[Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication cl5_api.c, 1.15, 1.16
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9381/plugins/replication
Modified Files:
cl5_api.c
Log Message:
Resolves: 304191
Summary: Make dbscan handle special RUV related changelog entries.
Index: cl5_api.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/cl5_api.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- cl5_api.c 11 Jun 2007 17:22:37 -0000 1.15
+++ cl5_api.c 24 Sep 2007 23:39:22 -0000 1.16
@@ -6643,7 +6643,7 @@
CSN *csn= csn_new();
char *rt;
- csn_set_time(csn, type);
+ csn_set_time(csn, (time_t)type);
csn_set_replicaid(csn, 0);
rt = csn_as_string(csn, PR_FALSE, csnStr);
16 years, 7 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd uuid.c, 1.8, 1.9
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1102/ldapserver/ldap/servers/slapd
Modified Files:
uuid.c
Log Message:
Resolves: bug 262021
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nkinder (Thanks!)
Fix Description: 7.1 and earlier chaining and replication credentials were stored incorrectly on little endian machines (x86 and itanium). They were "accidentally" stored correctly on big endian machines (sparc, pa-risc) because val == ntohl(val) on those platforms. When migrating from a little endian machine, we need to decode the password using the broken algorithm and re-encode it using the good method. We determine if the password is encode incorrectly by the following method: we use migratecred to decode and encode using the old path. If the values are equal, this means the password was already encoded correctly and we don't need to fix it. Otherwise, we set the flag that tells migratecred to fix it. In order to decode the broken password correctly on big endian machines, we have to swap the byte order to convert the values to little endian.
Platforms tested: RHEL5 x86_64, RHEL5 i386, Solaris 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: uuid.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/uuid.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- uuid.c 20 Sep 2007 20:27:35 -0000 1.8
+++ uuid.c 24 Sep 2007 22:54:55 -0000 1.9
@@ -847,10 +847,16 @@
memcpy(&uuid->node, &_state.genstate.node, sizeof (uuid->node));
}
+/* when converting broken values, we may need to swap the bytes */
+#define BSWAP16(x) ((((x) >> 8) & 0xff) | (((x) & 0xff) << 8))
+#define BSWAP32(x) ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \
+ (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24))
+
/* format_uuid_v3 -- make a UUID from a (pseudo)random 128 bit number
*/
static void format_uuid_v3(guid_t * uuid, unsigned char hash[16])
{
+ char *use_broken_uuid = getenv("USE_BROKEN_UUID");
/* Construct a version 3 uuid with the (pseudo-)random number
* plus a few constants. */
@@ -858,11 +864,18 @@
/* when migrating, we skip the ntohl in order to read in old,
incorrectly formatted uuids */
- if (!getenv("USE_BROKEN_UUID")) {
+ if (!use_broken_uuid || (*use_broken_uuid == '0')) {
/* convert UUID to local byte order */
uuid->time_low = PR_ntohl(uuid->time_low);
uuid->time_mid = PR_ntohs(uuid->time_mid);
uuid->time_hi_and_version = PR_ntohs(uuid->time_hi_and_version);
+ } else {
+#if defined(IS_BIG_ENDIAN)
+ /* convert UUID to b0rken byte order */
+ uuid->time_low = BSWAP32(uuid->time_low);
+ uuid->time_mid = BSWAP16(uuid->time_mid);
+ uuid->time_hi_and_version = BSWAP16(uuid->time_hi_and_version);
+#endif
}
/* put in the variant and version bits */
16 years, 7 months
[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSMigration.pm.in, 1.16, 1.17 Migration.pm.in, 1.6, 1.7
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1102/ldapserver/ldap/admin/src/scripts
Modified Files:
DSMigration.pm.in Migration.pm.in
Log Message:
Resolves: bug 262021
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nkinder (Thanks!)
Fix Description: 7.1 and earlier chaining and replication credentials were stored incorrectly on little endian machines (x86 and itanium). They were "accidentally" stored correctly on big endian machines (sparc, pa-risc) because val == ntohl(val) on those platforms. When migrating from a little endian machine, we need to decode the password using the broken algorithm and re-encode it using the good method. We determine if the password is encode incorrectly by the following method: we use migratecred to decode and encode using the old path. If the values are equal, this means the password was already encoded correctly and we don't need to fix it. Otherwise, we set the flag that tells migratecred to fix it. In order to decode the broken password correctly on big endian machines, we have to swap the byte order to convert the values to little endian.
Platforms tested: RHEL5 x86_64, RHEL5 i386, Solaris 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: DSMigration.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSMigration.pm.in,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- DSMigration.pm.in 22 Sep 2007 03:34:06 -0000 1.16
+++ DSMigration.pm.in 24 Sep 2007 22:54:47 -0000 1.17
@@ -179,10 +179,20 @@
sub migrateCredentials {
my ($ent, $attr, $mig, $inst) = @_;
my $oldval = $ent->getValues($attr);
+
+ # Older versions of the server on x86 systems and other systems that do not use network byte order
+ # stored the credentials incorrectly. The first step is to determine if this is the case. We
+ # migrate using the same server root to see if we get the same output as we input.
+ debug(3, "In migrateCredentials - see how old credentials were encoded.\n");
+ my $testval = `@bindir@/migratecred -o $mig->{actualsroot}/$inst -n $mig->{actualsroot}/$inst -c \'$oldval\'`;
+ if ($testval ne $oldval) { # need to turn on the special flag
+ debug(3, "Credentials not encoded correctly. oldval $oldval not equal to testval $testval. The value will be re-encoded correctly.\n");
+ $ENV{MIGRATE_BROKEN_PWD} = "1"; # decode and re-encode correctly
+ }
+
debug(3, "Executing @bindir@/migratecred -o $mig->{actualsroot}/$inst -n @instconfigdir@/$inst -c \'$oldval\' . . .\n");
- $ENV{MIGRATE_BROKEN_PWD} = "1"; # passwords prior to 8.0 were encrypted incorrectly
my $newval = `@bindir@/migratecred -o $mig->{actualsroot}/$inst -n @instconfigdir@/$inst -c \'$oldval\'`;
- delete $ENV{MIGRATE_BROKEN_PWD}; # clear the flag
+ delete $ENV{MIGRATE_BROKEN_PWD}; # clear the flag, if set
debug(3, "Converted old value [$oldval] to new value [$newval] for attr $attr in entry ", $ent->getDN(), "\n");
return $newval;
}
Index: Migration.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Migration.pm.in,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Migration.pm.in 14 Sep 2007 02:41:13 -0000 1.6
+++ Migration.pm.in 24 Sep 2007 22:54:47 -0000 1.7
@@ -128,17 +128,7 @@
or
"slapd.Suffix=dc=example, dc=com"
Values passed in this manner will override values in an .inf file
-given with the -f argument. If you need to specify the cleartext
-directory manager password (e.g. in order to do remote migration),
-you must specify the password for each instance in a section whose
-name is the instance name e.g.
- [slapd-ldap1]
- RootDNPwd=ldap1password
- [slapd-ldap2]
- RootDNPwd=ldap2password
-or on the command line like this:
- command ... slapd-ldap1.RootDNPwd=ldap1password \
- slapd-ldap2.RootDNPwd=ldap2password ...
+given with the -f argument.
actualsroot:
This is used when you must migrate from one machine to another. The
@@ -373,3 +363,10 @@
# Mandatory TRUE return value.
#
1;
+
+# emacs settings
+# Local Variables:
+# mode:perl
+# indent-tabs-mode: nil
+# tab-width: 4
+# End:
16 years, 7 months
[Fedora-directory-commits] ldapserver/ldap/servers/plugins/rever des.c, 1.8, 1.9
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/rever
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1102/ldapserver/ldap/servers/plugins/rever
Modified Files:
des.c
Log Message:
Resolves: bug 262021
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nkinder (Thanks!)
Fix Description: 7.1 and earlier chaining and replication credentials were stored incorrectly on little endian machines (x86 and itanium). They were "accidentally" stored correctly on big endian machines (sparc, pa-risc) because val == ntohl(val) on those platforms. When migrating from a little endian machine, we need to decode the password using the broken algorithm and re-encode it using the good method. We determine if the password is encode incorrectly by the following method: we use migratecred to decode and encode using the old path. If the values are equal, this means the password was already encoded correctly and we don't need to fix it. Otherwise, we set the flag that tells migratecred to fix it. In order to decode the broken password correctly on big endian machines, we have to swap the byte order to convert the values to little endian.
Platforms tested: RHEL5 x86_64, RHEL5 i386, Solaris 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: des.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/rever/des.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- des.c 20 Sep 2007 20:27:34 -0000 1.8
+++ des.c 24 Sep 2007 22:54:54 -0000 1.9
@@ -492,7 +492,7 @@
migrateCredentials(char *oldpath, char *newpath, char *oldcred)
{
static char *useBrokenUUID = "USE_BROKEN_UUID=1";
- static char *disableBrokenUUID = "USE_BROKEN_UUID";
+ static char *disableBrokenUUID = "USE_BROKEN_UUID=0";
char *plain = NULL;
char *cipher = NULL;
16 years, 7 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldif2ldbm.c, 1.13, 1.14 vlv.c, 1.13, 1.14
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26035
Modified Files:
ldif2ldbm.c vlv.c
Log Message:
Resolves: #171081
Summary: ldapsearch hung at browsing index creation (comment #4)
Fix Description:
1. instead of covering all the reindexing look, set vlv lock just around
vlv_update_index, where vlv update is executed.
2. actually, lock is not meant to use for excluding the operation against vlv
reconfiguration. This ldbm_back_ldbm2index function first calls
instance_set_busy_and_readonly and protects the backend from the operation done
by other threads. vlv delete was just ignoring the busy/readonly setting.
Thus, changed the vlv code to respect the setting. Found the backend is busy,
deleting a vlv index fails and returns.
3. cleaned up the instance_set_busy_and_readonly function not to leak memory.
4. fixed minor memory leak.
Index: ldif2ldbm.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldif2ldbm.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- ldif2ldbm.c 20 Sep 2007 16:58:41 -0000 1.13
+++ ldif2ldbm.c 24 Sep 2007 18:27:15 -0000 1.14
@@ -58,7 +58,7 @@
static int db2index_add_indexed_attr(backend *be, char *attrString);
static int ldbm_exclude_attr_from_export( struct ldbminfo *li,
- const char *attr, int dump_uniqueid );
+ const char *attr, int dump_uniqueid );
/********** common routines for classic/deluxe import code **********/
@@ -92,14 +92,14 @@
void import_subcount_stuff_init(import_subcount_stuff *stuff)
{
stuff->hashtable = PL_NewHashTable(IMPORT_SUBCOUNT_HASHTABLE_SIZE,
- import_subcount_hash_fn, import_subcount_hash_compare_keys,
- import_subcount_hash_compare_values, NULL, NULL);
+ import_subcount_hash_fn, import_subcount_hash_compare_keys,
+ import_subcount_hash_compare_values, NULL, NULL);
}
void import_subcount_stuff_term(import_subcount_stuff *stuff)
{
if ( stuff != NULL && stuff->hashtable != NULL ) {
- PL_HashTableDestroy(stuff->hashtable);
+ PL_HashTableDestroy(stuff->hashtable);
}
}
@@ -108,7 +108,7 @@
* [used by both ldif2db and db2ldif]
*/
int ldbm_back_fetch_incl_excl(Slapi_PBlock *pb, char ***include,
- char ***exclude)
+ char ***exclude)
{
char **pb_incl, **pb_excl;
char subtreeDn[BUFSIZ];
@@ -121,18 +121,18 @@
/* normalize */
if (pb_excl) {
- for (i = 0; pb_excl[i]; i++) {
- PL_strncpyz(subtreeDn, pb_excl[i], sizeof(subtreeDn));
- normSubtreeDn = slapi_dn_normalize_case(subtreeDn);
- charray_add(exclude, slapi_ch_strdup(normSubtreeDn));
- }
+ for (i = 0; pb_excl[i]; i++) {
+ PL_strncpyz(subtreeDn, pb_excl[i], sizeof(subtreeDn));
+ normSubtreeDn = slapi_dn_normalize_case(subtreeDn);
+ charray_add(exclude, slapi_ch_strdup(normSubtreeDn));
+ }
}
if (pb_incl) {
- for (i = 0; pb_incl[i]; i++) {
- PL_strncpyz(subtreeDn, pb_incl[i], sizeof(subtreeDn));
- normSubtreeDn = slapi_dn_normalize_case(subtreeDn);
- charray_add(include, slapi_ch_strdup(normSubtreeDn));
- }
+ for (i = 0; pb_incl[i]; i++) {
+ PL_strncpyz(subtreeDn, pb_incl[i], sizeof(subtreeDn));
+ normSubtreeDn = slapi_dn_normalize_case(subtreeDn);
+ charray_add(include, slapi_ch_strdup(normSubtreeDn));
+ }
}
return (pb_incl || pb_excl);
}
@@ -140,10 +140,10 @@
void ldbm_back_free_incl_excl(char **include, char **exclude)
{
if (include) {
- charray_free(include);
+ charray_free(include);
}
if (exclude) {
- charray_free(exclude);
+ charray_free(exclude);
}
}
@@ -155,26 +155,26 @@
int i = 0;
if (!(include || exclude))
- return(1);
+ return(1);
if (exclude) {
- i = 0;
- while (exclude[i]) {
- if (slapi_dn_issuffix(dn,exclude[i]))
- return(0);
- i++;
- }
+ i = 0;
+ while (exclude[i]) {
+ if (slapi_dn_issuffix(dn,exclude[i]))
+ return(0);
+ i++;
+ }
}
if (include) {
- i = 0;
- while (include[i]) {
- if (slapi_dn_issuffix(dn,include[i]))
- return(1);
- i++;
- }
- /* not in include... bye. */
- return(0);
+ i = 0;
+ while (include[i]) {
+ if (slapi_dn_issuffix(dn,include[i]))
+ return(1);
+ i++;
+ }
+ /* not in include... bye. */
+ return(0);
}
return(1);
@@ -190,10 +190,10 @@
* Currenty the list of these is: numSubordinates, hasSubordinates
*/
int add_op_attrs(Slapi_PBlock *pb, struct ldbminfo *li, struct backentry *ep,
- int *status)
+ int *status)
{
backend *be;
- const char *pdn;
+ char *pdn;
ID pid = 0;
slapi_pblock_get(pb, SLAPI_BACKEND, &be);
@@ -203,46 +203,46 @@
*/
if (NULL != status) {
- *status = IMPORT_ADD_OP_ATTRS_OK;
+ *status = IMPORT_ADD_OP_ATTRS_OK;
}
/* parentid */
if ( (pdn = slapi_dn_parent( backentry_get_ndn(ep))) != NULL ) {
- struct berval bv;
- IDList *idl;
- int err = 0;
-
- /*
- * read the entrydn index to get the id of the parent
- * If this entry's parent is not present in the index,
- * we'll get a DB_NOTFOUND error here.
- * In olden times, we just ignored this, but now...
- * we see this as meaning that the entry is either a
- * suffix entry, or its erroneous. So, we signal this to the
- * caller via the status parameter.
- */
- bv.bv_val = (char *)pdn;
- bv.bv_len = strlen(pdn);
- if ( (idl = index_read( be, "entrydn", indextype_EQUALITY, &bv, NULL,
- &err )) != NULL ) {
- pid = idl_firstid( idl );
- idl_free( idl );
- } else {
- /* empty idl */
- if ( 0 != err && DB_NOTFOUND != err ) {
- LDAPDebug( LDAP_DEBUG_ANY, "database error %d\n", err, 0, 0 );
- slapi_ch_free( (void**)&pdn );
- return( -1 );
- }
- if (NULL != status) {
- *status = IMPORT_ADD_OP_ATTRS_NO_PARENT;
- }
- }
- slapi_ch_free( (void**)&pdn );
+ struct berval bv;
+ IDList *idl;
+ int err = 0;
+
+ /*
+ * read the entrydn index to get the id of the parent
+ * If this entry's parent is not present in the index,
+ * we'll get a DB_NOTFOUND error here.
+ * In olden times, we just ignored this, but now...
+ * we see this as meaning that the entry is either a
+ * suffix entry, or its erroneous. So, we signal this to the
+ * caller via the status parameter.
+ */
+ bv.bv_val = pdn;
+ bv.bv_len = strlen(pdn);
+ if ( (idl = index_read( be, "entrydn", indextype_EQUALITY, &bv, NULL,
+ &err )) != NULL ) {
+ pid = idl_firstid( idl );
+ idl_free( idl );
+ } else {
+ /* empty idl */
+ if ( 0 != err && DB_NOTFOUND != err ) {
+ LDAPDebug( LDAP_DEBUG_ANY, "database error %d\n", err, 0, 0 );
+ slapi_ch_free_string( &pdn );
+ return( -1 );
+ }
+ if (NULL != status) {
+ *status = IMPORT_ADD_OP_ATTRS_NO_PARENT;
+ }
+ }
+ slapi_ch_free_string( &pdn );
} else {
- if (NULL != status) {
- *status = IMPORT_ADD_OP_ATTRS_NO_PARENT;
- }
+ if (NULL != status) {
+ *status = IMPORT_ADD_OP_ATTRS_NO_PARENT;
+ }
}
/* Get rid of attributes you're not allowed to specify yourself */
@@ -260,7 +260,7 @@
/* Update subordinate count in a hint list, given the parent's ID */
int import_subcount_mother_init(import_subcount_stuff *mothers, ID parent_id,
- size_t count)
+ size_t count)
{
PR_ASSERT(NULL == PL_HashTableLookup(mothers->hashtable,(void*)parent_id));
PL_HashTableAdd(mothers->hashtable,(void*)parent_id,(void*)count);
@@ -269,18 +269,18 @@
/* Look for a subordinate count in a hint list, given the parent's ID */
static int import_subcount_mothers_lookup(import_subcount_stuff *mothers,
- ID parent_id, size_t *count)
+ ID parent_id, size_t *count)
{
size_t stored_count = 0;
*count = 0;
/* Lookup hash table for ID */
stored_count = (size_t)PL_HashTableLookup(mothers->hashtable,
- (void*)parent_id);
+ (void*)parent_id);
/* If present, return the count found */
if (0 != stored_count) {
- *count = stored_count;
- return 0;
+ *count = stored_count;
+ return 0;
}
return -1;
}
@@ -292,7 +292,7 @@
/* Lookup the hash table for the target ID */
stored_count = (size_t)PL_HashTableLookup(mothers->hashtable,
- (void*)parent_id);
+ (void*)parent_id);
PR_ASSERT(0 != stored_count);
/* Increment the count */
stored_count++;
@@ -301,7 +301,7 @@
}
static int import_update_entry_subcount(backend *be, ID parentid,
- size_t sub_count)
+ size_t sub_count)
{
ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
int ret = 0;
@@ -313,8 +313,8 @@
/* Get hold of the parent */
e = id2entry(be,parentid,NULL,&ret);
if ( (NULL == e) || (0 != ret)) {
- ldbm_nasty(sourcefile,5,ret);
- return (0 == ret) ? -1 : ret;
+ ldbm_nasty(sourcefile,5,ret);
+ return (0 == ret) ? -1 : ret;
}
/* Lock it (not really required since we're single-threaded here, but
* let's do it so we can reuse the modify routines) */
@@ -325,19 +325,19 @@
let's check whether it's already there or not */
isreplace = (attrlist_find(e->ep_entry->e_attrs, numsubordinates) != NULL);
{
- int op = isreplace ? LDAP_MOD_REPLACE : LDAP_MOD_ADD;
- Slapi_Mods *smods= slapi_mods_new();
+ int op = isreplace ? LDAP_MOD_REPLACE : LDAP_MOD_ADD;
+ Slapi_Mods *smods= slapi_mods_new();
slapi_mods_add(smods, op | LDAP_MOD_BVALUES, numsubordinates,
- strlen(value_buffer), value_buffer);
- ret = modify_apply_mods(&mc,smods); /* smods passed in */
+ strlen(value_buffer), value_buffer);
+ ret = modify_apply_mods(&mc,smods); /* smods passed in */
}
if (0 == ret || LDAP_TYPE_OR_VALUE_EXISTS == ret) {
- /* This will correctly index subordinatecount: */
- ret = modify_update_all(be,NULL,&mc,NULL);
- if (0 == ret) {
- modify_switch_entries( &mc,be);
- }
+ /* This will correctly index subordinatecount: */
+ ret = modify_update_all(be,NULL,&mc,NULL);
+ if (0 == ret) {
+ modify_switch_entries( &mc,be);
+ }
}
modify_term(&mc,be);
return ret;
@@ -418,136 +418,136 @@
*
*/
int update_subordinatecounts(backend *be, import_subcount_stuff *mothers,
- DB_TXN *txn)
+ DB_TXN *txn)
{
- int ret = 0;
- DB *db = NULL;
- DBC *dbc = NULL;
- struct attrinfo *ai = NULL;
- DBT key = {0};
- DBT data = {0};
- import_subcount_trawl_info *trawl_list = NULL;
-
- /* Open the parentid index */
- ainfo_get( be, "parentid", &ai );
-
- /* Open the parentid index file */
- if ( (ret = dblayer_get_index_file( be, ai, &db, DBOPEN_CREATE )) != 0 ) {
- ldbm_nasty(sourcefile,67,ret);
- return(ret);
- }
-
- /* Get a cursor so we can walk through the parentid */
- ret = db->cursor(db,txn,&dbc,0);
- if (ret != 0 ) {
- ldbm_nasty(sourcefile,68,ret);
+ int ret = 0;
+ DB *db = NULL;
+ DBC *dbc = NULL;
+ struct attrinfo *ai = NULL;
+ DBT key = {0};
+ DBT data = {0};
+ import_subcount_trawl_info *trawl_list = NULL;
+
+ /* Open the parentid index */
+ ainfo_get( be, "parentid", &ai );
+
+ /* Open the parentid index file */
+ if ( (ret = dblayer_get_index_file( be, ai, &db, DBOPEN_CREATE )) != 0 ) {
+ ldbm_nasty(sourcefile,67,ret);
+ return(ret);
+ }
+
+ /* Get a cursor so we can walk through the parentid */
+ ret = db->cursor(db,txn,&dbc,0);
+ if (ret != 0 ) {
+ ldbm_nasty(sourcefile,68,ret);
dblayer_release_index_file( be, ai, db );
- return ret;
- }
+ return ret;
+ }
- /* Walk along the index */
- while (1) {
- size_t sub_count = 0;
- int found_count = 1;
- ID parentid = 0;
-
- /* Foreach key which is an equality key : */
- data.flags = DB_DBT_MALLOC;
- key.flags = DB_DBT_MALLOC;
- ret = dbc->c_get(dbc,&key,&data,DB_NEXT_NODUP);
- if (NULL != data.data) {
- free(data.data);
- data.data = NULL;
- }
- if (0 != ret) {
- if (ret != DB_NOTFOUND) {
- ldbm_nasty(sourcefile,62,ret);
- }
- if (NULL != key.data) {
- free(key.data);
- key.data = NULL;
- }
- break;
- }
- if (*(char*)key.data == EQ_PREFIX) {
- char *idptr = NULL;
-
- /* construct the parent's ID from the key */
- /* Look for the ID in the hint list supplied by the caller */
- /* If its there, we know the answer already */
- idptr = (((char *) key.data) + 1);
- parentid = (ID) atol(idptr);
- PR_ASSERT(0 != parentid);
- ret = import_subcount_mothers_lookup(mothers,parentid,&sub_count);
- if (0 != ret) {
- IDList *idl = NULL;
-
- /* If it's not, we need to compute it ourselves: */
- /* Load the IDL matching the key */
- key.flags = DB_DBT_REALLOC;
- ret = NEW_IDL_NO_ALLID;
- idl = idl_fetch(be,db,&key,NULL,NULL,&ret);
- if ( (NULL == idl) || (0 != ret)) {
- ldbm_nasty(sourcefile,4,ret);
+ /* Walk along the index */
+ while (1) {
+ size_t sub_count = 0;
+ int found_count = 1;
+ ID parentid = 0;
+
+ /* Foreach key which is an equality key : */
+ data.flags = DB_DBT_MALLOC;
+ key.flags = DB_DBT_MALLOC;
+ ret = dbc->c_get(dbc,&key,&data,DB_NEXT_NODUP);
+ if (NULL != data.data) {
+ free(data.data);
+ data.data = NULL;
+ }
+ if (0 != ret) {
+ if (ret != DB_NOTFOUND) {
+ ldbm_nasty(sourcefile,62,ret);
+ }
+ if (NULL != key.data) {
+ free(key.data);
+ key.data = NULL;
+ }
+ break;
+ }
+ if (*(char*)key.data == EQ_PREFIX) {
+ char *idptr = NULL;
+
+ /* construct the parent's ID from the key */
+ /* Look for the ID in the hint list supplied by the caller */
+ /* If its there, we know the answer already */
+ idptr = (((char *) key.data) + 1);
+ parentid = (ID) atol(idptr);
+ PR_ASSERT(0 != parentid);
+ ret = import_subcount_mothers_lookup(mothers,parentid,&sub_count);
+ if (0 != ret) {
+ IDList *idl = NULL;
+
+ /* If it's not, we need to compute it ourselves: */
+ /* Load the IDL matching the key */
+ key.flags = DB_DBT_REALLOC;
+ ret = NEW_IDL_NO_ALLID;
+ idl = idl_fetch(be,db,&key,NULL,NULL,&ret);
+ if ( (NULL == idl) || (0 != ret)) {
+ ldbm_nasty(sourcefile,4,ret);
dblayer_release_index_file( be, ai, db );
- return (0 == ret) ? -1 : ret;
- }
- /* The number of IDs in the IDL tells us the number of
- * subordinates for the entry */
- /* Except, the number might be above the allidsthreshold,
- * in which case */
- if (ALLIDS(idl)) {
- /* We add this ID to the list for which to trawl */
- import_subcount_trawl_add(&trawl_list,parentid);
- found_count = 0;
- } else {
- /* We get the count from the IDL */
- sub_count = idl->b_nids;
- }
- idl_free(idl);
- }
- /* Did we get the count ? */
- if (found_count) {
- PR_ASSERT(0 != sub_count);
- /* If so, update the parent now */
- import_update_entry_subcount(be,parentid,sub_count);
- }
- }
- if (NULL != key.data) {
- free(key.data);
- key.data = NULL;
- }
- }
-
- ret = dbc->c_close(dbc);
- if (0 != ret) {
- ldbm_nasty(sourcefile,6,ret);
- }
- dblayer_release_index_file( be, ai, db );
-
- /* Now see if we need to go trawling through id2entry for the info
- * we need */
- if (NULL != trawl_list) {
- ret = import_subcount_trawl(be,trawl_list);
- if (0 != ret) {
- ldbm_nasty(sourcefile,7,ret);
- }
- }
- return(ret);
+ return (0 == ret) ? -1 : ret;
+ }
+ /* The number of IDs in the IDL tells us the number of
+ * subordinates for the entry */
+ /* Except, the number might be above the allidsthreshold,
+ * in which case */
+ if (ALLIDS(idl)) {
+ /* We add this ID to the list for which to trawl */
+ import_subcount_trawl_add(&trawl_list,parentid);
+ found_count = 0;
+ } else {
+ /* We get the count from the IDL */
+ sub_count = idl->b_nids;
+ }
+ idl_free(idl);
+ }
+ /* Did we get the count ? */
+ if (found_count) {
+ PR_ASSERT(0 != sub_count);
+ /* If so, update the parent now */
+ import_update_entry_subcount(be,parentid,sub_count);
+ }
+ }
+ if (NULL != key.data) {
+ free(key.data);
+ key.data = NULL;
+ }
+ }
+
+ ret = dbc->c_close(dbc);
+ if (0 != ret) {
+ ldbm_nasty(sourcefile,6,ret);
+ }
+ dblayer_release_index_file( be, ai, db );
+
+ /* Now see if we need to go trawling through id2entry for the info
+ * we need */
+ if (NULL != trawl_list) {
+ ret = import_subcount_trawl(be,trawl_list);
+ if (0 != ret) {
+ ldbm_nasty(sourcefile,7,ret);
+ }
+ }
+ return(ret);
}
/********** ldif2db entry point **********/
/*
- Some notes about this stuff:
+ Some notes about this stuff:
- The front-end does call our init routine before calling us here.
- So, we get the regular chance to parse the config file etc.
- However, it does _NOT_ call our start routine, so we need to
- do whatever work that did and which we need for this work , here.
- Furthermore, the front-end simply exits after calling us, so we need
- to do any cleanup work here also.
+ The front-end does call our init routine before calling us here.
+ So, we get the regular chance to parse the config file etc.
+ However, it does _NOT_ call our start routine, so we need to
+ do whatever work that did and which we need for this work , here.
+ Furthermore, the front-end simply exits after calling us, so we need
+ to do any cleanup work here also.
*/
/*
@@ -600,7 +600,7 @@
cache_clear(&inst->inst_cache);
dblayer_instance_close(inst->inst_be);
- dblayer_delete_indices(inst);
+ dblayer_delete_indices(inst);
} else {
/* from the command line, libdb needs to be started up */
ldbm_config_internal_set(li, CONFIG_DB_TRANSACTION_LOGGING, "off");
@@ -665,14 +665,14 @@
/* for each subtree spec... */
for (i = 0; include[i]; i++) {
- IDList *idl = NULL;
+ IDList *idl = NULL;
/*
* First map the suffix to its entry ID.
* Note that the suffix is already normalized.
*/
- bv.bv_val = include[i];
- bv.bv_len = strlen(include[i]);
+ bv.bv_val = include[i];
+ bv.bv_len = strlen(include[i]);
idl = index_read(be, "entrydn", indextype_EQUALITY, &bv, txn, err);
if (idl == NULL) {
LDAPDebug(LDAP_DEBUG_ANY, "warning: entrydn not indexed on '%s'\n",
@@ -697,14 +697,14 @@
idl_insert(&idl, id);
/* Merge the idlists */
- if (! idltotal) {
- idltotal = idl;
- } else if (idl) {
- idltmp = idl_union(be, idltotal, idl);
- idl_free(idltotal);
- idl_free(idl);
- idltotal = idltmp;
- }
+ if (! idltotal) {
+ idltotal = idl;
+ } else if (idl) {
+ idltmp = idl_union(be, idltotal, idl);
+ idl_free(idltotal);
+ idl_free(idl);
+ idltotal = idltmp;
+ }
}
return idltotal;
@@ -1104,7 +1104,7 @@
/* do not output attributes that are in the "exclude" list */
- /* Also, decrypt any encrypted attributes, if we're asked to */
+ /* Also, decrypt any encrypted attributes, if we're asked to */
rc = slapi_entry_first_attr( ep->ep_entry, &this_attr );
while (0 == rc) {
rc = slapi_entry_next_attr( ep->ep_entry,
@@ -1115,13 +1115,13 @@
}
this_attr = next_attr;
}
- if (decrypt) {
- /* Decrypt in place */
- rc = attrcrypt_decrypt_entry(be, ep);
- if (rc) {
- LDAPDebug(LDAP_DEBUG_ANY,"Failed to decrypt entry%s\n", ep->ep_entry->e_sdn , 0, 0);
- }
- }
+ if (decrypt) {
+ /* Decrypt in place */
+ rc = attrcrypt_decrypt_entry(be, ep);
+ if (rc) {
+ LDAPDebug(LDAP_DEBUG_ANY,"Failed to decrypt entry%s\n", ep->ep_entry->e_sdn , 0, 0);
+ }
+ }
data.data = slapi_entry2str_with_options( ep->ep_entry, &len, options );
data.size = len + 1;
@@ -1181,7 +1181,7 @@
if (idl) {
idl_free(idl);
}
- if (dbc) {
+ if (dbc) {
dbc->c_close(dbc);
}
@@ -1239,7 +1239,7 @@
"ldbm2index: Unknown VLV Index named '%s'\n", index, 0, 0);
LDAPDebug(LDAP_DEBUG_ANY,
"ldbm2index: Known VLV Indexes are: %s\n", text, 0, 0);
- slapi_ch_free((void**)&text);
+ slapi_ch_free_string(&text);
}
/*
@@ -1263,22 +1263,24 @@
IDList *idl = NULL; /* optimization for vlv index creation */
int numvlv = 0;
int return_value = -1;
+ int rc = -1;
ID temp_id;
int i, j, vlvidx;
ID lastid;
- struct backentry *ep;
+ struct backentry *ep = NULL;
char *type;
NIDS idindex = 0;
int count = 0;
Slapi_Attr *attr;
Slapi_Task *task;
- int ret = 0;
int isfirst = 1;
int index_aid = 0; /* index ancestorid */
+ struct vlvIndex *vlvip = NULL;
+ back_txn txn;
LDAPDebug( LDAP_DEBUG_TRACE, "=> ldbm_back_ldbm2index\n", 0, 0, 0 );
if ( g_get_shutdown() || c_get_shutdown() ) {
- return -1;
+ return return_value;
}
slapi_pblock_get(pb, SLAPI_BACKEND_INSTANCE_NAME, &instance_name);
@@ -1291,6 +1293,7 @@
/* No ldbm backend exists until we process the config info. */
li->li_flags |= TASK_RUNNING_FROM_COMMANDLINE;
ldbm_config_load_dse_info(li);
+ txn.back_txn_txn = NULL; /* no transaction */
}
inst = ldbm_instance_find_by_name(li, instance_name);
@@ -1301,7 +1304,7 @@
}
LDAPDebug(LDAP_DEBUG_ANY, "Unknown ldbm instance %s\n",
instance_name, 0, 0);
- return -1;
+ return return_value;
}
be = inst->inst_be;
slapi_pblock_set(pb, SLAPI_BACKEND, be);
@@ -1316,14 +1319,14 @@
if (0 != dblayer_start(li,DBLAYER_INDEX_MODE)) {
LDAPDebug( LDAP_DEBUG_ANY,
"ldbm2index: Failed to init database\n", 0, 0, 0 );
- return( -1 );
+ return return_value;
}
/* dblayer_instance_start will init the id2entry index. */
if (0 != dblayer_instance_start(be, DBLAYER_INDEX_MODE)) {
LDAPDebug(LDAP_DEBUG_ANY, "db2ldif: Failed to init instance\n",
0, 0, 0);
- return -1;
+ return return_value;
}
/* Initialise the Virtual List View code */
@@ -1335,34 +1338,31 @@
LDAPDebug(LDAP_DEBUG_ANY, "ldbm: '%s' is already in the middle of "
"another task and cannot be disturbed.\n",
inst->inst_name, 0, 0);
- return -1;
+ return return_value;
}
if ((( dblayer_get_id2entry( be, &db )) != 0 ) || (db == NULL)) {
LDAPDebug( LDAP_DEBUG_ANY, "Could not open/create id2entry\n",
0, 0, 0 );
- instance_set_not_busy(inst);
- return( -1 );
+ goto err_min;
}
/* get a cursor to we can walk over the table */
- return_value = db->cursor(db, NULL, &dbc, 0);
- if (0 != return_value ) {
+ rc = db->cursor(db, NULL, &dbc, 0);
+ if (0 != rc) {
LDAPDebug( LDAP_DEBUG_ANY,
"Failed to get cursor for ldbm2index\n", 0, 0, 0 );
- dblayer_release_id2entry(be, db);
- instance_set_not_busy(inst);
- return( -1 );
+ goto err_min;
}
/* ask for the last id so we can give cute percentages */
key.flags = DB_DBT_MALLOC;
data.flags = DB_DBT_MALLOC;
- return_value = dbc->c_get(dbc, &key, &data, DB_LAST);
- if (return_value == DB_NOTFOUND) {
+ rc = dbc->c_get(dbc, &key, &data, DB_LAST);
+ if (rc == DB_NOTFOUND) {
lastid = 0;
isfirst = 0; /* neither a first nor a last */
- } else if (return_value == 0) {
+ } else if (rc == 0) {
lastid = id_stored_to_internal((char *)key.data);
free(key.data);
free(data.data);
@@ -1371,10 +1371,7 @@
LDAPDebug(LDAP_DEBUG_ANY,
"Failed to seek within id2entry (BAD %d)\n",
return_value, 0 ,0);
- dbc->c_close(dbc);
- dblayer_release_id2entry(be, db);
- instance_set_not_busy(inst);
- return( -1 );
+ goto err_out;
}
/* Work out which indexes we should build */
@@ -1385,14 +1382,12 @@
*/
{
char **attrs = NULL;
- struct vlvIndex *p = NULL;
struct attrinfo *ai = NULL;
slapi_pblock_get(pb, SLAPI_DB2INDEX_ATTRS, &attrs);
for (i = 0; attrs[i] != NULL; i++) {
if ( g_get_shutdown() || c_get_shutdown() ) {
- ret = -1;
- goto out;
+ goto err_out;
}
switch(attrs[i][0]) {
case 't': /* attribute type to index */
@@ -1421,13 +1416,11 @@
dblayer_erase_index_file(be, ai, i/* chkpt; 1st time only */);
break;
case 'T': /* VLV Search to index */
- p = vlv_find_searchname((attrs[i])+1, be);
- if (p == NULL) {
+ vlvip = vlv_find_searchname((attrs[i])+1, be);
+ if (vlvip == NULL) {
ldbm2index_bad_vlv(task, inst, attrs[i]+1);
- ret = -1;
- goto out;
} else {
- vlvIndex_go_offline(p, be);
+ vlvIndex_go_offline(vlvip, be);
if (pvlv == NULL) {
pvlv = (struct vlvIndex **)slapi_ch_calloc(1,
sizeof(struct vlvIndex *));
@@ -1435,10 +1428,10 @@
pvlv = (struct vlvIndex **)slapi_ch_realloc((char*)pvlv,
(numvlv+1)*sizeof(struct vlvIndex *));
}
- pvlv[numvlv] = p;
+ pvlv[numvlv] = vlvip;
numvlv++;
/* Get rid of the index if it already exists */
- PR_Delete(vlvIndex_filename(p));
+ PR_Delete(vlvIndex_filename(vlvip));
if (task) {
slapi_task_log_notice(task, "%s: Indexing VLV: %s",
inst->inst_name, attrs[i]+1);
@@ -1456,12 +1449,12 @@
* entire database.
*/
if (!indexAttrs && !index_aid && pvlv) {
- int i, err;
+ int err;
char **suffix_list = NULL;
/* create suffix list */
- for (i = 0; i < numvlv; i++) {
- char *s = slapi_ch_strdup(slapi_sdn_get_dn(vlvIndex_getBase(pvlv[i])));
+ for (vlvidx = 0; vlvidx < numvlv; vlvidx++) {
+ char *s = slapi_ch_strdup(slapi_sdn_get_dn(vlvIndex_getBase(pvlv[vlvidx])));
s = slapi_dn_normalize_case(s);
charray_add(&suffix_list, s);
@@ -1497,14 +1490,9 @@
idindex = 0;
}
- /* Bug 603120: slapd dumps core while indexing and deleting the db at the
- * same time. Now added the lock for the indexing code too.
- */
- vlv_acquire_lock(be);
while (1) {
if ( g_get_shutdown() || c_get_shutdown() ) {
- ret = -1;
- goto out;
+ goto err_out;
}
if (idl) {
if (idindex >= idl->b_nids)
@@ -1514,17 +1502,15 @@
key.size = sizeof(temp_id);
data.flags = DB_DBT_MALLOC;
- return_value = db->get(db, NULL, &key, &data, 0);
- if (return_value) {
+ rc = db->get(db, NULL, &key, &data, 0);
+ if (rc) {
LDAPDebug(LDAP_DEBUG_ANY, "%s: Failed "
"to read database, errno=%d (%s)\n",
- inst->inst_name, return_value,
- dblayer_strerror(return_value));
+ inst->inst_name, rc, dblayer_strerror(rc));
if (task) {
slapi_task_log_notice(task,
"%s: Failed to read database, err %d (%s)",
- inst->inst_name, return_value,
- dblayer_strerror(return_value));
+ inst->inst_name, rc, dblayer_strerror(rc));
}
break;
}
@@ -1535,27 +1521,24 @@
key.flags = DB_DBT_MALLOC;
data.flags = DB_DBT_MALLOC;
if (isfirst) {
- return_value = dbc->c_get(dbc, &key, &data, DB_FIRST);
+ rc = dbc->c_get(dbc, &key, &data, DB_FIRST);
isfirst = 0;
} else{
- return_value = dbc->c_get(dbc, &key, &data, DB_NEXT);
+ rc = dbc->c_get(dbc, &key, &data, DB_NEXT);
}
- if (0 != return_value) {
- if (DB_NOTFOUND == return_value) {
- break;
- } else {
- LDAPDebug(LDAP_DEBUG_ANY, "%s: Failed to read database, "
- "errno=%d (%s)\n", inst->inst_name, return_value,
- dblayer_strerror(return_value));
- if (task) {
- slapi_task_log_notice(task,
+ if (DB_NOTFOUND == rc) {
+ break;
+ } else if (0 != rc) {
+ LDAPDebug(LDAP_DEBUG_ANY, "%s: Failed to read database, "
+ "errno=%d (%s)\n", inst->inst_name, rc,
+ dblayer_strerror(rc));
+ if (task) {
+ slapi_task_log_notice(task,
"%s: Failed to read database, err %d (%s)",
- inst->inst_name, return_value,
- dblayer_strerror(return_value));
- }
- break;
+ inst->inst_name, rc, dblayer_strerror(rc));
}
+ break;
}
temp_id = id_stored_to_internal((char *)key.data);
free(key.data);
@@ -1592,9 +1575,7 @@
LDAPDebug(LDAP_DEBUG_ANY,
"%s: ERROR: Could not add op attrs to entry (id %lu)\n",
inst->inst_name, (u_long)ep->ep_id, 0);
- backentry_free( &ep );
- ret = -1;
- goto out;
+ goto err_out;
}
/*
@@ -1604,25 +1585,17 @@
for (i = slapi_entry_first_attr(ep->ep_entry, &attr); i == 0;
i = slapi_entry_next_attr(ep->ep_entry, attr, &attr)) {
Slapi_Value **svals;
- int rc = 0;
slapi_attr_get_type( attr, &type );
for ( j = 0; indexAttrs[j] != NULL; j++ ) {
if ( g_get_shutdown() || c_get_shutdown() ) {
- ret = -1;
- goto out;
+ goto err_out;
}
if (slapi_attr_type_cmp(indexAttrs[j], type,
SLAPI_TYPE_CMP_SUBTYPE) == 0 ) {
- back_txn txn;
svals = attr_get_present_values(attr);
- if (run_from_cmdline)
- {
- txn.back_txn_txn = NULL;
- }
- else
- {
+ if (!run_from_cmdline) {
rc = dblayer_txn_begin(li, NULL, &txn);
if (0 != rc) {
LDAPDebug(LDAP_DEBUG_ANY,
@@ -1639,8 +1612,8 @@
inst->inst_name, indexAttrs[j], rc,
dblayer_strerror(rc));
}
- ret = -2;
- goto out;
+ return_value = -2;
+ goto err_out;
}
}
rc = index_addordel_values_sv(
@@ -1659,13 +1632,13 @@
"(err %d: %s)", inst->inst_name,
indexAttrs[j], rc, dblayer_strerror(rc));
}
- if (!run_from_cmdline)
- dblayer_txn_abort(li, &txn);
- ret = -2;
- goto out;
+ if (!run_from_cmdline) {
+ dblayer_txn_abort(li, &txn);
+ }
+ return_value = -2;
+ goto err_out;
}
- if (!run_from_cmdline)
- {
+ if (!run_from_cmdline) {
rc = dblayer_txn_commit(li, &txn);
if (0 != rc) {
LDAPDebug(LDAP_DEBUG_ANY,
@@ -1682,8 +1655,8 @@
"(err %d: %s)", inst->inst_name,
indexAttrs[j], rc, dblayer_strerror(rc));
}
- ret = -2;
- goto out;
+ return_value = -2;
+ goto err_out;
}
}
}
@@ -1695,19 +1668,10 @@
* Update the Virtual List View indexes
*/
for ( vlvidx = 0; vlvidx < numvlv; vlvidx++ ) {
- back_txn txn;
- int rc = 0;
if ( g_get_shutdown() || c_get_shutdown() ) {
- ret = -1;
- goto out;
- }
- if (run_from_cmdline)
- {
- txn.back_txn_txn = NULL;
+ goto err_out;
}
- else
- if (!run_from_cmdline)
- {
+ if (!run_from_cmdline) {
rc = dblayer_txn_begin(li, NULL, &txn);
if (0 != rc) {
LDAPDebug(LDAP_DEBUG_ANY,
@@ -1722,11 +1686,17 @@
"(err %d: %s)", inst->inst_name,
indexAttrs[vlvidx], rc, dblayer_strerror(rc));
}
- ret = -2;
- goto out;
+ return_value = -2;
+ goto err_out;
}
}
+ /*
+ * lock is needed around vlv_update_index to protect the
+ * vlv structure.
+ */
+ vlv_acquire_lock(be);
vlv_update_index(pvlv[vlvidx], &txn, li, pb, NULL, ep);
+ vlv_release_lock(be);
if (!run_from_cmdline)
{
rc = dblayer_txn_commit(li, &txn);
@@ -1743,8 +1713,8 @@
"(err %d: %s)", inst->inst_name,
indexAttrs[vlvidx], rc, dblayer_strerror(rc));
}
- ret = -2;
- goto out;
+ return_value = -2;
+ goto err_out;
}
}
}
@@ -1753,8 +1723,6 @@
* Update the ancestorid index
*/
if (index_aid) {
- int rc;
-
rc = ldbm_ancestorid_index_entry(be, ep, BE_INDEX_ADD, NULL);
if (rc != 0) {
LDAPDebug(LDAP_DEBUG_ANY,
@@ -1769,8 +1737,8 @@
"(err %d: %s)", inst->inst_name,
rc, dblayer_strerror(rc));
}
- ret = -2;
- goto out;
+ return_value = -2;
+ goto err_out;
}
}
@@ -1798,7 +1766,6 @@
backentry_free( &ep );
}
- vlv_release_lock(be);
/* if we got here, we finished successfully */
@@ -1810,8 +1777,8 @@
PR_ASSERT(ai != NULL);
ai->ai_indexmask &= ~INDEX_OFFLINE;
}
- for (i = 0; i < numvlv; i++) {
- vlvIndex_go_online(pvlv[i], be);
+ for ( vlvidx = 0; vlvidx < numvlv; vlvidx++ ) {
+ vlvIndex_go_online(pvlv[vlvidx], be);
}
if (task) {
@@ -1822,29 +1789,28 @@
}
LDAPDebug(LDAP_DEBUG_ANY, "%s: Finished indexing.\n",
inst->inst_name, 0, 0);
-
-out:
+ return_value = 0; /* success */
+err_out:
+ backentry_free( &ep ); /* if ep or *ep is NULL, it does nothing */
if (idl) {
idl_free(idl);
} else {
dbc->c_close(dbc);
}
- if (ret < 0) {/* error case: undo vlv indexing */
- struct vlvIndex *p = NULL;
+ if (return_value < 0) {/* error case: undo vlv indexing */
+ struct vlvIndex *vlvip = NULL;
/* if jumped to out due to an error, vlv lock has not been released */
- vlv_release_lock(be);
for ( vlvidx = 0; vlvidx < numvlv; vlvidx++ ) {
- p = pvlv[vlvidx];
- vlvIndex_go_offline(p, be);
- vlvIndex_delete(&p);
+ vlvIndex_go_offline(pvlv[vlvidx], be);
+ vlv_acquire_lock(be);
+ vlvIndex_delete(&pvlv[vlvidx]);
+ vlv_release_lock(be);
}
}
- dblayer_release_id2entry( be, db );
-
+err_min:
+ dblayer_release_id2entry( be, db ); /* nope */
instance_set_not_busy(inst);
- LDAPDebug( LDAP_DEBUG_TRACE, "<= ldbm_back_ldbm2index\n", 0, 0, 0 );
-
if (run_from_cmdline) {
if (0 != dblayer_flush(li)) {
LDAPDebug(LDAP_DEBUG_ANY,
@@ -1860,8 +1826,13 @@
if (indexAttrs) {
slapi_ch_free((void **)&indexAttrs);
}
+ if (pvlv) {
+ slapi_ch_free((void **)&pvlv);
+ }
- return (ret);
+ LDAPDebug( LDAP_DEBUG_TRACE, "<= ldbm_back_ldbm2index\n", 0, 0, 0 );
+
+ return return_value;
}
/*
@@ -1903,7 +1874,7 @@
attr_index_config(be, "from db2index()", 0, argc, nsslapd_index_value, 0);
for ( i=0; i<argc; i++ ) {
- slapi_ch_free((void **)&nsslapd_index_value[i]);
+ slapi_ch_free_string(&nsslapd_index_value[i]);
}
return(0);
}
@@ -1915,32 +1886,32 @@
*
* Returns a non-zero value if:
* 1) The 'attr' is in the configured list of attribute types that
- * are to be excluded.
+ * are to be excluded.
* OR 2) dump_uniqueid is non-zero and 'attr' is the unique ID attribute.
*
* Return 0 if the attribute is not to be excluded.
*/
static int
ldbm_exclude_attr_from_export( struct ldbminfo *li , const char *attr,
- int dump_uniqueid )
+ int dump_uniqueid )
{
- int i, rc = 0;
+ int i, rc = 0;
- if ( !dump_uniqueid && 0 == strcasecmp( SLAPI_ATTR_UNIQUEID, attr )) {
- rc = 1; /* exclude */
+ if ( !dump_uniqueid && 0 == strcasecmp( SLAPI_ATTR_UNIQUEID, attr )) {
+ rc = 1; /* exclude */
- } else if ( NULL != li && NULL != li->li_attrs_to_exclude_from_export ) {
- for ( i = 0; li->li_attrs_to_exclude_from_export[i] != NULL; ++i ) {
- if ( 0 == strcasecmp( li->li_attrs_to_exclude_from_export[i],
- attr )) {
- rc = 1; /* exclude */
- break;
- }
- }
- }
+ } else if ( NULL != li && NULL != li->li_attrs_to_exclude_from_export ) {
+ for ( i = 0; li->li_attrs_to_exclude_from_export[i] != NULL; ++i ) {
+ if ( 0 == strcasecmp( li->li_attrs_to_exclude_from_export[i],
+ attr )) {
+ rc = 1; /* exclude */
+ break;
+ }
+ }
+ }
- return( rc );
+ return( rc );
}
/*
Index: vlv.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/vlv.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- vlv.c 14 Mar 2007 16:36:13 -0000 1.13
+++ vlv.c 24 Sep 2007 18:27:15 -0000 1.14
@@ -101,11 +101,11 @@
if(parent!=NULL)
{
struct vlvIndex* newVlvIndex= vlvIndex_new();
- newVlvIndex->vlv_be=be;
+ newVlvIndex->vlv_be=be;
vlvIndex_init(newVlvIndex, be, parent, entryBefore);
- vlvSearch_addIndex(parent, newVlvIndex);
+ vlvSearch_addIndex(parent, newVlvIndex);
}
- PR_RWLock_Unlock(be->vlvSearchList_lock);
+ PR_RWLock_Unlock(be->vlvSearchList_lock);
}
slapi_sdn_done(&parentdn);
return SLAPI_DSE_CALLBACK_OK;
@@ -116,18 +116,28 @@
int vlv_DeleteSearchEntry(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg)
{
struct vlvSearch* p=NULL;
- backend *be= ((ldbm_instance*)arg)->inst_be;
-
+ ldbm_instance *inst = (ldbm_instance*)arg;
+ backend *be= inst->inst_be;
+
+ if (instance_set_busy(inst) != 0)
+ {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "Backend instance: '%s' is already in the middle of "
+ "another task and cannot be disturbed.\n",
+ inst->inst_name, 0, 0);
+ return SLAPI_DSE_CALLBACK_ERROR;
+ }
/* vlvSearchList is modified; need Wlock */
PR_RWLock_Wlock(be->vlvSearchList_lock);
p = vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, slapi_entry_get_sdn(entryBefore));
if(p!=NULL)
- {
- LDAPDebug( LDAP_DEBUG_ANY, "Deleted Virtual List View Search (%s).\n", p->vlv_name, 0, 0);
- vlvSearch_removefromlist((struct vlvSearch **)&be->vlvSearchList,p->vlv_dn);
- vlvSearch_delete(&p);
+ {
+ LDAPDebug( LDAP_DEBUG_ANY, "Deleted Virtual List View Search (%s).\n", p->vlv_name, 0, 0);
+ vlvSearch_removefromlist((struct vlvSearch **)&be->vlvSearchList,p->vlv_dn);
+ vlvSearch_delete(&p);
}
- PR_RWLock_Unlock(be->vlvSearchList_lock);
+ PR_RWLock_Unlock(be->vlvSearchList_lock);
+ instance_set_not_busy(inst);
return SLAPI_DSE_CALLBACK_OK;
}
@@ -136,8 +146,18 @@
int vlv_DeleteIndexEntry(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg)
{
- LDAPDebug( LDAP_DEBUG_ANY, "Deleted Virtual List View Index.\n", 0, 0, 0);
- return SLAPI_DSE_CALLBACK_OK;
+ ldbm_instance *inst = (ldbm_instance*)arg;
+ if (inst && (inst->inst_flags & INST_FLAG_BUSY)) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "Backend instance: '%s' is already in the middle of "
+ "another task and cannot be disturbed.\n",
+ inst->inst_name, 0, 0);
+ return SLAPI_DSE_CALLBACK_ERROR;
+ } else {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "Deleted Virtual List View Index.\n", 0, 0, 0);
+ return SLAPI_DSE_CALLBACK_OK;
+ }
}
@@ -1500,8 +1520,9 @@
if ( e == NULL )
{
int rval;
- LDAPDebug( LDAP_DEBUG_ANY, "vlv_trim_candidates_byvalue: Candidate ID %lu not found err=%d\n", (u_long)id, err, 0 );
- rval = idl_delete(&candidates, id);
+ LDAPDebug( LDAP_DEBUG_ANY, "vlv_trim_candidates_byvalue: "
+ "Candidate ID %lu not found err=%d\n", (u_long)id, err, 0 );
+ rval = idl_delete((IDList **)&candidates, id);
if (0 == rval || 1 == rval || 2 == rval) {
goto retry;
} else {
@@ -1953,6 +1974,14 @@
const char *dn= slapi_sdn_get_dn(&e->e_sdn);
backend *be= inst->inst_be;
+ if (instance_set_busy(inst) != 0)
+ {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "Backend instance: '%s' is already in the middle of "
+ "another task and cannot be disturbed.\n",
+ inst->inst_name, 0, 0);
+ return LDAP_OPERATIONS_ERROR;
+ }
tag1=create_vlv_search_tag(dn);
buf=slapi_ch_smprintf("%s%s%s%s%s","cn=MCC ",tag1,", cn=",inst->inst_name,LDBM_PLUGIN_ROOT);
newdn=slapi_sdn_new_dn_byval(buf);
@@ -1960,7 +1989,7 @@
PR_RWLock_Wlock(be->vlvSearchList_lock);
p = vlvSearch_finddn((struct vlvSearch *)be->vlvSearchList, newdn);
if(p!=NULL)
- {
+ {
LDAPDebug( LDAP_DEBUG_ANY, "Deleted Virtual List View Search (%s).\n", p->vlv_name, 0, 0);
tag2=create_vlv_search_tag(dn);
buf2=slapi_ch_smprintf("%s%s,%s",TAG,tag2,buf);
@@ -1991,6 +2020,7 @@
} else {
PR_RWLock_Unlock(be->vlvSearchList_lock);
}
+ instance_set_not_busy(inst);
slapi_ch_free((void **)&tag1);
slapi_ch_free((void **)&buf);
slapi_sdn_free(&newdn);
16 years, 7 months
[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSMigration.pm.in, 1.15, 1.16
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29098
Modified Files:
DSMigration.pm.in
Log Message:
Resolves: bug 301431
Description: Show-Stopper - Migration path rhel21_ds621_TO_rhel4_32bit
Fix Description: not actually a fix, but with -dd this will print out the entries that were ignored during migration, which should be the presence plugin config entries and possibly others
Index: DSMigration.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSMigration.pm.in,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- DSMigration.pm.in 20 Sep 2007 20:27:34 -0000 1.15
+++ DSMigration.pm.in 22 Sep 2007 03:34:06 -0000 1.16
@@ -625,6 +625,8 @@
fixAttrsInEntry($oldent, $mig, $inst);
$rc = $dest->add($oldent);
$op = "add";
+ } else {
+ debug(2, "Ignoring entry $dn - configuration not supported\n");
}
} elsif (!$oldent && $newent) {
if ($dn =~ /o=deleteAfterMigration/i) {
16 years, 7 months
[Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.33, 1.34
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2018
Modified Files:
windows_protocol_util.c
Log Message:
Resolves: 299361
Summary: Handle initials and streetAddress attributes when doing a sync total update.
Index: windows_protocol_util.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- windows_protocol_util.c 17 Sep 2007 19:18:30 -0000 1.33
+++ windows_protocol_util.c 20 Sep 2007 23:32:17 -0000 1.34
@@ -2971,6 +2971,7 @@
return ret;
}
+/* Generate the mods for an update in either direction. Be careful... the "remote" entry is the DS entry in the to_windows case, but the AD entry in the other case. */
static int
windows_generate_update_mods(Private_Repl_Protocol *prp,Slapi_Entry *remote_entry,Slapi_Entry *local_entry, int to_windows, Slapi_Mods *smods, int *do_modify)
{
@@ -3033,7 +3034,13 @@
}
continue;
}
- slapi_entry_attr_find(local_entry,local_type,&local_attr);
+
+ if (to_windows && (0 == slapi_attr_type_cmp(local_type, "streetAddress", SLAPI_TYPE_CMP_SUBTYPE))) {
+ slapi_entry_attr_find(local_entry,FAKE_STREET_ATTR_NAME,&local_attr);
+ } else {
+ slapi_entry_attr_find(local_entry,local_type,&local_attr);
+ }
+
is_present_local = (NULL == local_attr) ? 0 : 1;
/* Is the attribute present on the local entry ? */
if (is_present_local && !is_guid)
@@ -3041,14 +3048,21 @@
if (!mapdn)
{
int values_equal = 0;
-
/* AD has a legth contraint on the initials attribute,
* so treat is as a special case. */
- if (0 == slapi_attr_type_cmp(type, "initials", SLAPI_TYPE_CMP_SUBTYPE) && !to_windows) {
+ if (0 == slapi_attr_type_cmp(type, "initials", SLAPI_TYPE_CMP_SUBTYPE)) {
values_equal = attr_compare_equal(attr, local_attr, AD_INITIALS_LENGTH);
+ /* If we're getting a streetAddress (a fake attr name is used) from AD, then
+ * we just check if the value in AD is present in our entry in DS. In this
+ * case, attr is from the AD entry, and local_attr is from the DS entry. */
} else if (0 == slapi_attr_type_cmp(type, FAKE_STREET_ATTR_NAME, SLAPI_TYPE_CMP_SUBTYPE) && !to_windows) {
- /* Need to check if attr is present in local_attr */
values_equal = attr_compare_present(attr, local_attr);
+ /* If we are checking if we should send a street attribute to AD, then
+ * we want to first see if the AD entry already contains any street value
+ * that is present in the DS entry. In this case, attr is from the DS
+ * entry, and local_attr is from the AD entry. */
+ } else if ((0 == slapi_attr_type_cmp(type, "street", SLAPI_TYPE_CMP_SUBTYPE) && to_windows)) {
+ values_equal = attr_compare_present(local_attr, attr);
} else {
/* Compare the entire attribute values */
values_equal = attr_compare_equal(attr, local_attr, 0);
@@ -3058,8 +3072,58 @@
if (!values_equal)
{
slapi_log_error(SLAPI_LOG_REPL, windows_repl_plugin_name,
- "windows_generate_update_mods: %s, %s : values are different\n", slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)), local_type);
- slapi_mods_add_mod_values(smods,LDAP_MOD_REPLACE,local_type,valueset_get_valuearray(vs));
+ "windows_generate_update_mods: %s, %s : values are different\n",
+ slapi_sdn_get_dn(slapi_entry_get_sdn_const(local_entry)), local_type);
+
+ if ((0 == slapi_attr_type_cmp(local_type, "streetAddress",
+ SLAPI_TYPE_CMP_SUBTYPE) && to_windows)) {
+ /* streetAddress is single-valued in AD, so make
+ * sure we don't try to send more than one value. */
+ if (slapi_valueset_count(vs) > 1) {
+ int i = 0;
+ const char *street_value = NULL;
+ Slapi_Value *value = NULL;
+ Slapi_Value *new_value = NULL;
+
+ i = slapi_valueset_first_value(vs,&value);
+ if (i >= 0) {
+ /* Dup the first value, trash the valueset, then copy
+ * in the dup'd value. */
+ new_value = slapi_value_dup(value);
+ slapi_valueset_done(vs);
+ /* The below hands off the memory to the valueset */
+ slapi_valueset_add_value_ext(vs, new_value, SLAPI_VALUE_FLAG_PASSIN);
+ }
+ }
+ } else if ((0 == slapi_attr_type_cmp(local_type, "initials",
+ SLAPI_TYPE_CMP_SUBTYPE) && to_windows)) {
+ /* initials is constratined to a max length of
+ * 6 characters in AD, so trim the value if
+ * needed before sending. */
+ int i = 0;
+ const char *initials_value = NULL;
+ Slapi_Value *value = NULL;
+
+ i = slapi_valueset_first_value(vs,&value);
+ while (i >= 0) {
+ initials_value = slapi_value_get_string(value);
+
+ /* If > AD_INITIALS_LENGTH, trim the value */
+ if (strlen(initials_value) > AD_INITIALS_LENGTH) {
+ char *new_initials = PL_strndup(initials_value, AD_INITIALS_LENGTH);
+ /* the below hands off memory */
+ slapi_value_set_string_passin(value, new_initials);
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: windows_generate_update_mods: "
+ "Trimming initials attribute to %d characters.\n",
+ agmt_get_long_name(prp->agmt), AD_INITIALS_LENGTH);
+ }
+
+ i = slapi_valueset_next_value(vs, i, &value);
+ }
+ }
+ slapi_mods_add_mod_values(smods,LDAP_MOD_REPLACE,
+ local_type,valueset_get_valuearray(vs));
*do_modify = 1;
} else
{
@@ -3125,6 +3189,53 @@
}
} else
{
+ if ((0 == slapi_attr_type_cmp(local_type, "streetAddress",
+ SLAPI_TYPE_CMP_SUBTYPE) && to_windows)) {
+ /* streetAddress is single-valued in AD, so make
+ * sure we don't try to send more than one value. */
+ if (slapi_valueset_count(vs) > 1) {
+ int i = 0;
+ const char *street_value = NULL;
+ Slapi_Value *value = NULL;
+ Slapi_Value *new_value = NULL;
+
+ i = slapi_valueset_first_value(vs,&value);
+ if (i >= 0) {
+ /* Dup the first value, trash the valueset, then copy
+ * in the dup'd value. */
+ new_value = slapi_value_dup(value);
+ slapi_valueset_done(vs);
+ /* The below hands off the memory to the valueset */
+ slapi_valueset_add_value_ext(vs, new_value, SLAPI_VALUE_FLAG_PASSIN);
+ }
+ }
+ } else if ((0 == slapi_attr_type_cmp(local_type, "initials",
+ SLAPI_TYPE_CMP_SUBTYPE) && to_windows)) {
+ /* initials is constratined to a max length of
+ * 6 characters in AD, so trim the value if
+ * needed before sending. */
+ int i = 0;
+ const char *initials_value = NULL;
+ Slapi_Value *value = NULL;
+
+ i = slapi_valueset_first_value(vs,&value);
+ while (i >= 0) {
+ initials_value = slapi_value_get_string(value);
+
+ /* If > AD_INITIALS_LENGTH, trim the value */
+ if (strlen(initials_value) > AD_INITIALS_LENGTH) {
+ char *new_initials = PL_strndup(initials_value, AD_INITIALS_LENGTH);
+ /* the below hands off memory */
+ slapi_value_set_string_passin(value, new_initials);
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: windows_generate_update_mods: "
+ "Trimming initials attribute to %d characters.\n",
+ agmt_get_long_name(prp->agmt), AD_INITIALS_LENGTH);
+ }
+
+ i = slapi_valueset_next_value(vs, i, &value);
+ }
+ }
slapi_mods_add_mod_values(smods,LDAP_MOD_ADD,local_type,valueset_get_valuearray(vs));
}
}
16 years, 7 months
[Fedora-directory-commits] adminserver/admserv/newinst/src AdminUtil.pm.in, 1.14, 1.15 register-ds-admin.res.in, 1.2, 1.3 setup-ds-admin.res.in, 1.7, 1.8
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17005/adminserver/admserv/newinst/src
Modified Files:
AdminUtil.pm.in register-ds-admin.res.in setup-ds-admin.res.in
Log Message:
Resolves: bug 299261
Bug Description: setup-ds-admin: Error: unknown resource key error_connection_failed
Reviewed by: nhosoi (Thanks!)
Fix Description: Moved the resource key from register-ds-admin.res to setup-ds-admin.res since it's used by setup and migrate too. I also added the host, port, user, and ldap error string to the error message.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: AdminUtil.pm.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminUtil.pm.in,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- AdminUtil.pm.in 23 Aug 2007 23:51:24 -0000 1.14
+++ AdminUtil.pm.in 20 Sep 2007 21:47:28 -0000 1.15
@@ -245,7 +245,9 @@
$inf->{slapd}->{RootDNPwd},
$inf->{General}->{certdir});
if (!$conn) {
- @{$errs} = ('error_connection_failed');
+ @{$errs} = ('error_connection_failed', $inf->{General}->{FullMachineName},
+ $inf->{slapd}->{ServerPort}, $inf->{slapd}->{RootDN},
+ $conn->getErrorString());
return 0;
}
@@ -330,7 +332,9 @@
$inf->{slapd}->{RootDNPwd},
$inf->{General}->{certdir});
if (!$conn) {
- @{$errs} = ('error_connection_failed');
+ @{$errs} = ('error_connection_failed', $inf->{General}->{FullMachineName},
+ $inf->{slapd}->{ServerPort}, $inf->{slapd}->{RootDN},
+ $conn->getErrorString());
return 0;
}
Index: register-ds-admin.res.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/register-ds-admin.res.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- register-ds-admin.res.in 23 Aug 2007 23:51:24 -0000 1.2
+++ register-ds-admin.res.in 20 Sep 2007 21:47:28 -0000 1.3
@@ -39,5 +39,3 @@
error_register_subds = Error: failed to register the additional server info to the Configuration Directory Server %s.\n
error_unregister_ds = Error: failed to clean up the configuration info from the old Configuration\nDirectory Server %s.\n
-
-error_connection_failed = Error: failed to open an LDAP connection.\n
Index: setup-ds-admin.res.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.res.in,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- setup-ds-admin.res.in 14 Sep 2007 21:26:08 -0000 1.7
+++ setup-ds-admin.res.in 20 Sep 2007 21:47:28 -0000 1.8
@@ -128,3 +128,4 @@
error_return_certutil = The certutil program returned error code '%s' from attempting to add the CA certificate. Error: %s
error_return2_certutil = The certutil program returned error code '%s' from attempting to add the CA certificate. Error: %s\nHere is the output of the command: %s
cacert_already_exists = The certificate database in '%s' already contains a CA certificate. Please remove it first, or use the certutil program to add the CA certificate with a different name.\n
+error_connection_failed = Error: failed to open an LDAP connection to host '%s' port '%s' as user '%s'. Error: %s.\n
16 years, 7 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd uuid.c, 1.7, 1.8
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5955/ldapserver/ldap/servers/slapd
Modified Files:
uuid.c
Log Message:
Resolves: bug 262021
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nhosoi (Thanks!)
Fix Description: We still need to be able to decrypt passwords using the broken method. I guess it works on Solaris and HP because the values are already in network byte order. But when the values were encrypted on x86, they were encrypted the wrong way. It is safe to use MIGRATE_BROKEN_PWD on Solaris and HP because it is essentially a no-op. But this allows us to decrypt x86 passwords and store them correctly.
Platforms tested: RHEL4 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: uuid.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/uuid.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- uuid.c 30 Aug 2007 00:18:10 -0000 1.7
+++ uuid.c 20 Sep 2007 20:27:35 -0000 1.8
@@ -856,10 +856,14 @@
memcpy(uuid, hash, sizeof(guid_t));
- /* convert UUID to local byte order */
- uuid->time_low = PR_ntohl(uuid->time_low);
- uuid->time_mid = PR_ntohs(uuid->time_mid);
- uuid->time_hi_and_version = PR_ntohs(uuid->time_hi_and_version);
+ /* when migrating, we skip the ntohl in order to read in old,
+ incorrectly formatted uuids */
+ if (!getenv("USE_BROKEN_UUID")) {
+ /* convert UUID to local byte order */
+ uuid->time_low = PR_ntohl(uuid->time_low);
+ uuid->time_mid = PR_ntohs(uuid->time_mid);
+ uuid->time_hi_and_version = PR_ntohs(uuid->time_hi_and_version);
+ }
/* put in the variant and version bits */
uuid->time_hi_and_version &= 0x0FFF;
16 years, 7 months
[Fedora-directory-commits] ldapserver/ldap/servers/plugins/rever des.c, 1.7, 1.8
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/rever
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5955/ldapserver/ldap/servers/plugins/rever
Modified Files:
des.c
Log Message:
Resolves: bug 262021
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nhosoi (Thanks!)
Fix Description: We still need to be able to decrypt passwords using the broken method. I guess it works on Solaris and HP because the values are already in network byte order. But when the values were encrypted on x86, they were encrypted the wrong way. It is safe to use MIGRATE_BROKEN_PWD on Solaris and HP because it is essentially a no-op. But this allows us to decrypt x86 passwords and store them correctly.
Platforms tested: RHEL4 i386, RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: des.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/rever/des.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- des.c 10 Nov 2006 23:45:23 -0000 1.7
+++ des.c 20 Sep 2007 20:27:34 -0000 1.8
@@ -478,9 +478,21 @@
return err;
}
+/*
+ The UUID name based generator was broken on x86 platforms. We use
+ this to generate the password encryption key. During migration,
+ we have to fix this so we can use the fixed generator. The env.
+ var USE_BROKEN_UUID tells the uuid generator to use the old
+ broken method to create the UUID. That will allow us to decrypt
+ the password to the correct clear text, then we can turn off
+ the broken method and use the fixed method to encrypt the
+ password.
+*/
char *
migrateCredentials(char *oldpath, char *newpath, char *oldcred)
{
+ static char *useBrokenUUID = "USE_BROKEN_UUID=1";
+ static char *disableBrokenUUID = "USE_BROKEN_UUID";
char *plain = NULL;
char *cipher = NULL;
@@ -489,8 +501,15 @@
slapd_pk11_configurePKCS11(NULL, NULL, tokDes, ptokDes, NULL, NULL, NULL, NULL, 0, 0 );
NSS_NoDB_Init(NULL);
+ if (getenv("MIGRATE_BROKEN_PWD")) {
+ putenv(useBrokenUUID);
+ }
+
if ( decode_path(oldcred, &plain, oldpath) == 0 )
{
+ if (getenv("MIGRATE_BROKEN_PWD")) {
+ putenv(disableBrokenUUID);
+ }
if ( encode_path(plain, &cipher, newpath) != 0 )
return(NULL);
else
16 years, 7 months