if (ruv_c_init) { retval = modify_update_all( be, pb, &ruv_c, &txn ); if (DB_LOCK_DEADLOCK == retval) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_search.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_search.c
Changed
@@ -53,7 +53,7 @@ static IDList *base_candidates( Slapi_PBlock *pb, struct backentry *e ); static IDList *onelevel_candidates( Slapi_PBlock *pb, backend *be, const char *base, struct backentry *e, Slapi_Filter *filter, int managedsait, int *lookup_returned_allidsp, int *err ); static back_search_result_set* new_search_result_set(IDList* idl,int vlv, int lookthroughlimit); -static void delete_search_result_set( back_search_result_set **sr ); +static void delete_search_result_set(Slapi_PBlock *pb, back_search_result_set **sr); static int can_skip_filter_test( Slapi_PBlock *pb, struct slapi_filter *f, int scope, IDList *idl ); @@ -165,6 +165,7 @@ int estimate = 0; /* estimated search result count */ backend *be; ldbm_instance *inst; + back_search_result_set *sr = NULL; slapi_pblock_get( pb, SLAPI_BACKEND, &be ); inst = (ldbm_instance *) be->be_instance_info; @@ -178,19 +179,14 @@ { slapi_send_ldap_result( pb, ldap_result, NULL, ldap_result_description, 0, NULL ); } - { - /* hack hack --- code to free the result set if we don't need it */ - /* We get it and check to see if the structure was ever used */ - back_search_result_set *sr = NULL; - slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_SET, &sr ); - if ( (NULL != sr) && (function_result != 0) ) { - int pr_idx = -1; - slapi_pblock_get( pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx ); - /* in case paged results, clean up the conn */ - pagedresults_set_search_result( pb->pb_conn, NULL, 0, pr_idx ); - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, NULL ); - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate ); - delete_search_result_set(&sr); + /* code to free the result set if we don't need it */ + /* We get it and check to see if the structure was ever used */ + slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); + if (sr) { + if (function_result) { + slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate); + slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_ENTRY, NULL); + delete_search_result_set(pb, &sr); } } if (vlv_request_control) @@ -577,7 +573,7 @@ /* This candidate list is for vlv, no need for sort only. */ switch (vlv_search_build_candidate_list(pb, basesdn, &vlv_rc, sort_control, - (vlv ? &vlv_request_control : NULL), + &vlv_request_control, &candidates, &vlv_response_control)) { case VLV_ACCESS_DENIED: return ldbm_back_search_cleanup(pb, li, sort_control, @@ -828,7 +824,7 @@ * to record that fact. */ if ( NULL != candidates && ALLIDS( candidates )) { - unsigned int opnote = SLAPI_OP_NOTE_UNINDEXED; + unsigned int opnote; int ri = 0; int pr_idx = -1; @@ -851,9 +847,13 @@ } } + slapi_pblock_get( pb, SLAPI_OPERATION_NOTES, &opnote ); + opnote |= SLAPI_OP_NOTE_FULL_UNINDEXED; /* the full filter leads to an unindexed search */ + opnote &= ~SLAPI_OP_NOTE_UNINDEXED; /* this note is useless because FULL_UNINDEXED includes UNINDEXED */ + slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, NULL ); slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); slapi_pblock_get( pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx ); - pagedresults_set_unindexed( pb->pb_conn, pr_idx ); + pagedresults_set_unindexed( pb->pb_conn, pb->pb_op, pr_idx ); } sr->sr_candidates = candidates; @@ -1341,13 +1341,24 @@ int estimate = 0; /* estimated search result count */ back_txn txn = {NULL}; int pr_idx = -1; + Slapi_Connection *conn; + Slapi_Operation *op; + slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &basesdn ); + if (NULL == basesdn) { + slapi_send_ldap_result( pb, LDAP_INVALID_DN_SYNTAX, NULL, + "Null target DN", 0, NULL ); + return( -1 ); + } + slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_SET, &sr ); + if (NULL == sr) { + goto bail; + } slapi_pblock_get( pb, SLAPI_BACKEND, &be ); slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li ); slapi_pblock_get( pb, SLAPI_SEARCH_SCOPE, &scope ); slapi_pblock_get( pb, SLAPI_MANAGEDSAIT, &managedsait ); slapi_pblock_get( pb, SLAPI_SEARCH_FILTER, &filter ); - slapi_pblock_get( pb, SLAPI_SEARCH_TARGET_SDN, &basesdn ); slapi_pblock_get( pb, SLAPI_NENTRIES, &nentries ); slapi_pblock_get( pb, SLAPI_SEARCH_SIZELIMIT, &slimit ); slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &tlimit ); @@ -1355,32 +1366,30 @@ slapi_pblock_get( pb, SLAPI_REQUESTOR_ISROOT, &isroot ); slapi_pblock_get( pb, SLAPI_SEARCH_REFERRALS, &urls ); slapi_pblock_get( pb, SLAPI_TARGET_UNIQUEID, &target_uniqueid ); - slapi_pblock_get( pb, SLAPI_SEARCH_RESULT_SET, &sr ); slapi_pblock_get( pb, SLAPI_TXN, &txn.back_txn_txn ); - slapi_pblock_get( pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx ); + slapi_pblock_get( pb, SLAPI_CONNECTION, &conn ); + slapi_pblock_get( pb, SLAPI_OPERATION, &op ); if ( !txn.back_txn_txn ) { dblayer_txn_init( li, &txn ); slapi_pblock_set( pb, SLAPI_TXN, txn.back_txn_txn ); } - if (NULL == sr) { - goto bail; - } - if (sr->sr_norm_filter) { int val = 1; slapi_pblock_set( pb, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &val ); filter = sr->sr_norm_filter; } - if (NULL == basesdn) { - slapi_send_ldap_result( pb, LDAP_INVALID_DN_SYNTAX, NULL, - "Null target DN", 0, NULL ); - return( -1 ); - } - - if (sr->sr_current_sizelimit >= 0) { + if (op_is_pagedresults(op)) { + int myslimit; + /* On Simple Paged Results search, sizelimit is appied for each page. */ + slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx); + myslimit = pagedresults_get_sizelimit(conn, op, pr_idx); + if (myslimit >= 0) { + slimit = myslimit; + } + } else if (sr->sr_current_sizelimit >= 0) { /* * sr_current_sizelimit contains the current sizelimit. * In case of paged results, getting one page is one operation, @@ -1397,8 +1406,7 @@ /* Return to the cache the entry we handed out last time */ /* If we are using the extension, the front end will tell * us when to do this so we don't do it now */ - if ( !use_extension ) - { + if (sr->sr_entry && !use_extension) { CACHE_RETURN( &inst->inst_cache, &(sr->sr_entry) ); sr->sr_entry = NULL; } @@ -1422,15 +1430,12 @@ /* check for abandon */ if ( slapi_op_abandoned( pb ) || (NULL == sr) ) { - /* in case paged results, clean up the conn */ - pagedresults_set_search_result( pb->pb_conn, NULL, 0, pr_idx ); - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, NULL ); slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate ); if ( use_extension ) { slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY_EXT, NULL ); } slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, NULL ); - delete_search_result_set( &sr ); + delete_search_result_set(pb, &sr); rc = SLAPI_FAIL_GENERAL; goto bail; } @@ -1439,15 +1444,12 @@ curtime = current_time(); if ( tlimit != -1 && curtime > stoptime ) { - /* in case paged results, clean up the conn */ - pagedresults_set_search_result( pb->pb_conn, NULL, 0, pr_idx ); - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, NULL ); slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate ); if ( use_extension ) { slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY_EXT, NULL ); } slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY, NULL ); - delete_search_result_set( &sr ); + delete_search_result_set(pb, &sr); rc = SLAPI_FAIL_GENERAL; slapi_send_ldap_result( pb, LDAP_TIMELIMIT_EXCEEDED, NULL, NULL, nentries, urls ); goto bail; @@ -1456,15 +1458,12 @@ /* check lookthrough limit */ if ( llimit != -1 && sr->sr_lookthroughcount >= llimit ) { - /* in case paged results, clean up the conn */ - pagedresults_set_search_result( pb->pb_conn, NULL, 0, pr_idx ); - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, NULL ); slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate );
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_usn.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldbm_usn.c
Changed
@@ -124,6 +124,7 @@ DBC *dbc = NULL; DBT key; /* For the last usn */ DBT value; + PRInt64 signed_last_usn; if (NULL == last_usn) { return rc; @@ -167,7 +168,10 @@ p = (char *)key.data; } if (0 == rc) { - *last_usn = strtoll(++p, (char **)NULL, 0); /* key.data: =num */ + signed_last_usn = strtoll(++p, (char **)NULL, 0); /* key.data: =num */ + if (signed_last_usn > SIGNEDINITIALUSN) { + *last_usn = signed_last_usn; + } } } else if (DB_NOTFOUND == rc) { /* if empty, it's okay. This is just a beginning. */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/ldif2ldbm.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/ldif2ldbm.c
Changed
@@ -2246,15 +2246,23 @@ * Update the Virtual List View indexes */ for ( vlvidx = 0; vlvidx < numvlv; vlvidx++ ) { + char *ai = "Unknown index"; + if ( g_get_shutdown() || c_get_shutdown() ) { goto err_out; } + if(indexAttrs){ + if(indexAttrs[vlvidx]){ + ai = indexAttrs[vlvidx]; + } + } if (!run_from_cmdline) { rc = dblayer_txn_begin(li, NULL, &txn); if (0 != rc) { + LDAPDebug(LDAP_DEBUG_ANY, "%s: ERROR: failed to begin txn for update index '%s'\n", - inst->inst_name, indexAttrs[vlvidx], 0); + inst->inst_name, ai, 0); LDAPDebug(LDAP_DEBUG_ANY, "%s: Error %d: %s\n", inst->inst_name, rc, dblayer_strerror(rc)); @@ -2262,7 +2270,7 @@ slapi_task_log_notice(task, "%s: ERROR: failed to begin txn for update index '%s' " "(err %d: %s)", inst->inst_name, - indexAttrs[vlvidx], rc, dblayer_strerror(rc)); + ai, rc, dblayer_strerror(rc)); } return_value = -2; goto err_out; @@ -2281,7 +2289,7 @@ if (0 != rc) { LDAPDebug(LDAP_DEBUG_ANY, "%s: ERROR: failed to commit txn for update index '%s'\n", - inst->inst_name, indexAttrs[vlvidx], 0); + inst->inst_name, ai, 0); LDAPDebug(LDAP_DEBUG_ANY, "%s: Error %d: %s\n", inst->inst_name, rc, dblayer_strerror(rc)); @@ -2289,7 +2297,7 @@ slapi_task_log_notice(task, "%s: ERROR: failed to commit txn for update index '%s' " "(err %d: %s)", inst->inst_name, - indexAttrs[vlvidx], rc, dblayer_strerror(rc)); + ai, rc, dblayer_strerror(rc)); } return_value = -2; goto err_out;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/misc.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/misc.c
Changed
@@ -420,6 +420,7 @@ /* Either something went wrong when the RUV callback tried to assemble * the updates for us, or there were no updates because the op doesn't * target a replica. */ + /* or, the CSN is already covered by the RUV */ if (1 != rc || NULL == smods || NULL == uniqueid) { return (rc); } @@ -444,7 +445,7 @@ modify_init( mc, bentry ); - if (modify_apply_mods( mc, smods )) { + if (modify_apply_mods_ignore_error( mc, smods, LDAP_TYPE_OR_VALUE_EXISTS )) { LDAPDebug( LDAP_DEBUG_ANY, "Error: ldbm_txn_ruv_modify_context failed to apply updates to RUV entry\n", 0, 0, 0 ); rc = -1;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/monitor.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/monitor.c
Changed
@@ -214,13 +214,13 @@ #endif MSETF("dbFilename-%d", i); - sprintf(buf, "%u", mpfstat[i]->st_cache_hit); + sprintf(buf, "%lu", (unsigned long)mpfstat[i]->st_cache_hit); MSETF("dbFileCacheHit-%d", i); - sprintf(buf, "%u", mpfstat[i]->st_cache_miss); + sprintf(buf, "%lu", (unsigned long)mpfstat[i]->st_cache_miss); MSETF("dbFileCacheMiss-%d", i); - sprintf(buf, "%u", mpfstat[i]->st_page_in); + sprintf(buf, "%lu", (unsigned long)mpfstat[i]->st_page_in); MSETF("dbFilePageIn-%d", i); - sprintf(buf, "%u", mpfstat[i]->st_page_out); + sprintf(buf, "%lu", (unsigned long)mpfstat[i]->st_page_out); MSETF("dbFilePageOut-%d", i); slapi_ch_free_string(&absolute_pathname); @@ -267,7 +267,7 @@ } /* cache hits*/ - sprintf(buf, "%u", mpstat->st_cache_hit); + sprintf(buf, "%lu", (unsigned long)mpstat->st_cache_hit); MSET("dbCacheHits"); /* cache tries*/ @@ -279,13 +279,13 @@ sprintf(buf, "%lu", (unsigned long)(100.0 * (double)mpstat->st_cache_hit / (double)(cache_tries > 0 ? cache_tries : 1) )); MSET("dbCacheHitRatio"); - sprintf(buf, "%u", mpstat->st_page_in); + sprintf(buf, "%lu", (unsigned long)mpstat->st_page_in); MSET("dbCachePageIn"); - sprintf(buf, "%u", mpstat->st_page_out); + sprintf(buf, "%lu", (unsigned long)mpstat->st_page_out); MSET("dbCachePageOut"); - sprintf(buf, "%u", mpstat->st_ro_evict); + sprintf(buf, "%lu", (unsigned long)mpstat->st_ro_evict); MSET("dbCacheROEvict"); - sprintf(buf, "%u", mpstat->st_rw_evict); + sprintf(buf, "%lu", (unsigned long)mpstat->st_rw_evict); MSET("dbCacheRWEvict"); slapi_ch_free((void **)&mpstat);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
Changed
@@ -76,6 +76,8 @@ void cache_debug_hash(struct cache *cache, char **out); int cache_remove(struct cache *cache, void *e); void cache_return(struct cache *cache, void **bep); +void cache_lock(struct cache *cache); +void cache_unlock(struct cache *cache); struct backentry *cache_find_dn(struct cache *cache, const char *dn, unsigned long ndnlen); struct backentry *cache_find_id(struct cache *cache, ID id); struct backentry *cache_find_uuid(struct cache *cache, const char *uuid); @@ -235,6 +237,7 @@ int idl_append(IDList *idl, ID id); int idl_append_extend(IDList **idl, ID id); void idl_insert(IDList **idl, ID id); +int idl_sort_cmp(const void *x, const void *y); /* * idl_delete - delete an id from an id list. * returns 0 id deleted @@ -289,7 +292,7 @@ IDList* index_read( backend *be, char *type, const char* indextype, const struct berval* val, back_txn *txn, int *err ); IDList* index_read_ext( backend *be, char *type, const char* indextype, const struct berval* val, back_txn *txn, int *err, int *unindexed ); -IDList* index_read_ext_allids( backend *be, char *type, const char* indextype, const struct berval* val, back_txn *txn, int *err, int *unindexed, int allidslimit ); +IDList* index_read_ext_allids( Slapi_PBlock *pb, backend *be, char *type, const char* indextype, const struct berval* val, back_txn *txn, int *err, int *unindexed, int allidslimit ); IDList* index_range_read( Slapi_PBlock *pb, backend *be, char *type, const char* indextype, int ftype, struct berval* val, struct berval* nextval, int range, back_txn *txn, int *err ); IDList* index_range_read_ext( Slapi_PBlock *pb, backend *be, char *type, const char* indextype, int ftype, struct berval* val, struct berval* nextval, int range, back_txn *txn, int *err, int allidslimit ); const char *encode( const struct berval* data, char buf[BUFSIZ] ); @@ -346,6 +349,7 @@ int modify_apply_mods(modify_context *mc, Slapi_Mods *smods); int modify_term(modify_context *mc,backend *be); int modify_switch_entries(modify_context *mc,backend *be); +int modify_apply_mods_ignore_error(modify_context *mc, Slapi_Mods *smods, int error); /* * add.c
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/seq.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/seq.c
Changed
@@ -221,8 +221,6 @@ } } break; - default: - PR_ASSERT(0); } dbc->c_close(dbc);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/sort.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/sort.c
Changed
@@ -299,15 +299,14 @@ char *matchrule = NULL; int rc = LDAP_SUCCESS; - if (NULL == sort_spec_ber->bv_val) { + if (!BV_HAS_DATA(sort_spec_ber)) { return LDAP_PROTOCOL_ERROR; } ber = ber_init(sort_spec_ber); - if(ber==NULL) - { - return -1; - } + if (ber == NULL) { + return -1; + } /* Work our way along the BER, one sort spec at a time */ for ( tag = ber_first_element( ber, &len, &last ); !term_tag(tag); tag = ber_next_element( ber, &len, last )) { @@ -470,141 +469,6 @@ } - -#if 0 -/* USE THE _SV VERSION NOW */ - -/* Comparison routine, called by qsort. - * The job here is to return the correct value - * for the operation a < b - * Returns: - * <0 when a < b - * 0 when a == b - * >0 when a > b - */ -static int compare_entries(ID *id_a, ID *id_b, sort_spec *s,baggage_carrier *bc, int *error) -{ - /* We get passed the IDs, but need to fetch the entries in order to - * perform the comparison . - */ - struct backentry *a = NULL; - struct backentry *b = NULL; - int result = 0; - sort_spec_thing *this_one = NULL; - int return_value = -1; - backend *be = bc->be; - ldbm_instance *inst = (ldbm_instance *) be->be_instance_info; - int err; - - *error = 1; - a = id2entry(be,*id_a,NULL,&err); - if (NULL == a) { - if (0 != err ) { - LDAPDebug(LDAP_DEBUG_ANY,"compare_entries db err %d\n",err,0,0); - } - /* Were up a creek without paddle here */ - /* Best to log error and set some flag */ - return 0; - } - b = id2entry(be,*id_b,NULL,&err); - if (NULL == b) { - if (0 != err ) { - LDAPDebug(LDAP_DEBUG_ANY,"compare_entries db err %d\n",err,0,0); - } - return 0; - } - /* OK, now we have the entries, so we work our way down the attribute list comparing as we go */ - for (this_one = (sort_spec_thing*)s; this_one ; this_one = this_one->next) { - - char *type = this_one->type; - int order = this_one->order; - Slapi_Attr *attr_a = NULL; - Slapi_Attr *attr_b = NULL; - struct berval **value_a = NULL; - struct berval **value_b = NULL; - - /* Get the two attribute values from the entries */ - return_value = slapi_entry_attr_find(a->ep_entry,type,&attr_a); - return_value = slapi_entry_attr_find(b->ep_entry,type,&attr_b); - /* What do we do if one or more of the entries lacks this attribute ? */ - /* if one lacks the attribute */ - if (NULL == attr_a) { - /* then if the other does too, they're equal */ - if (NULL == attr_b) { - result = 0; - continue; - } else - { - /* If one has the attribute, and the other - * doesn't, the missing attribute is the - * LARGER one. (bug #108154) -robey - */ - result = 1; - break; - } - } - if (NULL == attr_b) { - result = -1; - break; - } - /* Somewhere in here, we need to go sideways for match rule case - * we need to call the match rule plugin to get the attribute values - * converted into ordering keys. Then we proceed as usual to use those, - * but ensuring that we don't leak memory anywhere. This works as follows: - * the code assumes that the attrs are references into the entry, so - * doesn't try to free them. We need to note at the right place that - * we're on the matchrule path, and accordingly free the keys---this turns out - * to be when we free the indexer */ - if (NULL == s->matchrule) { - /* Non-match rule case */ - /* xxxPINAKI - needs modification - - value_a = attr_a->a_vals; - value_b = attr_b->a_vals; - */ - } else { - /* Match rule case */ - struct berval **actual_value_b = NULL; - struct berval **temp_value = NULL; - - /* xxxPINAKI - needs modification - struct berval **actual_value_a = NULL; - - actual_value_a = attr_a->a_vals; - actual_value_b = attr_b->a_vals; - matchrule_values_to_keys(s->mr_pb,actual_value_a,&temp_value); - */ - /* Now copy it, so the second call doesn't crap on it */ - value_a = slapi_ch_bvecdup(temp_value); /* Really, we'd prefer to not call the chXXX variant...*/ - matchrule_values_to_keys(s->mr_pb,actual_value_b,&value_b); - } - /* Compare them */ - if (!order) { - result = sort_attr_compare(value_a, value_b, s->compare_fn); - } else { - /* If reverse, invert the sense of the comparison */ - result = sort_attr_compare(value_b, value_a, s->compare_fn); - } - /* Time to free up the attribute allocated above */ - if (NULL != s->matchrule) { - ber_bvecfree(value_a); - } - /* Are they equal ? */ - if (0 != result) { - /* If not, we're done */ - break; - } - /* If so, proceed to the next attribute for comparison */ - } - CACHE_RETURN(&inst->inst_cache,&a); - CACHE_RETURN(&inst->inst_cache,&b); - *error = 0; - return result; -} -#endif - /* Comparison routine, called by qsort. * The job here is to return the correct value * for the operation a < b @@ -632,7 +496,7 @@ a = id2entry(be,*id_a,&txn,&err); if (NULL == a) { if (0 != err ) { - LDAPDebug(LDAP_DEBUG_TRACE,"compare_entries db err %d\n",err,0,0); + LDAPDebug(LDAP_DEBUG_TRACE,"compare_entries_sv db err %d\n",err,0,0); } /* Were up a creek without paddle here */ /* Best to log error and set some flag */ @@ -641,7 +505,7 @@ b = id2entry(be,*id_b,&txn,&err); if (NULL == b) { if (0 != err ) { - LDAPDebug(LDAP_DEBUG_TRACE,"compare_entries db err %d\n",err,0,0); + LDAPDebug(LDAP_DEBUG_TRACE,"compare_entries_sv db err %d\n",err,0,0); } CACHE_RETURN(&inst->inst_cache,&a); return 0; @@ -688,7 +552,7 @@ * doesn't try to free them. We need to note at the right place that * we're on the matchrule path, and accordingly free the keys---this turns out * to be when we free the indexer */ - if (NULL == s->matchrule) { + if (NULL == this_one->matchrule) { /* Non-match rule case */ valuearray_get_bervalarray(valueset_get_valuearray(&attr_a->a_present_values),&value_a); valuearray_get_bervalarray(valueset_get_valuearray(&attr_b->a_present_values),&value_b); @@ -700,22 +564,22 @@ valuearray_get_bervalarray(valueset_get_valuearray(&attr_a->a_present_values),&actual_value_a); valuearray_get_bervalarray(valueset_get_valuearray(&attr_b->a_present_values),&actual_value_b); - matchrule_values_to_keys(s->mr_pb,actual_value_a,&temp_value); + matchrule_values_to_keys(this_one->mr_pb,actual_value_a,&temp_value); /* Now copy it, so the second call doesn't crap on it */ value_a = slapi_ch_bvecdup(temp_value); /* Really, we'd prefer to not call the chXXX variant...*/ - matchrule_values_to_keys(s->mr_pb,actual_value_b,&value_b); + matchrule_values_to_keys(this_one->mr_pb,actual_value_b,&value_b); if (actual_value_a) ber_bvecfree(actual_value_a);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/start.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/start.c
Changed
@@ -116,6 +116,15 @@ return SLAPI_FAIL_GENERAL; } + /* lookthrough limit for the rangesearch */ + if ( slapi_reslimit_register( SLAPI_RESLIMIT_TYPE_INT, + LDBM_RANGELOOKTHROUGHLIMIT_AT, &li->li_reslimit_rangelookthrough_handle ) + != SLAPI_RESLIMIT_STATUS_SUCCESS ) { + LDAPDebug( LDAP_DEBUG_ANY, "start: Resource limit registration failed for rangelookthroughlimit\n", + 0, 0, 0 ); + return SLAPI_FAIL_GENERAL; + } + /* If the db directory hasn't been set yet, we need to set it to * the default. */ if (NULL == li->li_directory || '\0' == li->li_directory[0]) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/upgrade.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/upgrade.c
Changed
@@ -168,6 +168,7 @@ *action = 0; dbversion_read(li, li->li_directory, &ldbmversion, &dataversion); if (NULL == ldbmversion || '\0' == *ldbmversion) { + slapi_ch_free_string(&ldbmversion); slapi_ch_free_string(&dataversion); return 0; } @@ -251,6 +252,8 @@ dbversion_read(inst->inst_li, inst_dirp, &ldbmversion, &dataversion); if (NULL == ldbmversion || '\0' == *ldbmversion) { + slapi_ch_free_string(&ldbmversion); + slapi_ch_free_string(&dataversion); return rval; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/back-ldbm/vlv.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/back-ldbm/vlv.c
Changed
@@ -1048,12 +1048,6 @@ return si; } -static int -vlv_idl_sort_cmp(const void *x, const void *y) -{ - return *(ID *)x - *(ID *)y; -} - /* build a candidate list (IDL) from a VLV index, given the starting index * and the ending index (as an inclusive list). * returns 0 on success, or an LDAP error code. @@ -1111,7 +1105,7 @@ if (dosort) { qsort((void *)&idl->b_ids[0], idl->b_nids, - (size_t)sizeof(ID), vlv_idl_sort_cmp); + (size_t)sizeof(ID), idl_sort_cmp); } *candidates = idl; @@ -1162,7 +1156,7 @@ slapi_pblock_get( pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx ); slapi_rwlock_unlock(be->vlvSearchList_lock); slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); - pagedresults_set_unindexed( pb->pb_conn, pr_idx ); + pagedresults_set_unindexed( pb->pb_conn, pb->pb_op, pr_idx ); rc = VLV_FIND_SEARCH_FAILED; } else if((*vlv_rc=vlvIndex_accessallowed(pi, pb)) != LDAP_SUCCESS) { slapi_rwlock_unlock(be->vlvSearchList_lock); @@ -1867,11 +1861,11 @@ */ BerElement *ber = NULL; int return_value = LDAP_SUCCESS; - + vlvp->value.bv_len = 0; vlvp->value.bv_val = NULL; - if (NULL == vlv_spec_ber->bv_val) + if (!BV_HAS_DATA(vlv_spec_ber)) { return_value= LDAP_OPERATIONS_ERROR; return return_value;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/bind.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/bind.c
Changed
@@ -178,7 +178,7 @@ /* check that the dn is formatted correctly */ rc = slapi_dn_syntax_check(pb, rawdn, 1); if (rc) { /* syntax check failed */ - op_shared_log_error_access(pb, "BIND", rawdn?rawdn:"", + op_shared_log_error_access(pb, "BIND", rawdn, "strict: invalid bind dn"); send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "invalid bind dn", 0, NULL); @@ -403,10 +403,12 @@ supported = slapi_get_supported_saslmechanisms_copy(); if ( (pmech = supported) != NULL ) while (1) { if (*pmech == NULL) { - /* As we call the safe function, we receive a strdup'd saslmechanisms - charray. Therefore, we need to remove it instead of NULLing it */ - charray_free(supported); - pmech = supported = NULL; + /* + * As we call the safe function, we receive a strdup'd saslmechanisms + * charray. Therefore, we need to remove it instead of NULLing it + */ + charray_free(supported); + pmech = supported = NULL; break; } if (!strcasecmp (saslmech, *pmech)) break; @@ -427,6 +429,7 @@ if (!strcasecmp (saslmech, LDAP_SASL_EXTERNAL)) { /* call preop plugins */ if (plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) != 0){ + send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL); goto free_and_return; } @@ -450,11 +453,21 @@ } /* + * Check for the client certificate. + */ + if( NULL == pb->pb_conn->c_client_cert){ + send_ldap_result( pb, LDAP_INAPPROPRIATE_AUTH, NULL, + "missing client certificate", 0, NULL ); + /* call postop plugins */ + plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN ); + goto free_and_return; + } + + /* * if the client sent us a certificate but we could not map it * to an LDAP DN, fail and return an invalidCredentials error. */ - if ( NULL != pb->pb_conn->c_client_cert && - NULL == pb->pb_conn->c_external_dn ) { + if ( NULL == pb->pb_conn->c_external_dn ) { send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, "client certificate mapping failed", 0, NULL ); /* call postop plugins */ @@ -462,10 +475,10 @@ goto free_and_return; } - if (!isroot ) { - /* check if the account is locked */ + if (!isroot) { + /* check if the account is locked */ bind_target_entry = get_entry(pb, pb->pb_conn->c_external_dn); - if ( bind_target_entry != NULL && slapi_check_account_lock(pb, bind_target_entry, + if ( bind_target_entry && slapi_check_account_lock(pb, bind_target_entry, pw_response_requested, 1 /*check password policy*/, 1 /*send ldap result*/) == 1) { /* call postop plugins */ plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN ); @@ -541,6 +554,8 @@ /* call postop plugins */ plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN ); + } else { + send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL); } goto free_and_return; /* Check if unauthenticated binds are allowed. */ @@ -639,7 +654,7 @@ bind_credentials_set( pb->pb_conn, SLAPD_AUTH_SIMPLE, slapi_ch_strdup(slapi_sdn_get_ndn(sdn)), NULL, NULL, NULL , NULL); } else { - /* + /* * right dn, wrong passwd - reject with invalid credentials */ send_ldap_result( pb, LDAP_INVALID_CREDENTIALS, NULL, NULL, 0, NULL ); @@ -663,6 +678,8 @@ /* call postop plugins */ plugin_call_plugins( pb, SLAPI_PLUGIN_POST_BIND_FN ); + } else { + send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL, "", 0, NULL); } goto free_and_return; } @@ -721,9 +738,10 @@ (rc == SLAPI_BIND_ANONYMOUS))) ) { long t; char* authtype = NULL; - - if(auto_bind) + /* rc is SLAPI_BIND_SUCCESS or SLAPI_BIND_ANONYMOUS */ + if(auto_bind) { rc = SLAPI_BIND_SUCCESS; + } switch ( method ) { case LDAP_AUTH_SIMPLE: @@ -743,53 +761,68 @@ /* authtype = SLAPD_AUTH_SASL && saslmech: */ PR_snprintf(authtypebuf, sizeof(authtypebuf), "%s%s", SLAPD_AUTH_SASL, saslmech); authtype = authtypebuf; - break; - default: /* ??? */ + break; + default: break; } if ( rc == SLAPI_BIND_SUCCESS ) { - if(!auto_bind) - bind_credentials_set( pb->pb_conn, - authtype, slapi_ch_strdup( - slapi_sdn_get_ndn(sdn)), - NULL, NULL, NULL, bind_target_entry ); - if ( auth_response_requested ) { - slapi_add_auth_response_control( pb, - slapi_sdn_get_ndn(sdn)); + if (!auto_bind) { + /* + * There could be a race that bind_target_entry was not added + * when bind_target_entry was retrieved before be_bind, but it + * was in be_bind. Since be_bind returned SLAPI_BIND_SUCCESS, + * the entry is in the DS. So, we need to retrieve it once more. + */ + if (!bind_target_entry) { + bind_target_entry = get_entry(pb, slapi_sdn_get_ndn(sdn)); + if (bind_target_entry) { + rc = slapi_check_account_lock(pb, bind_target_entry, + pw_response_requested, 1, 1); + if (1 == rc) { /* account is locked */ + goto account_locked; + } + } else { + send_ldap_result(pb, LDAP_NO_SUCH_OBJECT, NULL, "", 0, NULL); + goto free_and_return; + } + } + bind_credentials_set(pb->pb_conn, authtype, + slapi_ch_strdup(slapi_sdn_get_ndn(sdn)), + NULL, NULL, NULL, bind_target_entry); + if (!slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) { + /* check if need new password before sending + the bind success result */ + rc = need_new_pw(pb, &t, bind_target_entry, pw_response_requested); + switch (rc) { + case 1: + (void)slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRED, 0); + break; + case 2: + (void)slapi_add_pwd_control(pb, LDAP_CONTROL_PWEXPIRING, t); + break; + default: + break; + } + } + } + if (auth_response_requested) { + slapi_add_auth_response_control(pb, slapi_sdn_get_ndn(sdn)); } + if (-1 == rc) { + /* neeed_new_pw failed; need_new_pw already send_ldap_result in it. */ + goto free_and_return; + } } else { /* anonymous */ /* set bind creds here so anonymous limits are set */ - bind_credentials_set( pb->pb_conn, authtype, NULL, - NULL, NULL, NULL, NULL ); + bind_credentials_set(pb->pb_conn, authtype, NULL, NULL, NULL, NULL, NULL); if ( auth_response_requested ) { - slapi_add_auth_response_control( pb, - "" ); + slapi_add_auth_response_control(pb, ""); } } - - if ( 0 == auto_bind && (rc != SLAPI_BIND_ANONYMOUS) && - ! slapi_be_is_flag_set(be, SLAPI_BE_FLAG_REMOTE_DATA)) { - /* check if need new password before sending - the bind success result */ - switch ( need_new_pw (pb, &t, bind_target_entry, pw_response_requested )) { - case 1: - (void)slapi_add_pwd_control ( pb, - LDAP_CONTROL_PWEXPIRED, 0); - break;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/computed.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/computed.c
Changed
@@ -124,7 +124,7 @@ Slapi_Attr our_attr; slapi_attr_init(&our_attr, subschemasubentry); our_attr.a_flags = SLAPI_ATTR_FLAG_OPATTR; - valueset_add_string(&our_attr.a_present_values,SLAPD_SCHEMA_DN,CSN_TYPE_UNKNOWN,NULL); + valueset_add_string(&our_attr, &our_attr.a_present_values,SLAPD_SCHEMA_DN,CSN_TYPE_UNKNOWN,NULL); rc = (*outputfn) (c, &our_attr, e); attr_done(&our_attr); return (rc);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/config.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/config.c
Changed
@@ -165,6 +165,7 @@ char *buf = 0; char *lastp = 0; char *entrystr = 0; + char tmpfile[MAXPATHLEN+1]; if (NULL == configdir) { slapi_log_error(SLAPI_LOG_FATAL, @@ -173,33 +174,14 @@ } PR_snprintf(configfile, sizeof(configfile), "%s/%s", configdir, CONFIG_FILENAME); - if ( (rc = PR_GetFileInfo( configfile, &prfinfo )) != PR_SUCCESS ) - { - /* the "real" file does not exist; see if there is a tmpfile */ - char tmpfile[MAXPATHLEN+1]; - slapi_log_error(SLAPI_LOG_FATAL, "config", - "The configuration file %s does not exist\n", configfile); - PR_snprintf(tmpfile, sizeof(tmpfile), "%s/%s.tmp", configdir, + PR_snprintf(tmpfile, sizeof(tmpfile), "%s/%s.tmp", configdir, CONFIG_FILENAME); - if ( PR_GetFileInfo( tmpfile, &prfinfo ) == PR_SUCCESS ) { - rc = PR_Rename(tmpfile, configfile); - if (rc == PR_SUCCESS) { - slapi_log_error(SLAPI_LOG_FATAL, "config", - "The configuration file %s was restored from backup %s\n", - configfile, tmpfile); - } else { - slapi_log_error(SLAPI_LOG_FATAL, "config", - "The configuration file %s was not restored from backup %s, error %d\n", - configfile, tmpfile, rc); - return rc; /* Fail */ - } - } else { - slapi_log_error(SLAPI_LOG_FATAL, "config", - "The backup configuration file %s does not exist, either.\n", - tmpfile); - return rc; /* Fail */ - } + if ( (rc = dse_check_file(configfile, tmpfile)) == 0 ) { + PR_snprintf(tmpfile, sizeof(tmpfile), "%s/%s.bak", configdir, + CONFIG_FILENAME); + rc = dse_check_file(configfile, tmpfile); } + if ( (rc = PR_GetFileInfo( configfile, &prfinfo )) != PR_SUCCESS ) { PRErrorCode prerr = PR_GetError();
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/connection.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/connection.c
Changed
@@ -203,6 +203,7 @@ /* destroy any sasl context */ sasl_dispose((sasl_conn_t**)&conn->c_sasl_conn); /* PAGED_RESULTS */ + handle_closed_connection(conn); /* Clean up sockbufs */ pagedresults_cleanup(conn, 0 /* do not need to lock inside */); /* free the connection socket buffer */ @@ -2094,7 +2095,7 @@ PR_Lock(conn->c_mutex); /* We can already be in turbo mode, or not */ current_mode = current_turbo_flag; - if (pagedresults_in_use(conn)) { + if (pagedresults_in_use_nolock(conn)) { /* PAGED_RESULTS does not need turbo mode */ new_mode = 0; } else if (conn->c_private->operation_rate == 0) { @@ -2737,77 +2738,78 @@ disconnect_server_nomutex( Connection *conn, PRUint64 opconnid, int opid, PRErrorCode reason, PRInt32 error ) { if ( ( conn->c_sd != SLAPD_INVALID_SOCKET && - conn->c_connid == opconnid ) && !(conn->c_flags & CONN_FLAG_CLOSING) ) { - - /* - * PR_Close must be called before anything else is done because - * of NSPR problem on NT which requires that the socket on which - * I/O timed out is closed before any other I/O operation is - * attempted by the thread. - * WARNING : As of today the current code does not fulfill the - * requirements above. - */ + conn->c_connid == opconnid ) && !(conn->c_flags & CONN_FLAG_CLOSING) ) + { + /* + * PR_Close must be called before anything else is done because + * of NSPR problem on NT which requires that the socket on which + * I/O timed out is closed before any other I/O operation is + * attempted by the thread. + * WARNING : As of today the current code does not fulfill the + * requirements above. + */ - /* Mark that the socket should be closed on this connection. - * We don't want to actually close the socket here, because - * the listener thread could be PR_Polling over it right now. - * The last thread to stop using the connection will do the closing. - */ - conn->c_flags |= CONN_FLAG_CLOSING; - g_decrement_current_conn_count(); + /* Mark that the socket should be closed on this connection. + * We don't want to actually close the socket here, because + * the listener thread could be PR_Polling over it right now. + * The last thread to stop using the connection will do the closing. + */ + conn->c_flags |= CONN_FLAG_CLOSING; + g_decrement_current_conn_count(); - /* - * Print the error captured above. - */ - if (error && (EPIPE != error) ) { - slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" NSPRIu64 " op=%d fd=%d closed error %d (%s) - %s\n", - conn->c_connid, opid, conn->c_sd, error, - slapd_system_strerror(error), - slapd_pr_strerror(reason)); - } else { - slapi_log_access( LDAP_DEBUG_STATS, - "conn=%" NSPRIu64 " op=%d fd=%d closed - %s\n", - conn->c_connid, opid, conn->c_sd, - slapd_pr_strerror(reason)); - } + /* + * Print the error captured above. + */ + if (error && (EPIPE != error) ) { + slapi_log_access( LDAP_DEBUG_STATS, + "conn=%" NSPRIu64 " op=%d fd=%d closed error %d (%s) - %s\n", + conn->c_connid, opid, conn->c_sd, error, + slapd_system_strerror(error), + slapd_pr_strerror(reason)); + } else { + slapi_log_access( LDAP_DEBUG_STATS, + "conn=%" NSPRIu64 " op=%d fd=%d closed - %s\n", + conn->c_connid, opid, conn->c_sd, + slapd_pr_strerror(reason)); + } - if (! config_check_referral_mode()) { - slapi_counter_increment(g_get_global_snmp_vars()->ops_tbl.dsConnections); - } + if (! config_check_referral_mode()) { + slapi_counter_decrement(g_get_global_snmp_vars()->ops_tbl.dsConnections); + } - conn->c_gettingber = 0; - connection_abandon_operations( conn ); - /* needed here to ensure simple paged results timeout properly and - * don't impact subsequent ops */ - pagedresults_reset_timedout(conn); + conn->c_gettingber = 0; + connection_abandon_operations( conn ); + /* needed here to ensure simple paged results timeout properly and + * don't impact subsequent ops */ + pagedresults_reset_timedout_nolock(conn); - if (! config_check_referral_mode()) { - /* - * If any of the outstanding operations on this - * connection were persistent searches, then - * ding all the persistent searches to get them - * to notice that their operations have been abandoned. - */ - int found_ps = 0; - Operation *o; + if (! config_check_referral_mode()) { + /* + * If any of the outstanding operations on this + * connection were persistent searches, then + * ding all the persistent searches to get them + * to notice that their operations have been abandoned. + */ + int found_ps = 0; + Operation *o; - for ( o = conn->c_ops; !found_ps && o != NULL; o = o->o_next ) { - if ( o->o_flags & OP_FLAG_PS ) { - found_ps = 1; - } - } - if ( found_ps ) { - if ( NULL == ps_wakeup_all_fn ) { - if ( get_entry_point( ENTRY_POINT_PS_WAKEUP_ALL, - (caddr_t *)(&ps_wakeup_all_fn )) == 0 ) { - (ps_wakeup_all_fn)(); - } - } else { - (ps_wakeup_all_fn)(); + for ( o = conn->c_ops; !found_ps && o != NULL; o = o->o_next ) { + if ( o->o_flags & OP_FLAG_PS ) { + found_ps = 1; + } + } + if ( found_ps ) { + if ( NULL == ps_wakeup_all_fn ) { + if ( get_entry_point( ENTRY_POINT_PS_WAKEUP_ALL, + (caddr_t *)(&ps_wakeup_all_fn )) == 0 ) + { + (ps_wakeup_all_fn)(); + } + } else { + (ps_wakeup_all_fn)(); + } + } } - } - } } }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/conntable.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/conntable.c
Changed
@@ -444,9 +444,7 @@ val.bv_val = bufptr; val.bv_len = strlen( bufptr ); attrlist_merge( &e->e_attrs, "connection", vals ); - if (newbuf) { - slapi_ch_free_string(&newbuf); - } + slapi_ch_free_string(&newbuf); } PR_Unlock( ct->c[i].c_mutex ); }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/control.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/control.c
Changed
@@ -354,17 +354,27 @@ len = -1; /* reset for next loop iter */ } - if ( (tag != LBER_END_OF_SEQORSET) && (len != -1) ) { - goto free_and_return; - } - - slapi_pblock_set( pb, SLAPI_REQCONTROLS, ctrls ); - managedsait = slapi_control_present( ctrls, - LDAP_CONTROL_MANAGEDSAIT, NULL, NULL ); - slapi_pblock_set( pb, SLAPI_MANAGEDSAIT, &managedsait ); - pwpolicy_ctrl = slapi_control_present( ctrls, - LDAP_X_CONTROL_PWPOLICY_REQUEST, NULL, NULL ); - slapi_pblock_set( pb, SLAPI_PWPOLICY, &pwpolicy_ctrl ); + if (curcontrols == 0) { + int ctrl_not_found = 0; /* means that a given control is not present in the request */ + + slapi_pblock_set(pb, SLAPI_REQCONTROLS, NULL); + slapi_pblock_set(pb, SLAPI_MANAGEDSAIT, &ctrl_not_found); + slapi_pblock_set(pb, SLAPI_PWPOLICY, &ctrl_not_found); + slapi_log_error(SLAPI_LOG_CONNS, "connection", "Warning: conn=%d op=%d contains an empty list of controls\n", + pb->pb_conn->c_connid, pb->pb_op->o_opid); + } else { + if ((tag != LBER_END_OF_SEQORSET) && (len != -1)) { + goto free_and_return; + } + + slapi_pblock_set(pb, SLAPI_REQCONTROLS, ctrls); + managedsait = slapi_control_present(ctrls, + LDAP_CONTROL_MANAGEDSAIT, NULL, NULL); + slapi_pblock_set(pb, SLAPI_MANAGEDSAIT, &managedsait); + pwpolicy_ctrl = slapi_control_present(ctrls, + LDAP_X_CONTROL_PWPOLICY_REQUEST, NULL, NULL); + slapi_pblock_set(pb, SLAPI_PWPOLICY, &pwpolicy_ctrl); + } if ( controlsp != NULL ) { *controlsp = ctrls;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/csn.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/csn.c
Changed
@@ -298,7 +298,7 @@ } int -csn_compare(const CSN *csn1, const CSN *csn2) +csn_compare_ext(const CSN *csn1, const CSN *csn2, unsigned int flags) { PRInt32 retVal; if(csn1!=NULL && csn2!=NULL) @@ -321,7 +321,7 @@ retVal = -1; else if (csn1->rid > csn2->rid) retVal = 1; - else + else if (!(flags & CSN_COMPARE_SKIP_SUBSEQ)) { if (csn1->subseqnum < csn2->subseqnum) retVal = -1; @@ -330,6 +330,8 @@ else retVal = 0; } + else + retVal = 0; } } @@ -350,6 +352,12 @@ return(retVal); } +int +csn_compare(const CSN *csn1, const CSN *csn2) +{ + return csn_compare_ext(csn1, csn2, 0); +} + time_t csn_time_difference(const CSN *csn1, const CSN *csn2) { return csn_get_time(csn1) - csn_get_time(csn2);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/csngen.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/csngen.c
Changed
@@ -315,6 +315,8 @@ time_t remote_time, remote_offset, cur_time; PRUint16 remote_seqnum; int rc; + extern int config_get_ignore_time_skew(); + int ignore_time_skew = config_get_ignore_time_skew(); if (gen == NULL || csn == NULL) return CSN_INVALID_PARAMETER; @@ -369,7 +371,7 @@ remote_offset = remote_time - cur_time; if (remote_offset > gen->state.remote_offset) { - if (remote_offset <= CSN_MAX_TIME_ADJUST) + if (ignore_time_skew || (remote_offset <= CSN_MAX_TIME_ADJUST)) { gen->state.remote_offset = remote_offset; } @@ -640,6 +642,8 @@ static int _csngen_adjust_local_time (CSNGen *gen, time_t cur_time) { + extern int config_get_ignore_time_skew(); + int ignore_time_skew = config_get_ignore_time_skew(); time_t time_diff = cur_time - gen->state.sampled_time; if (time_diff == 0) { @@ -703,7 +707,7 @@ gen->state.remote_offset); } - if (abs (time_diff) > CSN_MAX_TIME_ADJUST) + if (!ignore_time_skew && (abs (time_diff) > CSN_MAX_TIME_ADJUST)) { slapi_log_error (SLAPI_LOG_FATAL, NULL, "_csngen_adjust_local_time: " "adjustment limit exceeded; value - %d, limit - %d\n",
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/daemon.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/daemon.c
Changed
@@ -99,14 +99,6 @@ #include "getsocketpeer.h" #endif /* ENABLE_LDAPI */ -/* - * Define the backlog number for use in listen() call. - * We use the same definition as in ldapserver/include/base/systems.h - */ -#ifndef DAEMON_LISTEN_SIZE -#define DAEMON_LISTEN_SIZE 128 -#endif - #if defined (LDAP_IOCP) #define SLAPD_WAKEUP_TIMER 250 #else @@ -136,6 +128,15 @@ #define FDS_SIGNAL_PIPE 0 +typedef struct listener_info { + int idx; /* index of this listener in the ct->fd array */ + PRFileDesc *listenfd; /* the listener fd */ + int secure; + int local; +} listener_info; + +#define SLAPD_POLL_LISTEN_READY(xxflagsxx) (xxflagsxx & PR_POLL_READ) + static int get_configured_connection_table_size(); #ifdef RESOLVER_NEEDS_LOW_FILE_DESCRIPTORS static void get_loopback_by_addr( void ); @@ -149,7 +150,7 @@ static const char *netaddr2string(const PRNetAddr *addr, char *addrbuf, size_t addrbuflen); static void set_shutdown (int); -static void setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps, PRFileDesc **i_unix, PRIntn *num_to_read); +static void setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps, PRFileDesc **i_unix, PRIntn *num_to_read, listener_info *listener_idxs, int max_listeners); #ifdef HPUX10 static void* catch_signals(); @@ -599,14 +600,6 @@ char *cookie = NULL; char *dir = NULL; - if(logs_critical){ - slapi_rwlock_rdlock(config->cfg_rwlock); - disk_mon_add_dir(list, config->accesslog); - disk_mon_add_dir(list, config->errorlog); - disk_mon_add_dir(list, config->auditlog); - slapi_rwlock_unlock(config->cfg_rwlock); - } - /* Add /var just to be safe */ #ifdef LOCALSTATEDIR disk_mon_add_dir(list, LOCALSTATEDIR); @@ -617,6 +610,9 @@ /* config and backend directories */ slapi_rwlock_rdlock(config->cfg_rwlock); disk_mon_add_dir(list, config->configdir); + disk_mon_add_dir(list, config->accesslog); + disk_mon_add_dir(list, config->errorlog); + disk_mon_add_dir(list, config->auditlog); slapi_rwlock_unlock(config->cfg_rwlock); be = slapi_get_first_backend (&cookie); @@ -638,16 +634,16 @@ * directory. */ char * -disk_mon_check_diskspace(char **dirs, PRInt64 threshold, PRInt64 *disk_space) +disk_mon_check_diskspace(char **dirs, PRUint64 threshold, PRUint64 *disk_space) { #ifdef LINUX struct statfs buf; #else struct statvfs buf; #endif - PRInt64 worst_disk_space = threshold; - PRInt64 freeBytes = 0; - PRInt64 blockSize = 0; + PRUint64 worst_disk_space = threshold; + PRUint64 freeBytes = 0; + PRUint64 blockSize = 0; char *worst_dir = NULL; int hit_threshold = 0; int i = 0; @@ -704,14 +700,14 @@ char errorbuf[BUFSIZ]; char **dirs = NULL; char *dirstr = NULL; - PRInt64 previous_mark = 0; - PRInt64 disk_space = 0; + PRUint64 previous_mark = 0; + PRUint64 disk_space = 0; PRInt64 threshold = 0; + PRUint64 halfway = 0; time_t start = 0; time_t now = 0; int deleted_rotated_logs = 0; int logging_critical = 0; - int preserve_logging = 0; int passed_threshold = 0; int verbose_logging = 0; int using_accesslog = 0; @@ -719,7 +715,6 @@ int logs_disabled = 0; int grace_period = 0; int first_pass = 1; - int halfway = 0; int ok_now = 0; while(!g_get_shutdown()) { @@ -741,7 +736,6 @@ * Get the config settings, as they could have changed */ logging_critical = config_get_disk_logging_critical(); - preserve_logging = config_get_disk_preserve_logging(); grace_period = 60 * config_get_disk_grace_period(); /* convert it to seconds */ verbose_logging = config_get_errorlog_level(); threshold = config_get_disk_threshold(); @@ -791,52 +785,51 @@ * Check if we are already critical */ if(disk_space < 4096){ /* 4 k */ - LDAPDebug(LDAP_DEBUG_ANY, "Disk space is critically low on disk (%s), remaining space: %d Kb. " + LDAPDebug(LDAP_DEBUG_ANY, "Disk space is critically low on disk (%s), remaining space: %" NSPRIu64 " Kb. " "Signaling slapd for shutdown...\n", dirstr , (disk_space / 1024), 0); g_set_shutdown( SLAPI_SHUTDOWN_EXIT ); return; } /* * If we are low, see if we are using verbose error logging, and turn it off + * if logging is not critical */ - if(verbose_logging){ - LDAPDebug(LDAP_DEBUG_ANY, "Disk space is low on disk (%s), remaining space: %d Kb, " - "setting error loglevel to zero.\n", dirstr, (disk_space / 1024), 0); - config_set_errorlog_level(CONFIG_LOGLEVEL_ATTRIBUTE, 0, errorbuf, CONFIG_APPLY); + if(verbose_logging != 0 && verbose_logging != LDAP_DEBUG_ANY){ + LDAPDebug(LDAP_DEBUG_ANY, "Disk space is low on disk (%s), remaining space: %" NSPRIu64 " Kb, " + "temporarily setting error loglevel to zero.\n", dirstr, + (disk_space / 1024), 0); + /* Setting the log level back to zero, actually sets the value to LDAP_DEBUG_ANY */ + config_set_errorlog_level(CONFIG_LOGLEVEL_ATTRIBUTE, "0", errorbuf, CONFIG_APPLY); continue; } /* * If we are low, there's no verbose logging, logs are not critical, then disable the * access/audit logs, log another error, and continue. */ - if(!logs_disabled && (!preserve_logging || !logging_critical)){ - if(disk_space < previous_mark){ - LDAPDebug(LDAP_DEBUG_ANY, "Disk space is too low on disk (%s), remaining space: %d Kb, " - "disabling access and audit logging.\n", dirstr, (disk_space / 1024), 0); - config_set_accesslog_enabled(LOGGING_OFF); - config_set_auditlog_enabled(LOGGING_OFF); - logs_disabled = 1; - } + if(!logs_disabled && !logging_critical){ + LDAPDebug(LDAP_DEBUG_ANY, "Disk space is too low on disk (%s), remaining space: %" NSPRIu64 " Kb, " + "disabling access and audit logging.\n", dirstr, (disk_space / 1024), 0); + config_set_accesslog_enabled(LOGGING_OFF); + config_set_auditlog_enabled(LOGGING_OFF); + logs_disabled = 1; continue; } /* * If we are low, we turned off verbose logging, logs are not critical, and we disabled * access/audit logging, then delete the rotated logs, log another error, and continue. */ - if(!deleted_rotated_logs && (!preserve_logging || !logging_critical)){ - if(disk_space < previous_mark){ - LDAPDebug(LDAP_DEBUG_ANY, "Disk space is too low on disk (%s), remaining space: %d Kb, " - "deleting rotated logs.\n", dirstr, (disk_space / 1024), 0); - log__delete_rotated_logs(); - deleted_rotated_logs = 1; - } + if(!deleted_rotated_logs && !logging_critical){ + LDAPDebug(LDAP_DEBUG_ANY, "Disk space is too low on disk (%s), remaining space: %" NSPRIu64 " Kb, " + "deleting rotated logs.\n", dirstr, (disk_space / 1024), 0); + log__delete_rotated_logs(); + deleted_rotated_logs = 1; continue; } /* * Ok, we've done what we can, log a message if we continue to lose available disk space */ if(disk_space < previous_mark){ - LDAPDebug(LDAP_DEBUG_ANY, "Disk space is too low on disk (%s), remaining space: %d Kb\n", + LDAPDebug(LDAP_DEBUG_ANY, "Disk space is too low on disk (%s), remaining space: %" NSPRIu64 " Kb\n", dirstr, (disk_space / 1024), 0); } /* @@ -848,7 +841,7 @@ * */ if(disk_space < halfway){ - LDAPDebug(LDAP_DEBUG_ANY, "Disk space on (%s) is too far below the threshold(%d bytes). " + LDAPDebug(LDAP_DEBUG_ANY, "Disk space on (%s) is too far below the threshold(%" NSPRIu64 " bytes). " "Waiting %d minutes for disk space to be cleaned up before shutting slapd down...\n",
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/dn.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/dn.c
Changed
@@ -2037,7 +2037,7 @@ slapi_sdn_done(sdn); sdn->flag = slapi_setbit_uchar(sdn->flag, FLAG_DN); if(normdn == NULL) { - sdn->dn = slapi_ch_strdup(normdn); + sdn->dn = NULL; sdn->ndn_len = 0; } else { sdn->dn = slapi_ch_strdup(normdn); @@ -2114,10 +2114,7 @@ { /* NewDN= NewRDN + DN */ const char *dn= slapi_sdn_get_dn(sdn); - char *newdn= slapi_ch_malloc(strlen(rawrdn)+1+strlen(dn)+1); - strcpy( newdn, rawrdn ); - strcat( newdn, "," ); - strcat( newdn, dn ); + char *newdn = slapi_ch_smprintf("%s,%s", rawrdn, dn); slapi_sdn_set_dn_passin(sdn,newdn); } return sdn; @@ -2345,7 +2342,7 @@ void slapi_sdn_get_rdn(const Slapi_DN *sdn,Slapi_RDN *rdn) { - slapi_rdn_set_dn(rdn,sdn->dn); + slapi_rdn_set_dn(rdn, slapi_sdn_get_dn(sdn)); } Slapi_DN * @@ -2516,6 +2513,50 @@ return rc; } +/* + * Return non-zero if "dn" matches the scoping criteria + * given by "base" and "scope". + * If SLAPI_ENTRY_FLAG_TOMBSTONE is set to flags, + * DN without "nsuniqueid=...," is examined. + */ +int +slapi_sdn_scope_test_ext( const Slapi_DN *dn, const Slapi_DN *base, int scope, int flags ) +{ + int rc = 0; + + switch ( scope ) { + case LDAP_SCOPE_BASE: + if (flags & SLAPI_ENTRY_FLAG_TOMBSTONE) { + Slapi_DN parent; + slapi_sdn_init(&parent); + slapi_sdn_get_parent(dn, &parent); + rc = ( slapi_sdn_compare( dn, &parent ) == 0 ); + slapi_sdn_done(&parent); + } else { + rc = ( slapi_sdn_compare( dn, base ) == 0 ); + } + break; + case LDAP_SCOPE_ONELEVEL: +#define RUVRDN SLAPI_ATTR_UNIQUEID "=" RUV_STORAGE_ENTRY_UNIQUEID "," + if ((flags & SLAPI_ENTRY_FLAG_TOMBSTONE) && + (strncmp(slapi_sdn_get_ndn(dn), RUVRDN, sizeof(RUVRDN) - 1))) { + /* tombstones except RUV tombstone */ + Slapi_DN parent; + slapi_sdn_init(&parent); + slapi_sdn_get_parent(dn, &parent); + rc = ( slapi_sdn_isparent( base, &parent ) != 0 ); + slapi_sdn_done(&parent); + } else { + rc = ( slapi_sdn_isparent( base, dn ) != 0 ); + } + break; + case LDAP_SCOPE_SUBTREE: + rc = ( slapi_sdn_issuffix( dn, base ) != 0 ); + break; + } + return rc; +} + /* * build the new dn of an entry for moddn operations */ @@ -2562,8 +2603,22 @@ size_t slapi_sdn_get_size(const Slapi_DN *sdn) { - size_t sz = sizeof(Slapi_DN); - sz += slapi_sdn_get_ndn_len(sdn); - sz += strlen(sdn->dn) + 1; + size_t sz = 0; + /* slapi_sdn_get_ndn_len returns the normalized dn length + * if dn or ndn exists. If both does not exist, it + * normalizes udn and set it to dn and returns the length. + */ + if (NULL == sdn) { + return sz; + } + sz += slapi_sdn_get_ndn_len(sdn) + 1 /* '\0' */; + if (sdn->dn && sdn->ndn) { + sz *= 2; + } + if (sdn->udn) { + sz += strlen(sdn->udn) + 1; + } + sz += sizeof(Slapi_DN); return sz; } +
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/dse.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/dse.c
Changed
@@ -651,6 +651,40 @@ slapi_sdn_done(&parent); } +/* check if a file is valid, or if a provided backup file can be used. + * there is no way to determine if the file contents is usable, the only + * checks that can be done is that the file exists and that it is not size 0 + */ +int +dse_check_file(char *filename, char *backupname) +{ + int rc= 0; /* Fail */ + PRFileInfo prfinfo; + + if (PR_GetFileInfo( filename, &prfinfo ) == PR_SUCCESS) { + if ( prfinfo.size > 0) + return (1); + else { + rc = PR_Delete (filename); + } + } + + if (backupname) + rc = PR_Rename (backupname, filename); + else + return (0); + + if ( PR_GetFileInfo( filename, &prfinfo ) == PR_SUCCESS && prfinfo.size > 0 ) { + slapi_log_error(SLAPI_LOG_FATAL, "dse", + "The configuration file %s was restored from backup %s\n", filename, backupname); + return (1); + } else { + slapi_log_error(SLAPI_LOG_FATAL, "dse", + "The configuration file %s was not restored from backup %s, error %d\n", + filename, backupname, rc); + return (0); + } +} static int dse_read_one_file(struct dse *pdse, const char *filename, Slapi_PBlock *pb, int primary_file ) @@ -669,27 +703,11 @@ if ( (NULL != pdse) && (NULL != filename) ) { - if ( (rc = PR_GetFileInfo( filename, &prfinfo )) != PR_SUCCESS ) - { - /* the "real" file does not exist; see if there is a tmpfile */ - if ( pdse->dse_tmpfile && - PR_GetFileInfo( pdse->dse_tmpfile, &prfinfo ) == PR_SUCCESS ) { - rc = PR_Rename(pdse->dse_tmpfile, filename); - if (rc == PR_SUCCESS) { - slapi_log_error(SLAPI_LOG_FATAL, "dse", - "The configuration file %s was restored from backup %s\n", - filename, pdse->dse_tmpfile); - rc = 1; - } else { - slapi_log_error(SLAPI_LOG_FATAL, "dse", - "The configuration file %s was not restored from backup %s, error %d\n", - filename, pdse->dse_tmpfile, rc); - rc = 0; - } - } else { - rc = 0; /* fail */ - } - } + /* check if the "real" file exists and cam be used, if not try tmp as backup */ + rc = dse_check_file(filename, pdse->dse_tmpfile); + if (!rc) + rc = dse_check_file(filename, pdse->dse_fileback); + if ( (rc = PR_GetFileInfo( filename, &prfinfo )) != PR_SUCCESS ) { slapi_log_error(SLAPI_LOG_FATAL, "dse",
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/entry.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/entry.c
Changed
@@ -85,10 +85,20 @@ /* * WARNING: s gets butchered... the base type remains. */ -void -str2entry_state_information_from_type(char *s,CSNSet **csnset,CSN **attributedeletioncsn,CSN **maxcsn,int *value_state,int *attr_state) -{ - char *p= strchr(s, ';'); +static void +str2entry_state_information_from_type(struct berval *atype, + CSNSet **csnset, + CSN **attributedeletioncsn, + CSN **maxcsn, + int *value_state, + int *attr_state) +{ + char *p = NULL; + char *semicolonp = NULL; + if ((NULL == atype) || (NULL == atype->bv_val)) { + return; + } + p = PL_strchr(atype->bv_val, ';'); *value_state= VALUE_PRESENT; *attr_state= ATTRIBUTE_PRESENT; while(p!=NULL) @@ -147,19 +157,31 @@ csn_init_by_csn ( *maxcsn, *attributedeletioncsn ); } } + if (NULL == semicolonp) { + semicolonp = p; /* the first semicolon */ + } } else if(strncmp(p+1,"deletedattribute", 16)==0) { p[0]='\0'; *attr_state= ATTRIBUTE_DELETED; + if (NULL == semicolonp) { + semicolonp = p; /* the first semicolon */ + } } else if(strncmp(p+1,"deleted", 7)==0) { p[0]='\0'; *value_state= VALUE_DELETED; + if (NULL == semicolonp) { + semicolonp = p; /* the first semicolon */ + } } p= strchr(p+1, ';'); } + if (semicolonp) { + atype->bv_len = semicolonp - atype->bv_val; + } } /* rawdn is not consumed. Caller needs to free it. */ @@ -223,27 +245,26 @@ int freeval = 0; int value_state= VALUE_NOTFOUND; int attr_state= ATTRIBUTE_NOTFOUND; - int maxvals; - int del_maxvals; if ( *s == '\n' || *s == '\0' ) { break; } if ( slapi_ldif_parse_line( s, &type, &value, &freeval ) < 0 ) { - LDAPDebug( LDAP_DEBUG_TRACE, - "<= str2entry_fast NULL (parse_line)\n", 0, 0, 0 ); + LDAPDebug0Args(LDAP_DEBUG_TRACE, "<= str2entry_fast NULL (parse_line)\n"); continue; } /* * Extract the attribute and value CSNs from the attribute type. - */ + */ csn_free(&attributedeletioncsn); /* JCM - Do this more efficiently */ csnset_free(&valuecsnset); value_state= VALUE_NOTFOUND; attr_state= ATTRIBUTE_NOTFOUND; - str2entry_state_information_from_type(type.bv_val,&valuecsnset,&attributedeletioncsn,&maxcsn,&value_state,&attr_state); + str2entry_state_information_from_type(&type, + &valuecsnset, &attributedeletioncsn, + &maxcsn, &value_state, &attr_state); if(!read_stateinfo) { /* We are not maintaining state information */ @@ -266,9 +287,7 @@ slapi_ch_free_string(&ptype); ptype=PL_strndup(type.bv_val, type.bv_len); nvals = 0; - maxvals = 0; del_nvals = 0; - del_maxvals = 0; a = NULL; } @@ -327,7 +346,7 @@ rawdn = NULL; /* Set once in the loop. This won't affect the caller's passed address. */ } - if ( PL_strncasecmp( type.bv_val, "dn", type.bv_len ) == 0 ) { + if ( type.bv_len == SLAPI_ATTR_DN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_DN, type.bv_len ) == 0 ) { if ( slapi_entry_get_dn_const(e)!=NULL ) { char ebuf[ BUFSIZ ]; LDAPDebug( LDAP_DEBUG_TRACE, @@ -363,7 +382,7 @@ continue; } - if ( PL_strncasecmp( type.bv_val, "rdn", type.bv_len ) == 0 ) { + if ( type.bv_len == SLAPI_ATTR_RDN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_RDN, type.bv_len ) == 0 ) { if ( NULL == slapi_entry_get_rdn_const( e )) { slapi_entry_set_rdn( e, value.bv_val ); } @@ -374,14 +393,13 @@ /* If SLAPI_STR2ENTRY_NO_ENTRYDN is set, skip entrydn */ if ( (flags & SLAPI_STR2ENTRY_NO_ENTRYDN) && - PL_strncasecmp( type.bv_val, "entrydn", type.bv_len ) == 0 ) { + type.bv_len == SLAPI_ATTR_ENTRYDN_LENGTH && PL_strncasecmp( type.bv_val, SLAPI_ATTR_ENTRYDN, type.bv_len ) == 0 ) { if (freeval) slapi_ch_free_string(&value.bv_val); continue; } /* retrieve uniqueid */ - if ( PL_strncasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID, type.bv_len) == 0 ){ - + if ((type.bv_len == SLAPI_ATTR_UNIQUEID_LENGTH) && (PL_strcasecmp (type.bv_val, SLAPI_ATTR_UNIQUEID) == 0)) { if (e->e_uniqueid != NULL){ LDAPDebug (LDAP_DEBUG_TRACE, "str2entry_fast: entry has multiple uniqueids %s " @@ -398,10 +416,11 @@ continue; } - if (PL_strncasecmp(type.bv_val,"objectclass",type.bv_len) == 0) { - if (PL_strncasecmp(value.bv_val,"ldapsubentry",value.bv_len) == 0) + if (value_state == VALUE_PRESENT && type.bv_len >= SLAPI_ATTR_OBJECTCLASS_LENGTH + && PL_strncasecmp(type.bv_val, SLAPI_ATTR_OBJECTCLASS, type.bv_len) == 0) { + if (value.bv_len >= SLAPI_ATTR_VALUE_SUBENTRY_LENGTH && PL_strncasecmp(value.bv_val,SLAPI_ATTR_VALUE_SUBENTRY,value.bv_len) == 0) e->e_flags |= SLAPI_ENTRY_LDAPSUBENTRY; - if (PL_strncasecmp(value.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE,value.bv_len) == 0) + if (value.bv_len >= SLAPI_ATTR_VALUE_TOMBSTONE_LENGTH && PL_strncasecmp(value.bv_val, SLAPI_ATTR_VALUE_TOMBSTONE,value.bv_len) == 0) e->e_flags |= SLAPI_ENTRY_FLAG_TOMBSTONE; } @@ -483,25 +502,21 @@ if(value_state==VALUE_DELETED) { /* consumes the value */ - valuearray_add_value_fast( - &(*a)->a_deleted_values.va, /* JCM .va is private */ - svalue, - del_nvals, - &del_maxvals, - 0/*!Exact*/, - 1/*Passin*/ ); + slapi_valueset_add_attr_value_ext( + *a, + &(*a)->a_deleted_values, + svalue, + SLAPI_VALUE_FLAG_PASSIN ); del_nvals++; } else { /* consumes the value */ - valuearray_add_value_fast( - &(*a)->a_present_values.va, /* JCM .va is private */ - svalue, - nvals, - &maxvals, - 0 /*!Exact*/, - 1 /*Passin*/ ); + slapi_valueset_add_attr_value_ext( + *a, + &(*a)->a_present_values, + svalue, + SLAPI_VALUE_FLAG_PASSIN); nvals++; } if(attributedeletioncsn!=NULL) @@ -552,6 +567,7 @@ } done: + csnset_free(&valuecsnset); csn_free(&attributedeletioncsn); csn_free(&maxcsn); LDAPDebug( LDAP_DEBUG_TRACE, "<= str2entry_fast 0x%x\n", @@ -580,8 +596,8 @@ typedef struct _str2entry_attr { char *sa_type; int sa_state; - struct valuearrayfast sa_present_values; - struct valuearrayfast sa_deleted_values;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/entrywsi.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/entrywsi.c
Changed
@@ -423,8 +423,8 @@ entry_add_present_values_wsi(Slapi_Entry *e, const char *type, struct berval **bervals, const CSN *csn, int urp, long flags) { int retVal= LDAP_SUCCESS; - Slapi_Value **valuestoadd = NULL; - valuearray_init_bervalarray(bervals,&valuestoadd); /* JCM SLOW FUNCTION */ + Slapi_Value **valuestoadd = NULL; + valuearray_init_bervalarray(bervals,&valuestoadd); /* JCM SLOW FUNCTION */ if(!valuearray_isempty(valuestoadd)) { Slapi_Attr *a= NULL; @@ -437,7 +437,7 @@ slapi_attr_init(a, type); attrlist_add(&e->e_attrs, a); } - a_flags_orig = a->a_flags; + a_flags_orig = a->a_flags; a->a_flags |= flags; /* Check if the type of the to-be-added values has DN syntax or not. */ if (slapi_attr_is_dn_syntax_attr(a)) { @@ -464,7 +464,10 @@ /* Append the pending values to a->a_present_values */ valuearray_update_csn (valuestoadd,CSN_TYPE_VALUE_UPDATED,csn); - valueset_add_valuearray_ext(&a->a_present_values, valuestoadd, SLAPI_VALUE_FLAG_PASSIN); + slapi_valueset_add_attr_valuearray_ext(a, &a->a_present_values, + valuestoadd, + valuearray_count(valuestoadd), + SLAPI_VALUE_FLAG_PASSIN, NULL); slapi_ch_free ( (void **)&valuestoadd ); /* @@ -502,7 +505,10 @@ Slapi_ValueSet vs; /* Add each deleted value to the present list */ valuearray_update_csn(deletedvalues,CSN_TYPE_VALUE_UPDATED,csn); - valueset_add_valuearray_ext(&a->a_present_values, deletedvalues, SLAPI_VALUE_FLAG_PASSIN); + slapi_valueset_add_attr_valuearray_ext(a, &a->a_present_values, + deletedvalues, + valuearray_count(deletedvalues), + SLAPI_VALUE_FLAG_PASSIN, NULL); /* Remove the deleted values from the values to add */ valueset_set_valuearray_passin(&vs,valuestoadd); valueset_remove_valuearray(&vs, a, deletedvalues, SLAPI_VALUE_FLAG_IGNOREERROR, &v); @@ -558,8 +564,8 @@ else { /* delete some specific values */ - Slapi_Value **valuestodelete= NULL; - valuearray_init_bervalarray(vals,&valuestodelete); /* JCM SLOW FUNCTION */ + Slapi_Value **valuestodelete= NULL; + valuearray_init_bervalarray(vals,&valuestodelete); /* JCM SLOW FUNCTION */ /* Check if the type of the to-be-deleted values has DN syntax * or not. */ if (slapi_attr_is_dn_syntax_attr(a)) { @@ -575,8 +581,7 @@ there are present values with a later CSN - otherwise, even though the value will be updated with a VDCSN which is later than the VUCSN, the attribute will not be deleted */ - if(slapi_attr_flag_is_set(a,SLAPI_ATTR_FLAG_SINGLE) && valuesupdated && - *valuesupdated) + if(slapi_attr_flag_is_set(a,SLAPI_ATTR_FLAG_SINGLE) && valueset_isempty(&a->a_present_values)) { attr_set_deletion_csn(a,csn); } @@ -584,7 +589,10 @@ valueset_update_csn_for_valuearray(&a->a_deleted_values, a, valuestodelete, CSN_TYPE_VALUE_DELETED, csn, &valuesupdated); valuearray_free(&valuesupdated); valuearray_update_csn(valuestodelete,CSN_TYPE_VALUE_DELETED,csn); - valueset_add_valuearray_ext(&a->a_deleted_values, valuestodelete, SLAPI_VALUE_FLAG_PASSIN); + slapi_valueset_add_attr_valuearray_ext(a, &a->a_deleted_values, + valuestodelete, + valuearray_count(valuestodelete), + SLAPI_VALUE_FLAG_PASSIN, NULL); /* all the elements in valuestodelete are passed; * should free valuestodelete only (don't call valuearray_free) * [622023] */ @@ -603,7 +611,10 @@ /* We don't maintain a deleted value list for single valued attributes */ /* Add each deleted value to the deleted set */ valuearray_update_csn(deletedvalues,CSN_TYPE_VALUE_DELETED,csn); - valueset_add_valuearray_ext(&a->a_deleted_values, deletedvalues, SLAPI_VALUE_FLAG_PASSIN); + slapi_valueset_add_attr_valuearray_ext(a, &a->a_deleted_values, + deletedvalues, + valuearray_count(deletedvalues), + SLAPI_VALUE_FLAG_PASSIN, NULL); slapi_ch_free((void **)&deletedvalues); } else { @@ -626,8 +637,8 @@ if ( retVal==LDAP_OPERATIONS_ERROR ) { LDAPDebug( LDAP_DEBUG_ANY, "Possible existing duplicate " - "value for attribute type %s found in " - "entry %s\n", a->a_type, slapi_entry_get_dn_const(e), 0 ); + "value for attribute type %s found in " + "entry %s\n", a->a_type, slapi_entry_get_dn_const(e), 0 ); } } valuearray_free(&valuestodelete); @@ -683,7 +694,7 @@ will add it back to the present list in the non urp case, or determine if the attribute needs to be added or not in the urp case - */ + */ entry_add_deleted_attribute_wsi(e, a); } } @@ -709,7 +720,7 @@ * slapi_entry_add_values() returns LDAP_SUCCESS and so the * attribute remains deleted (which is the correct outcome). */ - return( entry_add_present_values_wsi( e, type, vals, csn, urp, SLAPI_ATTR_FLAG_CMP_BITBYBIT )); + return( entry_add_present_values_wsi( e, type, vals, csn, urp, 0)); } /* @@ -1103,6 +1114,7 @@ Slapi_Value *new_value= NULL; const CSN *current_value_vucsn; const CSN *pending_value_vucsn; + const CSN *pending_value_vdcsn; const CSN *adcsn; int i; @@ -1116,27 +1128,75 @@ slapi_attr_next_value(a,i,&new_value); } attr_first_deleted_value(a,&pending_value); - /* purge_attribute_state_single_valued */ adcsn= attr_get_deletion_csn(a); current_value_vucsn= value_get_csn(current_value, CSN_TYPE_VALUE_UPDATED); pending_value_vucsn= value_get_csn(pending_value, CSN_TYPE_VALUE_UPDATED); - if((pending_value!=NULL && (csn_compare(adcsn, pending_value_vucsn)<0)) || - (pending_value==NULL && (csn_compare(adcsn, current_value_vucsn)<0))) + pending_value_vdcsn= value_get_csn(pending_value, CSN_TYPE_VALUE_DELETED); + if((pending_value!=NULL && (csn_compare(adcsn, pending_value_vucsn)<0)) || + (pending_value==NULL && (csn_compare(adcsn, current_value_vucsn)<0))) { attr_set_deletion_csn(a,NULL); adcsn= NULL; - } + } - if(new_value==NULL) + /* in the case of the following: + * add: value2 + * delete: value1 + * we will have current_value with VUCSN CSN1 + * and pending_value with VDCSN CSN2 + * and new_value == NULL + * current_value != pending_value + * and + * VUCSN == VDCSN (ignoring subseq) + * even though value1.VDCSN > value2.VUCSN + * value2 should still win because the value is _different_ + */ + if (current_value && pending_value && !new_value && !adcsn && + (0 != slapi_value_compare(a, current_value, pending_value)) && + (0 == csn_compare_ext(current_value_vucsn, pending_value_vdcsn, CSN_COMPARE_SKIP_SUBSEQ))) + { + /* just remove the deleted value */ + entry_deleted_value_to_zapped_value(a,pending_value); + pending_value = NULL; + } + else if (current_value && pending_value && !new_value && adcsn && + (attribute_state == ATTRIBUTE_DELETED) && + current_value_vucsn && !pending_value_vucsn && pending_value_vdcsn && + (csn_compare(current_value_vucsn, pending_value_vdcsn) > 0) && + (csn_compare(adcsn, pending_value_vdcsn) == 0)) + { + /* in the case of the following: + * beginning attr state is a deleted value + * incoming operation is + * add: newvalue + * attribute_state is ATTRIBUTE_DELETED + * so we have both a current_value and a pending_value + * new_value is NULL + * current_value_vucsn is CSN1 + * pending_value_vucsn is NULL + * pending_value_vdcsn is CSN2 + * adcsn is CSN2 == pending_value_vdcsn + * CSN1 > CSN2 + * since the pending_value is deleted, and the current_value has + * a greater CSN, we should keep the current_value and zap + * the pending_value + */ + /* just remove the deleted value */ + entry_deleted_value_to_zapped_value(a,pending_value); + pending_value = NULL; + attr_set_deletion_csn(a,NULL); + return; /* we are done - we are keeping the present value */ + } + else if(new_value==NULL) { - /* check if the pending value should become the current value */ - if(pending_value!=NULL) + /* check if the pending value should become the current value */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/errormap.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/errormap.c
Changed
@@ -73,6 +73,11 @@ return( s ); } +char * +slapi_pr_strerror( const int prerrno ) +{ + return slapd_pr_strerror(prerrno); +} /* * return the string equivalent of a system error @@ -92,6 +97,11 @@ return( s ); } +const char * +slapi_system_strerror( const int syserrno ) +{ + return slapd_system_strerror(syserrno); +} /* * return the string equivalent of an NSPR error. If "prerrno" is not
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/filterentry.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/filterentry.c
Changed
@@ -1037,8 +1037,11 @@ for ( f = flist; f != NULL; f = f->f_next ) { if ( slapi_vattr_filter_test_ext_internal( pb, e, f, verify_access, only_check_access, access_check_done ) != 0 ) { /* optimize AND evaluation */ - if ( ftype == LDAP_FILTER_AND ) { - /* one false is failure */ + if ( ftype == LDAP_FILTER_AND || verify_access) { + /* one false is failure + * for AND all components need to match + * and for AND and OR access to ALL filter attributes is required + */ nomatch = 1; break; } @@ -1046,8 +1049,11 @@ nomatch = 0; /* optimize OR evaluation too */ - if ( ftype == LDAP_FILTER_OR ) { - /* only one needs to be true */ + if ( ftype == LDAP_FILTER_OR && !verify_access) { + /* access to all atributes needs to be evaluated + * for filter matching + * only one needs to be true + */ break; } }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/ldaputil.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/ldaputil.c
Changed
@@ -1901,6 +1901,7 @@ } } + slapi_ch_free_string(&princ_name); if ((rc = krb5_unparse_name(ctx, princ, &princ_name))) { slapi_log_error(SLAPI_LOG_FATAL, logname, "Unable to get name of principal: "
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/libglobs.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/libglobs.c
Changed
@@ -81,8 +81,14 @@ #endif /* USE_SYSCONF */ #include "slap.h" #include "plhash.h" +#if defined(LINUX) +#include <malloc.h> +#endif #define REMOVE_CHANGELOG_CMD "remove" +#define DEFAULT_SASL_MAXBUFSIZE "65536" +#define SLAPD_DEFAULT_SASL_MAXBUFSIZE 65536 +#define DEFAULT_DISK_THRESHOLD "2097152" /* On UNIX, there's only one copy of slapd_ldap_debug */ /* On NT, each module keeps its own module_ldap_debug, which */ @@ -105,6 +111,7 @@ typedef enum { CONFIG_INT, /* maps to int */ CONFIG_LONG, /* maps to long */ + CONFIG_LONG_LONG, /* maps to a long long (PRInt64) */ CONFIG_STRING, /* maps to char* */ CONFIG_CHARRAY, /* maps to char** */ CONFIG_ON_OFF, /* maps 0/1 to "off"/"on" */ @@ -241,6 +248,9 @@ {CONFIG_PWPOLICY_LOCAL_ATTRIBUTE, config_set_pwpolicy_local, NULL, 0, (void**)&global_slapdFrontendConfig.pwpolicy_local, CONFIG_ON_OFF, NULL}, + {CONFIG_PW_ADMIN_DN_ATTRIBUTE, config_set_pw_admin_dn, + NULL, 0, + (void**)&global_slapdFrontendConfig.pw_policy.pw_admin, CONFIG_STRING, NULL}, {CONFIG_AUDITLOG_MAXLOGDISKSPACE_ATTRIBUTE, NULL, log_set_maxdiskspace, SLAPD_AUDIT_LOG, (void**)&global_slapdFrontendConfig.auditlog_maxdiskspace, CONFIG_INT, NULL}, @@ -677,8 +687,8 @@ (ConfigGetFunc)config_get_disk_monitoring}, {CONFIG_DISK_THRESHOLD, config_set_disk_threshold, NULL, 0, - (void**)&global_slapdFrontendConfig.disk_threshold, CONFIG_INT, - (ConfigGetFunc)config_get_disk_threshold}, + (void**)&global_slapdFrontendConfig.disk_threshold, + CONFIG_LONG_LONG, (ConfigGetFunc)config_get_disk_threshold}, {CONFIG_DISK_GRACE_PERIOD, config_set_disk_grace_period, NULL, 0, (void**)&global_slapdFrontendConfig.disk_grace_period, @@ -687,10 +697,32 @@ NULL, 0, (void**)&global_slapdFrontendConfig.disk_logging_critical, CONFIG_ON_OFF, (ConfigGetFunc)config_get_disk_logging_critical}, - {CONFIG_DISK_PRESERVE_LOGGING, config_set_disk_preserve_logging, + {CONFIG_SASL_MAXBUFSIZE, config_set_sasl_maxbufsize, + NULL, 0, + (void**)&global_slapdFrontendConfig.sasl_max_bufsize, + CONFIG_INT, (ConfigGetFunc)config_get_sasl_maxbufsize}, + {CONFIG_LISTEN_BACKLOG_SIZE, config_set_listen_backlog_size, + NULL, 0, + (void**)&global_slapdFrontendConfig.listen_backlog_size, CONFIG_INT, + (ConfigGetFunc)config_get_listen_backlog_size}, +#if defined(LINUX) + {CONFIG_MALLOC_MXFAST, config_set_malloc_mxfast, + NULL, 0, + (void**)&global_slapdFrontendConfig.malloc_mxfast, + CONFIG_INT, (ConfigGetFunc)config_get_malloc_mxfast}, + {CONFIG_MALLOC_TRIM_THRESHOLD, config_set_malloc_trim_threshold, + NULL, 0, + (void**)&global_slapdFrontendConfig.malloc_trim_threshold, + CONFIG_INT, (ConfigGetFunc)config_get_malloc_trim_threshold}, + {CONFIG_MALLOC_MMAP_THRESHOLD, config_set_malloc_mmap_threshold, NULL, 0, - (void**)&global_slapdFrontendConfig.disk_preserve_logging, - CONFIG_ON_OFF, (ConfigGetFunc)config_get_disk_preserve_logging}, + (void**)&global_slapdFrontendConfig.malloc_mmap_threshold, + CONFIG_INT, (ConfigGetFunc)config_get_malloc_mmap_threshold}, +#endif + {CONFIG_IGNORE_TIME_SKEW, config_set_ignore_time_skew, + NULL, 0, + (void**)&global_slapdFrontendConfig.ignore_time_skew, + CONFIG_ON_OFF, (ConfigGetFunc)config_get_ignore_time_skew} #ifdef MEMPOOL_EXPERIMENTAL ,{CONFIG_MEMPOOL_SWITCH_ATTRIBUTE, config_set_mempool_switch, NULL, 0, @@ -1090,8 +1122,18 @@ cfg->disk_monitoring = LDAP_OFF; cfg->disk_threshold = 2097152; /* 2 mb */ cfg->disk_grace_period = 60; /* 1 hour */ - cfg->disk_preserve_logging = LDAP_OFF; cfg->disk_logging_critical = LDAP_OFF; + cfg->sasl_max_bufsize = SLAPD_DEFAULT_SASL_MAXBUFSIZE; + cfg->pw_policy.pw_admin = NULL; + cfg->pw_policy.pw_admin_user = NULL; + cfg->listen_backlog_size = DAEMON_LISTEN_SIZE; + cfg->ignore_time_skew = LDAP_OFF; + +#if defined(LINUX) + cfg->malloc_mxfast = DEFAULT_MALLOC_UNSET; + cfg->malloc_trim_threshold = DEFAULT_MALLOC_UNSET; + cfg->malloc_mmap_threshold = DEFAULT_MALLOC_UNSET; +#endif #ifdef MEMPOOL_EXPERIMENTAL cfg->mempool_switch = LDAP_ON; @@ -1233,17 +1275,19 @@ { slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); int retVal = LDAP_SUCCESS; - long threshold = 0; + PRInt64 threshold = 0; char *endp = NULL; if ( config_value_is_null( attrname, value, errorbuf, 0 )) { return LDAP_OPERATIONS_ERROR; } - threshold = strtol(value, &endp, 10); + errno = 0; + threshold = strtoll(value, &endp, 10); - if ( *endp != '\0' || threshold < 2048 ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, threshold must be greater than 2048 and less then %ld", + if ( *endp != '\0' || threshold <= 4096 || errno == ERANGE ) { + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, + "%s: \"%s\" is invalid, threshold must be greater than 4096 and less then %lld", attrname, value, LONG_MAX ); retVal = LDAP_OPERATIONS_ERROR; return retVal; @@ -1259,17 +1303,6 @@ } int -config_set_disk_preserve_logging( const char *attrname, char *value, char *errorbuf, int apply ) -{ - slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); - int retVal = LDAP_SUCCESS; - - retVal = config_set_onoff ( attrname, value, &(slapdFrontendConfig->disk_preserve_logging), - errorbuf, apply); - return retVal; -} - -int config_set_disk_logging_critical( const char *attrname, char *value, char *errorbuf, int apply ) { slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); @@ -1310,6 +1343,29 @@ return retVal; } +int +config_set_sasl_maxbufsize(const char *attrname, char *value, char *errorbuf, int apply ) +{ + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + int retVal = LDAP_SUCCESS; + int default_size = atoi(DEFAULT_SASL_MAXBUFSIZE); + int size; + + size = atoi(value); + if(size < default_size){ + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "nsslapd-sasl-max-buffer-size is too low (%d), " + "setting to default value (%d).\n",size, default_size); + size = default_size; + } + if(apply){ + CFG_LOCK_WRITE(slapdFrontendConfig); + slapdFrontendConfig->sasl_max_bufsize = size; + CFG_UNLOCK_WRITE(slapdFrontendConfig); + } + + return retVal; +} + int config_set_port( const char *attrname, char *port, char *errorbuf, int apply ) { long nPort; @@ -1729,7 +1785,7 @@ sizelimit = strtol(value, &endp, 10); if ( *endp != '\0' || errno == ERANGE || sizelimit < -1 ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %ld", + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, sizelimit must range from -1 to %lld", attrname, value, LONG_MAX ); retVal = LDAP_OPERATIONS_ERROR; return retVal; @@ -1773,7 +1829,7 @@ pagedsizelimit = strtol(value, &endp, 10); if ( *endp != '\0' || errno == ERANGE || pagedsizelimit < -1 ) { - PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, pagedsizelimit must range from -1 to %ld", + PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, "%s: \"%s\" is invalid, pagedsizelimit must range from -1 to %lld", attrname, value, LONG_MAX ); retVal = LDAP_OPERATIONS_ERROR; return retVal; @@ -2536,7 +2592,7 @@ if ( *endp != '\0' || errno == ERANGE || gracelimit < 0 ) { PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "password grace limit \"%s\" is invalid, password grace limit must range from 0 to %ld", + "password grace limit \"%s\" is invalid, password grace limit must range from 0 to %lld", value , LONG_MAX ); retVal = LDAP_OPERATIONS_ERROR; return retVal; @@ -2785,6 +2841,20 @@
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/log.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/log.c
Changed
@@ -138,6 +138,7 @@ static void log_flush_buffer(LogBufferInfo *lbi, int type, int sync_now); static void log_write_title(LOGFD fp); static void log__error_emergency(const char *errstr, int reopen, int locked); +static void vslapd_log_emergency_error(LOGFD fp, const char *msg, int locked); static int slapd_log_error_proc_internal( @@ -206,6 +207,15 @@ /* Should be a flush in here ?? Yes because PR_SYNC doesn't work ! */ \ PR_Sync(fd); \ } while (0) +#define LOG_WRITE_NOW_NO_ERR(fd, buffer, size, headersize) do {\ + if ( slapi_write_buffer((fd), (buffer), (size)) != (size) ) \ + { \ + PRErrorCode prerr = PR_GetError(); \ + syslog(LOG_ERR, "Failed to write log, " SLAPI_COMPONENT_NAME_NSPR " error %d (%s): %s\n", prerr, slapd_pr_strerror(prerr), (buffer)+(headersize) ); \ + } \ + /* Should be a flush in here ?? Yes because PR_SYNC doesn't work ! */ \ + PR_Sync(fd); \ + } while (0) #define LOG_CLOSE(fd) \ PR_Close((fd)) #endif @@ -1001,8 +1011,6 @@ fe_cfg->auditlog_rotationsynchour = rhour; LOG_AUDIT_UNLOCK_WRITE(); break; - default: - rv = 1; } return rv; @@ -1055,8 +1063,6 @@ loginfo.log_audit_rotationsyncclock = log_get_rotationsyncclock( loginfo.log_audit_rotationsynchour, rmin ); LOG_AUDIT_UNLOCK_WRITE(); break; - default: - rv = 1; } return rv; @@ -1112,8 +1118,6 @@ loginfo.log_audit_rotationtime = rtime; runit = loginfo.log_audit_rotationunit; break; - default: - rv = 1; } /* find out the rotation unit we have se right now */ @@ -1141,19 +1145,17 @@ fe_cfg->accesslog_rotationtime = rtime; loginfo.log_access_rotationtime_secs = value; LOG_ACCESS_UNLOCK_WRITE(); - break; + break; case SLAPD_ERROR_LOG: fe_cfg->errorlog_rotationtime = rtime; - loginfo.log_error_rotationtime_secs = value; - LOG_ERROR_UNLOCK_WRITE(); - break; + loginfo.log_error_rotationtime_secs = value; + LOG_ERROR_UNLOCK_WRITE(); + break; case SLAPD_AUDIT_LOG: fe_cfg->auditlog_rotationtime = rtime; - loginfo.log_audit_rotationtime_secs = value; - LOG_AUDIT_UNLOCK_WRITE(); - break; - default: - rv = 1; + loginfo.log_audit_rotationtime_secs = value; + LOG_AUDIT_UNLOCK_WRITE(); + break; } return rv; } @@ -1209,8 +1211,6 @@ LOG_AUDIT_LOCK_WRITE( ); origvalue = loginfo.log_audit_rotationtime; break; - default: - rv = 1; } if (strcasecmp(runit, "month") == 0) { @@ -1260,8 +1260,6 @@ fe_cfg->auditlog_rotationunit = slapi_ch_strdup ( runit ); LOG_AUDIT_UNLOCK_WRITE(); break; - default: - rv = 1; } return rv; } @@ -1278,7 +1276,7 @@ log_set_maxdiskspace(const char *attrname, char *maxdiskspace_str, int logtype, char *errorbuf, int apply) { int rv = 0; - PRInt64 mlogsize; /* in bytes */ + PRInt64 mlogsize = 0; /* in bytes */ PRInt64 maxdiskspace; /* in bytes */ int s_maxdiskspace; /* in megabytes */ @@ -1311,9 +1309,6 @@ LOG_AUDIT_LOCK_WRITE( ); mlogsize = loginfo.log_audit_maxlogsize; break; - default: - rv = 1; - mlogsize = -1; } maxdiskspace = (PRInt64)s_maxdiskspace * LOG_MB_IN_BYTES; if (maxdiskspace < 0) { @@ -1347,11 +1342,6 @@ } LOG_AUDIT_UNLOCK_WRITE(); break; - default: - PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - "%s: invalid log type (%d) for setting maximum disk space: %d MB\n", - attrname, logtype, s_maxdiskspace); - rv = LDAP_OPERATIONS_ERROR; } return rv; @@ -1519,7 +1509,7 @@ { int value = 0; int rv = 0; - int exptime, rsecs; + int exptime = 0, rsecs = 0; int *exptimeunitp = NULL; slapdFrontendConfig_t *fe_cfg = getFrontendConfig(); @@ -1571,10 +1561,6 @@ rsecs = loginfo.log_audit_rotationtime_secs; exptimeunitp = &(loginfo.log_audit_exptimeunit); break; - default: - rv = 1; - exptime = -1; - rsecs = -1; } value = -1; @@ -1624,8 +1610,6 @@ fe_cfg->auditlog_exptimeunit = slapi_ch_strdup ( expunit ); LOG_AUDIT_UNLOCK_WRITE(); break; - default: - rv = 1; } return rv; @@ -1641,12 +1625,11 @@ char *buildnum = config_get_buildnum(); char buff[512]; int bufflen = sizeof(buff); - int err = 0; PR_snprintf(buff, bufflen, "\t%s B%s\n", fe_cfg->versionstring ? fe_cfg->versionstring : CAPBRAND "-Directory/" DS_PACKAGE_VERSION, buildnum ? buildnum : ""); - LOG_WRITE_NOW(fp, buff, strlen(buff), 0, err); + LOG_WRITE_NOW_NO_ERR(fp, buff, strlen(buff), 0); if (fe_cfg->localhost) { PR_snprintf(buff, bufflen, "\t%s:%d (%s)\n\n", @@ -1661,7 +1644,7 @@ PR_snprintf(buff, bufflen, "\t<host>:<port> (%s)\n\n", fe_cfg->configdir ? fe_cfg->configdir : ""); } - LOG_WRITE_NOW(fp, buff, strlen(buff), 0, err); + LOG_WRITE_NOW_NO_ERR(fp, buff, strlen(buff), 0); slapi_ch_free((void **)&buildnum); } @@ -1747,7 +1730,6 @@ char *buffer, int buf_len) { - int err; if ( (loginfo.log_audit_state & LOGGING_ENABLED) && (loginfo.log_audit_file != NULL) ){ LOG_AUDIT_LOCK_WRITE( ); if (log__needrotation(loginfo.log_audit_fdes, @@ -1767,7 +1749,7 @@ log_write_title( loginfo.log_audit_fdes); loginfo.log_audit_state &= ~LOGGING_NEED_TITLE; } - LOG_WRITE_NOW(loginfo.log_audit_fdes, buffer, buf_len, 0, err); + LOG_WRITE_NOW_NO_ERR(loginfo.log_audit_fdes, buffer, buf_len, 0); LOG_AUDIT_UNLOCK_WRITE(); return 0; } @@ -1834,6 +1816,57 @@ return( rc ); }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/main.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/main.c
Changed
@@ -232,7 +232,10 @@ if((ptr=strrchr(log,'/'))==NULL) { LDAPDebug(LDAP_DEBUG_ANY, "Caution changing ownership of ./%s \n",name,0,0); - slapd_chown_if_not_owner(log, pw->pw_uid, -1 ); + if(slapd_chown_if_not_owner(log, pw->pw_uid, -1 )){ + LDAPDebug(LDAP_DEBUG_ANY, "chown_dir_files: file (%s) chown failed (%d) %s.\n", + log, errno, slapd_system_strerror(errno)); + } rc=1; } else if(log==ptr) { LDAPDebug(LDAP_DEBUG_ANY, "Caution changing ownership of / directory and its contents to %s\n",pw->pw_name,0,0); @@ -247,7 +250,10 @@ while( (entry = PR_ReadDir(dir , PR_SKIP_BOTH )) !=NULL ) { PR_snprintf(file,MAXPATHLEN+1,"%s/%s",log,entry->name); - slapd_chown_if_not_owner( file, pw->pw_uid, both?pw->pw_gid:-1 ); + if(slapd_chown_if_not_owner( file, pw->pw_uid, both?pw->pw_gid:-1 )){ + LDAPDebug(LDAP_DEBUG_ANY, "chown_dir_files: file (%s) chown failed (%d) %s.\n", + file, errno, slapd_system_strerror(errno)); + } } PR_CloseDir( dir ); } @@ -2910,7 +2916,7 @@ char *cur, *next, *scopy; level = 0; - cur = scopy = slapi_ch_strdup( s ); + scopy = slapi_ch_strdup( s ); for ( cur = scopy; cur != NULL; cur = next ) { if (( next = strchr( cur, '+' )) != NULL ) { @@ -2930,12 +2936,13 @@ if ( NULL == slapd_debug_level_map[i].dle_string ) { fprintf( stderr, "Unrecognized debug level \"%s\"\n", cur ); + slapi_ch_free_string(&scopy); return -1; } } } - slapi_ch_free( (void **)&scopy ); + slapi_ch_free_string(&scopy); return level; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/mapping_tree.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/mapping_tree.c
Changed
@@ -158,8 +158,10 @@ static int _mtn_update_config_param(int op, char *type, char *strvalue); #ifdef DEBUG +#ifdef USE_DUMP_MAPPING_TREE static void dump_mapping_tree(mapping_tree_node *parent, int depth); #endif +#endif /* structure and static local variable used to store the * list of plugins that have registered to a callback when backend state @@ -1108,6 +1110,8 @@ "Error: could not find parent for %s\n", slapi_entry_get_dn(entryAfter), 0, 0); slapi_sdn_free(&subtree); + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); *returncode = LDAP_UNWILLING_TO_PERFORM; return SLAPI_DSE_CALLBACK_ERROR; } @@ -1146,6 +1150,8 @@ { free_mapping_tree_node_arrays(&backends, &be_names, &be_states, &be_list_count); slapi_sdn_free(&subtree); + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); *returncode = LDAP_UNWILLING_TO_PERFORM; return SLAPI_DSE_CALLBACK_ERROR; } @@ -1159,6 +1165,8 @@ mtn_unlock(); free_mapping_tree_node_arrays(&backends, &be_names, &be_states, &be_list_count); slapi_sdn_free(&subtree); + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); return SLAPI_DSE_CALLBACK_ERROR; } @@ -1187,12 +1195,16 @@ PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "must use replace operation to change state\n"); *returncode = LDAP_UNWILLING_TO_PERFORM; slapi_sdn_free(&subtree); + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); return SLAPI_DSE_CALLBACK_ERROR; } if ((mods[i]->mod_bvalues == NULL) || (mods[i]->mod_bvalues[0] == NULL)) { slapi_sdn_free(&subtree); *returncode = LDAP_OPERATIONS_ERROR; + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); return SLAPI_DSE_CALLBACK_ERROR; } @@ -1206,6 +1218,8 @@ { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "need to set nsslapd-backend before moving to backend state\n"); slapi_sdn_free(&subtree); + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); *returncode = LDAP_UNWILLING_TO_PERFORM; return SLAPI_DSE_CALLBACK_ERROR; } @@ -1218,6 +1232,8 @@ { PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "need to set nsslapd-referral before moving to referral state\n"); slapi_sdn_free(&subtree); + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); *returncode = LDAP_UNWILLING_TO_PERFORM; return SLAPI_DSE_CALLBACK_ERROR; } @@ -1256,6 +1272,8 @@ *returncode = LDAP_UNWILLING_TO_PERFORM; mtn_unlock(); slapi_sdn_free(&subtree); + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); return SLAPI_DSE_CALLBACK_ERROR; } @@ -1266,11 +1284,15 @@ *returncode = LDAP_OPERATIONS_ERROR; mtn_unlock(); slapi_sdn_free(&subtree); + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); return SLAPI_DSE_CALLBACK_ERROR; } mtn_unlock(); slapi_sdn_free(&subtree); + slapi_ch_free_string(&plugin_fct); + slapi_ch_free_string(&plugin_lib); *returncode = LDAP_SUCCESS; return SLAPI_DSE_CALLBACK_OK; } @@ -1283,18 +1305,18 @@ slapi_entry_attr_find(entryAfter, "nsslapd-distribution-funct", &attr); slapi_attr_first_value(attr, &val); + slapi_ch_free_string(&plugin_fct); if (NULL == val) { LDAPDebug(LDAP_DEBUG_ANY, "Warning: The nsslapd-distribution-funct attribute" " has no value for the mapping tree node %s\n", slapi_entry_get_dn(entryAfter), 0, 0); - plugin_fct = NULL; } plugin_fct = slapi_ch_strdup(slapi_value_get_string(val)); } else if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { - plugin_fct = NULL; + slapi_ch_free_string(&plugin_fct); } plugin_flag = 1; } @@ -1307,21 +1329,20 @@ slapi_entry_attr_find(entryAfter, "nsslapd-distribution-plugin", &attr); slapi_attr_first_value(attr, &val); + slapi_ch_free_string(&plugin_lib); if (NULL == val) { LDAPDebug(LDAP_DEBUG_ANY, "Warning: The nsslapd-distribution-plugin attribute" " has no value for the mapping tree node %s\n", slapi_entry_get_dn(entryAfter), 0, 0); - plugin_lib = NULL; } plugin_lib = slapi_ch_strdup(slapi_value_get_string(val)); } else if (SLAPI_IS_MOD_DELETE(mods[i]->mod_op)) { - plugin_lib = NULL; + slapi_ch_free_string(&plugin_lib); } plugin_flag = 1; - } } @@ -2451,7 +2472,7 @@ { ret = LDAP_AFFECTS_MULTIPLE_DSAS; PR_snprintf(errorbuf, BUFSIZ, - "Cannot move entries accross backends\n"); + "Cannot move entries across backends\n"); goto unlock_and_return; } } @@ -3721,6 +3742,7 @@ #endif #ifdef DEBUG +#ifdef USE_DUMP_MAPPING_TREE static void dump_mapping_tree(mapping_tree_node *parent, int depth) { mapping_tree_node *current = NULL; @@ -3751,7 +3773,8 @@ } return; } -#endif +#endif /* USE_DUMP_MAPPING_TREE */ +#endif /* DEBUG */ /* helper function to set/remove the config param in cn=config */ static int
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/modify.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/modify.c
Changed
@@ -80,6 +80,7 @@ #endif static int op_shared_allow_pw_change (Slapi_PBlock *pb, LDAPMod *mod, char **old_pw, Slapi_Mods *smods); static int hash_rootpw (LDAPMod **mods); +static int valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value ***cvals); #ifdef LDAP_DEBUG static const char* @@ -642,7 +643,6 @@ int passin_sdn = 0; LDAPMod **mods, *pw_mod, **tmpmods = NULL; Slapi_Mods smods; - Slapi_Mods unhashed_pw_smod; int repl_op, internal_op, lastmod, skip_modified_attrs; char *unhashed_pw_attr = NULL; Slapi_Operation *operation; @@ -681,8 +681,6 @@ slapi_mods_init_passin (&smods, mods); - slapi_mods_init(&unhashed_pw_smod, 0); - /* target spec is used to decide which plugins are applicable for the operation */ operation_set_target_spec (pb->pb_op, sdn); @@ -836,19 +834,134 @@ if (strcasecmp (pw_mod->mod_type, SLAPI_USERPWD_ATTR) != 0) continue; - if (LDAP_MOD_DELETE == pw_mod->mod_op) { + if ( SLAPI_IS_MOD_DELETE(pw_mod->mod_op) ) { Slapi_Attr *a = NULL; - /* delete pseudo password attribute if it exists in the entry */ - if (!slapi_entry_attr_find(e, unhashed_pw_attr, &a)) { - slapi_mods_add_mod_values(&smods, pw_mod->mod_op, - unhashed_pw_attr, va); + struct pw_scheme *pwsp = NULL; + int remove_unhashed_pw = 1; + char *valpwd = NULL; + + /* if there are mod values, we need to delete a specific userpassword */ + for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) { + char *password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val); + pwsp = pw_val2scheme( password, &valpwd, 1 ); + if(strcmp(pwsp->pws_name, "CLEAR") == 0){ + /* + * CLEAR password + * + * Ok, so now we to check the entry's userpassword values. + * First, find out the password encoding of the entry's pw. + * Then compare our clear text password to the encoded userpassword + * using the proper scheme. If we have a match, we know which + * userpassword value to delete. + */ + Slapi_Attr *pw = NULL; + struct berval bval, *bv[2]; + + if(slapi_entry_attr_find(e, SLAPI_USERPWD_ATTR, &pw) == 0 && pw){ + struct pw_scheme *pass_scheme = NULL; + Slapi_Value **present_values = NULL; + char *pval = NULL; + int ii; + + present_values = attr_get_present_values(pw); + for(ii = 0; present_values && present_values[ii]; ii++){ + const char *userpwd = slapi_value_get_string(present_values[ii]); + + pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 ); + if(strcmp(pass_scheme->pws_name,"CLEAR")){ + /* its encoded, so compare it */ + if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){ + /* + * Match, replace the mod value with the encoded password + */ + slapi_ch_free_string(&pw_mod->mod_bvalues[i]->bv_val); + pw_mod->mod_bvalues[i]->bv_val = strdup(userpwd); + pw_mod->mod_bvalues[i]->bv_len = strlen(userpwd); + free_pw_scheme( pass_scheme ); + break; + } + } else { + /* userpassword is already clear text, nothing to do */ + free_pw_scheme( pass_scheme ); + break; + } + free_pw_scheme( pass_scheme ); + } + } + /* + * Finally, delete the unhashed userpassword + */ + bval.bv_val = password; + bval.bv_len = strlen(password); + bv[0] = &bval; + bv[1] = NULL; + valuearray_init_bervalarray(bv, &va); + slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va); + valuearray_free(&va); + } else { + /* + * Password is encoded, try and find a matching unhashed_password to delete + */ + char **vals; + + /* + * Grab the current unhashed passwords from the entry. + */ + vals = slapi_entry_attr_get_charray(e, unhashed_pw_attr); + if(vals){ + int ii; + + for(ii = 0; vals && vals[ii]; ii++){ + char *unhashed_pwd = vals[ii]; + struct pw_scheme *unhashed_pwsp = NULL; + struct berval bval, *bv[2]; + + /* prepare the value to delete from the list of unhashed userpasswords */ + bval.bv_val = unhashed_pwd; + bval.bv_len = strlen(unhashed_pwd); + bv[0] = &bval; + bv[1] = NULL; + + /* + * Compare the clear text unhashed password, to the encoded password + * provided by the client. + */ + unhashed_pwsp = pw_val2scheme( unhashed_pwd, NULL, 1 ); + if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){ + if((*(pwsp->pws_cmp))(unhashed_pwd , valpwd) == 0 ){ + /* match, add the delete mod for this particular unhashed userpassword */ + valuearray_init_bervalarray(bv, &va); + slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va); + valuearray_free(&va); + free_pw_scheme( unhashed_pwsp ); + break; + } + } else { + /* + * We have a hashed unhashed_userpassword! We must delete it. + */ + valuearray_init_bervalarray(bv, &va); + slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va); + valuearray_free(&va); + } + free_pw_scheme( unhashed_pwsp ); + } + } + } + remove_unhashed_pw = 0; /* mark that we already removed the unhashed userpassword */ + slapi_ch_free_string(&password); + free_pw_scheme( pwsp ); + } + if (remove_unhashed_pw && !slapi_entry_attr_find(e, unhashed_pw_attr, &a)){ + slapi_mods_add_mod_values(&smods, pw_mod->mod_op,unhashed_pw_attr, va); } } else { - /* add pseudo password attribute */ - valuearray_init_bervalarray(pw_mod->mod_bvalues, &va); - slapi_mods_add_mod_values(&smods, pw_mod->mod_op, - unhashed_pw_attr, va); - valuearray_free(&va); + /* add pseudo password attribute - only if it's value is clear text */ + valuearray_init_bervalarray_unhashed_only(pw_mod->mod_bvalues, &va); + if(va){ + slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va); + valuearray_free(&va); + } } /* Init new value array for hashed value */ @@ -1008,7 +1121,6 @@ if (be) slapi_be_Unlock(be); - slapi_mods_done(&unhashed_pw_smod); /* can finalize now */ if (unhashed_pw_attr) slapi_ch_free ((void**)&unhashed_pw_attr); @@ -1112,11 +1224,9 @@ slapi_pblock_set( pb, SLAPI_BACKEND, slapi_be_select( &sdn ) ); /* Check if ACIs allow password to be changed */ - if ( (res = slapi_acl_check_mods(pb, e, mods, &errtxt)) != LDAP_SUCCESS) { - if (operation_is_flag_set(operation,OP_FLAG_ACTION_LOG_ACCESS)) - { - if (proxydn) - { + if ( !pw_is_pwp_admin(pb, pwpolicy) && (res = slapi_acl_check_mods(pb, e, mods, &errtxt)) != LDAP_SUCCESS){ + if (operation_is_flag_set(operation,OP_FLAG_ACTION_LOG_ACCESS)){ + if (proxydn){ proxystr = slapi_ch_smprintf(" authzid=\"%s\"", proxydn); } @@ -1128,16 +1238,23 @@ /* Write access is denied to userPassword by ACIs */ if ( pwresponse_req == 1 ) { - slapi_pwpolicy_make_response_control ( pb, -1, -1, - LDAP_PWPOLICY_PWDMODNOTALLOWED ); - }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/operation.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/operation.c
Changed
@@ -201,10 +201,11 @@ o->o_next = NULL; o->o_flags= flags; if ( config_get_accesslog_level() & LDAP_DEBUG_TIMING ) { - o->o_interval = PR_IntervalNow(); - } else { - o->o_interval = (PRIntervalTime)0; - } + o->o_interval = PR_IntervalNow(); + } else { + o->o_interval = (PRIntervalTime)0; + } + o->o_pagedresults_sizelimit = -1; } return o; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/opshared.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/opshared.c
Changed
@@ -133,7 +133,8 @@ (ps_service_fn)(e, eprev, chgtype, chgnum); } -void modify_update_last_modified_attr(Slapi_PBlock *pb, Slapi_Mods *smods) +void +modify_update_last_modified_attr(Slapi_PBlock *pb, Slapi_Mods *smods) { char buf[20]; char *plugin_dn = NULL; @@ -160,8 +161,11 @@ bv.bv_len = strlen(bv.bv_val); } else { slapi_pblock_get (pb, SLAPI_PLUGIN_IDENTITY, &cid); - if (cid) + if (cid){ plugin=(struct slapdplugin *) cid->sci_plugin; + } else { + slapi_pblock_get (pb, SLAPI_PLUGIN, &plugin); + } if(plugin) plugin_dn = plugin_get_dn (plugin); if(plugin_dn){ @@ -174,6 +178,7 @@ } slapi_mods_add_modbvps(smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, "internalModifiersName", bvals); + slapi_ch_free_string(&plugin_dn); /* Grab the thread data(binddn) */ slapi_td_get_dn(&binddn); @@ -197,8 +202,8 @@ } } - slapi_mods_add_modbvps(smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, - "modifiersname", bvals); + slapi_mods_add_modbvps(smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, + "modifiersname", bvals); /* fill in modifytimestamp */ curtime = current_time(); @@ -240,7 +245,7 @@ int internal_op; Slapi_DN *basesdn = NULL; Slapi_DN *sdn = NULL; - Slapi_Operation *operation; + Slapi_Operation *operation = NULL; Slapi_Entry *referral = NULL; char *proxydn = NULL; char *proxystr = NULL; @@ -266,7 +271,6 @@ int curr_search_count = 0; Slapi_Backend *pr_be = NULL; void *pr_search_result = NULL; - int pr_reset_processing = 0; int pr_idx = -1; Slapi_DN *orig_sdn = NULL; int free_sdn = 0; @@ -461,28 +465,32 @@ &pagesize, &pr_idx); /* Let's set pr_idx even if it fails; in case, pr_idx == -1. */ slapi_pblock_set(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx); - if (LDAP_SUCCESS == rc) { + if ((LDAP_SUCCESS == rc) || + (LDAP_CANCELLED == rc) || (0 == pagesize)) { unsigned int opnote = SLAPI_OP_NOTE_SIMPLEPAGED; - if (pagedresults_check_or_set_processing(pb->pb_conn, pr_idx)) { - send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, - NULL, "Simple Paged Results Search " - "already in progress on this connection", - 0, NULL); - goto free_and_return_nolock; - } - /* need to reset after we are done with this op */ - pr_reset_processing = 1; op_set_pagedresults(operation); pr_be = pagedresults_get_current_be(pb->pb_conn, pr_idx); pr_search_result = pagedresults_get_search_result(pb->pb_conn, + operation, pr_idx); estimate = pagedresults_get_search_result_set_size_estimate(pb->pb_conn, + operation, pr_idx); - if (pagedresults_get_unindexed(pb->pb_conn, pr_idx)) { + if (pagedresults_get_unindexed(pb->pb_conn, operation, pr_idx)) { opnote |= SLAPI_OP_NOTE_UNINDEXED; } slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); + if ((LDAP_CANCELLED == rc) || (0 == pagesize)) { + /* paged-results-request was abandoned */ + pagedresults_set_response_control(pb, 0, estimate, + curr_search_count, pr_idx); + send_ldap_result(pb, 0, NULL, + "Simple Paged Results Search abandoned", + 0, NULL); + rc = LDAP_SUCCESS; + goto free_and_return; + } } else { /* parse paged-results-control failed */ if (iscritical) { /* return an error since it's critical */ @@ -624,7 +632,7 @@ slapi_pblock_get( pb, SLAPI_SEARCH_TIMELIMIT, &tlimit ); slapi_pblock_get( pb, SLAPI_OPINITIATED_TIME, &optime ); time_up = (tlimit==-1 ? -1 : optime + tlimit); /* -1: no time limit */ - pagedresults_set_timelimit(pb->pb_conn, time_up, pr_idx); + pagedresults_set_timelimit(pb->pb_conn, pb->pb_op, time_up, pr_idx); } /* PAR: now filters have been rewritten, we can assign plugins to work on them */ @@ -678,12 +686,25 @@ if (op_is_pagedresults(operation) && pr_search_result) { void *sr = NULL; /* PAGED RESULTS and already have the search results from the prev op */ - slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result ); - rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat); + pagedresults_lock(pb->pb_conn, pr_idx); + /* + * In async paged result case, the search result might be released + * by other theads. We need to double check it in the locked region. + */ + pr_search_result = pagedresults_get_search_result(pb->pb_conn, + operation, + pr_idx); + if (pr_search_result) { + slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, pr_search_result ); + rc = send_results_ext (pb, 1, &pnentries, pagesize, &pr_stat); - /* search result could be reset in the backend/dse */ - slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); - pagedresults_set_search_result(pb->pb_conn, sr, 0, pr_idx); + /* search result could be reset in the backend/dse */ + slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); + pagedresults_set_search_result(pb->pb_conn, operation, sr, 0, pr_idx); + } else { + pr_stat = PAGEDRESULTS_SEARCH_END; + } + pagedresults_unlock(pb->pb_conn, pr_idx); if (PAGEDRESULTS_SEARCH_END == pr_stat) { /* no more entries to send in the backend */ @@ -704,14 +725,18 @@ } pagedresults_set_response_control(pb, 0, estimate, curr_search_count, pr_idx); - if (pagedresults_get_with_sort(pb->pb_conn, pr_idx)) { + if (pagedresults_get_with_sort(pb->pb_conn, operation, pr_idx)) { sort_make_sort_response_control(pb, CONN_GET_SORT_RESULT_CODE, NULL); } pagedresults_set_search_result_set_size_estimate(pb->pb_conn, + operation, estimate, pr_idx); next_be = NULL; /* to break the loop */ if (curr_search_count == -1) { - pagedresults_free_one(pb->pb_conn, pr_idx); + pagedresults_lock(pb->pb_conn, pr_idx); + slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL); + pagedresults_free_one(pb->pb_conn, operation, pr_idx); + pagedresults_unlock(pb->pb_conn, pr_idx); } } else { /* be_suffix null means that we are searching the default backend @@ -833,7 +858,11 @@ int with_sort = operation->o_flags & OP_FLAG_SERVER_SIDE_SORTING; curr_search_count = pnentries; + slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); if (PAGEDRESULTS_SEARCH_END == pr_stat) { + if (sr) { /* in case a left over sr is found, clean it up */ + be->be_search_results_release(&sr); + } if (NULL == next_be) { /* no more entries && no more backends */ curr_search_count = -1; @@ -845,24 +874,31 @@ } } else { curr_search_count = pnentries; - slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET, &sr); slapi_pblock_get(pb, SLAPI_SEARCH_RESULT_SET_SIZE_ESTIMATE, &estimate); - if (pagedresults_set_current_be(pb->pb_conn, be, pr_idx) < 0 || - pagedresults_set_search_result(pb->pb_conn, sr, 0, pr_idx) < 0 || - pagedresults_set_search_result_count(pb->pb_conn, - curr_search_count, pr_idx) < 0 || - pagedresults_set_search_result_set_size_estimate(pb->pb_conn, - estimate, pr_idx) < 0 || - pagedresults_set_with_sort(pb->pb_conn, with_sort, pr_idx) < 0) { + pagedresults_lock(pb->pb_conn, pr_idx); + if ((pagedresults_set_current_be(pb->pb_conn, be, pr_idx) < 0) || + (pagedresults_set_search_result(pb->pb_conn, operation, + sr, 0, pr_idx) < 0) || + (pagedresults_set_search_result_count(pb->pb_conn, operation, + curr_search_count, + pr_idx) < 0) || + (pagedresults_set_search_result_set_size_estimate(pb->pb_conn, + operation, + estimate, + pr_idx) < 0) ||
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/pagedresults.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/pagedresults.c
Changed
@@ -64,6 +64,7 @@ struct berval cookie = {0}; Connection *conn = pb->pb_conn; Operation *op = pb->pb_op; + BerElement *ber = NULL; LDAPDebug0Args(LDAP_DEBUG_TRACE, "--> pagedresults_parse_control_value\n"); if ( NULL == conn || NULL == op || NULL == pagesize || NULL == index ) { @@ -76,79 +77,91 @@ if ( psbvp->bv_len == 0 || psbvp->bv_val == NULL ) { - rc = LDAP_PROTOCOL_ERROR; + LDAPDebug0Args(LDAP_DEBUG_ANY, + "<-- pagedresults_parse_control_value: no control value\n"); + return LDAP_PROTOCOL_ERROR; } - else + ber = ber_init( psbvp ); + if ( ber == NULL ) { - BerElement *ber = ber_init( psbvp ); - if ( ber == NULL ) - { - rc = LDAP_OPERATIONS_ERROR; - } - else - { - if ( ber_scanf( ber, "{io}", pagesize, &cookie ) == LBER_ERROR ) - { - rc = LDAP_PROTOCOL_ERROR; + LDAPDebug0Args(LDAP_DEBUG_ANY, + "<-- pagedresults_parse_control_value: no control value\n"); + return LDAP_PROTOCOL_ERROR; + } + if ( ber_scanf( ber, "{io}", pagesize, &cookie ) == LBER_ERROR ) + { + LDAPDebug0Args(LDAP_DEBUG_ANY, + "<-- pagedresults_parse_control_value: corrupted control value\n"); + return LDAP_PROTOCOL_ERROR; + } + + PR_Lock(conn->c_mutex); + /* the ber encoding is no longer needed */ + ber_free(ber, 1); + if ( cookie.bv_len <= 0 ) { + int i; + int maxlen; + /* first time? */ + maxlen = conn->c_pagedresults.prl_maxlen; + if (conn->c_pagedresults.prl_count == maxlen) { + if (0 == maxlen) { /* first time */ + conn->c_pagedresults.prl_maxlen = 1; + conn->c_pagedresults.prl_list = + (PagedResults *)slapi_ch_calloc(1, + sizeof(PagedResults)); + } else { + /* new max length */ + conn->c_pagedresults.prl_maxlen *= 2; + conn->c_pagedresults.prl_list = + (PagedResults *)slapi_ch_realloc( + (char *)conn->c_pagedresults.prl_list, + sizeof(PagedResults) * + conn->c_pagedresults.prl_maxlen); + /* initialze newly allocated area */ + memset(conn->c_pagedresults.prl_list + maxlen, '\0', + sizeof(PagedResults) * maxlen); } - /* the ber encoding is no longer needed */ - ber_free(ber, 1); - if ( cookie.bv_len <= 0 ) { - int i; - int maxlen; - /* first time? */ - PR_Lock(conn->c_mutex); - maxlen = conn->c_pagedresults.prl_maxlen; - if (conn->c_pagedresults.prl_count == maxlen) { - if (0 == maxlen) { /* first time */ - conn->c_pagedresults.prl_maxlen = 1; - conn->c_pagedresults.prl_list = - (PagedResults *)slapi_ch_calloc(1, - sizeof(PagedResults)); - } else { - /* new max length */ - conn->c_pagedresults.prl_maxlen *= 2; - conn->c_pagedresults.prl_list = - (PagedResults *)slapi_ch_realloc( - (char *)conn->c_pagedresults.prl_list, - sizeof(PagedResults) * - conn->c_pagedresults.prl_maxlen); - /* initialze newly allocated area */ - memset(conn->c_pagedresults.prl_list + maxlen, '\0', - sizeof(PagedResults) * maxlen); - } - *index = maxlen; /* the first position in the new area */ - } else { - for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) { - if (!conn->c_pagedresults.prl_list[i].pr_current_be) { - *index = i; - break; - } - } + *index = maxlen; /* the first position in the new area */ + } else { + for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) { + if (!conn->c_pagedresults.prl_list[i].pr_current_be) { + *index = i; + break; } - conn->c_pagedresults.prl_count++; - PR_Unlock(conn->c_mutex); - } else { - /* Repeated paged results request. - * PagedResults is already allocated. */ - char *ptr = slapi_ch_malloc(cookie.bv_len + 1); - memcpy(ptr, cookie.bv_val, cookie.bv_len); - *(ptr+cookie.bv_len) = '\0'; - *index = strtol(ptr, NULL, 10); - slapi_ch_free_string(&ptr); } - slapi_ch_free((void **)&cookie.bv_val); } - } + if (!conn->c_pagedresults.prl_list[*index].pr_mutex) { + conn->c_pagedresults.prl_list[*index].pr_mutex = PR_NewLock(); + } + conn->c_pagedresults.prl_count++; + } else { + /* Repeated paged results request. + * PagedResults is already allocated. */ + char *ptr = slapi_ch_malloc(cookie.bv_len + 1); + memcpy(ptr, cookie.bv_val, cookie.bv_len); + *(ptr+cookie.bv_len) = '\0'; + *index = strtol(ptr, NULL, 10); + slapi_ch_free_string(&ptr); + } + /* reset sizelimit */ + op->o_pagedresults_sizelimit = -1; + slapi_ch_free((void **)&cookie.bv_val); + if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen)) { - /* Need to keep the latest msgid to prepare for the abandon. */ - conn->c_pagedresults.prl_list[*index].pr_msgid = op->o_msgid; + if (conn->c_pagedresults.prl_list[*index].pr_flags & + CONN_FLAG_PAGEDRESULTS_ABANDONED) { + rc = LDAP_CANCELLED; + } else { + /* Need to keep the latest msgid to prepare for the abandon. */ + conn->c_pagedresults.prl_list[*index].pr_msgid = op->o_msgid; + } } else { rc = LDAP_PROTOCOL_ERROR; LDAPDebug1Arg(LDAP_DEBUG_ANY, "pagedresults_parse_control_value: invalid cookie: %d\n", *index); } + PR_Unlock(conn->c_mutex); LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_parse_control_value: idx %d\n", *index); @@ -235,10 +248,13 @@ } int -pagedresults_free_one( Connection *conn, int index ) +pagedresults_free_one( Connection *conn, Operation *op, int index ) { int rc = -1; + if (!op_is_pagedresults(op)) { + return 0; /* noop */ + } LDAPDebug1Arg(LDAP_DEBUG_TRACE, "--> pagedresults_free_one: idx=%d\n", index); if (conn && (index > -1)) { @@ -248,8 +264,19 @@ "conn=%d paged requests list count is %d\n", conn->c_connid, conn->c_pagedresults.prl_count); } else if (index < conn->c_pagedresults.prl_maxlen) { - memset(&conn->c_pagedresults.prl_list[index], - '\0', sizeof(PagedResults)); + PRLock *prmutex = NULL; + PagedResults *prp = conn->c_pagedresults.prl_list + index; + if (prp && prp->pr_current_be && + prp->pr_current_be->be_search_results_release && + prp->pr_search_result_set) { + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); + } + if (prp->pr_mutex) { + /* pr_mutex is reused; back it up and reset it. */ + prmutex = prp->pr_mutex; + } + memset(prp, '\0', sizeof(PagedResults)); + prp->pr_mutex = prmutex; conn->c_pagedresults.prl_count--; rc = 0; } @@ -260,35 +287,39 @@ return rc; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/passwd_extop.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/passwd_extop.c
Changed
@@ -534,7 +534,7 @@ /* Get the ber value of the extended operation */ slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value); - if (extop_value->bv_val == NULL) + if (!BV_HAS_DATA(extop_value)) { /* The request field wasn't provided. We'll * now try to determine the userid and verify @@ -905,7 +905,6 @@ int passwd_modify_init( Slapi_PBlock *pb ) { char **argv; - char *oid; /* Get the arguments appended to the plugin extendedop directive. The first argument * (after the standard arguments for the directive) should contain the OID of the @@ -924,9 +923,8 @@ "OID is missing or is not %s\n", EXTOP_PASSWD_OID ); return( -1 ); } else { - oid = slapi_ch_strdup( argv[0] ); slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_init", - "Registering plug-in for Password Modify extended op %s.\n", oid ); + "Registering plug-in for Password Modify extended op %s.\n", argv[0] /* oid */); } /* Register the plug-in function as an extended operation
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/pblock.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/pblock.c
Changed
@@ -1803,6 +1803,12 @@ } break; + case SLAPI_REQUESTOR_SDN: + if(pblock->pb_op != NULL){ + (*(Slapi_DN **)value) = &pblock->pb_op->o_sdn; + } + break; + case SLAPI_OPERATION_AUTHTYPE: if (pblock->pb_op != NULL) { @@ -1966,6 +1972,10 @@ switch ( arg ) { case SLAPI_BACKEND: pblock->pb_backend = (Slapi_Backend *) value; + if (pblock->pb_backend && (NULL == pblock->pb_plugin)) { + /* newly allocated pblock may not have backend plugin set. */ + pblock->pb_plugin = (struct slapdplugin *)pblock->pb_backend->be_database; + } break; case SLAPI_BACKEND_COUNT: pblock->pb_backend_count = *((int *) value); @@ -3639,7 +3649,7 @@ { /* clear credentials */ bind_credentials_clear( conn, PR_FALSE /* conn is already locked */, - ( extauthtype != NULL ) /* clear external creds. if requested */ ); + ( extauthtype != NULL ) /* clear external creds. if requested */ ); /* set primary credentials */ slapi_ch_free((void**)&conn->c_authtype); @@ -3657,7 +3667,6 @@ conn->c_client_cert = clientcert; } - /* notify binder-based resource limit subsystem about the change in DN */ if ( !conn->c_isroot ) { @@ -3681,5 +3690,8 @@ slapi_ch_free_string( &anon_dn ); } + } else { + /* For root dn clear about the resource limits */ + reslimit_update_from_entry( conn, NULL ); } }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/plugin.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/plugin.c
Changed
@@ -1454,8 +1454,7 @@ { if (SLAPI_PLUGIN_PREOPERATION == list->plg_type || SLAPI_PLUGIN_INTERNAL_PREOPERATION == list->plg_type || - SLAPI_PLUGIN_BETXNPREOPERATION == list->plg_type || - SLAPI_PLUGIN_START_FN == operation ) + SLAPI_PLUGIN_START_FN == operation ) { /* * We bail out of plugin processing for preop plugins @@ -1466,7 +1465,9 @@ return_value = rc; break; } else if (SLAPI_PLUGIN_BEPREOPERATION == list->plg_type || - SLAPI_PLUGIN_BEPOSTOPERATION == list->plg_type) + SLAPI_PLUGIN_BEPOSTOPERATION == list->plg_type || + SLAPI_PLUGIN_BETXNPREOPERATION == list->plg_type || + SLAPI_PLUGIN_BETXNPOSTOPERATION == list->plg_type) { /* respect fatal error (-1); should not OR it */ if (-1 == rc) { @@ -1493,15 +1494,24 @@ slapi_berval_cmp (const struct berval* L, const struct berval* R) /* JCM - This does not belong here. But, where should it go? */ { int result = 0; + + if(L == NULL && R != NULL){ + return 1; + } else if(L != NULL && R == NULL){ + return -1; + } else if(L == NULL && R == NULL){ + return 0; + } if (L->bv_len < R->bv_len) { - result = memcmp (L->bv_val, R->bv_val, L->bv_len); - if (result == 0) - result = -1; + result = memcmp (L->bv_val, R->bv_val, L->bv_len); + if (result == 0) + result = -1; } else { - result = memcmp (L->bv_val, R->bv_val, R->bv_len); - if (result == 0 && (L->bv_len > R->bv_len)) - result = 1; + result = memcmp (L->bv_val, R->bv_val, R->bv_len); + if (result == 0 && (L->bv_len > R->bv_len)) + result = 1; } + return result; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/plugin_acl.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/plugin_acl.c
Changed
@@ -134,11 +134,11 @@ plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype ) { struct slapdplugin *p; - char *dn; int rc = 0; - void *change = NULL; - Slapi_Entry *te = NULL; - Slapi_DN *sdn = NULL; + void *change = NULL; + void *mychange[2]; + Slapi_Entry *te = NULL; + Slapi_DN *sdn = NULL; Operation *operation; slapi_pblock_get (pb, SLAPI_OPERATION, &operation); @@ -146,7 +146,7 @@ (void)slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn ); switch ( optype ) { - case SLAPI_OPERATION_MODIFY: + case SLAPI_OPERATION_MODIFY: (void)slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &change ); break; case SLAPI_OPERATION_ADD: @@ -158,11 +158,26 @@ } break; case SLAPI_OPERATION_MODRDN: + { + char *newrdn = NULL; + Slapi_DN *psdn = NULL; + char *pdn = NULL; + /* newrdn: "change" is normalized but not case-ignored */ /* The acl plugin expects normalized newrdn, but no need to be case- * ignored. */ - (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change ); + (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &newrdn ); + (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &psdn ); + if (psdn) { + pdn = (char *)slapi_sdn_get_dn(psdn); + } else { + (void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR, &pdn ); + } + mychange[0] = newrdn; + mychange[1] = pdn; + change = mychange; break; + } } if (NULL == sdn) { @@ -172,10 +187,9 @@ } /* call the global plugins first and then the backend specific */ - dn = (char*)slapi_sdn_get_ndn(sdn); /* jcm - Had to cast away const */ for ( p = get_plugin_list(PLUGIN_LIST_ACL); p != NULL; p = p->plg_next ) { if (plugin_invoke_plugin_sdn(p, SLAPI_PLUGIN_ACL_MODS_UPDATE, pb, sdn)){ - rc = (*p->plg_acl_mods_update)(pb, optype, dn, change ); + rc = (*p->plg_acl_mods_update)(pb, optype, sdn, change ); if ( rc != LDAP_SUCCESS ) break; } }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/plugin_syntax.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/plugin_syntax.c
Changed
@@ -968,8 +968,7 @@ break; } - if (!norm_fn) { - /* no matching rule specific normalizer specified - use syntax default */ + if (!norm_fn && sattr->a_plugin) { norm_fn = sattr->a_plugin->plg_syntax_normalize; } if (norm_fn) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/proto-slap.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/proto-slap.h
Changed
@@ -113,7 +113,9 @@ * attrsyntax.c */ void attr_syntax_read_lock(void); +void attr_syntax_write_lock(void); void attr_syntax_unlock_read(void); +void attr_syntax_unlock_write(void); int attr_syntax_exists (const char *attr_name); void attr_syntax_delete ( struct asyntaxinfo *asip ); #define SLAPI_SYNTAXLENGTH_NONE (-1) /* for syntaxlength parameter */ @@ -132,6 +134,7 @@ struct asyntaxinfo *attr_syntax_get_by_oid ( const char *oid ); struct asyntaxinfo *attr_syntax_get_by_name ( const char *name ); struct asyntaxinfo *attr_syntax_get_by_name_locking_optional ( const char *name, PRBool use_lock ); +struct asyntaxinfo *attr_syntax_get_by_name_with_default ( const char *name ); /* * Call attr_syntax_return() when you are done using a value returned * by attr_syntax_get_by_oid() or attr_syntax_get_by_name(). @@ -139,6 +142,7 @@ void attr_syntax_return( struct asyntaxinfo *asi ); void attr_syntax_return_locking_optional( struct asyntaxinfo *asi, PRBool use_lock ); void attr_syntax_delete_all(void); +void attr_syntax_delete_all_for_schemareload(unsigned long flag); /* * value.c @@ -152,6 +156,7 @@ int valuearray_init_bervalarray_with_flags(struct berval **bvals, Slapi_Value ***cvals, unsigned long flags); int valuearray_get_bervalarray(Slapi_Value **cvals, struct berval ***bvals); /* JCM SLOW FUNCTION */ void valuearray_free(Slapi_Value ***va); +void valuearray_free_ext(Slapi_Value ***va, int ii); Slapi_Value *valuearray_remove_value(const Slapi_Attr *a, Slapi_Value **va, const Slapi_Value *v); void valuearray_remove_value_atindex(Slapi_Value **va, int index); int valuearray_isempty( Slapi_Value **va); @@ -162,13 +167,6 @@ void valuearrayfast_init(struct valuearrayfast *vaf,Slapi_Value **va); void valuearrayfast_done(struct valuearrayfast *vaf); -void valuearrayfast_add_value(struct valuearrayfast *vaf,const Slapi_Value *v); -void valuearrayfast_add_value_passin(struct valuearrayfast *vaf,Slapi_Value *v); -void valuearrayfast_add_valuearrayfast(struct valuearrayfast *vaf,const struct valuearrayfast *vaf_add); - -int valuetree_add_value( const Slapi_Attr *sattr, const Slapi_Value *va, Avlnode **valuetreep); -int valuetree_add_valuearray( const Slapi_Attr *sattr, Slapi_Value **va, Avlnode **valuetreep, int *duplicate_index); -void valuetree_free( Avlnode **valuetreep ); /* Valueset functions */ @@ -179,15 +177,17 @@ int valueset_purge(Slapi_ValueSet *vs, const CSN *csn); Slapi_Value **valueset_get_valuearray(const Slapi_ValueSet *vs); size_t valueset_size(const Slapi_ValueSet *vs); +void slapi_valueset_add_valuearray(const Slapi_Attr *a, Slapi_ValueSet *vs, Slapi_Value **addvals); void valueset_add_valuearray(Slapi_ValueSet *vs, Slapi_Value **addvals); void valueset_add_valuearray_ext(Slapi_ValueSet *vs, Slapi_Value **addvals, PRUint32 flags); -void valueset_add_string(Slapi_ValueSet *vs, const char *s, CSNType t, const CSN *csn); +void valueset_add_string(const Slapi_Attr *a, Slapi_ValueSet *vs, const char *s, CSNType t, const CSN *csn); void valueset_update_csn(Slapi_ValueSet *vs, CSNType t, const CSN *csn); void valueset_add_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2); int valueset_intersectswith_valuearray(Slapi_ValueSet *vs, const Slapi_Attr *a, Slapi_Value **values, int *duplicate_index); Slapi_ValueSet *valueset_dup(const Slapi_ValueSet *dupee); void valueset_remove_string(const Slapi_Attr *a, Slapi_ValueSet *vs, const char *s); -int valueset_replace(Slapi_Attr *a, Slapi_ValueSet *vs, Slapi_Value **vals); +int valueset_replace_valuearray(Slapi_Attr *a, Slapi_ValueSet *vs, Slapi_Value **vals); +int valueset_replace_valuearray_ext(Slapi_Attr *a, Slapi_ValueSet *vs, Slapi_Value **vals, int dupcheck); void valueset_update_csn_for_valuearray(Slapi_ValueSet *vs, const Slapi_Attr *a, Slapi_Value **valuestoupdate, CSNType t, const CSN *csn, Slapi_Value ***valuesupdated); void valueset_set_valuearray_byval(Slapi_ValueSet *vs, Slapi_Value **addvals); void valueset_set_valuearray_passin(Slapi_ValueSet *vs, Slapi_Value **addvals); @@ -348,6 +348,7 @@ int config_set_result_tweak(const char *attrname, char *value, char *errorbuf, int apply ); int config_set_referral_mode(const char *attrname, char *url, char *errorbuf, int apply); int config_set_conntablesize(const char *attrname, char *url, char *errorbuf, int apply); +int config_set_pw_admin_dn( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_maxbersize(const char *attrname, char *value, char *errorbuf, int apply ); int config_set_maxsasliosize(const char *attrname, char *value, char *errorbuf, int apply ); int config_set_versionstring(const char *attrname, char *versionstring, char *errorbuf, int apply ); @@ -385,9 +386,16 @@ int config_set_disk_monitoring( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_disk_threshold( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_disk_grace_period( const char *attrname, char *value, char *errorbuf, int apply ); -int config_set_disk_preserve_logging( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_disk_logging_critical( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_auditlog_unhashed_pw(const char *attrname, char *value, char *errorbuf, int apply); +int config_set_sasl_maxbufsize(const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_listen_backlog_size(const char *attrname, char *value, char *errorbuf, int apply); +int config_set_ignore_time_skew(const char *attrname, char *value, char *errorbuf, int apply); +#if defined(LINUX) +int config_set_malloc_mxfast(const char *attrname, char *value, char *errorbuf, int apply); +int config_set_malloc_trim_threshold(const char *attrname, char *value, char *errorbuf, int apply); +int config_set_malloc_mmap_threshold(const char *attrname, char *value, char *errorbuf, int apply); +#endif #if !defined(_WIN32) && !defined(AIX) int config_set_maxdescriptors( const char *attrname, char *value, char *errorbuf, int apply ); @@ -539,10 +547,18 @@ void config_set_auditlog_enabled(int value); int config_get_accesslog_logging_enabled(); int config_get_disk_monitoring(); -long config_get_disk_threshold(); +PRInt64 config_get_disk_threshold(); int config_get_disk_grace_period(); -int config_get_disk_preserve_logging(); int config_get_disk_logging_critical(); +int config_get_sasl_maxbufsize(); +int config_get_listen_backlog_size(void); +int config_get_ignore_time_skew(); + +#if defined(LINUX) +int config_get_malloc_mxfast(); +int config_get_malloc_trim_threshold(); +int config_get_malloc_mmap_threshold(); +#endif int is_abspath(const char *); char* rel2abspath( char * ); @@ -654,6 +670,7 @@ struct dse *dse_new_with_filelist(char *filename, char *tmpfilename, char *backfilename, char *startokfilename, const char *configdir, char **filelist); int dse_deletedse(Slapi_PBlock *pb); int dse_destroy(struct dse *pdse); +int dse_check_file(char *filename, char *backupname); int dse_read_file(struct dse *pdse, Slapi_PBlock *pb); int dse_bind( Slapi_PBlock *pb ); int dse_unbind( Slapi_PBlock *pb ); @@ -983,6 +1000,7 @@ int slapd_security_library_is_initialized(); int slapd_ssl_listener_is_initialized(); int slapd_SSL_client_auth (LDAP* ld); +SECKEYPrivateKey *slapd_get_unlocked_key_for_cert(CERTCertificate *cert, void *pin_arg); /* * security_wrappers.c @@ -1284,7 +1302,6 @@ /* set parameters common for all internal operations */ void set_common_params (Slapi_PBlock *pb); void do_ps_service(Slapi_Entry *e, Slapi_Entry *eprev, ber_int_t chgtype, ber_int_t chgnum); -void modify_update_last_modified_attr(Slapi_PBlock *pb, Slapi_Mods *smods); /* * debugdump.cpp @@ -1374,6 +1391,7 @@ /* * daemon.c */ +void handle_closed_connection(Connection *); #ifndef LINUX void slapd_do_nothing(int); #endif @@ -1402,34 +1420,48 @@ int curr_search_count, int index); Slapi_Backend *pagedresults_get_current_be(Connection *conn, int index); int pagedresults_set_current_be(Connection *conn, Slapi_Backend *be, int index); -void *pagedresults_get_search_result(Connection *conn, int index); -int pagedresults_set_search_result(Connection *conn, void *sr, +void *pagedresults_get_search_result(Connection *conn, Operation *op, + int index); +int pagedresults_set_search_result(Connection *conn, Operation *op, void *sr, int locked, int index); -int pagedresults_get_search_result_count(Connection *conn, int index); -int pagedresults_set_search_result_count(Connection *conn, int cnt, int index); -int pagedresults_get_search_result_set_size_estimate(Connection *conn, +int pagedresults_get_search_result_count(Connection *conn, Operation *op, + int index); +int pagedresults_set_search_result_count(Connection *conn, Operation *op, int cnt, int index); +int pagedresults_get_search_result_set_size_estimate(Connection *conn, + Operation *op, int index); -int pagedresults_set_search_result_set_size_estimate(Connection *conn, int cnt, +int pagedresults_set_search_result_set_size_estimate(Connection *conn, + Operation *op, int cnt, int index); -int pagedresults_get_with_sort(Connection *conn, int index); -int pagedresults_set_with_sort(Connection *conn, int flags, int index); -int pagedresults_get_unindexed(Connection *conn, int index); -int pagedresults_set_unindexed(Connection *conn, int index); -int pagedresults_get_sort_result_code(Connection *conn, int index); -int pagedresults_set_sort_result_code(Connection *conn, int code, int index); -int pagedresults_set_timelimit(Connection *conn, time_t timelimit, int index); +int pagedresults_get_with_sort(Connection *conn, Operation *op, int index); +int pagedresults_set_with_sort(Connection *conn, Operation *op, + int flags, int index); +int pagedresults_get_unindexed(Connection *conn, Operation *op, int index); +int pagedresults_set_unindexed(Connection *conn, Operation *op, int index); +int pagedresults_get_sort_result_code(Connection *conn, Operation *op, + int index); +int pagedresults_set_sort_result_code(Connection *conn, Operation *op, + int code, int index); +int pagedresults_set_timelimit(Connection *conn, Operation *op, + time_t timelimit, int index); +int pagedresults_get_sizelimit(Connection *conn, Operation *op, int index); +int pagedresults_set_sizelimit(Connection *conn, Operation *op, + int sizelimit, int index); int pagedresults_cleanup(Connection *conn, int needlock); +#if 0 /* Stopped using it (#47347) */ int pagedresults_check_or_set_processing(Connection *conn, int index); int pagedresults_reset_processing(Connection *conn, int index); -int pagedresults_is_timedout(Connection *conn); -int pagedresults_reset_timedout(Connection *conn); -int pagedresults_in_use(Connection *conn); -int pagedresults_free_one(Connection *conn, int index); -int pagedresults_free_one_msgid( Connection *conn, ber_int_t msgid );
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/proxyauth.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/proxyauth.c
Changed
@@ -96,7 +96,7 @@ break; } - if ( !spec_ber || !spec_ber->bv_val ) { + if (!BV_HAS_DATA(spec_ber)) { break; } @@ -154,7 +154,7 @@ END /* Cleanup */ - if (ber) ber_free(ber, 0); + if (ber) ber_free(ber, 1); if ( LDAP_SUCCESS != lderr) { @@ -181,11 +181,11 @@ int proxyauth_get_dn( Slapi_PBlock *pb, char **proxydnp, char **errtextp ) { - char *dn = 0; - LDAPProxyAuth *spec = 0; - int rv, lderr = LDAP_SUCCESS; /* optimistic */ + char *dn = 0; + LDAPProxyAuth *spec = 0; + int rv, lderr = LDAP_SUCCESS; /* optimistic */ - BEGIN + BEGIN struct berval *spec_ber; LDAPControl **controls; int present; @@ -233,12 +233,12 @@ } END - if (spec) delete_LDAPProxyAuth(spec); + if (spec) delete_LDAPProxyAuth(spec); if ( NULL != proxydnp ) { *proxydnp = dn; } else { - slapi_ch_free( (void **)&dn ); + slapi_ch_free_string(&dn); } return lderr;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/pw.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/pw.c
Changed
@@ -64,15 +64,17 @@ #include "slap.h" - #define DENY_PW_CHANGE_ACI "(targetattr = \"userPassword\") ( version 3.0; acl \"disallow_pw_change_aci\"; deny (write ) userdn = \"ldap:///self\";)" #define GENERALIZED_TIME_LENGTH 15 +#define LDAP_MOD_OP (0x0007) static int pw_in_history(Slapi_Value **history_vals, const Slapi_Value *pw_val); static int update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw ); static int check_trivial_words (Slapi_PBlock *, Slapi_Entry *, Slapi_Value **, char *attrtype, int toklen, Slapi_Mods *smods ); static int pw_boolean_str2value (const char *str); +static void pw_get_admin_users(passwdPolicy *pwp); + /* static LDAPMod* pw_malloc_mod (char* name, char* value, int mod_op); */ @@ -588,7 +590,7 @@ char *timestr; time_t pw_exp_date; time_t cur_time; - const char *dn; + const char *target_dn, *bind_dn; Slapi_DN *sdn = NULL; passwdPolicy *pwpolicy = NULL; int internal_op = 0; @@ -598,10 +600,11 @@ internal_op = slapi_operation_is_flag_set(operation, SLAPI_OP_FLAG_INTERNAL); cur_time = current_time(); + slapi_pblock_get( pb, SLAPI_REQUESTOR_NDN, &bind_dn); slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn ); - dn = slapi_sdn_get_dn(sdn); + target_dn = slapi_sdn_get_dn(sdn); - pwpolicy = new_passwdPolicy(pb, dn); + pwpolicy = new_passwdPolicy(pb, target_dn); /* update passwordHistory */ if ( old_pw != NULL && pwpolicy->pw_history == 1 ) { @@ -643,7 +646,8 @@ * we stuff the actual user who initiated the password change in pb_conn. We check * for this special case to ensure we reset the expiration date properly. */ if ((internal_op && pwpolicy->pw_must_change && (!pb->pb_conn || slapi_dn_isroot(pb->pb_conn->c_dn))) || - (!internal_op && pwpolicy->pw_must_change && (pb->pb_requestor_isroot == 1))) { + (!internal_op && pwpolicy->pw_must_change && + ((target_dn && bind_dn && strcasecmp(target_dn, bind_dn)) && pw_is_pwp_admin(pb, pwpolicy)))){ pw_exp_date = NO_TIME; } else if ( pwpolicy->pw_exp == 1 ) { Slapi_Entry *pse = NULL; @@ -836,7 +840,7 @@ * case for the password modify extended operation. */ if (slapi_is_encoded((char *)slapi_value_get_string(vals[i]))) { if ((!is_replication && ((internal_op && pb->pb_conn && !slapi_dn_isroot(pb->pb_conn->c_dn)) || - (!internal_op && !pb->pb_requestor_isroot)))) { + (!internal_op && !pw_is_pwp_admin(pb, pwpolicy))))) { PR_snprintf( errormsg, BUFSIZ, "invalid password syntax - passwords with storage scheme are not allowed"); if ( pwresponse_req == 1 ) { @@ -1527,6 +1531,97 @@ slapi_ch_free((void **) &aci_pw); } +int +pw_is_pwp_admin(Slapi_PBlock *pb, passwdPolicy *pwp) +{ + Slapi_DN *bind_sdn = NULL; + int i; + + /* first check if it's root */ + if(pb->pb_requestor_isroot){ + return 1; + } + /* now check if it's a Password Policy Administrator */ + slapi_pblock_get(pb, SLAPI_REQUESTOR_SDN, &bind_sdn); + if(bind_sdn == NULL){ + return 0; + } + for(i = 0; pwp->pw_admin_user && pwp->pw_admin_user[i]; i++){ + if(slapi_sdn_compare(bind_sdn, pwp->pw_admin_user[i]) == 0){ + return 1; + } + } + + return 0; +} + +static void +pw_get_admin_users(passwdPolicy *pwp) +{ + Slapi_PBlock *pb = NULL; + const Slapi_DN *sdn = pwp->pw_admin; + char **uniquemember_vals = NULL; + char **member_vals = NULL; + const char *binddn = slapi_sdn_get_dn(sdn); + int uniquemember_count = 0; + int member_count = 0; + int nentries = 0; + int count = 0; + int res; + int i; + + if(binddn == NULL){ + return; + } + pb = slapi_pblock_new(); + /* + * Check if the DN exists and has "group" objectclasses + */ + slapi_search_internal_set_pb(pb, binddn, LDAP_SCOPE_BASE,"(|(objectclass=groupofuniquenames)(objectclass=groupofnames))", + NULL, 0, NULL, NULL, (void *) plugin_get_default_component_id(), 0); + slapi_search_internal_pb(pb); + slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res); + if (res != LDAP_SUCCESS) { + slapi_pblock_destroy(pb); + LDAPDebug(LDAP_DEBUG_ANY, "pw_get_admin_users: search failed for %s: error %d - Password Policy Administrators can not be set\n", + slapi_sdn_get_dn(sdn), res, 0); + return; + } + /* + * Ok, we know we have a valid DN, and nentries will tell us if its a group or a user + */ + slapi_pblock_get(pb, SLAPI_NENTRIES, &nentries); + if ( nentries > 0 ){ + /* + * It's a group DN, gather all the members + */ + Slapi_Entry **entries = NULL; + + slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); + uniquemember_vals = slapi_entry_attr_get_charray_ext(entries[0], "uniquemember", &uniquemember_count); + member_vals = slapi_entry_attr_get_charray_ext(entries[0], "member", &member_count); + pwp->pw_admin_user = (Slapi_DN **)slapi_ch_calloc((uniquemember_count + member_count + 1), sizeof(Slapi_DN *)); + if(uniquemember_count > 0){ + for(i = 0; i < uniquemember_count; i++){ + pwp->pw_admin_user[count++] = slapi_sdn_new_dn_passin(uniquemember_vals[i]); + } + } + if(member_count > 0){ + for(i = 0; i < member_count; i++){ + pwp->pw_admin_user[count++] = slapi_sdn_new_dn_passin(member_vals[i]); + } + } + slapi_ch_free((void**)&uniquemember_vals); + slapi_ch_free((void**)&member_vals); + } else { + /* It's a single user */ + pwp->pw_admin_user = (Slapi_DN **)slapi_ch_calloc(2, sizeof(Slapi_DN *)); + pwp->pw_admin_user[0] = slapi_sdn_dup(sdn); + } + slapi_free_search_results_internal(pb); + slapi_pblock_destroy(pb); +} + /* This function creates a passwdPolicy structure, loads it from either * slapdFrontendconfig or the entry pointed by pwdpolicysubentry and * returns the structure. @@ -1625,10 +1720,13 @@ "--local policy entry not found\n", dn); goto done; } - + /* set the default passwordLegacyPolicy setting */ pwdpolicy->pw_is_legacy = 1; + /* set passwordTrackUpdateTime */ + pwdpolicy->pw_track_update_time = slapdFrontendConfig->pw_policy.pw_track_update_time; + for (slapi_entry_first_attr(pw_entry, &attr); attr; slapi_entry_next_attr(pw_entry, attr, &attr)) { @@ -1828,6 +1926,13 @@ pw_boolean_str2value(slapi_value_get_string(*sval)); } } + else + if (!strcasecmp(attr_name, "passwordAdminDN")) { + if ((sval = attr_get_present_values(attr))) { + pwdpolicy->pw_admin = slapi_sdn_new_dn_byval(slapi_value_get_string(*sval)); + pw_get_admin_users(pwdpolicy); + } + } } /* end of for() loop */ if (pw_entry) { slapi_entry_free(pw_entry); @@ -1848,6 +1953,8 @@ *pwdscheme = *slapdFrontendConfig->pw_storagescheme; pwdscheme->pws_name = strdup( slapdFrontendConfig->pw_storagescheme->pws_name ); pwdpolicy->pw_storagescheme = pwdscheme; + pwdpolicy->pw_admin = slapi_sdn_dup(slapdFrontendConfig->pw_policy.pw_admin); + pw_get_admin_users(pwdpolicy); return pwdpolicy; @@ -1858,6 +1965,15 @@ { if (pwpolicy && *pwpolicy) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/pw.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/pw.h
Changed
@@ -86,6 +86,7 @@ int checkPrefix(char *cipher, char *schemaName, char **encrypt); struct passwordpolicyarray *new_passwdPolicy ( Slapi_PBlock *pb, const char *dn ); void delete_passwdPolicy( struct passwordpolicyarray **pwpolicy); +int pw_is_pwp_admin(Slapi_PBlock *pb, struct passwordpolicyarray *pwp); /* function for checking the values of fine grained password policy attributes */ int check_pw_duration_value( const char *attr_name, char *value, long minval, long maxval, char *errorbuf );
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/pw_mgmt.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/pw_mgmt.c
Changed
@@ -68,6 +68,9 @@ int pwdGraceUserTime = 0; char graceUserTime[8]; + if (NULL == e) { + return (-1); + } slapi_mods_init (&smods, 0); sdn = slapi_entry_get_sdn_const( e ); dn = slapi_entry_get_ndn( e );
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/rdn.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/rdn.c
Changed
@@ -479,25 +479,17 @@ PR_ASSERT(NULL != value); if(rdn->rdn==NULL) { - /* type=value '\0' */ - rdn->rdn= slapi_ch_malloc(strlen(type)+1+strlen(value)+1); - strcpy( rdn->rdn, type ); - strcat( rdn->rdn, "=" ); - strcat( rdn->rdn, value ); + /* type=value '\0' */ + rdn->rdn = slapi_create_dn_string("%s=%s", type, value); } else { - /* type=value+rdn '\0' */ - char *newrdn= slapi_ch_malloc(strlen(type)+1+strlen(value)+1+strlen(rdn->rdn)+1); - strcpy( newrdn, type ); - strcat( newrdn, "=" ); - strcat( newrdn, value ); - strcat( newrdn, "+" ); - strcat( newrdn, rdn->rdn ); - slapi_ch_free((void**)&rdn->rdn); - rdn->rdn= newrdn; - } - slapi_unsetbit_uchar(rdn->flag,FLAG_RDNS); + /* type=value+rdn '\0' */ + char *newrdn = slapi_create_dn_string("%s=%s+%s", type, value, rdn->rdn); + slapi_ch_free_string(&rdn->rdn); + rdn->rdn = newrdn; + } + slapi_unsetbit_uchar(rdn->flag,FLAG_RDNS); return 1; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/regex.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/regex.c
Changed
@@ -161,7 +161,7 @@ int pin; int *ovector; char *mydst; - const char *prev, *next; + const char *prev; const char *substring_start; const char *p; @@ -179,8 +179,7 @@ for (p = src; *p != '\0'; p++) { if ('&' == *p) { /* Don't replace '&' if it's a filter AND: "(&(cn=a)(sn=b))" */ - next = p; - if(!filter || (*prev != '(' && *next++ != '(')){ + if(!filter || !(*prev == '(' && *(p+1) == '(')){ if (re_handle->re_oveccount <= 1) { memset(*dst, '\0', dstlen); return -1; @@ -188,6 +187,11 @@ substring_start = subject + ovector[0]; thislen = ovector[1] - ovector[0]; len += thislen; + } else { /* is a filter AND clause */ + /* just copy it into the filter */ + substring_start = p; + thislen = 1; + len++; } } else if (('\\' == *p) && ('0' <= *(p+1) && *(p+1) <= '9')) { pin = *(++p) - '0';
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/result.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/result.c
Changed
@@ -1618,7 +1618,8 @@ static struct slapi_note_map notemap[] = { { SLAPI_OP_NOTE_UNINDEXED, "U" }, - { SLAPI_OP_NOTE_SIMPLEPAGED, "P" } + { SLAPI_OP_NOTE_SIMPLEPAGED, "P" }, + { SLAPI_OP_NOTE_FULL_UNINDEXED, "A" } }; #define SLAPI_NOTEMAP_COUNT ( sizeof(notemap) / sizeof(struct slapi_note_map))
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/saslbind.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/saslbind.c
Changed
@@ -219,34 +219,6 @@ return SASL_OK; } -static int ids_sasl_proxy_policy( - sasl_conn_t *conn, - void *context, - const char *requested_user, int rlen, - const char *auth_identity, int alen, - const char *def_realm, int urlen, - struct propctx *propctx -) -{ - int retVal = SASL_OK; - /* do not permit sasl proxy authorization */ - /* if the auth_identity is null or empty string, allow the sasl request to go thru */ - if ( (auth_identity != NULL ) && ( strlen(auth_identity) > 0 ) ) { - Slapi_DN authId , reqUser; - slapi_sdn_init_dn_byref(&authId,auth_identity); - slapi_sdn_init_dn_byref(&reqUser,requested_user); - if (slapi_sdn_compare((const Slapi_DN *)&reqUser,(const Slapi_DN *) &authId) != 0) { - LDAPDebug(LDAP_DEBUG_TRACE, - "sasl proxy auth not permitted authid=%s user=%s\n", - auth_identity, requested_user, 0); - retVal = SASL_NOAUTHZ; - } - slapi_sdn_done(&authId); - slapi_sdn_done(&reqUser); - } - return retVal; -} - static void ids_sasl_user_search( char *basedn, int scope, @@ -526,7 +498,7 @@ * 64-bit Linux machines, and /usr/lib/sasl2 on all other platforms. */ char *pluginpath = config_get_saslpath(); - if ((!pluginpath) || (*pluginpath == '\0')) { + if (!pluginpath) { if (!(pluginpath = getenv("SASL_PATH"))) { #if defined(LINUX) && defined(__LP64__) pluginpath = "/usr/lib64/sasl2"; @@ -552,11 +524,6 @@ NULL }, { - SASL_CB_PROXY_POLICY, - (IFP) ids_sasl_proxy_policy, - NULL - }, - { SASL_CB_CANON_USER, (IFP) ids_sasl_canon_user, NULL @@ -659,7 +626,7 @@ } /* Enable security for this connection */ - secprops.maxbufsize = 2048; /* DBDB: hack */ + secprops.maxbufsize = config_get_sasl_maxbufsize(); secprops.max_ssf = 0xffffffff; secprops.min_ssf = config_get_minssf(); /* If anonymous access is disabled, set the appropriate flag */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/schema.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/schema.c
Changed
@@ -1406,7 +1406,7 @@ aew.flag=flag; attr_syntax_enumerate_attrs(schema_list_attributes_callback, &aew, - PR_FALSE); + PR_FALSE); return aew.attrs; } @@ -2409,8 +2409,9 @@ schema_replace_attributes ( Slapi_PBlock *pb, LDAPMod *mod, char *errorbuf, size_t errorbufsize ) { - int i, rc = LDAP_SUCCESS; - struct asyntaxinfo *newasip, *oldasip; + int i, rc = LDAP_SUCCESS; + struct asyntaxinfo *newasip, *oldasip; + PRUint32 schema_flags = 0; if ( NULL == mod->mod_bvalues ) { schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at, @@ -2418,8 +2419,11 @@ return LDAP_UNWILLING_TO_PERFORM; } - /* clear all of the "keep" flags */ - attr_syntax_all_clear_flag( SLAPI_ATTR_FLAG_KEEP ); + slapi_pblock_get(pb, SLAPI_SCHEMA_FLAGS, &schema_flags); + if (!(schema_flags & (DSE_SCHEMA_NO_LOAD|DSE_SCHEMA_NO_CHECK))) { + /* clear all of the "keep" flags unless it's from schema-reload */ + attr_syntax_all_clear_flag( SLAPI_ATTR_FLAG_KEEP ); + } for ( i = 0; mod->mod_bvalues[i] != NULL; ++i ) { if ( LDAP_SUCCESS != ( rc = read_at_ldif( mod->mod_bvalues[i]->bv_val, @@ -2477,12 +2481,14 @@ * XXXmcs: we should consider reporting an error if any read only types * remain.... */ - attr_syntax_delete_all_not_flagged( SLAPI_ATTR_FLAG_KEEP - | SLAPI_ATTR_FLAG_STD_ATTR ); + attr_syntax_delete_all_not_flagged( SLAPI_ATTR_FLAG_KEEP | + SLAPI_ATTR_FLAG_STD_ATTR ); clean_up_and_return: - /* clear all of the "keep" flags */ - attr_syntax_all_clear_flag( SLAPI_ATTR_FLAG_KEEP ); + if (!(schema_flags & (DSE_SCHEMA_NO_LOAD|DSE_SCHEMA_NO_CHECK))) { + /* clear all of the "keep" flags unless it's from schema-reload */ + attr_syntax_all_clear_flag( SLAPI_ATTR_FLAG_KEEP ); + } return rc; } @@ -3077,11 +3083,11 @@ pnew_oc->oc_kind = kind; *oc = pnew_oc; + return read_oc_ldif_return( LDAP_SUCCESS, pOcOid, psbOcName, pOcSup, oc_origins, num_origins, pOcDesc ); } - static void oc_free( struct objclass **ocp ) { @@ -3898,14 +3904,12 @@ int primary_file = 0; /* this is the primary (writeable) schema file */ int schema_ds4x_compat = config_get_ds4_compatible_schema(); PRUint32 flags = *(PRUint32 *)arg; - flags |= DSE_SCHEMA_NO_GLOCK; /* don't lock global resources - during initialization */ *returncode = 0; /* * Note: there is no need to call schema_lock_write() here because this - * function is only called during server startup. + * function is only called during server startup. */ slapi_pblock_get( pb, SLAPI_DSE_IS_PRIMARY_FILE, &primary_file ); @@ -3947,6 +3951,8 @@ if (*returncode) return SLAPI_DSE_CALLBACK_ERROR; + flags |= DSE_SCHEMA_NO_GLOCK; /* don't lock global resources + during initialization */ if (!slapi_entry_attr_find(e, "objectclasses", &attr) && attr) { /* enumerate the values in attr */ @@ -3963,7 +3969,9 @@ if ( LDAP_SUCCESS != (*returncode = read_oc_ldif(s, &oc, returntext, SLAPI_DSE_RETURNTEXT_SIZE, flags, primary_file /* force user defined? */, - schema_ds4x_compat))) { + schema_ds4x_compat))) + { + oc_free( &oc ); break; } if (flags & DSE_SCHEMA_NO_LOAD) @@ -4017,7 +4025,6 @@ * DSE_SCHEMA_NO_CHECK -- schema won't be checked * DSE_SCHEMA_NO_BACKEND -- don't add as backend * DSE_SCHEMA_LOCKED -- already locked; no further lock needed - */ static int init_schema_dse_ext(char *schemadir, Slapi_Backend *be, @@ -4123,7 +4130,7 @@ "DESC 'Standard schema for LDAP' SYNTAX " "1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2252' )", NULL, errorbuf, SLAPI_DSE_RETURNTEXT_SIZE, - DSE_SCHEMA_NO_GLOCK|schema_flags, 0, 0, 0); + schema_flags, 0, 0, 0); } if (rc) { @@ -4196,7 +4203,7 @@ { schemadir = slapi_ch_smprintf("%s/%s", configdir, SCHEMA_SUBDIR_NAME); } - rc = init_schema_dse_ext(schemadir, NULL, &pschemadse, 0); + rc = init_schema_dse_ext(schemadir, NULL, &pschemadse, DSE_SCHEMA_NO_GLOCK); slapi_ch_free_string(&schemadir); return rc; } @@ -4700,11 +4707,11 @@ * oc_unlock(); */ static void -va_expand_one_oc( const char *dn, Slapi_Value ***vap, const char *ocs ) +va_expand_one_oc( const char *dn, const Slapi_Attr *a, Slapi_ValueSet *vs, const char *ocs ) { struct objclass *this_oc, *sup_oc; - int p,i; - Slapi_Value **newva; + int p; + Slapi_Value **va = vs->va; this_oc = oc_find_nolock( ocs ); @@ -4721,29 +4728,18 @@ return; /* superior is unknown -- ignore */ } - p = va_locate_oc_val( *vap, sup_oc->oc_name, sup_oc->oc_oid ); + p = va_locate_oc_val( va, sup_oc->oc_name, sup_oc->oc_oid ); if ( p != -1 ) { return; /* value already present -- done! */ } - /* parent was not found. add to the end */ - for ( i = 0; (*vap)[i] != NULL; i++ ) { - ; - } - - /* prevent loops: stop if more than 1000 OC values are present */ - if ( i > 1000 ) { + if ( slapi_valueset_count(vs) > 1000 ) { return; } - newva = (Slapi_Value **)slapi_ch_realloc( (char *)*vap, - ( i + 2 )*sizeof(Slapi_Value *)); - - newva[i] = slapi_value_new_string(sup_oc->oc_name); - newva[i+1] = NULL; - - *vap = newva; + slapi_valueset_add_attr_value_ext(a, vs, slapi_value_new_string(sup_oc->oc_name), SLAPI_VALUE_FLAG_PASSIN); + LDAPDebug( LDAP_DEBUG_TRACE, "Entry \"%s\": added missing objectClass value %s\n", dn, sup_oc->oc_name, 0 ); @@ -4755,11 +4751,12 @@ * All missing superior classes are added to the objectClass attribute, as * is 'top' if it is missing. */ -void -slapi_schema_expand_objectclasses( Slapi_Entry *e ) +static void +schema_expand_objectclasses_ext( Slapi_Entry *e, int lock) { Slapi_Attr *sa; - Slapi_Value **va; + Slapi_Value *v; + Slapi_ValueSet *vs; const char *dn = slapi_entry_get_dn_const( e ); int i; @@ -4767,76 +4764,41 @@ return; /* no OC values -- nothing to do */ } - va = attr_get_present_values( sa ); -
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/search.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/search.c
Changed
@@ -141,7 +141,7 @@ /* If anonymous access is only allowed for searching the root DSE, * we need to reject any other anonymous search attempts. */ if ((slapi_sdn_get_dn(&(operation->o_sdn)) == NULL) && - (scope != LDAP_SCOPE_BASE) && + ((rawbase && strlen(rawbase) > 0) || (scope != LDAP_SCOPE_BASE)) && (config_get_anon_access_switch() == SLAPD_ANON_ACCESS_ROOTDSE)) { op_shared_log_error_access(pb, "SRCH", rawbase?rawbase:"", "anonymous search not allowed"); @@ -246,8 +246,6 @@ } if ( attrs != NULL ) { - int gerattrsiz = 1; - int gerattridx = 0; int aciin = 0; /* * . store gerattrs if any @@ -257,66 +255,25 @@ { char *p = NULL; /* check if @<objectclass> is included */ - p = strchr(attrs[i], '@'); - if ( p && '\0' != *(p+1) ) /* don't store "*@", e.g. */ + p = strchr(attrs[i], '@'); + if ( p ) { - int j = 0; - if (gerattridx + 1 >= gerattrsiz) + char *dummyary[2]; /* need a char ** for charray_merge_nodup */ + if ((*(p + 1) == '\0') || (p == attrs[i]) || (strchr(p+1, '@'))) /* e.g. "foo@" or "@objectclassname" or "foo@bar@baz" */ { - char **tmpgerattrs; - gerattrsiz *= 2; - tmpgerattrs = - (char **)slapi_ch_calloc(1, gerattrsiz*sizeof(char *)); - if (NULL != gerattrs) - { - memcpy(tmpgerattrs, gerattrs, gerattrsiz*sizeof(char *)); - slapi_ch_free((void **)&gerattrs); - } - gerattrs = tmpgerattrs; - } - for ( j = 0; gerattrs; j++ ) - { - char *attri = NULL; - if ( NULL == gerattrs[j] ) - { - if (0 == j) - { - /* first time */ - gerattrs[gerattridx++] = attrs[i]; - /* get rid of "@<objectclass>" part from the attr - list, which is needed only in gerattr list */ - *p = '\0'; - attri = slapi_ch_strdup(attrs[i]); - attrs[i] = attri; - *p = '@'; - } - else - { - break; /* done */ - } - } - else if ( 0 == strcasecmp( attrs[i], gerattrs[j] )) - { - /* skip if attrs[i] is already in gerattrs */ - continue; - } - else - { - char *q = strchr(gerattrs[j], '@'); /* q never be 0 */ - if ( 0 != strcasecmp( p+1, q+1 )) - { - /* you don't want to display the same template - entry multiple times */ - gerattrs[gerattridx++] = attrs[i]; - } - /* get rid of "@<objectclass>" part from the attr - list, which is needed only in gerattr list */ - *p = '\0'; - attri = slapi_ch_strdup(attrs[i]); - attrs[i] = attri; - *p = '@'; - } + slapi_log_error( SLAPI_LOG_ARGS, "do_search", + "invalid attribute [%s] in list - must be of the form " + "attributename@objectclassname where attributename is the " + "name of an attribute or \"*\" or \"+\" and objectclassname " + "is the name of an objectclass\n", attrs[i] ); + continue; } + dummyary[0] = p; /* p = @objectclassname */ + dummyary[1] = NULL; + /* copy string to gerattrs with leading @ - disallow dups */ + charray_merge_nodup(&gerattrs, dummyary, 1); + /* null terminate the attribute name at the @ after it has been copied */ + *p = '\0'; } else if ( !aciin && strcasecmp(attrs[i], LDAP_ALL_USER_ATTRS) == 0 ) { @@ -324,11 +281,9 @@ aciin = 1; } } - if (NULL != gerattrs) - { - gerattrs[gerattridx] = NULL; - } + /* Set attrs to SLAPI_SEARCH_ATTRS once to get rid of the forbidden attrs */ + slapi_pblock_set( pb, SLAPI_SEARCH_ATTRS, attrs ); operation->o_searchattrs = cool_charray_dup( attrs ); for ( i = 0; attrs[i] != NULL; i++ ) { char *type; @@ -338,7 +293,7 @@ attrs[i] = type; } } - if ( slapd_ldap_debug & LDAP_DEBUG_ARGS ) { + if ( slapd_ldap_debug & LDAP_DEBUG_ARGS ) { char abuf[ 1024 ], *astr; if ( NULL == attrs ) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/slap.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/slap.h
Changed
@@ -439,8 +439,14 @@ * struct slapi_value_tree *vt; * }; */ + +/* It is a useless layer, always use the valuarray fast version */ +#define VALUE_SORT_THRESHOLD 10 struct slapi_value_set { + int num; /* The number of values in the array */ + int max; /* The number of slots in the array */ + int *sorted; /* sorted array of indices, if NULL va is not sorted */ struct slapi_value **va; }; @@ -510,8 +516,9 @@ if any */ #define SLAPI_ATTR_FLAG_NOLOCKING 0x0020 /* the init code doesn't lock the tables */ -#define SLAPI_ATTR_FLAG_CMP_BITBYBIT 0x4000 /* do memcmp, not syntax cmp */ #define SLAPI_ATTR_FLAG_KEEP 0x8000 /* keep when replacing all */ +#define SLAPI_ATTR_FLAG_SYNTAX_LOOKUP_DONE 0x010000 /* syntax lookup done, flag set */ +#define SLAPI_ATTR_FLAG_SYNTAX_IS_DN 0x020000 /* syntax lookup done, flag set */ /* This is the type of the function passed into attr_syntax_enumerate_attrs */ typedef int (*AttrEnumFunc)(struct asyntaxinfo *asi, void *arg); @@ -1340,6 +1347,7 @@ unsigned long o_abandoned_op; /* operation abandoned by this operation - used to decide which plugins to invoke */ struct slapi_operation_parameters o_params; struct slapi_operation_results o_results; + int o_pagedresults_sizelimit; } Operation; /* @@ -1368,6 +1376,7 @@ time_t pr_timelimit; /* time limit for this request */ int pr_flags; ber_int_t pr_msgid; /* msgid of the request; to abandon */ + PRLock *pr_mutex; /* protect each conn structure */ } PagedResults; /* array of simple paged structure stashed in connection */ @@ -1461,16 +1470,17 @@ * successfully completed. */ -#define CONN_FLAG_PAGEDRESULTS_WITH_SORT 64 /* paged results control is - * sent with server side sorting - */ +#define CONN_FLAG_PAGEDRESULTS_WITH_SORT 64/* paged results control is + * sent with server side sorting + */ -#define CONN_FLAG_PAGEDRESULTS_UNINDEXED 128 /* If the search is unindexed, +#define CONN_FLAG_PAGEDRESULTS_UNINDEXED 128/* If the search is unindexed, * store the info in c_flags */ -#define CONN_FLAG_PAGEDRESULTS_PROCESSING 256 /* there is an operation - * processing a pagedresults search - */ +#define CONN_FLAG_PAGEDRESULTS_PROCESSING 256/* there is an operation + * processing a pagedresults search + */ +#define CONN_FLAG_PAGEDRESULTS_ABANDONED 512/* pagedresults abandoned */ #define CONN_GET_SORT_RESULT_CODE (-1) #define START_TLS_OID "1.3.6.1.4.1.1466.20037" @@ -2001,8 +2011,26 @@ #define CONFIG_DISK_MONITORING "nsslapd-disk-monitoring" #define CONFIG_DISK_THRESHOLD "nsslapd-disk-monitoring-threshold" #define CONFIG_DISK_GRACE_PERIOD "nsslapd-disk-monitoring-grace-period" -#define CONFIG_DISK_PRESERVE_LOGGING "nsslapd-disk-monitoring-preserve-logging" #define CONFIG_DISK_LOGGING_CRITICAL "nsslapd-disk-monitoring-logging-critical" +#define CONFIG_SASL_MAXBUFSIZE "nsslapd-sasl-max-buffer-size" +#define CONFIG_LISTEN_BACKLOG_SIZE "nsslapd-listen-backlog-size" +#define CONFIG_IGNORE_TIME_SKEW "nsslapd-ignore-time-skew" +#define CONFIG_PW_ADMIN_DN_ATTRIBUTE "passwordAdminDN" + +/* getenv alternative */ +#define CONFIG_MALLOC_MXFAST "nsslapd-malloc-mxfast" +#define CONFIG_MALLOC_TRIM_THRESHOLD "nsslapd-malloc-trim-threshold" +#define CONFIG_MALLOC_MMAP_THRESHOLD "nsslapd-malloc-mmap-threshold" + +#define DEFAULT_MALLOC_UNSET (-10) + +/* + * Define the backlog number for use in listen() call. + * We use the same definition as in ldapserver/include/base/systems.h + */ +#ifndef DAEMON_LISTEN_SIZE +#define DAEMON_LISTEN_SIZE 128 +#endif #ifdef MEMPOOL_EXPERIMENTAL #define CONFIG_MEMPOOL_SWITCH_ATTRIBUTE "nsslapd-mempool" @@ -2051,6 +2079,8 @@ int pw_is_legacy; int pw_track_update_time; struct pw_scheme *pw_storagescheme; + Slapi_DN *pw_admin; + Slapi_DN **pw_admin_user; } passwdPolicy; typedef struct _slapdFrontendConfig { @@ -2216,6 +2246,7 @@ int minssf_exclude_rootdse; /* ON: minssf is ignored when searching rootdse */ size_t maxsasliosize; /* limit incoming SASL IO packet size */ char *anon_limits_dn; /* template entry for anonymous resource limits */ + int listen_backlog_size; /* size of backlog parameter to PR_Listen */ #ifndef _WIN32 struct passwd *localuserinfo; /* userinfo of localuser */ #endif /* _WIN32 */ @@ -2231,13 +2262,19 @@ char *entryusn_import_init; /* Entry USN: determine the initital value of import */ int pagedsizelimit; char *default_naming_context; /* Default naming context (normalized) */ + int sasl_max_bufsize; /* The max receive buffer size for SASL */ /* disk monitoring */ int disk_monitoring; - int disk_threshold; + PRInt64 disk_threshold; int disk_grace_period; - int disk_preserve_logging; int disk_logging_critical; + int ignore_time_skew; +#if defined(LINUX) + int malloc_mxfast; /* mallopt M_MXFAST */ + int malloc_trim_threshold; /* mallopt M_TRIM_THRESHOLD */ + int malloc_mmap_threshold; /* mallopt M_MMAP_THRESHOLD */ +#endif } slapdFrontendConfig_t; /* possible values for slapdFrontendConfig_t.schemareplace */
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/slapi-plugin.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/slapi-plugin.h
Changed
@@ -65,6 +65,7 @@ #include "prtypes.h" #include "ldap.h" #include "prprf.h" +#include "nspr.h" NSPR_API(PRUint32) PR_snprintf(char *out, PRUint32 outlen, const char *fmt, ...) #ifdef __GNUC__ __attribute__ ((format (printf, 3, 4))); @@ -106,6 +107,13 @@ #define BERLEN_T "u" #endif +#define DEFINETOSTR(xxx) #xxx +#define STRINGIFYDEFINE(xxx) DEFINETOSTR(xxx) + +/* Common check on berval before accessing the contents. */ +/* bv is a struct berval *bv */ +#define BV_HAS_DATA(bv) ((bv != NULL) && (bv->bv_len > 0) && (bv->bv_val != NULL)) + /* * The slapi_attr_get_flags() routine returns a bitmap that contains one or * more of these values. @@ -355,6 +363,10 @@ #define LDAP_MAXINT (2147483647) #endif +#ifndef LDAP_CANCELLED +#define LDAP_CANCELLED 0x76 +#endif + /* * Sequential access types */ @@ -384,9 +396,22 @@ #define SLAPI_ATTR_OBJECTCLASS "objectclass" #define SLAPI_ATTR_VALUE_TOMBSTONE "nsTombstone" #define SLAPI_ATTR_VALUE_PARENT_UNIQUEID "nsParentUniqueID" +#define SLAPI_ATTR_VALUE_SUBENTRY "ldapsubentry" #define SLAPI_ATTR_NSCP_ENTRYDN "nscpEntryDN" #define SLAPI_ATTR_ENTRYUSN "entryusn" -#define SLAPI_ATTR_ENTRYDN "entrydn" +#define SLAPI_ATTR_ENTRYDN "entrydn" +#define SLAPI_ATTR_DN "dn" +#define SLAPI_ATTR_RDN "rdn" +#define SLAPI_ATTR_UNIQUEID_LENGTH 10 +#define SLAPI_ATTR_OBJECTCLASS_LENGTH 11 +#define SLAPI_ATTR_VALUE_TOMBSTONE_LENGTH 11 +#define SLAPI_ATTR_VALUE_PARENT_UNIQUEID_LENGTH 16 +#define SLAPI_ATTR_VALUE_SUBENTRY_LENGTH 12 +#define SLAPI_ATTR_NSCP_ENTRYDN_LENGTH 11 +#define SLAPI_ATTR_ENTRYUSN_LENGTH 8 +#define SLAPI_ATTR_ENTRYDN_LENGTH 7 +#define SLAPI_ATTR_DN_LENGTH 2 +#define SLAPI_ATTR_RDN_LENGTH 3 /* opaque structures */ @@ -1597,6 +1622,38 @@ * be \c NULL terminated so that they can be used safely in a string context. If there * are no values, \c NULL will be returned. Because the array is \c NULL terminated, * the usage should be similar to the sample shown below: + * + * \code + * char **ary = slapi_entry_attr_get_charray(e, someattr); + * int ii; + * for (ii = 0; ary && ary[ii]; ++ii) { + * char *strval = ary[ii]; + * ... + * } + * slapi_ch_array_free(ary); + * \endcode + * + * \param e Entry from which you want to get the values. + * \param type Attribute type from which you want to get the values. + * \param numVals The number of attribute values will be stored in this variable. + * \return A copy of all the values of the attribute. + * \return \c NULL if the entry does not contain the attribute or if the attribute + * has no values. + * \warning When you are done working with the values, free them from memory by calling + * the slapi_ch_array_free() function. + * \see slapi_entry_attr_get_charptr() + */ +char **slapi_entry_attr_get_charray_ext( const Slapi_Entry* e, const char *type, int *numVals); + +/** + * Gets the values of a multi-valued attribute of an entry. + * + * This function is very similar to slapi_entry_attr_get_charptr(), except that it + * returns a <tt>char **</tt> array for multi-valued attributes. The array and all + * values are copies. Even if the attribute values are not strings, they will still + * be \c NULL terminated so that they can be used safely in a string context. If there + * are no values, \c NULL will be returned. Because the array is \c NULL terminated, + * the usage should be similar to the sample shown below: * * \code * char **ary = slapi_entry_attr_get_charray(e, someattr); @@ -1763,6 +1820,16 @@ void slapi_entry_attr_set_long(Slapi_Entry* e, const char *type, long l); /** + * Replaces the value or values of an attribute in an entry with a specified long long + * data type value. + * + * \param e Entry in which you want to set the value. + * \param type Attribute type in which you want to set the value. + * \param l Long Long integer value that you want to assign to the attribute. + */ +void slapi_entry_attr_set_longlong( Slapi_Entry* e, const char *type, long long l); + +/** * Replaces the value or values of an attribute in an entry with a specified unsigned * long data type value. * @@ -2693,6 +2760,24 @@ int slapi_sdn_scope_test( const Slapi_DN *dn, const Slapi_DN *base, int scope ); /** + * Checks if a DN is within a specified scope under a specified base DN. + * This api adjusts tombstoned DN when comparing with the base dn. + * + * \param dn A pointer to the \c Slapi_DN structure to test. + * \param base The base DN against which \c dn is going to be tested. + * \param scope The scope tested. Valid scopes are: + * \arg \c LDAP_SCOPE_BASE + * \arg \c LDAP_SCOPE_ONELEVEL + * \arg \c LDAP_SCOPE_SUBTREE + * \param flags 0 or SLAPI_ENTRY_FLAG_TOMBSTONE + * \return non-zero if \c dn matches the scoping criteria given by \c base and \c scope. + * \see slapi_sdn_compare() + * \see slapi_sdn_isparent() + * \see slapi_sdn_issuffix() + */ +int slapi_sdn_scope_test_ext( const Slapi_DN *dn, const Slapi_DN *base, int scope, int flags ); + +/** * Retreives the RDN from a given DN. * * This function takes the DN stored in the \c Slapi_DN structure pointed to @@ -4545,6 +4630,7 @@ #define SLAPI_VALUE_FLAG_IGNOREERROR 0x2 #define SLAPI_VALUE_FLAG_PRESERVECSNSET 0x4 #define SLAPI_VALUE_FLAG_USENEWVALUE 0x8 /* see valueset_remove_valuearray */ +#define SLAPI_VALUE_FLAG_DUPCHECK 0x10 /* used in valueset_add... */ /** * Creates an empty \c Slapi_ValueSet structure. @@ -4638,7 +4724,8 @@ * \see slapi_valueset_first_value() * \see slapi_valueset_next_value() */ -void slapi_valueset_add_value_ext(Slapi_ValueSet *vs, Slapi_Value *addval, unsigned long flags); +void slapi_valueset_add_value_ext(Slapi_ValueSet *vs, const Slapi_Value *addval, unsigned long flags); +int slapi_valueset_add_attr_value_ext(const Slapi_Attr *a, Slapi_ValueSet *vs, Slapi_Value *addval, unsigned long flags); /** * Gets the first value in a \c Slapi_ValueSet structure. @@ -4694,6 +4781,16 @@ int slapi_valueset_count( const Slapi_ValueSet *vs); /** + * Checks if a \c Slapi_ValueSet structure has values + * + * \param vs Pointer to the \c Slapi_ValueSet structure of which + * you wish to get the count. + * \return 1 if there are no values contained in the \c Slapi_ValueSet structure. + * \return 0 if there are values contained in the \c Slapi_ValueSet structure. + */ +int slapi_valueset_isempty( const Slapi_ValueSet *vs); + +/** * Initializes a \c Slapi_ValueSet with copies of the values of a \c Slapi_Mod structure. * * \param vs Pointer to the \c Slapi_ValueSet structure into which @@ -4724,6 +4821,7 @@ * \see slapi_valueset_done() */ void slapi_valueset_set_valueset(Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2); +void slapi_valueset_join_attr_valueset(const Slapi_Attr *a, Slapi_ValueSet *vs1, const Slapi_ValueSet *vs2); /** * Finds a requested value in a valueset. @@ -6567,6 +6665,7 @@ #define SLAPI_OPERATION_NOTES 57 #define SLAPI_OP_NOTE_UNINDEXED 0x01 #define SLAPI_OP_NOTE_SIMPLEPAGED 0x02 +#define SLAPI_OP_NOTE_FULL_UNINDEXED 0x04 /* Allows controls to be passed before operation object is created */ #define SLAPI_CONTROLS_ARG 58 @@ -6844,6 +6943,15 @@ #endif void slapi_ldif_put_type_and_value_with_options( char **out, const char *t, const char *val, int vlen, unsigned long options ); +/* ldif_read_record lineno argument type depends on openldap version */ +#if defined(USE_OPENLDAP) +#if LDAP_VENDOR_VERSION >= 20434 /* changed in 2.4.34 */ +typedef unsigned long int ldif_record_lineno_t; +#else +typedef int ldif_record_lineno_t; +#endif
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/slapi-private.h -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/slapi-private.h
Changed
@@ -196,6 +196,8 @@ PRUint16 csn_get_subseqnum(const CSN *csn); char *csn_as_string(const CSN *csn, PRBool replicaIdOrder, char *ss); /* WARNING: ss must be CSN_STRSIZE bytes, or NULL. */ int csn_compare(const CSN *csn1, const CSN *csn2); +int csn_compare_ext(const CSN *csn1, const CSN *csn2, unsigned int flags); +#define CSN_COMPARE_SKIP_SUBSEQ 0x1 time_t csn_time_difference(const CSN *csn1, const CSN *csn2); size_t csn_string_size(); char *csn_as_attr_option_string(CSNType t,const CSN *csn,char *ss); @@ -331,7 +333,7 @@ /* entry.c */ int entry_apply_mods( Slapi_Entry *e, LDAPMod **mods ); int is_type_protected(const char *type); - +int entry_apply_mods_ignore_error( Slapi_Entry *e, LDAPMod **mods, int ignore_error ); int slapi_entries_diff(Slapi_Entry **old_entries, Slapi_Entry **new_entries, int testall, const char *logging_prestr, const int force_update, void *plg_id); /* entrywsi.c */ @@ -352,6 +354,7 @@ Slapi_Attr *slapi_attr_init_locking_optional(Slapi_Attr *a, const char *type, PRBool use_lock); int attr_set_csn( Slapi_Attr *a, const CSN *csn); int attr_set_deletion_csn( Slapi_Attr *a, const CSN *csn); +int slapi_attr_init_syntax(Slapi_Attr *a); const CSN *attr_get_deletion_csn(const Slapi_Attr *a); int attr_first_deleted_value( Slapi_Attr *a, Slapi_Value **v ); int attr_next_deleted_value( Slapi_Attr *a, int hint, Slapi_Value **v); @@ -831,9 +834,12 @@ * the very least before we make them public. */ void valuearray_add_value(Slapi_Value ***vals, const Slapi_Value *addval); -void valuearray_add_value_fast(Slapi_Value ***vals, Slapi_Value *addval, int nvals, int *maxvals, int exact, int passin); void valuearray_add_valuearray( Slapi_Value ***vals, Slapi_Value **addvals, PRUint32 flags ); void valuearray_add_valuearray_fast( Slapi_Value ***vals, Slapi_Value **addvals, int nvals, int naddvals, int *maxvals, int exact, int passin ); +Slapi_Value * valueset_find_sorted (const Slapi_Attr *a, const Slapi_ValueSet *vs, const Slapi_Value *v, int *index); +int valueset_insert_value_to_sorted(const Slapi_Attr *a, Slapi_ValueSet *vs, Slapi_Value *vi, int dupcheck); +void valueset_array_to_sorted (const Slapi_Attr *a, Slapi_ValueSet *vs); +int slapi_valueset_add_attr_valuearray_ext(const Slapi_Attr *a, Slapi_ValueSet *vs, Slapi_Value **addval, int nvals, unsigned long flags, int *dup_index); int valuearray_find(const Slapi_Attr *a, Slapi_Value **va, const Slapi_Value *v); int valuearray_dn_normalize_value(Slapi_Value **vals); @@ -1247,6 +1253,16 @@ /* attrsyntax.c */ int slapi_add_internal_attr_syntax( const char *name, const char *oid, const char *syntax, const char *mr_equality, unsigned long extraflags ); +/* pw.c */ +void pw_exp_init ( void ); +int pw_copy_entry_ext(Slapi_Entry *src_e, Slapi_Entry *dest_e); + +/* op_shared.c */ +void modify_update_last_modified_attr(Slapi_PBlock *pb, Slapi_Mods *smods); + +/* add.c */ +void add_internal_modifiersname(Slapi_PBlock *pb, Slapi_Entry *e); + #ifdef __cplusplus } #endif
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/snmp_collator.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/snmp_collator.c
Changed
@@ -738,8 +738,10 @@ /* set the cache hits/cache entries info */ be = slapi_get_first_backend(&cookie); - if (!be) + if (!be){ + slapi_ch_free ((void **) &cookie); return; + } be_next = slapi_get_next_backend(cookie);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/sort.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/sort.c
Changed
@@ -58,12 +58,14 @@ slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx); if (code == CONN_GET_SORT_RESULT_CODE) { - code = pagedresults_get_sort_result_code(pb->pb_conn, pr_idx); + code = pagedresults_get_sort_result_code(pb->pb_conn, + pb->pb_op, pr_idx); } else { Slapi_Operation *operation; slapi_pblock_get (pb, SLAPI_OPERATION, &operation); if (op_is_pagedresults(operation)) { - pagedresults_set_sort_result_code(pb->pb_conn, code, pr_idx); + pagedresults_set_sort_result_code(pb->pb_conn, + pb->pb_op, code, pr_idx); } }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/ssl.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/ssl.c
Changed
@@ -135,8 +135,8 @@ {"SSL3","fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA}, /* ditto */ {"SSL3","rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5}, {"SSL3","rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}, - {"SSL3","rsa_null_md5", SSL_RSA_WITH_NULL_MD5}, - {"SSL3","rsa_null_sha", SSL_RSA_WITH_NULL_SHA}, + {"SSL3","rsa_null_md5", SSL_RSA_WITH_NULL_MD5}, /* disabled by default */ + {"SSL3","rsa_null_sha", SSL_RSA_WITH_NULL_SHA}, /* disabled by default */ {"TLS","tls_rsa_export1024_with_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}, {"TLS","rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}, /* ditto */ {"TLS","tls_rsa_export1024_with_des_cbc_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA}, @@ -265,7 +265,9 @@ * them to activate it by name. */ for(x = 0; _conf_ciphers[x].name; x++) { PRBool enabled = active ? PR_TRUE : PR_FALSE; - if(active && !strcmp(_conf_ciphers[x].name, "rsa_null_md5")) { + if(active && (!strcmp(_conf_ciphers[x].name, "rsa_null_md5") || + !strcmp(_conf_ciphers[x].name, "rsa_null_sha"))) + { continue; } if (enabled) { @@ -317,7 +319,12 @@ slapi_ch_free((void **)&suplist); /* strings inside are static */ return NULL; } -/* Enable all the ciphers by default and the following while loop would disable the user disabled ones This is needed becuase we added a new set of ciphers in the table . Right now there is no support for this from the console */ + /* + * Enable all the ciphers by default and the following while loop would + * disable the user disabled ones. This is needed because we added a new + * set of ciphers in the table. Right now there is no support for this + * from the console + */ _conf_setallciphers(1, &suplist, NULL); t = ciphers; @@ -360,7 +367,7 @@ if(t) ciphers = t; } - if (unsuplist && unsuplist) { + if (unsuplist && *unsuplist) { char *strsup = charray2str(suplist, ","); char *strunsup = charray2str(unsuplist, ","); slapd_SSL_warn("Security Initialization: FIPS mode is enabled - only the following " @@ -614,9 +621,18 @@ certdb_file_name = slapi_ch_smprintf("%s/cert8.db", certdir); keydb_file_name = slapi_ch_smprintf("%s/key3.db", certdir); secmoddb_file_name = slapi_ch_smprintf("%s/secmod.db", certdir); - chmod(certdb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ); - chmod(keydb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ); - chmod(secmoddb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP ); + if(chmod(certdb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ + LDAPDebug(LDAP_DEBUG_ANY, "slapd_nss_init: chmod failed for file %s error (%d) %s.\n", + certdb_file_name, errno, slapd_system_strerror(errno)); + } + if(chmod(keydb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ + LDAPDebug(LDAP_DEBUG_ANY, "slapd_nss_init: chmod failed for file %s error (%d) %s.\n", + keydb_file_name, errno, slapd_system_strerror(errno)); + } + if(chmod(secmoddb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP )){ + LDAPDebug(LDAP_DEBUG_ANY, "slapd_nss_init: chmod failed for file %s error (%d) %s.\n", + secmoddb_file_name, errno, slapd_system_strerror(errno)); + } } /****** end of NSS Initialization ******/ @@ -1568,3 +1584,61 @@ #endif return ( tmpdir ); } + +SECKEYPrivateKey * +slapd_get_unlocked_key_for_cert(CERTCertificate *cert, void *pin_arg) +{ + SECKEYPrivateKey *key = NULL; + PK11SlotListElement *sle; + PK11SlotList *slotlist = PK11_GetAllSlotsForCert(cert, NULL); + const char *certsubject = cert->subjectName ? cert->subjectName : "unknown cert"; + + if (!slotlist) { + PRErrorCode errcode = PR_GetError(); + slapi_log_error(SLAPI_LOG_FATAL, "slapd_get_unlocked_key_for_cert", + "Error: cannot get slot list for certificate [%s] (%d: %s)\n", + certsubject, errcode, slapd_pr_strerror(errcode)); + return key; + } + + for (sle = slotlist->head; sle; sle = sle->next) { + PK11SlotInfo *slot = sle->slot; + const char *slotname = (slot && PK11_GetSlotName(slot)) ? PK11_GetSlotName(slot) : "unknown slot"; + const char *tokenname = (slot && PK11_GetTokenName(slot)) ? PK11_GetTokenName(slot) : "unknown token"; + if (!slot) { + slapi_log_error(SLAPI_LOG_TRACE, "slapd_get_unlocked_key_for_cert", + "Missing slot for slot list element for certificate [%s]\n", + certsubject); + } else if (!PK11_NeedLogin(slot) || PK11_IsLoggedIn(slot, pin_arg)) { + key = PK11_FindKeyByDERCert(slot, cert, pin_arg); + slapi_log_error(SLAPI_LOG_TRACE, "slapd_get_unlocked_key_for_cert", + "Found unlocked slot [%s] token [%s] for certificate [%s]\n", + slotname, tokenname, certsubject); + break; + } else { + slapi_log_error(SLAPI_LOG_TRACE, "slapd_get_unlocked_key_for_cert", + "Skipping locked slot [%s] token [%s] for certificate [%s]\n", + slotname, tokenname, certsubject); + } + } + + if (!key) { + slapi_log_error(SLAPI_LOG_FATAL, "slapd_get_unlocked_key_for_cert", + "Error: could not find any unlocked slots for certificate [%s]. " + "Please review your TLS/SSL configuration. The following slots were found:\n", + certsubject); + for (sle = slotlist->head; sle; sle = sle->next) { + PK11SlotInfo *slot = sle->slot; + const char *slotname = (slot && PK11_GetSlotName(slot)) ? PK11_GetSlotName(slot) : "unknown slot"; + const char *tokenname = (slot && PK11_GetTokenName(slot)) ? PK11_GetTokenName(slot) : "unknown token"; + slapi_log_error(SLAPI_LOG_FATAL, "slapd_get_unlocked_key_for_cert", + "Slot [%s] token [%s] was locked.\n", + slotname, tokenname); + } + + } + + PK11_FreeSlotList(slotlist); + return key; +} +
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/start_tls_extop.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/start_tls_extop.c
Changed
@@ -72,7 +72,85 @@ Slapi_PluginDesc exopdesc = { "start_tls_plugin", VENDOR, DS_PACKAGE_VERSION, "Start TLS extended operation plugin" }; +static int +start_tls_io_enable(Connection *c, void *data /* UNUSED */) +{ + int secure = 1; + PRFileDesc *newsocket; + int rv = -1; + int ns; + + /* So far we have set up the environment for deploying SSL. It's now time to import the socket + * into SSL and to configure it consequently. */ + + if ( slapd_ssl_listener_is_initialized() != 0 ) { + PRFileDesc * ssl_listensocket; + + ssl_listensocket = get_ssl_listener_fd(); + if ( ssl_listensocket == (PRFileDesc *) NULL ) { + slapi_log_error( SLAPI_LOG_FATAL, "start_tls", + "SSL listener socket not found.\n" ); + goto done; + } + newsocket = slapd_ssl_importFD( ssl_listensocket, c->c_prfd ); + if ( newsocket == (PRFileDesc *) NULL ) { + slapi_log_error( SLAPI_LOG_FATAL, "start_tls", + "SSL socket import failed.\n" ); + goto done; + } + } else { + if ( slapd_ssl_init2( &c->c_prfd, 1 ) != 0 ) { + slapi_log_error( SLAPI_LOG_FATAL, "start_tls", + "SSL socket import or configuration failed.\n" ); + goto done; + } + newsocket = c->c_prfd; + } + + + rv = slapd_ssl_resetHandshake( newsocket, 1 ); + if ( rv != SECSuccess ) { + slapi_log_error( SLAPI_LOG_FATAL, "start_tls", + "Unable to set socket ready for SSL handshake.\n" ); + goto done; + } + + + /* From here on, messages will be sent through the SSL layer, so we need to get our + * connection ready. */ + + ns = configure_pr_socket( &newsocket, secure, 0 /*never local*/ ); + + c->c_flags |= CONN_FLAG_SSL; + c->c_flags |= CONN_FLAG_START_TLS; + c->c_sd = ns; + c->c_prfd = newsocket; + + /* Get the effective key length */ + SSL_SecurityStatus(c->c_prfd, NULL, NULL, NULL, &(c->c_ssl_ssf), NULL, NULL); + rv = slapd_ssl_handshakeCallback (c->c_prfd, (void *)handle_handshake_done, c); + + if ( rv < 0 ) { + PRErrorCode prerr = PR_GetError(); + slapi_log_error( SLAPI_LOG_FATAL, "start_tls", + "SSL_HandshakeCallback() %d " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n", + rv, prerr, slapd_pr_strerror( prerr ) ); + } + + if ( config_get_SSLclientAuth() != SLAPD_SSLCLIENTAUTH_OFF ) { + rv = slapd_ssl_badCertHook (c->c_prfd, (void *)handle_bad_certificate, c); + if ( rv < 0 ) { + PRErrorCode prerr = PR_GetError(); + slapi_log_error( SLAPI_LOG_FATAL, "start_tls", + "SSL_BadCertHook(%i) %i " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n", + c->c_sd, rv, prerr, slapd_pr_strerror( prerr ) ); + } + } + +done: + return rv; +} /* Start TLS Extended operation plugin function */ @@ -82,13 +160,12 @@ char *oid; Connection *conn; - PRFileDesc *oldsocket, *newsocket; - int secure; - int ns; #ifdef _WIN32 + PRFileDesc *oldsocket; int oldnativesocket; #endif - int rv; + int ldaprc = LDAP_SUCCESS; + char *ldapmsg = NULL; /* Get the pb ready for sending Start TLS Extended Responses back to the client. * The only requirement is to set the LDAP OID of the extended response to the START_TLS_OID. */ @@ -133,23 +210,23 @@ conn = pb->pb_conn; PR_Lock( conn->c_mutex ); + /* cannot call slapi_send_ldap_result with mutex locked - will deadlock if ber_flush returns error */ #ifndef _WIN32 - oldsocket = conn->c_prfd; - if ( oldsocket == (PRFileDesc *) NULL ) { - slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", - "Connection socket not available.\n" ); - slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL, - "Connection socket not available.", 0, NULL ); + if ( conn->c_prfd == (PRFileDesc *) NULL ) { + slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", + "Connection socket not available.\n" ); + ldaprc = LDAP_UNAVAILABLE; + ldapmsg = "Connection socket not available."; goto unlock_and_return; } #else oldnativesocket = conn->c_sd; oldsocket = PR_ImportTCPSocket(oldnativesocket); if ( oldsocket == (PRFileDesc *) NULL ) { - slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", - "Failed to import NT native socket into NSPR.\n" ); - slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL, - "Failed to import NT native socket into NSPR.", 0, NULL ); + slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", + "Failed to import NT native socket into NSPR.\n" ); + ldaprc = LDAP_UNAVAILABLE; + ldapmsg = "Failed to import NT native socket into NSPR."; goto unlock_and_return; } #endif @@ -160,8 +237,8 @@ 1 /* check for ops where result not yet sent */ )) { slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", "Other operations are still pending on the connection.\n" ); - slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, - "Other operations are still pending on the connection.", 0, NULL ); + ldaprc = LDAP_OPERATIONS_ERROR; + ldapmsg = "Other operations are still pending on the connection."; goto unlock_and_return; } @@ -171,8 +248,8 @@ /* slapi_send_ldap_result( pb, LDAP_REFERRAL, NULL, msg, 0, url ); */ slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", "SSL not supported by this server.\n" ); - slapi_send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, - "SSL not supported by this server.", 0, NULL ); + ldaprc = LDAP_PROTOCOL_ERROR; + ldapmsg = "SSL not supported by this server."; goto unlock_and_return; } @@ -180,16 +257,16 @@ if ( conn->c_flags & CONN_FLAG_SSL ) { slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", "SSL connection already established.\n" ); - slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, - "SSL connection already established.", 0, NULL ); + ldaprc = LDAP_OPERATIONS_ERROR; + ldapmsg = "SSL connection already established."; goto unlock_and_return; } if ( conn->c_flags & CONN_FLAG_SASL_CONTINUE ) { slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", "SASL multi-stage bind in progress.\n" ); - slapi_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, - "SASL multi-stage bind in progress.", 0, NULL ); + ldaprc = LDAP_OPERATIONS_ERROR; + ldapmsg = "SASL multi-stage bind in progress."; goto unlock_and_return; } @@ -197,8 +274,8 @@ if ( conn->c_flags & CONN_FLAG_CLOSING ) { slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", "Connection being closed at this moment.\n" ); - slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL, - "Connection being closed at this moment.", 0, NULL ); + ldaprc = LDAP_UNAVAILABLE; + ldapmsg = "Connection being closed at this moment."; goto unlock_and_return; } @@ -208,110 +285,23 @@ * So, we may as well try initialising SSL. */ if ( slapd_security_library_is_initialized() == 0 ) { - slapi_log_error( SLAPI_LOG_PLUGIN, "start_tls", - "NSS libraries not initialised.\n" ); - slapi_send_ldap_result( pb, LDAP_UNAVAILABLE, NULL, - "NSS libraries not initialised.", 0, NULL ); - goto unlock_and_return;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/dbscan.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/dbscan.c
Changed
@@ -825,10 +825,9 @@ display_entryrdn_children(db, id_stored_to_internal(elem->rdn_elem_id), elem->rdn_elem_nrdn_rdn, indent); bail: - if (keybuf) { - free(keybuf); - } + free(keybuf); cursor->c_close(cursor); + return; } @@ -866,10 +865,9 @@ elem = (rdn_elem *)data.data; _entryrdn_dump_rdn_elem(keybuf, elem, indent); bail: - if (keybuf) { - free(keybuf); - } + free(keybuf); cursor->c_close(cursor); + return; } @@ -939,10 +937,9 @@ } } bail: - if (keybuf) { - free(keybuf); - } + free(keybuf); cursor->c_close(cursor); + return; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/ldclt/data.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/ldclt/data.c
Changed
@@ -143,7 +143,7 @@ char *fileName; /* As read from the system */ char name [1024]; /* To build the full path */ struct stat stat_buf; /* To read the image size */ - int fd; /* To open the image */ + int fd = -1; /* To open the image */ int ret; /* Return value */ int rc = 0; @@ -303,11 +303,13 @@ */ if (close (fd) < 0) { - perror (name); - fprintf (stderr, "Cannot close(%s)\n", name); - fflush (stderr); - rc = -1; - goto exit; + perror (name); + fprintf (stderr, "Cannot close(%s)\n", name); + fflush (stderr); + rc = -1; + goto exit; + } else { + fd = -1; } } #ifdef _WIN32 @@ -335,6 +337,9 @@ #ifdef _WIN32 if (findPath) free (findPath); #endif + if(fd != -1) + close(fd); + return rc; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/ldclt/ldapfct.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/ldclt/ldapfct.c
Changed
@@ -732,10 +732,8 @@ connectToLDAP(thread_context *tttctx, const char *bufBindDN, const char *bufPasswd, unsigned int mode, unsigned int mod2) { LDAP *ld = NULL; - const char *mech = LDAP_SASL_SIMPLE; struct berval cred = {0, NULL}; int v2v3 = LDAP_VERSION3; - const char *binddn = NULL; const char *passwd = NULL; #if defined(USE_OPENLDAP) char *ldapurl = NULL; @@ -863,11 +861,8 @@ #endif /* !USE_OPENLDAP */ if (mode & CLTAUTH) { - mech = "EXTERNAL"; - binddn = ""; passwd = NULL; } else { - binddn = bufBindDN?bufBindDN:mctx.bindDN; passwd = bufPasswd?bufPasswd:mctx.passwd; if (passwd) { cred.bv_val = (char *)passwd;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/ldclt/ldclt.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/ldclt/ldclt.c
Changed
@@ -1497,7 +1497,7 @@ /* * Parse the deference attribute value */ - mctx.attRefDef= (char *)malloc(strlen(mctx.attrpl+i+1) + 1); + mctx.attRefDef= (char *)malloc(strlen(mctx.attrpl + i) + 2); if (mctx.attRefDef== NULL) { printf ("Error: unable to allocate memory for attRefDef\n"); return (-1); @@ -1525,7 +1525,7 @@ /* * Parse the attribute value */ - mctx.attrplFile = (char *)malloc(strlen(mctx.attrpl+i+1) + 1); + mctx.attrplFile = (char *)malloc(strlen(mctx.attrpl+i) + 2); if (mctx.attrplFile == NULL) { printf ("Error: unable to allocate memory for attreplfile\n"); return (-1); @@ -1572,20 +1572,24 @@ /* start to read file content */ mctx.attrplFileContent = (char *)malloc(mctx.attrplFileSize + 1); i=0; - while ( fread(buffer, BUFFERSIZE , 1, attrF) ) + while ( (ret = fread(buffer, BUFFERSIZE , 1, attrF)) ) { - memcpy(mctx.attrplFileContent+i, buffer , BUFFERSIZE ); - memset(buffer ,'\0', BUFFERSIZE ); - i = i + BUFFERSIZE; + memcpy(mctx.attrplFileContent+i, buffer , ret); + memset(buffer ,'\0', BUFFERSIZE); + i += ret; } /* copy remainding content into mctx.attrplFileContent */ + /* ??? + * Why you need to copy buffer twice to fill the gap? + * Could there any chance (mctx.attrplFileSize - 1 - i) > BUFFERSIZE ? + */ if (i<mctx.attrplFileSize) { memcpy(mctx.attrplFileContent+i, buffer , (mctx.attrplFileSize - 1 - i)); memset(buffer ,'\0', BUFFERSIZE ); /* clear the buffer */ } - mctx.attrplFileContent[mctx.attrplFileSize]='\0'; // append the close bit + mctx.attrplFileContent[mctx.attrplFileSize]='\0'; /* append the close bit */ if ((fclose(attrF)) == EOF ) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/migratecred.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/migratecred.c
Changed
@@ -137,7 +137,7 @@ /* cred has the prefix, remove it before decoding */ prefixCred = strdup(optarg); - if ((*prefixCred == PWD_HASH_PREFIX_START) && + if (prefixCred && (*prefixCred == PWD_HASH_PREFIX_START) && ((end = strchr(prefixCred, PWD_HASH_PREFIX_END)) != NULL) && ((namelen = end - prefixCred - 1 ) <= (3*PWD_MAX_NAME_LEN)) ) {
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/mmldif.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/mmldif.c
Changed
@@ -659,6 +659,7 @@ slapd_ldap_debug = 65535; break; case 'o': + if(ofn) free (ofn); ofn = strdup(optarg); break; case 'h': @@ -677,6 +678,7 @@ ofp = fopen(ofn, "w"); if (ofp == NULL) { perror(ofn); + free(ofn); return -1; } free(ofn); @@ -729,12 +731,13 @@ int toolong = FALSE; int rc; int cmp; - attrib1_t * att; + attrib1_t * att = NULL; attrib1_t ** prev; attrib1_t * freelist = *attrib; attrib1_t * newlist = NULL; attrib1_t * a; int ignore_rec = FALSE; + int free_it = 0; *attrib = NULL; if (edf1->end) { @@ -759,6 +762,9 @@ /* that's for the case where the file */ /* has a trailing blank line */ freefreelist(freelist); + if(free_it){ + freefreelist(att); + } return IDDS_MM_EOF; } break; /* return */ @@ -790,9 +796,11 @@ continue; if (!freelist) { att = (attrib1_t *)malloc(sizeof(attrib1_t)); + free_it = 1; } else { att = freelist; freelist = freelist->next; + free_it = 0; } att->namelen = vptr-line;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/pwenc.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/pwenc.c
Changed
@@ -140,8 +140,10 @@ abs_configdir = rel2abspath( configdir ); if ( config_set_configdir( "configdir (-D)", abs_configdir, - errorbuf, 1) != LDAP_SUCCESS ) { + errorbuf, 1) != LDAP_SUCCESS ) + { fprintf( stderr, "%s\n", errorbuf ); + slapi_ch_free_string(&abs_configdir); return( NULL ); } slapi_ch_free_string(&abs_configdir);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/rsearch/infadd.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/rsearch/infadd.c
Changed
@@ -127,11 +127,10 @@ return x; } -int fill_table(NameTable *nt, PRUint32 size) +void fill_table(NameTable *nt, PRUint32 size) { PRUint32 i; char *x; - int ret; fprintf(stdout, "Generating random names: 0 "); for (i = 0; i < size; i++) { @@ -141,13 +140,13 @@ free(x); x = randName(); } - ret = nt_push(nt, x); + (void)nt_push(nt, x); if ((i % 100) == 0) { fprintf(stdout, "\b\b\b\b\b\b\b%-7d", i); } } fprintf(stdout, "\b\b\b\b\b\b\b%d. Done.\n", size); - return ret; + return; } int main(int argc, char **argv)
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/rsearch/rsearch.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/rsearch/rsearch.c
Changed
@@ -406,12 +406,13 @@ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 0); - ntable = nt_new(0); + if (nameFile) { - if (!nt_load(ntable, nameFile)) { - printf("Failed to read name table\n"); - exit(1); - } + ntable = nt_new(0); + if (!nt_load(ntable, nameFile)) { + printf("Failed to read name table\n"); + exit(1); + } } attrTable = nt_new(0);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/rsearch/sdattable.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/rsearch/sdattable.c
Changed
@@ -141,27 +141,43 @@ if (!fd) return 0; while (PR_Available(fd) > 0) { - int rval; - char temp[256]; - char *dn = NULL; - char *uid = NULL; - while (!(rval = PR_GetLine(fd, temp, 256))) { - char *p; - if (!strncasecmp(temp, "dn:", 3)) { - for (p = temp + 4; *p == ' ' || *p == '\t'; p++) ; - dn = strdup(p); - if (!dn) break; - } else if (!strncasecmp(temp, "uid:", 4)) { - for (p = temp + 5; *p == ' ' || *p == '\t'; p++) ; - uid = strdup(p); - if (!uid) break; - } - if (uid) { /* dn should come earlier than uid */ - if (!sdt_push(sdt, dn, uid)) goto out; - break; - } - } - if (rval) break; /* PR_GetLine failed */ + int rval; + int pushed = 0; + char temp[256]; + char *dn = NULL; + char *uid = NULL; + while (!(rval = PR_GetLine(fd, temp, 256))) { + char *p; + if (!strncasecmp(temp, "dn:", 3)) { + for (p = temp + 4; *p == ' ' || *p == '\t'; p++) ; + dn = strdup(p); + if (!dn) break; + } else if (!strncasecmp(temp, "uid:", 4)) { + for (p = temp + 5; *p == ' ' || *p == '\t'; p++) ; + uid = strdup(p); + if (!uid) break; + } + if (uid) { + /* dn should come earlier than uid - so both dn and uid must be set. */ + if (!sdt_push(sdt, dn, uid)){ + /* failure, free the dn and uid */ + free(dn); + free(uid); + goto out; + } + pushed = 1; + break; + } + } + if(!pushed){ + /* + * Entry might not have been a user entry with a uid, + * so free the dn just in case. + */ + if(dn) + free(dn); + } + if (rval) break; /* PR_GetLine failed */ } out: PR_Close(fd); @@ -183,7 +199,7 @@ PR_Write(fd, sdt->dns[i], strlen(sdt->dns[i])); PR_Write(fd, "\n", 1); } - if (sdt->dns[i]) { + if (sdt->uids[i]) { PR_Write(fd, "uid: ", 5); PR_Write(fd, sdt->uids[i], strlen(sdt->uids[i])); PR_Write(fd, "\n", 1);
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/tools/rsearch/searchthread.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/tools/rsearch/searchthread.c
Changed
@@ -285,20 +285,18 @@ return 0; } } else if (uid) { - char filterBuffer[100]; - char *pFilter; - char *filterTemplate = (uidFilter) ? uidFilter : "(uid=%s)"; + char *filterBuffer = NULL; + char *filterTemplate = (uidFilter) ? uidFilter : "(uid=%s)"; struct timeval timeout; int scope = LDAP_SCOPE_SUBTREE, attrsOnly = 0; LDAPMessage *result; int retry = 0; - pFilter = filterBuffer; - sprintf(filterBuffer, filterTemplate, uid); + filterBuffer = PR_smprintf(filterTemplate, uid); timeout.tv_sec = 3600; timeout.tv_usec = 0; while (1) { - int ret = ldap_search_ext_s(st->ld2, suffix, scope, pFilter, + int ret = ldap_search_ext_s(st->ld2, suffix, scope, filterBuffer, NULL, attrsOnly, NULL, NULL, &timeout, -1, &result); if (LDAP_SUCCESS == ret) { @@ -309,9 +307,11 @@ } else { fprintf(stderr, "T%d: failed to search 1, error=0x%x\n", st->id, ret); + PR_smprintf_free(filterBuffer); return 0; } } + PR_smprintf_free(filterBuffer); dn = ldap_get_dn(st->ld2, result); if (0 == st_bind_core(st, &(st->ld), dn, upw)) { @@ -366,7 +366,7 @@ static int st_search(SearchThread *st) { - char filterBuffer[100]; + char *filterBuffer = NULL; char *pFilter; struct timeval timeout; struct timeval *timeoutp; @@ -377,7 +377,7 @@ scope = myScope; if (ntable || numeric) { char *s = NULL; - char num[8]; + char num[22]; /* string length of unsigned 64 bit integer + 1 */ if (! numeric) { do { @@ -387,7 +387,7 @@ sprintf(num, "%d", get_large_random_number() % numeric); s = num; } - sprintf(filterBuffer, "%s%s", filter, s); + filterBuffer = PR_smprintf("%s%s",filter, s ? s : ""); pFilter = filterBuffer; } else { pFilter = filter; @@ -411,6 +411,10 @@ st->id, ret); } ldap_msgfree(result); + if(filterBuffer){ + PR_smprintf_free(filterBuffer); + } + return ret; } @@ -431,7 +435,7 @@ int e; int rval; char *dn = NULL; - char description[256]; + char *description = NULL; char *description_values[2]; /* Decide what entry to modify, for this we need a table */ @@ -446,7 +450,7 @@ } while (e < 0); dn = sdt_dn_get(sdattable, e); - sprintf(description, "%s modified at %lu", dn, time(NULL)); + description = PR_smprintf("%s modified at %lu", dn, time(NULL)); description_values[0] = description; description_values[1] = NULL; @@ -462,6 +466,8 @@ fprintf(stderr, "T%d: Failed to modify error=0x%x\n", st->id, rval); fprintf(stderr, "dn: %s\n", dn); } + PR_smprintf_free(description); + return rval; } @@ -516,7 +522,7 @@ int e; char *dn = NULL; char *uid = NULL; - char uid0[100]; + char *uidFalse = NULL; struct berval bvvalue = {0, NULL}; /* Decide what entry to modify, for this we need a table */ @@ -535,9 +541,9 @@ compare_true = ( (rand() % 5) < 2 ); if (!compare_true) { - strcpy(uid0, uid); - uid0[0] = '@'; /* make it not matched */ - uid = uid0; + /* modify the uid to make it fail the comparison */ + uidFalse = PR_smprintf("@%s",uid); + uid = uidFalse; } bvvalue.bv_val = uid; bvvalue.bv_len = uid ? strlen(uid) : 0; @@ -550,6 +556,10 @@ st->id, rval, correct_answer); fprintf(stderr, "dn: %s, uid: %s\n", dn, uid); } + if(uidFalse){ + PR_smprintf_free(uidFalse); + } + return rval; }
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/utf8compare.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/utf8compare.c
Changed
@@ -60,6 +60,7 @@ int slapi_has8thBit(unsigned char *s) { +#if (defined(CPU_x86) || defined(CPU_x86_64)) #define MY8THBITWIDTH 4 /* sizeof(PRUint32) */ #define MY8THBITFILTER 0x80808080 unsigned char *p, *stail, *ltail; @@ -73,14 +74,20 @@ return 1; } } - for (; p < ltail; p++) { +#undef MY8THBITWIDTH +#undef MY8THBITFILTER + for (; p < ltail; p++) +#else + unsigned char *p, *tail; + tail = s + strlen((char *)s); + for (p = s; p < tail; p++) +#endif + { if (0x80 & *p) { return 1; } } return 0; -#undef MY8THBITWIDTH -#undef MY8THBITFILTER } /*
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/util.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/util.c
Changed
@@ -417,7 +417,7 @@ num_values++; } } else { - for (x = 0; mods[w]->mod_values[x] != NULL && + for (x = 0; mods[w]->mod_values != NULL && mods[w]->mod_values[x] != NULL; x++) { num_values++;
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/slapd/valueset.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/slapd/valueset.c
Changed
@@ -190,20 +190,23 @@ { int valslen; int addvalslen; - int maxvals; + int maxvals; - addvalslen= valuearray_count(addvals); + if(vals == NULL){ + return; + } + addvalslen= valuearray_count(addvals); if(*vals == NULL) { - valslen= 0; - maxvals= 0; + valslen= 0; + maxvals= 0; } else { - valslen= valuearray_count(*vals); - maxvals= valslen+1; + valslen= valuearray_count(*vals); + maxvals= valslen+1; } - valuearray_add_valuearray_fast(vals,addvals,valslen,addvalslen,&maxvals,1/*Exact*/,flags & SLAPI_VALUE_FLAG_PASSIN); + valuearray_add_valuearray_fast(vals,addvals,valslen,addvalslen,&maxvals,1/*Exact*/,flags & SLAPI_VALUE_FLAG_PASSIN); } int @@ -466,7 +469,8 @@ *va= NULL; } - return(0); + /* return the number of remaining values */ + return(i); } size_t @@ -476,11 +480,11 @@ if(va!=NULL && va[0]!=NULL) { int i; - for (i = 0; va[i]; i++) + for (i = 0; va[i]; i++) { s += value_size(va[i]); } - s += (i + 1) * sizeof(Slapi_Value*); + s += (i + 1) * sizeof(Slapi_Value*); } return s; } @@ -495,51 +499,6 @@ } } -/* - * Shunt up the values to cover the empty slots. - * - * "compressed" means "contains no NULL's" - * - * Invariant for the outer loop: - * va[0..i] is compressed && - * va[n..numvalues] contains just NULL's - * - * Invariant for the inner loop: - * i<j<=k<=n && va[j..k] has been shifted left by (j-i) places && - * va[k..n] remains to be shifted left by (j-i) places - * - */ -void -valuearray_compress(Slapi_Value **va,int numvalues) -{ - int i = 0; - int n= numvalues; - while(i<n) - { - if ( va[i] != NULL ) { - i++; - } else { - int k,j; - j = i + 1; - /* Find the length of the next run of NULL's */ - while( j<n && va[j] == NULL) { j++; } - /* va[i..j] is all NULL && j<= n */ - for ( k = j; k<n; k++ ) - { - va[k - (j-i)] = va[k]; - va[k] = NULL; - } - /* va[i..n] has been shifted down by j-i places */ - n = n - (j-i); - /* - * If va[i] in now non null, then bump i, - * if not then we are done anyway (j==n) so can bump it. - */ - i++; - } - } -} - /* <=========================== Value Array Fast ==========================> */ void @@ -580,237 +539,11 @@ vaf->num++; } -void -valuearrayfast_add_valuearrayfast(struct valuearrayfast *vaf,const struct valuearrayfast *vaf_add) -{ - valuearray_add_valuearray_fast(&vaf->va,vaf_add->va,vaf->num,vaf_add->num,&vaf->max,0/*Exact*/,0/*!PassIn*/); - vaf->num+= vaf_add->num; -} - -/* <=========================== ValueArrayIndexTree =======================> */ - -static int valuetree_dupvalue_disallow( caddr_t d1, caddr_t d2 ); -static int valuetree_node_cmp( caddr_t d1, caddr_t d2 ); -static int valuetree_node_free( caddr_t data ); - -/* - * structure used within AVL value trees. - */ -typedef struct valuetree_node -{ - int index; /* index into the value array */ - Slapi_Value *sval; /* the actual value */ -} valuetree_node; - -/* - * Create or update an AVL tree of values that can be used to speed up value - * lookups. We store the index keys for the values in the AVL tree so - * we can use a trivial comparison function. - * - * Returns: - * LDAP_SUCCESS on success, - * LDAP_TYPE_OR_VALUE_EXISTS if the value already exists, - * LDAP_OPERATIONS_ERROR for some unexpected failure. - * - * Sets *valuetreep to the root of the AVL tree that was created. If a - * non-zero value is returned, the tree is freed if free_on_error is non-zero - * and *valuetreep is set to NULL. - */ -int -valuetree_add_valuearray( const Slapi_Attr *sattr, Slapi_Value **va, Avlnode **valuetreep, int *duplicate_index ) -{ - int rc= LDAP_SUCCESS; - - PR_ASSERT(sattr!=NULL); - PR_ASSERT(valuetreep!=NULL); - - if ( duplicate_index ) { - *duplicate_index = -1; - } - - if ( !valuearray_isempty(va) ) - { - Slapi_Value **keyvals; - /* Convert the value array into key values */ - if ( slapi_attr_values2keys_sv( sattr, (Slapi_Value**)va, &keyvals, LDAP_FILTER_EQUALITY ) != 0 ) /* jcm cast */ - { - LDAPDebug( LDAP_DEBUG_ANY,"slapi_attr_values2keys_sv for attribute %s failed\n", sattr->a_type, 0, 0 ); - rc= LDAP_OPERATIONS_ERROR; - } - else - { - int i; - valuetree_node *vaip; - for ( i = 0; rc==LDAP_SUCCESS && va[i] != NULL; ++i ) - { - if ( keyvals[i] == NULL ) - { - LDAPDebug( LDAP_DEBUG_ANY,"slapi_attr_values2keys_sv for attribute %s did not return enough key values\n", sattr->a_type, 0, 0 ); - rc= LDAP_OPERATIONS_ERROR; - } - else - { - vaip = (valuetree_node *)slapi_ch_malloc( sizeof( valuetree_node )); - vaip->index = i; - vaip->sval = keyvals[i]; - if (( rc = avl_insert( valuetreep, vaip, valuetree_node_cmp, valuetree_dupvalue_disallow )) != 0 ) - { - slapi_ch_free( (void **)&vaip ); - /* Value must already be in there */ - rc= LDAP_TYPE_OR_VALUE_EXISTS; - if ( duplicate_index ) { - *duplicate_index = i; - } - } - else - { - keyvals[i]= NULL; - } - } - } - /* start freeing at index i - the rest of them have already
View file
389-ds-base-1.2.11.15.tar.bz2/ldap/servers/snmp/main.c -> 389-ds-base-1.2.11.29.tar.bz2/ldap/servers/snmp/main.c
Changed
@@ -236,6 +236,15 @@ return 0; } +/* ldif_read_record lineno argument type depends on openldap version */ +#if defined(USE_OPENLDAP) +#if LDAP_VENDOR_VERSION >= 20434 /* changed in 2.4.34 */ +typedef unsigned long int ldif_record_lineno_t; +#else +typedef int ldif_record_lineno_t; +#endif +#endif + /************************************************************************ * load_config * @@ -249,8 +258,10 @@ #if defined(USE_OPENLDAP) LDIFFP *dse_fp = NULL; int buflen = 0; + ldif_record_lineno_t lineno = 0; #else FILE *dse_fp = NULL; + int lineno = 0; #endif char line[MAXLINE]; char *p = NULL; @@ -311,6 +322,9 @@ /* load agentx-master setting */ p = p + 13; if ((p = strtok(p, " \t\n")) != NULL) { + if (agentx_master){ + free(agentx_master); + } if ((agentx_master = (char *) malloc(strlen(p) + 1)) != NULL) strcpy(agentx_master, p); } @@ -329,10 +343,10 @@ } else if ((p = strstr(line, "server")) != NULL) { int got_port = 0; int got_rundir = 0; - int lineno = 0; char *entry = NULL; char *instancename = NULL; + lineno = 0; /* Allocate a server_instance */ if ((serv_p = malloc(sizeof(server_instance))) == NULL) { printf("ldap-agent: malloc error processing config file\n"); @@ -431,8 +445,8 @@ got_port = 1; } else if (strcmp(attr, "nsslapd-rundir") == 0) { /* 8 = "/" + ".stats" + \0 */ - serv_p->stats_file = malloc(vlen + strlen(instancename) + 8); - if (serv_p->stats_file != NULL) { + serv_p->stats_file = malloc(vlen + (instancename ? strlen(instancename) : 0) + 8); + if (serv_p->stats_file && instancename) { snprintf(serv_p->stats_file, vlen + strlen(instancename) + 8, "%s/%s.stats", val, instancename); serv_p->stats_file[(vlen + strlen(instancename) + 7)] = (char)0;
View file
389-ds-base-1.2.11.15.tar.bz2/lib/base/util.cpp -> 389-ds-base-1.2.11.29.tar.bz2/lib/base/util.cpp
Changed
@@ -253,7 +253,7 @@ static void _util_strftime_conv(char *, int, int, char); -#define _util_strftime_add(str) for (;(*pt = *str++); pt++); +#define _util_strftime_add(str) for (;(*pt = *str++); pt++) #define _util_strftime_copy(str, len) memcpy(pt, str, len); pt += len; #define _util_strftime_fmt util_strftime
View file
389-ds-base-1.2.11.15.tar.bz2/lib/ldaputil/certmap.c -> 389-ds-base-1.2.11.29.tar.bz2/lib/ldaputil/certmap.c
Changed
@@ -500,13 +500,13 @@ char *searchAttr = 0; if (!ldapu_strcasecmp(certinfo->issuerName, "default")) { - default_certmap_info = certinfo; + default_certmap_info = certinfo; } else if (!certinfo->issuerDN) { - return LDAPU_ERR_NO_ISSUERDN_IN_CONFIG_FILE; + return LDAPU_ERR_NO_ISSUERDN_IN_CONFIG_FILE; } else { - rv = ldapu_list_add_info(certmap_listinfo, certinfo); + rv = ldapu_list_add_info(certmap_listinfo, certinfo); } if (rv != LDAPU_SUCCESS) return rv; @@ -515,21 +515,21 @@ rv = ldapu_certmap_info_attrval (certinfo, LDAPU_ATTR_DNCOMPS, &dncomps); if (rv == LDAPU_SUCCESS && dncomps) { - certinfo->dncompsState = COMPS_HAS_ATTRS; - tolower_string(dncomps); + certinfo->dncompsState = COMPS_HAS_ATTRS; + tolower_string(dncomps); } else if (rv == LDAPU_FAILED) { - certinfo->dncompsState = COMPS_COMMENTED_OUT; - rv = LDAPU_SUCCESS; + certinfo->dncompsState = COMPS_COMMENTED_OUT; + rv = LDAPU_SUCCESS; } else if (rv == LDAPU_SUCCESS && !dncomps) { - certinfo->dncompsState = COMPS_EMPTY; - dncomps = ""; /* present but empty */ + certinfo->dncompsState = COMPS_EMPTY; + dncomps = strdup(""); /* present but empty */ } rv = parse_into_bitmask (dncomps, &certinfo->dncomps, -1); - if (dncomps && *dncomps) free(dncomps); + free(dncomps); dncomps = NULL; if (rv != LDAPU_SUCCESS) return rv; @@ -538,21 +538,21 @@ &filtercomps); if (rv == LDAPU_SUCCESS && filtercomps) { - certinfo->filtercompsState = COMPS_HAS_ATTRS; - tolower_string(filtercomps); + certinfo->filtercompsState = COMPS_HAS_ATTRS; + tolower_string(filtercomps); } else if (rv == LDAPU_FAILED) { - certinfo->filtercompsState = COMPS_COMMENTED_OUT; - rv = LDAPU_SUCCESS; + certinfo->filtercompsState = COMPS_COMMENTED_OUT; + rv = LDAPU_SUCCESS; } else if (rv == LDAPU_SUCCESS && !filtercomps) { - certinfo->filtercompsState = COMPS_EMPTY; - filtercomps = ""; /* present but empty */ + certinfo->filtercompsState = COMPS_EMPTY; + filtercomps = strdup(""); /* present but empty */ } rv = parse_into_bitmask (filtercomps, &certinfo->filtercomps, 0); - if (filtercomps && *filtercomps) free(filtercomps); + free(filtercomps); filtercomps = NULL; if (rv != LDAPU_SUCCESS) return rv; @@ -560,15 +560,15 @@ rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_CERTMAP_LDAP_ATTR, &searchAttr); - if (rv == LDAPU_FAILED || !searchAttr || !*searchAttr) - rv = LDAPU_SUCCESS; - else { - certinfo->searchAttr = searchAttr ? strdup(searchAttr) : 0; + if (rv == LDAPU_FAILED || !searchAttr){ + rv = LDAPU_SUCCESS; + } else { + certinfo->searchAttr = searchAttr; - if (searchAttr && !certinfo->searchAttr) - rv = LDAPU_ERR_OUT_OF_MEMORY; - else - rv = LDAPU_SUCCESS; + if (searchAttr && !certinfo->searchAttr) + rv = LDAPU_ERR_OUT_OF_MEMORY; + else + rv = LDAPU_SUCCESS; } if (rv != LDAPU_SUCCESS) return rv; @@ -578,73 +578,69 @@ rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_VERIFYCERT, &verify); if (rv == LDAPU_SUCCESS) { - if (!ldapu_strcasecmp(verify, "on")) - certinfo->verifyCert = 1; - else if (!ldapu_strcasecmp(verify, "off")) - certinfo->verifyCert = 0; - else if (!verify || !*verify) /* for mail/news backward compatibilty */ - certinfo->verifyCert = 1; /* otherwise, this should be an error */ - else - rv = LDAPU_ERR_MISSING_VERIFYCERT_VAL; + if (!ldapu_strcasecmp(verify, "on")) + certinfo->verifyCert = 1; + else if (!ldapu_strcasecmp(verify, "off")) + certinfo->verifyCert = 0; + else if (!verify || !*verify) /* for mail/news backward compatibilty */ + certinfo->verifyCert = 1; /* otherwise, this should be an error */ + else + rv = LDAPU_ERR_MISSING_VERIFYCERT_VAL; } else if (rv == LDAPU_FAILED) rv = LDAPU_SUCCESS; - if (verify && *verify) free(verify); - + if (verify) free(verify); + if (rv != LDAPU_SUCCESS) return rv; { - PRLibrary *lib = 0; + PRLibrary *lib = 0; - /* look for the library property and load it */ - rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_LIBRARY, &libname); + /* look for the library property and load it */ + rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_LIBRARY, &libname); - if (rv == LDAPU_SUCCESS) { - if (libname && *libname) { - lib = PR_LoadLibrary(libname); - if (!lib) rv = LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN; - } - else { - rv = LDAPU_ERR_MISSING_LIBNAME; - } - } - else if (rv == LDAPU_FAILED) rv = LDAPU_SUCCESS; + if (rv == LDAPU_SUCCESS) { + if (libname && *libname) { + lib = PR_LoadLibrary(libname); + if (!lib) rv = LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN; + } else { + rv = LDAPU_ERR_MISSING_LIBNAME; + } + } else if (rv == LDAPU_FAILED) rv = LDAPU_SUCCESS; - if (libname) free(libname); - if (rv != LDAPU_SUCCESS) return rv; + if (libname) free(libname); + if (rv != LDAPU_SUCCESS) return rv; - /* look for the InitFn property, find it in the libray and call it */ - rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_INITFN, &fname); + /* look for the InitFn property, find it in the libray and call it */ + rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_INITFN, &fname); - if (rv == LDAPU_SUCCESS) { - if (fname && *fname) { - /* If lib is NULL, PR_FindSymbol will search all libs loaded - * through PR_LoadLibrary. - */ - CertMapInitFn_t fn = (CertMapInitFn_t)PR_FindSymbol(lib, fname); + if (rv == LDAPU_SUCCESS) { + if (fname && *fname) { + /* If lib is NULL, PR_FindSymbol will search all libs loaded + * through PR_LoadLibrary. + */ + CertMapInitFn_t fn = (CertMapInitFn_t)PR_FindSymbol(lib, fname); - if (!fn) { - rv = LDAPU_ERR_MISSING_INIT_FN_IN_LIB; - } - else { - rv = (*fn)(certinfo, certinfo->issuerName, - certinfo->issuerDN, this_dllname); - } - } - else { - rv = LDAPU_ERR_MISSING_INIT_FN_NAME; - } - } - else if (lib) { - /* If library is specified, init function must be specified */ - /* If init fn is specified, library may not be specified */ - rv = LDAPU_ERR_MISSING_INIT_FN_IN_CONFIG; - } - else if (rv == LDAPU_FAILED) rv = LDAPU_SUCCESS; - - if (fname) free(fname); + if (!fn) {
View file
389-ds-base-1.2.11.15.tar.bz2/lib/ldaputil/dbconf.c -> 389-ds-base-1.2.11.29.tar.bz2/lib/ldaputil/dbconf.c
Changed
@@ -263,18 +263,21 @@ /* Success - we have prop & val */ propval = (DBPropVal_t *)malloc(sizeof(DBPropVal_t)); - if (!propval) return LDAPU_ERR_OUT_OF_MEMORY; + if (!propval){ + if (encval && val) free(val); + return LDAPU_ERR_OUT_OF_MEMORY; + } memset((void *)propval, 0, sizeof(DBPropVal_t)); propval->prop = strdup(prop); propval->val = val ? strdup(val) : 0; + if (encval && val) free(val); /* val was allocated by dbconf_decodeval */ + if (!propval->prop || (val && !propval->val)) { - dbconf_free_propval(propval); - return LDAPU_ERR_OUT_OF_MEMORY; + dbconf_free_propval(propval); + return LDAPU_ERR_OUT_OF_MEMORY; } - if (encval) free(val); /* val was allocated by dbconf_decodeval */ - insert_dbinfo_propval(db_info, propval); return LDAPU_SUCCESS; }
View file
389-ds-base-1.2.11.15.tar.bz2/lib/libaccess/acltools.cpp -> 389-ds-base-1.2.11.29.tar.bz2/lib/libaccess/acltools.cpp
Changed
@@ -1415,6 +1415,7 @@ eid = ACLERR1500; errmsg = system_errmsg(); nserrGenerate(errp, rv, eid, ACL_Program, 2, "buffer", errmsg); + PERM_FREE(errmsg); } } @@ -1740,7 +1741,7 @@ int ACL_InitAttr2Index(void) { - int i; + intptr_t i; if (ACLAttr2IndexPList) return 0;
View file
389-ds-base-1.2.11.15.tar.bz2/lib/libaccess/oneeval.cpp -> 389-ds-base-1.2.11.29.tar.bz2/lib/libaccess/oneeval.cpp
Changed
@@ -381,20 +381,19 @@ /* Loop through all the ACLs in the list */ while (wrapper) { - acl = wrapper->acl; + acl = wrapper->acl; ace = acl->expr_list_head; while (ace) /* Loop through all the ACEs in this ACL */ { - /* allocate a new ace list entry and link it in to the ordered * list. */ new_ace = (ACLAceEntry_t *)PERM_CALLOC(sizeof(ACLAceEntry_t)); if (new_ace == (ACLAceEntry_t *)NULL) { - nserrGenerate(errp, ACLERRNOMEM, ACLERR4020, ACL_Program, 1, - XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAceEntry)); - goto error; + nserrGenerate(errp, ACLERRNOMEM, ACLERR4020, ACL_Program, 1, + XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAceEntry)); + goto error; } new_ace->acep = ace; ace_cnt++; @@ -402,7 +401,8 @@ if (cache->acelist == NULL) cache->acelist = acelast = new_ace; else { - acelast->next = new_ace; + if(acelast) + acelast->next = new_ace; acelast = new_ace; new_ace->acep = ace; }
View file
389-ds-base-1.2.11.15.tar.bz2/lib/libaccess/register.cpp -> 389-ds-base-1.2.11.29.tar.bz2/lib/libaccess/register.cpp
Changed
@@ -77,6 +77,8 @@ { int i; + (void)(link_ACLGlobal); /* get rid of defined but not used compiler warning */ + (void)(link_nsacl_table); /* get rid of defined but not used compiler warning */ ACLLasEvalHash = PR_NewHashTable(0, PR_HashString, PR_CompareStrings, @@ -268,11 +270,11 @@ } /* Put it in the hash table */ - if (NULL == PR_HashTableAdd(ACLMethodHash, name, (void *)++cur_method)) { + if (NULL == PR_HashTableAdd(ACLMethodHash, name, (void *)(intptr_t)++cur_method)) { ACL_CritExit(); return -1; } - *t = (ACLMethod_t) cur_method; + *t = (ACLMethod_t) (intptr_t)cur_method; ACL_CritExit(); return 0; @@ -412,11 +414,11 @@ } /* Put it in the hash table */ - if (NULL == PR_HashTableAdd(ACLDbTypeHash, name, (void *)++cur_dbtype)) { + if (NULL == PR_HashTableAdd(ACLDbTypeHash, name, (void *)(intptr_t)++cur_dbtype)) { ACL_CritExit(); return -1; } - *t = (ACLDbType_t) cur_dbtype; + *t = (ACLDbType_t) (intptr_t)cur_dbtype; ACLDbParseFnTable[cur_dbtype] = func; ACL_CritExit(); @@ -791,6 +793,7 @@ if (*hep == 0) { /* New entry */ PR_INIT_CLIST(&getter->list); if (NULL == PR_HashTableAdd(ACLAttrGetterHash, attr, (void *)getter)) { + FREE(getter); ACL_CritExit(); return -1; }
View file
389-ds-base-1.2.11.15.tar.bz2/lib/libadmin/error.c -> 389-ds-base-1.2.11.29.tar.bz2/lib/libadmin/error.c
Changed
@@ -126,10 +126,13 @@ fprintf(stdout, "%s:%s\\n%s", error_headers[type], info, wrapped); if(type==FILE_ERROR || type==SYSTEM_ERROR) { err = get_error(); - if(err != 0) + if(err != 0){ + char *err_str = verbose_error(); fprintf(stdout, "\\n\\nThe system returned error number %d, " - "which is %s.", err, verbose_error()); + "which is %s.", err, err_str); + FREE(err_str); + } } fprintf(stdout, "\");");
View file
389-ds-base-1.2.11.15.tar.bz2/man/man1/logconv.pl.1 -> 389-ds-base-1.2.11.29.tar.bz2/man/man1/logconv.pl.1
Changed
@@ -21,7 +21,7 @@ .B logconv.pl [\fI\-h\fR] [\fI\-d <rootDN>\fR] [\fI\-s <size limit>\fR] [\fI\-v\fR] [\fI\-V\fR] [\fI\-S <start time>\fR] [\fI\-E <end time>\fR] -[\fI\-efcibaltnxgju\fR] [\fI access log ... ... \fR] +[\fI\-efcibaltnxgjuU\fR] [\fI access log ... ... \fR] .PP .SH DESCRIPTION Analyzes Directory Server access log files for specific information defined on the command @@ -29,33 +29,49 @@ .SH OPTIONS A summary of options is included below: .TP -.B \fB\-h\fR +.B \fB\-h, \-\-help\fR help/usage .TP -.B \fB\-d\fR <Directory Managers DN> +.B \fB\-d, \-\-rootDN\fR <Directory Managers DN> DEFAULT \-> cn=directory manager .TP -.B \fB\-s\fR <Number of results to return per category> +.B \fB\-D, \-\-data\fR <Location for temporary data files> +DEFAULT \-> /tmp +.br +TIP \-> If there is not enough RAM, a RAM disk can be used instead: + + mkdir /dev/shm/logconv, and use this directory for the "-D" value. +.TP +.B \fB\-s, \-\-sizeLimit\fR <Number of results to return per category> DEFAULT \-> 20 .TP -.B \fB\-X\fR <IP address to exclude from connection stats> +.B \fB\-X, \-\-excludeIP\fR <IP address to exclude from connection stats> E.g. Load balancers .TP -.B \fB\-v\fR show version of tool +.B \fB\-v, \-\-version\fR show version of tool Print version of the tool .TP -.B \fB\-S\fR <time to begin analyzing logfile from> +.B \fB\-S, \-\-startTime\fR <time to begin analyzing logfile from> Time to begin analyzing logfile from -E.g. [28/Mar/2002:13:14:22 \fB\-0800]\fR +E.g. [28/Mar/2002:13:14:22 \f \-0800]\fR .TP -.B \fB\-E\fR <time to stop analyzing logfile> +.B \fB\-E, \-\-endTime\fR <time to stop analyzing logfile> Time to stop analyzing logfile from -E.g. [28/Mar/2002:13:24:62 \fB\-0800]\fR +E.g. [28/Mar/2002:13:24:62 \f \-0800]\fR +.TP +.B \fB\-M, \-\-reportFileMins\fR <CSV output file> +This option creates a CSV report for spreadsheets. .TP -\fB\-V\fR <enable verbose output \- includes all stats listed below> +.B \fB\-m, \-\-reportFileSecs\fR <CSV output file> +This option creates a CSV report for spreadsheets. +.TP +.B \fB\-B, \-\-bind\fR <ALL | ANONYMOUS | "Bind DN"> +This generates a report based on either ALL bind dn's, anonymous binds, or a specific DN. +.TP +\fB\-V, \-\-verbose\fR <enable verbose output \- includes all stats listed below except U> Verbose output .TP -.B \fB\-[efcibaltnxgju]\fR +.B \fB\-[efcibaltnxgjuU]\fR .br \fBe\fR Error Code stats .br @@ -83,11 +99,13 @@ .br \fBj\fR Recommendations .br -\fBu\fR Unindexed Search Stats +\fBu\fR Unindexed Search Stats (very detailed) .br \fBy\fR Connection Latency Stats .br \fBp\fR Open Connection ID Stats +.br +\fBU\fR Unindexed Search Summary .PP .SH USAGE Examples:
View file
389-ds-base-1.2.11.15.tar.bz2/man/man1/repl-monitor.1 -> 389-ds-base-1.2.11.29.tar.bz2/man/man1/repl-monitor.1
Changed
@@ -19,8 +19,9 @@ repl-monitor \- Directory Server replication monitor .SH SYNOPSIS .B repl\(hymonitor -\-f configuration\(hyfile [\fI\(hyh host\fR] [\fI\-p port\fR] [\fI\-r\fR] -[\fI\-u refresh\(hyurl\fR] [\fI\-t refresh\(hyinterval\fR] [\fI\-v\fR] +\ [-f configuration\(hyfile] [\fI\(hyh host\fR] [\fI\-p port\fR] [\fI\-r\fR] +[\fI\-c connection\fR] [\fI\-a alias\fR] [\fI\-k color\fR] [\fI\-u refresh\(hyurl\fR] +[\fI\-s\fR] [\fI\-t refresh\(hyinterval\fR] [\fI\-v\fR] .SH DESCRIPTION Outputs the status of all of the configured Directory Servers @@ -33,23 +34,39 @@ .SH OPTIONS A summary of options is included below: .TP -.B \-h host +.B \-h, \-\-host\fR host Hostname of DS server .TP -.B \-p port +.B \-p, \-\-port\fR port TCP port .TP -.B \-f configuration\(hyfile +.B \-f, \-\-configfile\fR configuration-file Configuration file .TP -.B \-r +.B \-c, \-\-conn\fR connection +Uses the same format as the configfile directive +.TP +.B \-a, \-\-alias\fR alias +Uses the same format as the configfile directive +.TP +.B \-k, --color\fR color +Uses the same format as the configfile directive +.TP +.B \-r, --skip-header\fR Removes extra HTML tags .TP -.B \-u refresh\(hyurl +.B \-u, \-\-refreshurl\fR refresh url Refresh url .TP -.B \-t refresh\(hyinterval +.B \-t, \-\-interval\fR refresh interval Refresh interval +.TP +.B \-W, \-\-prompt +Prompt for passwords +.TP +.B \-s, \-\-text +Print plain text report + .br .SH AUTHOR repl-monitor was written by the 389 Project. @@ -63,6 +80,8 @@ This manual page was written by Michele Baldessari <michele@pupazzo.org>, for the Debian project (but may be used by others). .br +Manual page updated by Mark Reynolds <mreynolds@redhat.com> 10/11/13 +.br This is free software. You may redistribute copies of it under the terms of the Directory Server license found in the LICENSE file of this software distribution. This license is essentially the GNU General Public
View file
389-ds-base.dsc
Changed
@@ -2,7 +2,7 @@ Source: 389-ds-base Binary: 389-ds, 389-ds-base-libs, 389-ds-base-libs-dbg, 389-ds-base-dev, 389-ds-base, 389-ds-base-dbg Architecture: any all -Version: 1.2.11.15-2 +Version: 1.2.11.29-0 Maintainer: Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org> Uploaders: Timo Aaltonen <tjaalton@ubuntu.com>, Krzysztof Klimonda <kklimonda@syntaxhighlighted.com> Homepage: http://directory.fedoraproject.org @@ -18,5 +18,5 @@ 389-ds-base-libs deb libs optional 389-ds-base-libs-dbg deb debug extra Files: - 00000000000000000000000000000000 0 389-ds-base-1.2.11.15.tar.bz2 + 00000000000000000000000000000000 0 389-ds-base-1.2.11.29.tar.bz2 00000000000000000000000000000000 0 debian.tar.gz
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +389-ds-base (1.2.11.29-0) unstable; urgency=low + + * New upstream release 1.2.11.29 + + -- Aeneas Jaissle <aj@ajaissle.de> Wed, 14 May 2014 12:08:16 +0200 + 389-ds-base (1.2.11.15-2) unstable; urgency=low * Fix for Kolab bug 2229: 389 DS needs content of /usr/lib/x86_64-linux-gnu/sasl2 at /usr/lib/sasl2
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.