ldap/servers Makefile.am Makefile.in
by Noriko Hosoi
Makefile.am | 2
Makefile.in | 64 ++---
ldap/servers/plugins/replication/cl5_api.c | 198 +++++++++++++++-
ldap/servers/plugins/replication/cl5_api.h | 13 +
ldap/servers/plugins/replication/cl5_init.c | 2
ldap/servers/plugins/replication/repl5_init.c | 6
ldap/servers/plugins/replication/repl5_replica_config.c | 11
ldap/servers/slapd/back-ldbm/archive.c | 19 +
ldap/servers/slapd/pblock.c | 24 +
ldap/servers/slapd/plugin.c | 6
ldap/servers/slapd/protect_db.h | 2
ldap/servers/slapd/slap.h | 4
ldap/servers/slapd/slapi-plugin.h | 2
ldap/servers/slapd/slapi-private.h | 2
14 files changed, 302 insertions(+), 53 deletions(-)
New commits:
commit f9a13fd1690f652e3c1dda78b7f846647be56a34
Author: Noriko Hosoi <nhosoi(a)jiji.usersys.redhat.com>
Date: Mon Jan 17 18:23:40 2011 -0800
Bug 669205 - db2bak: backed up changelog should include RUVs
https://bugzilla.redhat.com/show_bug.cgi?id=669205
Description:
Introduced backup plugin hooks: SLAPI_PLUGIN_BE_PRE_BACKUP_FN
and SLAPI_PLUGIN_BE_POST_BACKUP_FN to call back cl5WriteRUV and
cl5DeleteRUV, respectively. cl5WriteRUV adds RUVs to changelog
and cl5DeleteRUV reads and deletes RUVs in changelog. The call-
back functions are avaiable only when the process is initialized
as a server, which must have started with a backend normal mode
flag (DBLAYER_NORMAL_MODE) not with other utility modes such as
DBLAYER_ARCHIVE_MODE. With this restriction, db2bak is not
allowed to use to back up the database including changelog db
when the server is up. If launched, the utility fails with this
error message:
[...] - db2archive: pre-backup-plugin failed (1).
[...] - ERROR: Standalone db2bak is not supported \
when a multimaster replication enabled server is coexisting.
Please use db2bak.pl, instead.
As mentioned in the message, db2bak.pl is supposed to be used.
See also:
http://directory.fedoraproject.org/wiki/Move_changelog#Backing_up_Changelog
diff --git a/Makefile.am b/Makefile.am
index 1b43a0a..bd3c64e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -624,6 +624,7 @@ libslapd_la_SOURCES = ldap/servers/slapd/add.c \
ldap/servers/slapd/plugin_mr.c \
ldap/servers/slapd/plugin_role.c \
ldap/servers/slapd/plugin_syntax.c \
+ ldap/servers/slapd/protect_db.c \
ldap/servers/slapd/proxyauth.c \
ldap/servers/slapd/pw.c \
ldap/servers/slapd/pw_retry.c \
@@ -1264,7 +1265,6 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
ldap/servers/slapd/main.c \
ldap/servers/slapd/monitor.c \
ldap/servers/slapd/passwd_extop.c \
- ldap/servers/slapd/protect_db.c \
ldap/servers/slapd/psearch.c \
ldap/servers/slapd/pw_mgmt.c \
ldap/servers/slapd/rootdse.c \
diff --git a/Makefile.in b/Makefile.in
index a5a5c3e..e2e1f39 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -611,12 +611,13 @@ am__libslapd_la_SOURCES_DIST = ldap/servers/slapd/add.c \
ldap/servers/slapd/plugin_mr.c \
ldap/servers/slapd/plugin_role.c \
ldap/servers/slapd/plugin_syntax.c \
- ldap/servers/slapd/proxyauth.c ldap/servers/slapd/pw.c \
- ldap/servers/slapd/pw_retry.c ldap/servers/slapd/rdn.c \
- ldap/servers/slapd/referral.c ldap/servers/slapd/regex.c \
- ldap/servers/slapd/resourcelimit.c ldap/servers/slapd/result.c \
- ldap/servers/slapd/rwlock.c ldap/servers/slapd/sasl_map.c \
- ldap/servers/slapd/schema.c ldap/servers/slapd/schemaparse.c \
+ ldap/servers/slapd/protect_db.c ldap/servers/slapd/proxyauth.c \
+ ldap/servers/slapd/pw.c ldap/servers/slapd/pw_retry.c \
+ ldap/servers/slapd/rdn.c ldap/servers/slapd/referral.c \
+ ldap/servers/slapd/regex.c ldap/servers/slapd/resourcelimit.c \
+ ldap/servers/slapd/result.c ldap/servers/slapd/rwlock.c \
+ ldap/servers/slapd/sasl_map.c ldap/servers/slapd/schema.c \
+ ldap/servers/slapd/schemaparse.c \
ldap/servers/slapd/security_wrappers.c \
ldap/servers/slapd/slapd_plhash.c \
ldap/servers/slapd/slapi_counter.c \
@@ -694,6 +695,7 @@ am_libslapd_la_OBJECTS = ldap/servers/slapd/libslapd_la-add.lo \
ldap/servers/slapd/libslapd_la-plugin_mr.lo \
ldap/servers/slapd/libslapd_la-plugin_role.lo \
ldap/servers/slapd/libslapd_la-plugin_syntax.lo \
+ ldap/servers/slapd/libslapd_la-protect_db.lo \
ldap/servers/slapd/libslapd_la-proxyauth.lo \
ldap/servers/slapd/libslapd_la-pw.lo \
ldap/servers/slapd/libslapd_la-pw_retry.lo \
@@ -868,8 +870,7 @@ am__ns_slapd_SOURCES_DIST = ldap/servers/slapd/abandon.c \
ldap/servers/slapd/getopt_ext.c ldap/servers/slapd/globals.c \
ldap/servers/slapd/house.c ldap/servers/slapd/init.c \
ldap/servers/slapd/main.c ldap/servers/slapd/monitor.c \
- ldap/servers/slapd/passwd_extop.c \
- ldap/servers/slapd/protect_db.c ldap/servers/slapd/psearch.c \
+ ldap/servers/slapd/passwd_extop.c ldap/servers/slapd/psearch.c \
ldap/servers/slapd/pw_mgmt.c ldap/servers/slapd/rootdse.c \
ldap/servers/slapd/sasl_io.c ldap/servers/slapd/saslbind.c \
ldap/servers/slapd/search.c \
@@ -898,7 +899,6 @@ am_ns_slapd_OBJECTS = ldap/servers/slapd/ns_slapd-abandon.$(OBJEXT) \
ldap/servers/slapd/ns_slapd-main.$(OBJEXT) \
ldap/servers/slapd/ns_slapd-monitor.$(OBJEXT) \
ldap/servers/slapd/ns_slapd-passwd_extop.$(OBJEXT) \
- ldap/servers/slapd/ns_slapd-protect_db.$(OBJEXT) \
ldap/servers/slapd/ns_slapd-psearch.$(OBJEXT) \
ldap/servers/slapd/ns_slapd-pw_mgmt.$(OBJEXT) \
ldap/servers/slapd/ns_slapd-rootdse.$(OBJEXT) \
@@ -1762,12 +1762,13 @@ libslapd_la_SOURCES = ldap/servers/slapd/add.c \
ldap/servers/slapd/plugin_mr.c \
ldap/servers/slapd/plugin_role.c \
ldap/servers/slapd/plugin_syntax.c \
- ldap/servers/slapd/proxyauth.c ldap/servers/slapd/pw.c \
- ldap/servers/slapd/pw_retry.c ldap/servers/slapd/rdn.c \
- ldap/servers/slapd/referral.c ldap/servers/slapd/regex.c \
- ldap/servers/slapd/resourcelimit.c ldap/servers/slapd/result.c \
- ldap/servers/slapd/rwlock.c ldap/servers/slapd/sasl_map.c \
- ldap/servers/slapd/schema.c ldap/servers/slapd/schemaparse.c \
+ ldap/servers/slapd/protect_db.c ldap/servers/slapd/proxyauth.c \
+ ldap/servers/slapd/pw.c ldap/servers/slapd/pw_retry.c \
+ ldap/servers/slapd/rdn.c ldap/servers/slapd/referral.c \
+ ldap/servers/slapd/regex.c ldap/servers/slapd/resourcelimit.c \
+ ldap/servers/slapd/result.c ldap/servers/slapd/rwlock.c \
+ ldap/servers/slapd/sasl_map.c ldap/servers/slapd/schema.c \
+ ldap/servers/slapd/schemaparse.c \
ldap/servers/slapd/security_wrappers.c \
ldap/servers/slapd/slapd_plhash.c \
ldap/servers/slapd/slapi_counter.c \
@@ -2353,7 +2354,6 @@ ns_slapd_SOURCES = ldap/servers/slapd/abandon.c \
ldap/servers/slapd/main.c \
ldap/servers/slapd/monitor.c \
ldap/servers/slapd/passwd_extop.c \
- ldap/servers/slapd/protect_db.c \
ldap/servers/slapd/psearch.c \
ldap/servers/slapd/pw_mgmt.c \
ldap/servers/slapd/rootdse.c \
@@ -3863,6 +3863,9 @@ ldap/servers/slapd/libslapd_la-plugin_role.lo: \
ldap/servers/slapd/libslapd_la-plugin_syntax.lo: \
ldap/servers/slapd/$(am__dirstamp) \
ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp)
+ldap/servers/slapd/libslapd_la-protect_db.lo: \
+ ldap/servers/slapd/$(am__dirstamp) \
+ ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp)
ldap/servers/slapd/libslapd_la-proxyauth.lo: \
ldap/servers/slapd/$(am__dirstamp) \
ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp)
@@ -4365,9 +4368,6 @@ ldap/servers/slapd/ns_slapd-monitor.$(OBJEXT): \
ldap/servers/slapd/ns_slapd-passwd_extop.$(OBJEXT): \
ldap/servers/slapd/$(am__dirstamp) \
ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp)
-ldap/servers/slapd/ns_slapd-protect_db.$(OBJEXT): \
- ldap/servers/slapd/$(am__dirstamp) \
- ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp)
ldap/servers/slapd/ns_slapd-psearch.$(OBJEXT): \
ldap/servers/slapd/$(am__dirstamp) \
ldap/servers/slapd/$(DEPDIR)/$(am__dirstamp)
@@ -5195,6 +5195,8 @@ mostlyclean-compile:
-rm -f ldap/servers/slapd/libslapd_la-plugin_role.lo
-rm -f ldap/servers/slapd/libslapd_la-plugin_syntax.$(OBJEXT)
-rm -f ldap/servers/slapd/libslapd_la-plugin_syntax.lo
+ -rm -f ldap/servers/slapd/libslapd_la-protect_db.$(OBJEXT)
+ -rm -f ldap/servers/slapd/libslapd_la-protect_db.lo
-rm -f ldap/servers/slapd/libslapd_la-proxyauth.$(OBJEXT)
-rm -f ldap/servers/slapd/libslapd_la-proxyauth.lo
-rm -f ldap/servers/slapd/libslapd_la-pw.$(OBJEXT)
@@ -5282,7 +5284,6 @@ mostlyclean-compile:
-rm -f ldap/servers/slapd/ns_slapd-main.$(OBJEXT)
-rm -f ldap/servers/slapd/ns_slapd-monitor.$(OBJEXT)
-rm -f ldap/servers/slapd/ns_slapd-passwd_extop.$(OBJEXT)
- -rm -f ldap/servers/slapd/ns_slapd-protect_db.$(OBJEXT)
-rm -f ldap/servers/slapd/ns_slapd-psearch.$(OBJEXT)
-rm -f ldap/servers/slapd/ns_slapd-pw_mgmt.$(OBJEXT)
-rm -f ldap/servers/slapd/ns_slapd-rootdse.$(OBJEXT)
@@ -5680,6 +5681,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/libslapd_la-plugin_mr.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/libslapd_la-plugin_role.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/libslapd_la-plugin_syntax.Plo(a)am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/libslapd_la-protect_db.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/libslapd_la-proxyauth.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/libslapd_la-pw.Plo(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/libslapd_la-pw_retry.Plo(a)am__quote@
@@ -5734,7 +5736,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-main.Po(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-monitor.Po(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-passwd_extop.Po(a)am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-protect_db.Po(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-psearch.Po(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-pw_mgmt.Po(a)am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@ldap/servers/slapd/$(DEPDIR)/ns_slapd-rootdse.Po(a)am__quote@
@@ -8053,6 +8054,13 @@ ldap/servers/slapd/libslapd_la-plugin_syntax.lo: ldap/servers/slapd/plugin_synta
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libslapd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/libslapd_la-plugin_syntax.lo `test -f 'ldap/servers/slapd/plugin_syntax.c' || echo '$(srcdir)/'`ldap/servers/slapd/plugin_syntax.c
+ldap/servers/slapd/libslapd_la-protect_db.lo: ldap/servers/slapd/protect_db.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libslapd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/libslapd_la-protect_db.lo -MD -MP -MF ldap/servers/slapd/$(DEPDIR)/libslapd_la-protect_db.Tpo -c -o ldap/servers/slapd/libslapd_la-protect_db.lo `test -f 'ldap/servers/slapd/protect_db.c' || echo '$(srcdir)/'`ldap/servers/slapd/protect_db.c
+@am__fastdepCC_TRUE@ $(am__mv) ldap/servers/slapd/$(DEPDIR)/libslapd_la-protect_db.Tpo ldap/servers/slapd/$(DEPDIR)/libslapd_la-protect_db.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ldap/servers/slapd/protect_db.c' object='ldap/servers/slapd/libslapd_la-protect_db.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libslapd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/libslapd_la-protect_db.lo `test -f 'ldap/servers/slapd/protect_db.c' || echo '$(srcdir)/'`ldap/servers/slapd/protect_db.c
+
ldap/servers/slapd/libslapd_la-proxyauth.lo: ldap/servers/slapd/proxyauth.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libslapd_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/libslapd_la-proxyauth.lo -MD -MP -MF ldap/servers/slapd/$(DEPDIR)/libslapd_la-proxyauth.Tpo -c -o ldap/servers/slapd/libslapd_la-proxyauth.lo `test -f 'ldap/servers/slapd/proxyauth.c' || echo '$(srcdir)/'`ldap/servers/slapd/proxyauth.c
@am__fastdepCC_TRUE@ $(am__mv) ldap/servers/slapd/$(DEPDIR)/libslapd_la-proxyauth.Tpo ldap/servers/slapd/$(DEPDIR)/libslapd_la-proxyauth.Plo
@@ -9082,20 +9090,6 @@ ldap/servers/slapd/ns_slapd-passwd_extop.obj: ldap/servers/slapd/passwd_extop.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/ns_slapd-passwd_extop.obj `if test -f 'ldap/servers/slapd/passwd_extop.c'; then $(CYGPATH_W) 'ldap/servers/slapd/passwd_extop.c'; else $(CYGPATH_W) '$(srcdir)/ldap/servers/slapd/passwd_extop.c'; fi`
-ldap/servers/slapd/ns_slapd-protect_db.o: ldap/servers/slapd/protect_db.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/ns_slapd-protect_db.o -MD -MP -MF ldap/servers/slapd/$(DEPDIR)/ns_slapd-protect_db.Tpo -c -o ldap/servers/slapd/ns_slapd-protect_db.o `test -f 'ldap/servers/slapd/protect_db.c' || echo '$(srcdir)/'`ldap/servers/slapd/protect_db.c
-@am__fastdepCC_TRUE@ $(am__mv) ldap/servers/slapd/$(DEPDIR)/ns_slapd-protect_db.Tpo ldap/servers/slapd/$(DEPDIR)/ns_slapd-protect_db.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ldap/servers/slapd/protect_db.c' object='ldap/servers/slapd/ns_slapd-protect_db.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/ns_slapd-protect_db.o `test -f 'ldap/servers/slapd/protect_db.c' || echo '$(srcdir)/'`ldap/servers/slapd/protect_db.c
-
-ldap/servers/slapd/ns_slapd-protect_db.obj: ldap/servers/slapd/protect_db.c
-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/ns_slapd-protect_db.obj -MD -MP -MF ldap/servers/slapd/$(DEPDIR)/ns_slapd-protect_db.Tpo -c -o ldap/servers/slapd/ns_slapd-protect_db.obj `if test -f 'ldap/servers/slapd/protect_db.c'; then $(CYGPATH_W) 'ldap/servers/slapd/protect_db.c'; else $(CYGPATH_W) '$(srcdir)/ldap/servers/slapd/protect_db.c'; fi`
-@am__fastdepCC_TRUE@ $(am__mv) ldap/servers/slapd/$(DEPDIR)/ns_slapd-protect_db.Tpo ldap/servers/slapd/$(DEPDIR)/ns_slapd-protect_db.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ldap/servers/slapd/protect_db.c' object='ldap/servers/slapd/ns_slapd-protect_db.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ldap/servers/slapd/ns_slapd-protect_db.obj `if test -f 'ldap/servers/slapd/protect_db.c'; then $(CYGPATH_W) 'ldap/servers/slapd/protect_db.c'; else $(CYGPATH_W) '$(srcdir)/ldap/servers/slapd/protect_db.c'; fi`
-
ldap/servers/slapd/ns_slapd-psearch.o: ldap/servers/slapd/psearch.c
@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(ns_slapd_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ldap/servers/slapd/ns_slapd-psearch.o -MD -MP -MF ldap/servers/slapd/$(DEPDIR)/ns_slapd-psearch.Tpo -c -o ldap/servers/slapd/ns_slapd-psearch.o `test -f 'ldap/servers/slapd/psearch.c' || echo '$(srcdir)/'`ldap/servers/slapd/psearch.c
@am__fastdepCC_TRUE@ $(am__mv) ldap/servers/slapd/$(DEPDIR)/ns_slapd-psearch.Tpo ldap/servers/slapd/$(DEPDIR)/ns_slapd-psearch.Po
diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c
index 9922131..8b1599e 100644
--- a/ldap/servers/plugins/replication/cl5_api.c
+++ b/ldap/servers/plugins/replication/cl5_api.c
@@ -56,7 +56,7 @@
#endif
-#include "cl5_api.h"
+#include "cl5.h"
#include "cl_crypt.h"
#include "plhash.h"
#include "plstr.h"
@@ -1807,12 +1807,6 @@ static int _cl5Open (const char *dir, const CL5DBConfig *config, CL5OpenMode ope
_cl5SetDefaultDBConfig ();
}
- /* init the clcache */
- if (( clcache_init (&s_cl5Desc.dbEnv) != 0 )) {
- rc = CL5_SYSTEM_ERROR;
- goto done;
- }
-
/* initialize trimming */
rc = _cl5TrimInit ();
if (rc != CL5_SUCCESS)
@@ -1855,6 +1849,12 @@ static int _cl5Open (const char *dir, const CL5DBConfig *config, CL5OpenMode ope
goto done;
}
+ /* init the clcache */
+ if (( clcache_init (&s_cl5Desc.dbEnv) != 0 )) {
+ rc = CL5_SYSTEM_ERROR;
+ goto done;
+ }
+
/* open database files */
rc = _cl5DBOpen (!didRecovery);
if (rc != CL5_SUCCESS)
@@ -5364,7 +5364,7 @@ static int _cl5CheckMissingCSN (const CSN *csn, const RUV *supplierRuv, CL5DBFil
/* Helper functions that work with individual changelog files */
-/* file name format : <replica name>_<replica generation>db{2,3} */
+/* file name format : <replica name>_<replica generation>db{2,3,...} */
static PRBool _cl5FileName2Replica (const char *file_name, Object **replica)
{
Replica *r;
@@ -6220,3 +6220,185 @@ cl5DbDirIsEmpty(const char *dir)
return isempty;
}
+
+/*
+ * Write RUVs into the changelog;
+ * implemented for backup to make sure the backed up changelog contains RUVs
+ * Return values: 0 -- success
+ * 1 -- failure
+ */
+int
+cl5WriteRUV()
+{
+ int rc = 0;
+ Object *file_obj = NULL;
+ CL5DBFile *dbfile = NULL;
+ int closeit = 0;
+ int slapd_pid = 0;
+
+ changelog5Config config;
+
+ /* read changelog configuration */
+ changelog5_read_config (&config);
+ if (config.dir == NULL) {
+ /* Changelog is not configured; Replication is not enabled.
+ * we don't have to update RUVs.
+ * bail out - return success */
+ goto bail;
+ }
+
+ slapd_pid = is_slapd_running();
+ if (slapd_pid <= 0) {
+ /* I'm not a server, rather a utility.
+ * And the server is NOT running.
+ * RUVs should be in the changelog.
+ * we don't have to update RUVs.
+ * bail out - return success */
+ goto bail;
+ }
+
+ if (getpid() != slapd_pid) {
+ /* I'm not a server, rather a utility.
+ * And the server IS running.
+ * RUVs are not in the changelog and no easy way to retrieve them.
+ * bail out - return failure */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "cl5WriteRUV: server (pid %d) is already running; bail.\n",
+ slapd_pid);
+ rc = 1;
+ goto bail;
+ }
+
+ /* file is stored in the changelog directory and is named
+ * <replica name>.ldif */
+ if (CL5_STATE_OPEN != s_cl5Desc.dbState) {
+ rc = _cl5Open(config.dir, &config.dbconfig, CL5_OPEN_NORMAL);
+ if (rc != CL5_SUCCESS) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "cl5WriteRUV: failed to open changelog\n");
+ goto bail;
+ }
+ s_cl5Desc.dbState = CL5_STATE_OPEN; /* force to change the state */
+ closeit = 1; /* It had not been opened; close it */
+ }
+
+ file_obj = objset_first_obj(s_cl5Desc.dbFiles);
+ while (file_obj) {
+ dbfile = (CL5DBFile *)object_get_data(file_obj);
+ if (dbfile) {
+ _cl5WriteEntryCount(dbfile);
+ _cl5WriteRUV(dbfile, PR_TRUE);
+ _cl5WriteRUV(dbfile, PR_FALSE);
+ }
+ file_obj = objset_next_obj(s_cl5Desc.dbFiles, file_obj);
+ }
+ if (file_obj) {
+ object_release (file_obj);
+ }
+bail:
+ if (closeit && (CL5_STATE_OPEN == s_cl5Desc.dbState)) {
+ _cl5Close ();
+ s_cl5Desc.dbState = CL5_STATE_CLOSED; /* force to change the state */
+ }
+ changelog5_config_done(&config);
+ return rc;
+}
+
+/*
+ * Delete RUVs from the changelog;
+ * implemented for backup to clean up RUVs
+ * Return values: 0 -- success
+ * 1 -- failure
+ */
+int
+cl5DeleteRUV()
+{
+ int rc = 0;
+ Object *file_obj = NULL;
+ CL5DBFile *dbfile = NULL;
+ int slapd_pid = 0;
+ int closeit = 0;
+
+ changelog5Config config;
+
+ /* read changelog configuration */
+ changelog5_read_config (&config);
+ if (config.dir == NULL) {
+ /* Changelog is not configured; Replication is not enabled.
+ * we don't have to update RUVs.
+ * bail out - return success */
+ goto bail;
+ }
+
+ slapd_pid = is_slapd_running();
+ if (slapd_pid <= 0) {
+ /* I'm not a server, rather a utility.
+ * And the server is NOT running.
+ * RUVs should be in the changelog.
+ * we don't have to update RUVs.
+ * bail out - return success */
+ goto bail;
+ }
+
+ if (getpid() != slapd_pid) {
+ /* I'm not a server, rather a utility.
+ * And the server IS running.
+ * RUVs are not in the changelog.
+ * bail out - return success */
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "cl5DeleteRUV: server (pid %d) is already running; bail.\n",
+ slapd_pid);
+ goto bail;
+ }
+
+ /* file is stored in the changelog directory and is named
+ * <replica name>.ldif */
+ if (CL5_STATE_OPEN != s_cl5Desc.dbState) {
+ rc = _cl5Open(config.dir, &config.dbconfig, CL5_OPEN_NORMAL);
+ if (rc != CL5_SUCCESS) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "cl5DeleteRUV: failed to open changelog\n");
+ goto bail;
+ }
+ s_cl5Desc.dbState = CL5_STATE_OPEN; /* force to change the state */
+ closeit = 1; /* It had been opened; no need to close */
+ }
+
+ file_obj = objset_first_obj(s_cl5Desc.dbFiles);
+ while (file_obj) {
+ dbfile = (CL5DBFile *)object_get_data(file_obj);
+
+ /* _cl5GetEntryCount deletes entry count after reading it */
+ rc = _cl5GetEntryCount(dbfile);
+ if (rc != CL5_SUCCESS)
+ {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name_cl,
+ "cl5DeleteRUV: failed to get/delete entry count\n");
+ goto bail;
+ }
+ /* _cl5ReadRUV deletes RUV after reading it */
+ rc = _cl5ReadRUV (dbfile->replGen, file_obj, PR_TRUE);
+ if (rc != CL5_SUCCESS) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "cl5DeleteRUV: failed to read/delete purge RUV\n");
+ goto bail;
+ }
+ rc = _cl5ReadRUV (dbfile->replGen, file_obj, PR_FALSE);
+ if (rc != CL5_SUCCESS) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,
+ "cl5DeleteRUV: failed to read/delete upper bound RUV\n");
+ goto bail;
+ }
+ file_obj = objset_next_obj(s_cl5Desc.dbFiles, file_obj);
+ }
+ if (file_obj) {
+ object_release (file_obj);
+ }
+bail:
+ if (closeit && (CL5_STATE_OPEN == s_cl5Desc.dbState)) {
+ _cl5Close ();
+ s_cl5Desc.dbState = CL5_STATE_CLOSED; /* force to change the state */
+ }
+ changelog5_config_done(&config);
+ return rc;
+}
diff --git a/ldap/servers/plugins/replication/cl5_api.h b/ldap/servers/plugins/replication/cl5_api.h
index 9590dd1..3a59111 100644
--- a/ldap/servers/plugins/replication/cl5_api.h
+++ b/ldap/servers/plugins/replication/cl5_api.h
@@ -455,4 +455,17 @@ int cl5_diskspace_is_available();
*/
int cl5DbDirIsEmpty(const char *dir);
+/* Name: cl5WriteRUV
+ Description: Write RUVs into changelog db's. Called before backup.
+ Parameters: none
+ Return: TRUE
+*/
+int cl5WriteRUV();
+
+/* Name: cl5DeleteRUV
+ Description: Read and delete RUVs from changelog db's. Called after backup.
+ Parameters: none
+ Return: TRUE
+*/
+int cl5DeleteRUV();
#endif
diff --git a/ldap/servers/plugins/replication/cl5_init.c b/ldap/servers/plugins/replication/cl5_init.c
index ed5aaf6..8ee725d 100644
--- a/ldap/servers/plugins/replication/cl5_init.c
+++ b/ldap/servers/plugins/replication/cl5_init.c
@@ -70,6 +70,8 @@ int changelog5_init()
if (config.dir == NULL)
{
/* changelog is not configured - bail out */
+ /* Note: but still changelog needs to be initialized to allow it
+ * to configure after this point. (don't call cl5Cleanup) */
rc = 0; /* OK */
goto done;
}
diff --git a/ldap/servers/plugins/replication/repl5_init.c b/ldap/servers/plugins/replication/repl5_init.c
index 3ca3ab2..2b6ebdf 100644
--- a/ldap/servers/plugins/replication/repl5_init.c
+++ b/ldap/servers/plugins/replication/repl5_init.c
@@ -299,7 +299,8 @@ multimaster_bepreop_init( Slapi_PBlock *pb )
slapi_pblock_set( pb, SLAPI_PLUGIN_BE_PRE_DELETE_FN, (void *) multimaster_bepreop_delete ) != 0 ||
slapi_pblock_set( pb, SLAPI_PLUGIN_BE_PRE_MODIFY_FN, (void *) multimaster_bepreop_modify ) != 0 ||
slapi_pblock_set( pb, SLAPI_PLUGIN_BE_PRE_MODRDN_FN, (void *) multimaster_bepreop_modrdn ) != 0 ||
- slapi_pblock_set( pb, SLAPI_PLUGIN_BE_PRE_CLOSE_FN, (void *) cl5Close ) != 0 )
+ slapi_pblock_set( pb, SLAPI_PLUGIN_BE_PRE_CLOSE_FN, (void *) cl5Close ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_PLUGIN_BE_PRE_BACKUP_FN, (void *) cl5WriteRUV ) != 0 )
{
slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name, "multimaster_bepreop_init failed\n" );
rc= -1;
@@ -317,7 +318,8 @@ multimaster_bepostop_init( Slapi_PBlock *pb )
slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&multimasterbepostopdesc ) != 0 ||
slapi_pblock_set( pb, SLAPI_PLUGIN_BE_POST_MODRDN_FN, (void *) multimaster_bepostop_modrdn ) != 0 ||
slapi_pblock_set( pb, SLAPI_PLUGIN_BE_POST_DELETE_FN, (void *) multimaster_bepostop_delete ) != 0 ||
- slapi_pblock_set( pb, SLAPI_PLUGIN_BE_POST_OPEN_FN, (void *) changelog5_init ) != 0 )
+ slapi_pblock_set( pb, SLAPI_PLUGIN_BE_POST_OPEN_FN, (void *) changelog5_init ) != 0 ||
+ slapi_pblock_set( pb, SLAPI_PLUGIN_BE_POST_BACKUP_FN, (void *) cl5DeleteRUV ) != 0 )
{
slapi_log_error( SLAPI_LOG_PLUGIN, repl_plugin_name, "multimaster_bepostop_init failed\n" );
rc= -1;
diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
index df9c12a..2caa94f 100644
--- a/ldap/servers/plugins/replication/repl5_replica_config.c
+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
@@ -907,7 +907,7 @@ static int replica_execute_cl2ldif_task (Object *r, char *returntext)
Object *rlist [2];
Replica *replica;
char fName [MAXPATHLEN];
- char *clDir;
+ char *clDir = NULL;
if (cl5GetState () != CL5_STATE_OPEN)
{
@@ -936,7 +936,7 @@ static int replica_execute_cl2ldif_task (Object *r, char *returntext)
}
PR_snprintf (fName, MAXPATHLEN, "%s/%s.ldif", clDir, replica_get_name (replica));
- slapi_ch_free ((void**)&clDir);
+ slapi_ch_free_string (&clDir);
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"Beginning changelog export of replica \"%s\"\n",
@@ -965,7 +965,7 @@ static int replica_execute_ldif2cl_task (Object *r, char *returntext)
Object *rlist [2];
Replica *replica;
char fName [MAXPATHLEN];
- char *clDir;
+ char *clDir = NULL;
changelog5Config config;
if (cl5GetState () != CL5_STATE_OPEN)
@@ -1011,14 +1011,14 @@ static int replica_execute_ldif2cl_task (Object *r, char *returntext)
"Beginning changelog import of replica \"%s\"\n",
replica_get_name(replica));
imprc = cl5ImportLDIF (clDir, fName, rlist);
- slapi_ch_free ((void**)&clDir);
+ slapi_ch_free_string (&clDir);
if (CL5_SUCCESS == imprc)
{
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"Finished changelog import of replica \"%s\"\n",
replica_get_name(replica));
}
- else
+ else
{
PR_snprintf (returntext, SLAPI_DSE_RETURNTEXT_SIZE,
"Failed changelog import replica %s; "
@@ -1042,6 +1042,7 @@ static int replica_execute_ldif2cl_task (Object *r, char *returntext)
rc = LDAP_OPERATIONS_ERROR;
}
bail:
+ changelog5_config_done(&config);
/* if cl5ImportLDIF returned an error, report it first. */
return imprc?imprc:rc;
}
diff --git a/ldap/servers/slapd/back-ldbm/archive.c b/ldap/servers/slapd/back-ldbm/archive.c
index 545a4b0..f5fab1a 100644
--- a/ldap/servers/slapd/back-ldbm/archive.c
+++ b/ldap/servers/slapd/back-ldbm/archive.c
@@ -425,9 +425,28 @@ int ldbm_back_ldbm2archive( Slapi_PBlock *pb )
}
}
+ return_value = plugin_call_plugins (pb, SLAPI_PLUGIN_BE_PRE_BACKUP_FN);
+ if (return_value) {
+ LDAPDebug1Arg(LDAP_DEBUG_BACKLDBM,
+ "db2archive: pre-backup-plugin failed (%d).\n", return_value);
+ if (is_slapd_running() && run_from_cmdline) {
+ LDAPDebug0Args(LDAP_DEBUG_ANY,
+ "ERROR: Standalone db2bak is not supported when a "
+ "multimaster replication enabled server is "
+ "coexisting.\nPlease use db2bak.pl, instead.\n");
+ goto err;
+ }
+ }
+
/* tell it to archive */
return_value = dblayer_backup(li, directory, task);
+ return_value = plugin_call_plugins (pb, SLAPI_PLUGIN_BE_POST_BACKUP_FN);
+ if (return_value) {
+ LDAPDebug1Arg(LDAP_DEBUG_BACKLDBM,
+ "db2archive: post-backup-plugin failed (%d).\n", return_value);
+ }
+
if (! run_from_cmdline) {
ldbm_instance *inst;
Object *inst_obj;
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 256b6d2..3d945cd 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -952,6 +952,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
}
(*(IFP *)value) = pblock->pb_plugin->plg_bepreclose;
break;
+ case SLAPI_PLUGIN_BE_PRE_BACKUP_FN:
+ if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BEPREOPERATION) {
+ return( -1 );
+ }
+ (*(IFP *)value) = pblock->pb_plugin->plg_beprebackup;
+ break;
/* backend postoperation plugin */
case SLAPI_PLUGIN_BE_POST_MODIFY_FN:
@@ -984,6 +990,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
}
(*(IFP *)value) = pblock->pb_plugin->plg_bepostopen;
break;
+ case SLAPI_PLUGIN_BE_POST_BACKUP_FN:
+ if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BEPOSTOPERATION) {
+ return( -1 );
+ }
+ (*(IFP *)value) = pblock->pb_plugin->plg_bepostbackup;
+ break;
/* internal preoperation plugin */
case SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN:
@@ -2372,6 +2384,12 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
}
pblock->pb_plugin->plg_bepreclose = (IFP) value;
break;
+ case SLAPI_PLUGIN_BE_PRE_BACKUP_FN:
+ if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BEPREOPERATION) {
+ return( -1 );
+ }
+ pblock->pb_plugin->plg_beprebackup = (IFP) value;
+ break;
/* backend postoperation plugin */
case SLAPI_PLUGIN_BE_POST_MODIFY_FN:
@@ -2404,6 +2422,12 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
}
pblock->pb_plugin->plg_bepostopen = (IFP) value;
break;
+ case SLAPI_PLUGIN_BE_POST_BACKUP_FN:
+ if (pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BEPOSTOPERATION) {
+ return( -1 );
+ }
+ pblock->pb_plugin->plg_bepostbackup = (IFP) value;
+ break;
/* internal preoperation plugin */
case SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN:
diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c
index b8257d1..d60d191 100644
--- a/ldap/servers/slapd/plugin.c
+++ b/ldap/servers/slapd/plugin.c
@@ -348,6 +348,7 @@ plugin_call_plugins( Slapi_PBlock *pb, int whichfunction )
case SLAPI_PLUGIN_BE_PRE_ADD_FN:
case SLAPI_PLUGIN_BE_PRE_DELETE_FN:
case SLAPI_PLUGIN_BE_PRE_CLOSE_FN:
+ case SLAPI_PLUGIN_BE_PRE_BACKUP_FN:
plugin_list_number= PLUGIN_LIST_BEPREOPERATION;
do_op = 1; /* always allow backend callbacks (even during startup) */
break;
@@ -356,6 +357,7 @@ plugin_call_plugins( Slapi_PBlock *pb, int whichfunction )
case SLAPI_PLUGIN_BE_POST_ADD_FN:
case SLAPI_PLUGIN_BE_POST_DELETE_FN:
case SLAPI_PLUGIN_BE_POST_OPEN_FN:
+ case SLAPI_PLUGIN_BE_POST_BACKUP_FN:
plugin_list_number= PLUGIN_LIST_BEPOSTOPERATION;
do_op = 1; /* always allow backend callbacks (even during startup) */
break;
@@ -2410,7 +2412,9 @@ plugin_invoke_plugin_pb (struct slapdplugin *plugin, int operation, Slapi_PBlock
operation == SLAPI_PLUGIN_CLOSE_FN ||
operation == SLAPI_PLUGIN_CLEANUP_FN ||
operation == SLAPI_PLUGIN_BE_PRE_CLOSE_FN ||
- operation == SLAPI_PLUGIN_BE_POST_OPEN_FN)
+ operation == SLAPI_PLUGIN_BE_POST_OPEN_FN ||
+ operation == SLAPI_PLUGIN_BE_PRE_BACKUP_FN ||
+ operation == SLAPI_PLUGIN_BE_POST_BACKUP_FN)
return PR_TRUE;
PR_ASSERT (pb->pb_op);
diff --git a/ldap/servers/slapd/protect_db.h b/ldap/servers/slapd/protect_db.h
index bbb5324..0517556 100644
--- a/ldap/servers/slapd/protect_db.h
+++ b/ldap/servers/slapd/protect_db.h
@@ -43,7 +43,7 @@
/* Header file for protect_db.c */
int add_new_slapd_process(int exec_mode, int r_flag, int skip_flag);
-int is_slapd_running();
+/* int is_slapd_running(); */
void remove_slapd_process();
/*
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index c79eae8..9c655ef 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -961,12 +961,14 @@ struct slapdplugin {
IFP plg_un_bepre_add; /* add */
IFP plg_un_bepre_delete; /* delete */
IFP plg_un_bepre_close; /* close */
+ IFP plg_un_bepre_backup; /* backup */
} plg_un_bepre;
#define plg_bepremodify plg_un.plg_un_bepre.plg_un_bepre_modify
#define plg_bepremodrdn plg_un.plg_un_bepre.plg_un_bepre_modrdn
#define plg_bepreadd plg_un.plg_un_bepre.plg_un_bepre_add
#define plg_bepredelete plg_un.plg_un_bepre.plg_un_bepre_delete
#define plg_bepreclose plg_un.plg_un_bepre.plg_un_bepre_close
+#define plg_beprebackup plg_un.plg_un_bepre.plg_un_bepre_backup
/* backend post-operation plugin structure */
struct plg_un_bepost_operation {
@@ -975,12 +977,14 @@ struct slapdplugin {
IFP plg_un_bepost_add; /* add */
IFP plg_un_bepost_delete; /* delete */
IFP plg_un_bepost_open; /* open */
+ IFP plg_un_bepost_backup; /* backup */
} plg_un_bepost;
#define plg_bepostmodify plg_un.plg_un_bepost.plg_un_bepost_modify
#define plg_bepostmodrdn plg_un.plg_un_bepost.plg_un_bepost_modrdn
#define plg_bepostadd plg_un.plg_un_bepost.plg_un_bepost_add
#define plg_bepostdelete plg_un.plg_un_bepost.plg_un_bepost_delete
#define plg_bepostopen plg_un.plg_un_bepost.plg_un_bepost_open
+#define plg_bepostbackup plg_un.plg_un_bepost.plg_un_bepost_backup
/* internal pre-operation plugin structure */
struct plg_un_internal_pre_operation {
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 6a17d82..821b911 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -5728,6 +5728,7 @@ typedef struct slapi_plugindesc {
#define SLAPI_PLUGIN_BE_PRE_MODRDN_FN 452
#define SLAPI_PLUGIN_BE_PRE_DELETE_FN 453
#define SLAPI_PLUGIN_BE_PRE_CLOSE_FN 454
+#define SLAPI_PLUGIN_BE_PRE_BACKUP_FN 455
/* postoperation plugin functions */
#define SLAPI_PLUGIN_POST_BIND_FN 501
@@ -5756,6 +5757,7 @@ typedef struct slapi_plugindesc {
#define SLAPI_PLUGIN_BE_POST_MODRDN_FN 552
#define SLAPI_PLUGIN_BE_POST_DELETE_FN 553
#define SLAPI_PLUGIN_BE_POST_OPEN_FN 554
+#define SLAPI_PLUGIN_BE_POST_BACKUP_FN 555
/* matching rule plugin functions */
#define SLAPI_PLUGIN_MR_FILTER_CREATE_FN 600
diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
index 91a6023..44e9bb3 100644
--- a/ldap/servers/slapd/slapi-private.h
+++ b/ldap/servers/slapd/slapi-private.h
@@ -1226,6 +1226,8 @@ void DS_Sleep(PRIntervalTime ticks);
/* plugin.c */
int plugin_enabled(const char *plugin_name, void *identity);
+int is_slapd_running();
+
#ifdef __cplusplus
}
#endif
13 years, 2 months
ldap/servers
by Nathan Kinder
ldap/servers/plugins/replication/repl5.h | 3
ldap/servers/plugins/replication/repl5_plugins.c | 41 +++++++---
ldap/servers/plugins/replication/repl5_replica.c | 91 +++++++++++++++++++++--
ldap/servers/slapd/back-ldbm/ldbm_add.c | 48 +++++++++++-
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 46 +++++++++++
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 47 +++++++++++
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 49 ++++++++++++
ldap/servers/slapd/back-ldbm/misc.c | 64 ++++++++++++++++
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 2
ldap/servers/slapd/pblock.c | 7 +
ldap/servers/slapd/slap.h | 1
ldap/servers/slapd/slapi-plugin.h | 1
12 files changed, 381 insertions(+), 19 deletions(-)
New commits:
commit e9fa82493548d84ac7bd2fa1f857db0023ac800d
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Tue Jan 18 08:29:50 2011 -0800
Bug 543633 - replication problems if supplier is killed under update load
This patch was provided by Ulf Weltman of HP. It has been ported to the
current 389 code.
The RUV for each replica lives in-memory while the server is running and they
are flushed to disk every 30 seconds. After disorderly shutdown, this can
cause two problems if updates were arriving from a client or another replica
when slapd goes down:
1) After starting back up, the RUV will frequently have a max CSN in the past
as compared to the changelog and compared to remote replicas. This means that
any updates in the changelog that were not yet sent before the crash will
continue to not be sent after slapd comes back up, until a new update arrives.
Then the RUV will leap ahead, the incremental protocol will position replay at
the remote replica's max CSN, and the unsent updates from before the crash and
also the new update will be replayed.
2) If slapd went down in the window between writing to the datastore and
writing to the changelog, then the last update against the replica will never
appear on remote replicas. The incremental protocol will continue once tickled
as described above, but the last change made before the crash will be missing
and this is not detected by the protocol.
My fix is to synchronize the writing of the RUV with the writing of the data
store. This is accomplished as follows:
1) Add a function to the replication plugin that returns the required updates
to the RUV for a given operation, as well as the unique ID of the RUV entry for
convenience sake. The function is registered by the replication plugin in a
new field in the common parameter block.
2) Add a callback handler in the backend functions that handle LDAP add,
delete, modify and rename operations. They check whether the parameter block
has a RUV update handler registered and if so, call it. If it gets the set of
modifications back it will add the updates to the client update request.
Note: The periodic RUV update thread is still needed, in order to write RUV to
disk when a replica is first configured but no update has been made.
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index da85cbf..54d3952 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2010 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -188,6 +189,8 @@ int multimaster_preop_compare (Slapi_PBlock *pb);
int multimaster_bepreop_add (Slapi_PBlock *pb);
int multimaster_bepreop_delete (Slapi_PBlock *pb);
int multimaster_bepreop_modify (Slapi_PBlock *pb);
+int replica_ruv_smods_for_op (Slapi_PBlock *pb, char **uniqueid,
+ Slapi_Mods **smods);
int multimaster_bepreop_modrdn (Slapi_PBlock *pb);
int multimaster_bepostop_modrdn (Slapi_PBlock *pb);
int multimaster_bepostop_delete (Slapi_PBlock *pb);
diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c
index 226e91d..8b47011 100644
--- a/ldap/servers/plugins/replication/repl5_plugins.c
+++ b/ldap/servers/plugins/replication/repl5_plugins.c
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -692,7 +693,7 @@ multimaster_bepreop_add (Slapi_PBlock *pb)
{
int rc= 0;
Slapi_Operation *op;
- int is_replicated_operation;
+ int is_replicated_operation;
int is_fixup_operation;
slapi_pblock_get(pb, SLAPI_OPERATION, &op);
@@ -700,9 +701,13 @@ multimaster_bepreop_add (Slapi_PBlock *pb)
is_fixup_operation= operation_is_flag_set(op,OP_FLAG_REPL_FIXUP);
/* For replicated operations, apply URP algorithm */
- if (is_replicated_operation && !is_fixup_operation)
+ if (!is_fixup_operation)
{
- rc = urp_add_operation(pb);
+ slapi_pblock_set(pb, SLAPI_TXN_RUV_MODS_FN,
+ (void *)replica_ruv_smods_for_op);
+ if (is_replicated_operation) {
+ rc = urp_add_operation(pb);
+ }
}
return rc;
@@ -713,7 +718,7 @@ multimaster_bepreop_delete (Slapi_PBlock *pb)
{
int rc= 0;
Slapi_Operation *op;
- int is_replicated_operation;
+ int is_replicated_operation;
int is_fixup_operation;
slapi_pblock_get(pb, SLAPI_OPERATION, &op);
@@ -721,9 +726,13 @@ multimaster_bepreop_delete (Slapi_PBlock *pb)
is_fixup_operation= operation_is_flag_set(op,OP_FLAG_REPL_FIXUP);
/* For replicated operations, apply URP algorithm */
- if(is_replicated_operation && !is_fixup_operation)
+ if(!is_fixup_operation)
{
- rc = urp_delete_operation(pb);
+ slapi_pblock_set(pb, SLAPI_TXN_RUV_MODS_FN,
+ (void *)replica_ruv_smods_for_op);
+ if (is_replicated_operation) {
+ rc = urp_delete_operation(pb);
+ }
}
return rc;
@@ -734,7 +743,7 @@ multimaster_bepreop_modify (Slapi_PBlock *pb)
{
int rc= 0;
Slapi_Operation *op;
- int is_replicated_operation;
+ int is_replicated_operation;
int is_fixup_operation;
slapi_pblock_get(pb, SLAPI_OPERATION, &op);
@@ -742,9 +751,13 @@ multimaster_bepreop_modify (Slapi_PBlock *pb)
is_fixup_operation= operation_is_flag_set(op,OP_FLAG_REPL_FIXUP);
/* For replicated operations, apply URP algorithm */
- if(is_replicated_operation && !is_fixup_operation)
+ if(!is_fixup_operation)
{
- rc = urp_modify_operation(pb);
+ slapi_pblock_set(pb, SLAPI_TXN_RUV_MODS_FN,
+ (void *)replica_ruv_smods_for_op);
+ if (is_replicated_operation) {
+ rc = urp_modify_operation(pb);
+ }
}
/* Clean up old state information */
@@ -758,7 +771,7 @@ multimaster_bepreop_modrdn (Slapi_PBlock *pb)
{
int rc= 0;
Slapi_Operation *op;
- int is_replicated_operation;
+ int is_replicated_operation;
int is_fixup_operation;
slapi_pblock_get(pb, SLAPI_OPERATION, &op);
@@ -766,9 +779,13 @@ multimaster_bepreop_modrdn (Slapi_PBlock *pb)
is_fixup_operation= operation_is_flag_set(op,OP_FLAG_REPL_FIXUP);
/* For replicated operations, apply URP algorithm */
- if(is_replicated_operation && !is_fixup_operation)
+ if(!is_fixup_operation)
{
- rc = urp_modrdn_operation(pb);
+ slapi_pblock_set(pb, SLAPI_TXN_RUV_MODS_FN,
+ (void *)replica_ruv_smods_for_op);
+ if (is_replicated_operation) {
+ rc = urp_modrdn_operation(pb);
+ }
}
/* Clean up old state information */
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
index 3de6775..bd02dfe 100644
--- a/ldap/servers/plugins/replication/repl5_replica.c
+++ b/ldap/servers/plugins/replication/repl5_replica.c
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -1477,19 +1478,36 @@ int replica_check_for_data_reload (Replica *r, void *arg)
cl_cover_be = ruv_covers_ruv (upper_bound_ruv, r_ruv);
if (!cl_cover_be)
{
- /* the data was reloaded and we can no longer use existing changelog */
- char ebuf[BUFSIZ];
+ /* the data was reloaded, or we had disorderly shutdown between
+ * writing RUV and CL, and we can no longer use existing CL */
+ char ebuf[BUFSIZ];
+ char cl_csn_str[CSN_STRSIZE] = {0};
+ char be_csn_str[CSN_STRSIZE] = {0};
+ CSN *cl_csn = NULL;
+ CSN *be_csn = NULL;
+
+ if (ruv_get_max_csn( r_ruv, &be_csn ) == RUV_SUCCESS) {
+ csn_as_string( be_csn, PR_FALSE, be_csn_str );
+ csn_free( &be_csn );
+ }
+
+ if (ruv_get_max_csn( upper_bound_ruv, &cl_csn ) == RUV_SUCCESS) {
+ csn_as_string( cl_csn, PR_FALSE, cl_csn_str );
+ csn_free( &cl_csn );
+ }
/* create a temporary replica object to conform to the interface */
r_obj = object_new (r, NULL);
/* We can't use existing changelog - remove existing file */
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_check_for_data_reload: "
- "Warning: data for replica %s was reloaded and it no longer matches the data "
- "in the changelog (replica data %s changelog). Recreating the changelog file. This could affect replication "
- "with replica's consumers in which case the consumers should be reinitialized.\n",
+ "Warning: data for replica %s does not match the data in the changelog "
+ "(replica data (%s) %s changelog (%s)). Recreating the changelog file. "
+ "This could affect replication with replica's consumers in which case the "
+ "consumers should be reinitialized.\n",
escape_string(slapi_sdn_get_dn(r->repl_root),ebuf),
- ((!be_cover_cl) ? "<>" : ">") );
+ (*be_csn_str=='\0' ? "unknown" : be_csn_str),
+ ((!be_cover_cl) ? "<>" : ">"), (*cl_csn_str=='\0' ? "unknown" : cl_csn_str));
rc = cl5DeleteDBSync (r_obj);
@@ -2365,6 +2383,67 @@ replica_write_ruv (Replica *r)
}
+/* This routine figures out if an operation is for a replicated area and if so,
+ * pulls out the operation CSN and returns it through the smods parameter.
+ * It also informs the caller of the RUV entry's unique ID, since the caller
+ * may not have access to the macro in repl5.h. */
+int
+replica_ruv_smods_for_op( Slapi_PBlock *pb, char **uniqueid, Slapi_Mods **smods )
+{
+ int rc = 0;
+ Object *replica_obj;
+ Object *ruv_obj;
+ Replica *replica;
+ RUV *ruv;
+ RUV *ruv_copy;
+ CSN *opcsn = NULL;
+ Slapi_Mod smod;
+ Slapi_Mod smod_last_modified;
+ Slapi_Operation *op;
+
+ replica_obj = replica_get_replica_for_op (pb);
+ slapi_pblock_get( pb, SLAPI_OPERATION, &op );
+
+ if (NULL != replica_obj && NULL != op) {
+ opcsn = operation_get_csn( op );
+ }
+
+ /* If the op has no CSN then it's not in a replicated area, so we're done */
+ if (NULL == opcsn) {
+ return (0);
+ }
+
+ replica = (Replica*)object_get_data(replica_obj);
+ PR_ASSERT (replica);
+
+ ruv_obj = replica_get_ruv(replica);
+ PR_ASSERT (ruv_obj);
+
+ ruv = (RUV*)object_get_data(ruv_obj);
+ PR_ASSERT (ruv);
+
+ ruv_copy = ruv_dup( ruv );
+
+ object_release (ruv_obj);
+ object_release (replica_obj);
+
+ ruv_set_max_csn( ruv_copy, opcsn, NULL );
+
+ ruv_to_smod( ruv_copy, &smod );
+ ruv_last_modified_to_smod( ruv_copy, &smod_last_modified );
+
+ ruv_destroy( &ruv_copy );
+
+ *smods = slapi_mods_new();
+ slapi_mods_add_smod(*smods, &smod);
+ slapi_mods_add_smod(*smods, &smod_last_modified);
+ *uniqueid = slapi_ch_strdup( RUV_STORAGE_ENTRY_UNIQUEID );
+
+ return (1);
+}
+
+
+
const CSN *
_get_deletion_csn(Slapi_Entry *e)
{
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index c2e86f2..20578ba 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -97,7 +98,9 @@ ldbm_back_add( Slapi_PBlock *pb )
int retry_count = 0;
int disk_full = 0;
modify_context parent_modify_c = {0};
+ modify_context ruv_c = {0};
int parent_found = 0;
+ int ruv_c_init = 0;
int rc;
int addingentry_id_assigned= 0;
int addingentry_in_cache= 0;
@@ -626,6 +629,20 @@ ldbm_back_add( Slapi_PBlock *pb )
parent_found = 1;
parententry = NULL;
}
+
+ if (!is_ruv && !is_fixup_operation) {
+ ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c );
+ if (-1 == ruv_c_init) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "ldbm_back_add: ldbm_txn_ruv_modify_context "
+ "failed to construct RUV modify context\n",
+ 0, 0, 0);
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retval = 0;
+ goto error_return;
+ }
+ }
+
/*
* So, we believe that no code up till here actually added anything
* to persistent store. From now on, we're transacted
@@ -795,6 +812,24 @@ ldbm_back_add( Slapi_PBlock *pb )
goto error_return;
}
}
+
+ if (ruv_c_init) {
+ retval = modify_update_all( be, pb, &ruv_c, &txn );
+ if (DB_LOCK_DEADLOCK == retval) {
+ /* Abort and re-try */
+ continue;
+ }
+ if (0 != retval) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "modify_update_all failed, err=%d %s\n", retval,
+ (msg = dblayer_strerror( retval )) ? msg : "", 0 );
+ if (LDBM_OS_ERR_IS_DISKFULL(retval))
+ disk_full = 1;
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ goto error_return;
+ }
+ }
+
if (retval == 0) {
break;
}
@@ -839,6 +874,15 @@ ldbm_back_add( Slapi_PBlock *pb )
modify_switch_entries( &parent_modify_c,be);
}
+ if (ruv_c_init) {
+ if (modify_switch_entries(&ruv_c, be) != 0 ) {
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "ldbm_back_add: modify_switch_entries failed\n", 0, 0, 0);
+ goto error_return;
+ }
+ }
+
retval = dblayer_txn_commit(li,&txn);
if (0 != retval)
{
@@ -920,7 +964,9 @@ common_return:
slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ldap_result_code);
/* JCMREPL - The bepostop is called even if the operation fails. */
plugin_call_plugins (pb, SLAPI_PLUGIN_BE_POST_ADD_FN);
-
+ if (ruv_c_init) {
+ modify_term(&ruv_c, be);
+ }
modify_term(&parent_modify_c,be);
done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_DN_ENTRY);
done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_UNIQUEID_ENTRY);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
index e19d6f4..f2454be 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -68,7 +69,9 @@ ldbm_back_delete( Slapi_PBlock *pb )
int retry_count = 0;
int disk_full = 0;
int parent_found = 0;
+ int ruv_c_init = 0;
modify_context parent_modify_c = {0};
+ modify_context ruv_c = {0};
int rc = 0;
int ldap_result_code= LDAP_SUCCESS;
char *ldap_result_message= NULL;
@@ -419,6 +422,19 @@ ldbm_back_delete( Slapi_PBlock *pb )
/* JCMREPL - Add a description of what's going on? */
}
+ if (!is_ruv && !is_fixup_operation && !delete_tombstone_entry) {
+ ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c );
+ if (-1 == ruv_c_init) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "ldbm_back_delete: ldbm_txn_ruv_modify_context "
+ "failed to construct RUV modify context\n",
+ 0, 0, 0);
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retval = 0;
+ goto error_return;
+ }
+ }
+
/*
* So, we believe that no code up till here actually added anything
* to the persistent store. From now on, we're transacted
@@ -810,6 +826,24 @@ ldbm_back_delete( Slapi_PBlock *pb )
goto error_return;
}
}
+
+ if (ruv_c_init) {
+ retval = modify_update_all( be, pb, &ruv_c, &txn );
+ if (DB_LOCK_DEADLOCK == retval) {
+ /* Abort and re-try */
+ continue;
+ }
+ if (0 != retval) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "modify_update_all failed, err=%d %s\n", retval,
+ (msg = dblayer_strerror( retval )) ? msg : "", 0 );
+ if (LDBM_OS_ERR_IS_DISKFULL(retval))
+ disk_full = 1;
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ goto error_return;
+ }
+ }
+
if (retval == 0 ) {
break;
}
@@ -846,6 +880,14 @@ ldbm_back_delete( Slapi_PBlock *pb )
modify_switch_entries( &parent_modify_c,be);
}
+ if (ruv_c_init) {
+ if (modify_switch_entries(&ruv_c, be) != 0 ) {
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "ldbm_back_delete: modify_switch_entries failed\n", 0, 0, 0);
+ goto error_return;
+ }
+ }
rc= 0;
goto common_return;
@@ -902,6 +944,10 @@ common_return:
plugin_call_plugins (pb, SLAPI_PLUGIN_BE_POST_DELETE_FN);
}
+ if (ruv_c_init) {
+ modify_term(&ruv_c, be);
+ }
+
diskfull_return:
if(ldap_result_code!=-1)
{
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
index 9ee7525..f3b351f 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -198,6 +199,8 @@ ldbm_back_modify( Slapi_PBlock *pb )
Slapi_Mods smods = {0};
back_txn txn;
back_txnid parent_txn;
+ modify_context ruv_c = {0};
+ int ruv_c_init = 0;
int retval = -1;
char *msg;
char *errbuf = NULL;
@@ -383,6 +386,19 @@ ldbm_back_modify( Slapi_PBlock *pb )
goto error_return;
}
+ if (!is_ruv && !is_fixup_operation) {
+ ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c );
+ if (-1 == ruv_c_init) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "ldbm_back_modify: ldbm_txn_ruv_modify_context "
+ "failed to construct RUV modify context\n",
+ 0, 0, 0);
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retval = 0;
+ goto error_return;
+ }
+ }
+
for (retry_count = 0; retry_count < RETRY_TIMES; retry_count++) {
if (retry_count > 0) {
@@ -460,6 +476,24 @@ ldbm_back_modify( Slapi_PBlock *pb )
}
}
+
+ if (ruv_c_init) {
+ retval = modify_update_all( be, pb, &ruv_c, &txn );
+ if (DB_LOCK_DEADLOCK == retval) {
+ /* Abort and re-try */
+ continue;
+ }
+ if (0 != retval) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "modify_update_all failed, err=%d %s\n", retval,
+ (msg = dblayer_strerror( retval )) ? msg : "", 0 );
+ if (LDBM_OS_ERR_IS_DISKFULL(retval))
+ disk_full = 1;
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ goto error_return;
+ }
+ }
+
if (0 == retval) {
break;
}
@@ -469,6 +503,15 @@ ldbm_back_modify( Slapi_PBlock *pb )
ldap_result_code= LDAP_OPERATIONS_ERROR;
goto error_return;
}
+
+ if (ruv_c_init) {
+ if (modify_switch_entries(&ruv_c, be) != 0 ) {
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "ldbm_back_modify: modify_switch_entries failed\n", 0, 0, 0);
+ goto error_return;
+ }
+ }
if (cache_replace( &inst->inst_cache, e, ec ) != 0 ) {
MOD_SET_ERROR(ldap_result_code, LDAP_OPERATIONS_ERROR, retry_count);
@@ -557,6 +600,10 @@ common_return:
if (!disk_full)
plugin_call_plugins (pb, SLAPI_PLUGIN_BE_POST_MODIFY_FN);
+ if (ruv_c_init) {
+ modify_term(&ruv_c, be);
+ }
+
if(dblock_acquired)
{
dblayer_unlock_backend(be);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index e62a8b5..54b3125 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -83,6 +84,9 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
struct backentry *existingentry= NULL;
modify_context parent_modify_context = {0};
modify_context newparent_modify_context = {0};
+ modify_context ruv_c = {0};
+ int ruv_c_init = 0;
+ int is_ruv = 0;
IDList *children= NULL;
struct backentry **child_entries = NULL;
struct backdn **child_dns = NULL;
@@ -120,6 +124,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
slapi_pblock_get( pb, SLAPI_REQUESTOR_ISROOT, &isroot );
slapi_pblock_get( pb, SLAPI_OPERATION, &operation );
slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation );
+ is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP);
/* dblayer_txn_init needs to be called before "goto error_return" */
@@ -658,6 +663,19 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
/* JCM - A subtree move could break ACIs, static groups, and dynamic groups. */
}
+ if (!is_ruv && !is_fixup_operation) {
+ ruv_c_init = ldbm_txn_ruv_modify_context( pb, &ruv_c );
+ if (-1 == ruv_c_init) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "ldbm_back_modrdn: ldbm_txn_ruv_modify_context "
+ "failed to construct RUV modify context\n",
+ 0, 0, 0);
+ ldap_result_code = LDAP_OPERATIONS_ERROR;
+ retval = 0;
+ goto error_return;
+ }
+ }
+
/*
* So, we believe that no code up till here actually added anything
* to persistent store. From now on, we're transacted
@@ -841,6 +859,24 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
goto error_return;
}
+ if (ruv_c_init) {
+ retval = modify_update_all( be, pb, &ruv_c, &txn );
+ if (DB_LOCK_DEADLOCK == retval) {
+ /* Abort and re-try */
+ continue;
+ }
+ if (0 != retval) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "modify_update_all failed, err=%d %s\n", retval,
+ (msg = dblayer_strerror( retval )) ? msg : "", 0 );
+ if (LDBM_OS_ERR_IS_DISKFULL(retval)) {
+ disk_full = 1;
+ }
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ goto error_return;
+ }
+ }
+
break; /* retval==0, Done, Terminate the loop */
}
if (retry_count == RETRY_TIMES)
@@ -905,6 +941,15 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
}
}
+ if (ruv_c_init) {
+ if (modify_switch_entries(&ruv_c, be) != 0 ) {
+ ldap_result_code= LDAP_OPERATIONS_ERROR;
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "ldbm_back_modrdn: modify_switch_entries failed\n", 0, 0, 0);
+ goto error_return;
+ }
+ }
+
retval= 0;
#if 0 /* this new entry in the cache can be used for future; don't remove it */
/* remove from cache so that memory can be freed by cache_return */
@@ -1003,6 +1048,10 @@ common_return:
*/
plugin_call_plugins (pb, SLAPI_PLUGIN_BE_POST_MODRDN_FN);
+ if (ruv_c_init) {
+ modify_term(&ruv_c, be);
+ }
+
if (ldap_result_code!=-1)
{
slapi_send_ldap_result( pb, ldap_result_code, ldap_result_matcheddn,
diff --git a/ldap/servers/slapd/back-ldbm/misc.c b/ldap/servers/slapd/back-ldbm/misc.c
index 13b87fd..c8b3b7f 100644
--- a/ldap/servers/slapd/back-ldbm/misc.c
+++ b/ldap/servers/slapd/back-ldbm/misc.c
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -386,6 +387,69 @@ mkdir_p(char *dir, unsigned int mode)
}
}
+/* This routine checks to see if there is a callback registered for retrieving
+ * RUV updates to add to the datastore transaction. If so, it allocates a
+ * modify_context for consumption by the caller. */
+int
+ldbm_txn_ruv_modify_context( Slapi_PBlock *pb, modify_context *mc )
+{
+ char *uniqueid = NULL;
+ backend *be;
+ Slapi_Mods *smods = NULL;
+ struct backentry *bentry;
+ entry_address bentry_addr;
+ IFP fn = NULL;
+ int rc = 0;
+
+ slapi_pblock_get(pb, SLAPI_TXN_RUV_MODS_FN, (void *)&fn);
+
+ if (NULL == fn) {
+ return (0);
+ }
+
+ rc = (*fn)(pb, &uniqueid, &smods);
+
+ /* Either something went wrong when the RUV callback tried to assemble
+ * the updates for us, or there were no updates because the op doesn't
+ * target a replica. */
+ if (1 != rc || NULL == smods || NULL == uniqueid) {
+ return (rc);
+ }
+
+ slapi_pblock_get( pb, SLAPI_BACKEND, &be);
+
+ bentry_addr.dn = NULL;
+ bentry_addr.uniqueid = uniqueid;
+
+ /* Note: if we find the bentry, it will stay locked until someone calls
+ * modify_term on the mc we'll be associating the bentry with */
+ bentry = find_entry2modify_only( pb, be, &bentry_addr, NULL );
+
+ if (NULL == bentry) {
+ /* Uh oh, we couldn't find and lock the RUV entry! */
+ LDAPDebug( LDAP_DEBUG_ANY, "Error: ldbm_txn_ruv_modify_context failed to retrieve and lock RUV entry\n",
+ 0, 0, 0 );
+ rc = -1;
+ goto done;
+ }
+
+ modify_init( mc, bentry );
+
+ if (modify_apply_mods( mc, smods )) {
+ LDAPDebug( LDAP_DEBUG_ANY, "Error: ldbm_txn_ruv_modify_context failed to apply updates to RUV entry\n",
+ 0, 0, 0 );
+ rc = -1;
+ modify_term( mc, be );
+ }
+
+done:
+ slapi_ch_free_string( &uniqueid );
+ /* No need to free smods; they get freed along with the modify context */
+
+ return (rc);
+}
+
+
int
is_fullpath(char *path)
{
diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
index c5df007..b2dce18 100644
--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
+++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -365,6 +366,7 @@ int ldbm_delete_dirs(char *path);
int mkdir_p(char *dir, unsigned int mode);
int is_fullpath(char *path);
char get_sep(char *path);
+int ldbm_txn_ruv_modify_context(Slapi_PBlock *pb, modify_context *mc);
int get_value_from_string(const char *string, char *type, char **value);
int get_values_from_string(const char *string, char *type, char ***valuearray);
void normalize_dir(char *dir);
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index 2418b71..256b6d2 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -33,6 +33,7 @@
*
* Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
* Copyright (C) 2005 Red Hat, Inc.
+ * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -1551,6 +1552,9 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
case SLAPI_TXN:
(*(void **)value) = pblock->pb_txn;
break;
+ case SLAPI_TXN_RUV_MODS_FN:
+ (*(IFP*)value) = pblock->pb_txn_ruv_mods_fn;
+ break;
/* Search results set */
case SLAPI_SEARCH_RESULT_SET:
@@ -2964,6 +2968,9 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
case SLAPI_TXN:
pblock->pb_txn = (void *)value;
break;
+ case SLAPI_TXN_RUV_MODS_FN:
+ pblock->pb_txn_ruv_mods_fn = (IFP) value;
+ break;
/* Search results set */
case SLAPI_SEARCH_RESULT_SET:
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 1678f45..c79eae8 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -1508,6 +1508,7 @@ typedef struct slapi_pblock {
void *pb_plugin_identity; /* identifies plugin for internal operation */
void *pb_parent_txn; /* parent transaction ID */
void *pb_txn; /* transaction ID */
+ IFP pb_txn_ruv_mods_fn; /* Function to fetch RUV mods for txn */
/* Size of the database on disk, in kilobytes */
unsigned int pb_dbsize;
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index fd2bf11..6a17d82 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -6036,6 +6036,7 @@ typedef struct slapi_plugindesc {
/* transaction arguments */
#define SLAPI_PARENT_TXN 190
#define SLAPI_TXN 191
+#define SLAPI_TXN_RUV_MODS_FN 1901
/*
* The following are used to pass information back and forth
13 years, 2 months
coolkey/src/windows/csp Makefile, 1.2, 1.3 csp.cpp, 1.4, 1.5 cspres.rc, 1.1, 1.2
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/coolkey/src/windows/csp
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv1959
Modified Files:
Makefile csp.cpp cspres.rc
Log Message:
Fix Bugzilla Bug#533226 - ESC on Vista 64bit: throws 'Certificate Propagation has stopped working' when an enrolled token is inserted.
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/coolkey/src/windows/csp/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- Makefile 2 Oct 2009 01:43:53 -0000 1.2
+++ Makefile 14 Jan 2011 02:31:03 -0000 1.3
@@ -27,9 +27,9 @@
DBGFLAGS =
MTLIB = -MT
-!IF "$(BUILD_OPT)" == "1"
-DBGLCFLAGS = -ZI -DEBUG -D_DEBUG
-DBGFLAGS = /DEBUG
+!IF "$(BUILD_OPT)" != "1"
+DBGLCFLAGS = -Z7
+DBGFLAGS = /DEBUG
MTLIB = -MTd
!ENDIF
@@ -43,7 +43,7 @@
LCFLAGS=-Od -I$(CAPISDK)/sdkinc -DWIN32 -D_WINDOWS -D_USRDLL \
-D_CONSOLE -DCSP_EXPORTS -D_WINDLL -DIDA_PROMPT_PINGUI -D_MBCS \
- -EHsc -RTC1 -W3 -nologo -c $(DBGCLFLAGS) -TP
+ -EHsc -RTC1 -W3 -nologo -c $(DBGLCFLAGS) -TP
CSPRESFLAGS=/INCREMENTAL:NO /NOLOGO /DLL /DEF:"cspres.def" $(DBGFLAGS) \
/SUBSYSTEM:WINDOWS /OPT:REF /OPT:ICF /IMPLIB:"cspres.lib" \
Index: csp.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/windows/csp/csp.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- csp.cpp 2 Oct 2009 01:43:53 -0000 1.4
+++ csp.cpp 14 Jan 2011 02:31:03 -0000 1.5
@@ -165,9 +165,14 @@
context->CKAID_.HexToBin();
- LOG("Container name: \"%s\"\n", &context->containerName_[0]);
- LOG("CKA_ID: %s \"%s\"\n", StringifyBin(context->CKAID_).c_str(),
- StringifyBin(context->CKAID_, false).c_str());
+ if (context->containerName_.size()) {
+ LOG("Container name: \"%s\"\n", &context->containerName_[0]);
+ }
+
+ if (context->CKAID_.size()) {
+ LOG("CKA_ID: %s \"%s\"\n", StringifyBin(context->CKAID_).c_str(),
+ StringifyBin(context->CKAID_, false).c_str());
+ }
if (!context->silent_ && !context->verifyContext_)
{
Index: cspres.rc
===================================================================
RCS file: /cvs/dirsec/coolkey/src/windows/csp/cspres.rc,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- cspres.rc 11 Oct 2006 18:12:58 -0000 1.1
+++ cspres.rc 14 Jan 2011 02:31:03 -0000 1.2
@@ -135,7 +135,7 @@
IDD_PIN_DIALOG DIALOGEX 0, 0, 274, 103
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION |
WS_SYSMENU
-CAPTION "Please enter your PIN"
+CAPTION "COOLKEY CSP: Please enter your PIN"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
DEFPUSHBUTTON "OK",IDOK,159,82,50,14,WS_DISABLED
13 years, 2 months
ldap/servers
by Noriko Hosoi
ldap/servers/plugins/replication/repl5_replica.c | 46 +++++++++++++++++++----
ldap/servers/plugins/replication/repl5_ruv.c | 4 +-
2 files changed, 42 insertions(+), 8 deletions(-)
New commits:
commit d05faee48c6844d1b23d29f0770c7e1f339739e0
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Jan 13 14:38:39 2011 -0800
Bug 624442 - MMR: duplicate replica ID
https://bugzilla.redhat.com/show_bug.cgi?id=624442
Description: Each replica has an RUV tombstone entry in the
backend db, which keeps nsds50ruv attribute values as follows:
nsds50ruv: {replicageneration} <replica_generation_csn>
nsds50ruv: {replica <rid> ldap://<host>:<port>} <last_modified>
...
When the replica is deleted, the RUV tombstone entry remains
in the db. Then if the replica is added back with the different
replica id <rid-2>, the original nsds50ruv value {replica <rid>
ldap://<host>:<port>} was not updated. This caused the problem
if the counter replica server happened to get the same replica
id <rid> that this server original had.
This patch compares the replica id <rid> in the RUV tombstone
entry with the new id <rid-2>. If they don't match, recreate
the RUV tombstone entry.
diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
index 7ca8730..3de6775 100644
--- a/ldap/servers/plugins/replication/repl5_replica.c
+++ b/ldap/servers/plugins/replication/repl5_replica.c
@@ -124,6 +124,7 @@ static void replica_remove_legacy_attr (const Slapi_DN *repl_root_sdn, const cha
static int replica_log_ruv_elements_nolock (const Replica *r);
static void replica_replace_ruv_tombstone(Replica *r);
static void start_agreements_for_replica (Replica *r, PRBool start);
+static void _delete_tombstone(const char *tombstone_dn, const char *uniqueid, int ext_op_flags);
/* Allocates new replica and reads its state and state of its component from
* various parts of the DIT.
@@ -134,7 +135,6 @@ replica_new(const Slapi_DN *root)
Replica *r = NULL;
Slapi_Entry *e = NULL;
char errorbuf[SLAPI_DSE_RETURNTEXT_SIZE];
- char ebuf[BUFSIZ];
PR_ASSERT (root);
@@ -148,6 +148,7 @@ replica_new(const Slapi_DN *root)
if (NULL == r)
{
+ char ebuf[BUFSIZ];
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "Unable to "
"configure replica %s: %s\n",
escape_string(slapi_sdn_get_dn(root), ebuf),
@@ -1949,6 +1950,8 @@ _replica_configure_ruv (Replica *r, PRBool isLocked)
if (r->repl_type == REPLICA_TYPE_UPDATABLE)
{
int need_update = 0;
+#define RUV_UPDATE_PARTIAL 1
+#define RUV_UPDATE_FULL 2
if (rid == 0)
{
/* We can not have more than 1 ruv with the same rid
@@ -1958,7 +1961,7 @@ _replica_configure_ruv (Replica *r, PRBool isLocked)
purl = multimaster_get_local_purl();
ruv_delete_replica(ruv, r->repl_rid);
ruv_add_index_replica(ruv, r->repl_rid, purl, 1);
- need_update = 1; /* ruv changed, so write tombstone */
+ need_update = RUV_UPDATE_PARTIAL; /* ruv changed, so write tombstone */
}
else /* bug 540844: make sure the local supplier rid is first in the ruv */
{
@@ -1971,19 +1974,48 @@ _replica_configure_ruv (Replica *r, PRBool isLocked)
{
/* . . . move the local supplier to the beginning of the list */
ruv_move_local_supplier_to_first(ruv, rid);
- need_update = 1; /* must update tombstone also */
+ need_update = RUV_UPDATE_PARTIAL; /* must update tombstone also */
+ }
+ if (r->repl_rid != first_rid)
+ {
+ /* Most likely, the replica was once deleted
+ * and recreated with a different rid from the
+ * previous. */
+ /* must recreate ruv tombstone */
+ need_update = RUV_UPDATE_FULL;
+ if(NULL != r->repl_ruv)
+ {
+ object_release(r->repl_ruv);
+ r->repl_ruv = NULL;
+ }
}
}
/* Update also the directory entry */
- if (need_update) {
+ if (RUV_UPDATE_PARTIAL == need_update) {
/* richm 20010821 bug 556498
replica_replace_ruv_tombstone acquires the repl_lock, so release
the lock then reacquire it if locked */
if (isLocked) PR_Unlock(r->repl_lock);
replica_replace_ruv_tombstone(r);
if (isLocked) PR_Lock(r->repl_lock);
+ } else if (RUV_UPDATE_FULL == need_update) {
+ _delete_tombstone(slapi_sdn_get_dn(r->repl_root),
+ RUV_STORAGE_ENTRY_UNIQUEID,
+ OP_FLAG_REPL_RUV);
+ rc = replica_create_ruv_tombstone(r);
+ if (rc) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "_replica_configure_ruv: "
+ "failed to recreate replica ruv tombstone entry"
+ " (%s); LDAP error - %d\n",
+ escape_string(slapi_sdn_get_dn(r->repl_root),
+ ebuf), rc);
+ goto done;
+ }
}
+#undef RUV_UPDATE_PARTIAL
+#undef RUV_UPDATE_FULL
}
slapi_ch_free((void **)&generation);
@@ -2359,7 +2391,7 @@ _get_deletion_csn(Slapi_Entry *e)
static void
-_delete_tombstone(const char *tombstone_dn, const char *uniqueid)
+_delete_tombstone(const char *tombstone_dn, const char *uniqueid, int ext_op_flags)
{
PR_ASSERT(NULL != tombstone_dn && NULL != uniqueid);
@@ -2374,7 +2406,7 @@ _delete_tombstone(const char *tombstone_dn, const char *uniqueid)
Slapi_PBlock *pb = slapi_pblock_new();
slapi_delete_internal_set_pb(pb, tombstone_dn, NULL, /* controls */
uniqueid, repl_get_plugin_identity(PLUGIN_MULTIMASTER_REPLICATION),
- OP_FLAG_TOMBSTONE_ENTRY);
+ OP_FLAG_TOMBSTONE_ENTRY | ext_op_flags);
slapi_delete_internal_pb(pb);
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &ldaprc);
if (LDAP_SUCCESS != ldaprc)
@@ -2434,7 +2466,7 @@ int process_reap_entry (Slapi_Entry *entry, void *cb_data)
csn_as_string(deletion_csn, PR_FALSE, deletion_csn_str),
csn_as_string(purge_csn, PR_FALSE, purge_csn_str));
_delete_tombstone(slapi_entry_get_dn(entry),
- slapi_entry_get_uniqueid(entry));
+ slapi_entry_get_uniqueid(entry), 0);
(*num_purged_entriesp)++;
}
else {
diff --git a/ldap/servers/plugins/replication/repl5_ruv.c b/ldap/servers/plugins/replication/repl5_ruv.c
index 4a55d0b..52c7a52 100644
--- a/ldap/servers/plugins/replication/repl5_ruv.c
+++ b/ldap/servers/plugins/replication/repl5_ruv.c
@@ -1259,12 +1259,14 @@ ruv_dump(const RUV *ruv, char *ruv_name, PRFileDesc *prFile)
replica = dl_get_next (ruv->elements, &cookie))
{
/* prefix_ruvcsn = "{replica " */
- PR_snprintf (buff, len, "%s: %s%d%s%s} %s %s\n",
+ PR_snprintf (buff, len, "%s: %s%d%s%s}%s%s%s%s\n",
ruv_name ? ruv_name : type_ruvElement,
prefix_ruvcsn, replica->rid,
replica->replica_purl == NULL ? "" : " ",
replica->replica_purl == NULL ? "" : replica->replica_purl,
+ replica->min_csn == NULL ? "" : " ",
csn_as_string(replica->min_csn, PR_FALSE, csnstr1),
+ replica->csn == NULL ? "" : " ",
csn_as_string(replica->csn, PR_FALSE, csnstr2));
if (strlen (csnstr1) > 0) {
PR_snprintf (buff + strlen(buff) - 1, len - strlen(buff), " %08lx\n",
13 years, 2 months
ldap/schema
by Nathan Kinder
ldap/schema/50ns-directory.ldif | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 7dfe8172890ed6a2d4ae1fa1b48b9bf3fdcf489c
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Thu Jan 13 14:25:59 2011 -0800
Bug 505722 - Allow ntGroup to have mail attribute present
The ntGroup objectclass currently doesn't allow the mail attribute
to be present. This causes groups synched from AD with a mail
attribute set to receive a schema violation.
This patch changes the definition of the ntGroup objectclass to
allow the mail attribute.
diff --git a/ldap/schema/50ns-directory.ldif b/ldap/schema/50ns-directory.ldif
index 294a0a8..1c7ae35 100644
--- a/ldap/schema/50ns-directory.ldif
+++ b/ldap/schema/50ns-directory.ldif
@@ -114,7 +114,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2084 NAME 'nsSymmetricKey' DESC 'A symme
objectClasses: ( 2.16.840.1.113730.3.2.23 NAME 'netscapeDirectoryServer' DESC 'Netscape defined objectclass' SUP top MUST ( objectclass ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( nsDirectoryServer-oid NAME 'nsDirectoryServer' DESC 'Netscape defined objectclass' SUP top MUST ( objectclass $ nsServerID ) MAY ( serverHostName $ nsServerPort $ nsSecureServerPort $ nsBindPassword $ nsBindDN $ nsBaseDN ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.8 NAME 'ntUser' DESC 'Netscape defined objectclass' SUP top MUST ( ntUserDomainId ) MAY ( description $ l $ ou $ seeAlso $ ntUserPriv $ ntUserHomeDir $ ntUserComment $ ntUserFlags $ ntUserScriptPath $ ntUserAuthFlags $ ntUserUsrComment $ ntUserParms $ ntUserWorkstations $ ntUserLastLogon $ ntUserLastLogoff $ ntUserAcctExpires $ ntUserMaxStorage $ ntUserUnitsPerWeek $ ntUserLogonHours $ ntUserBadPwCount $ ntUserNumLogons $ ntUserLogonServer $ ntUserCountryCode $ ntUserCodePage $ ntUserUniqueId $ ntUserPrimaryGroupId $ ntUserProfile $ ntUserHomeDirDrive $ ntUserPasswordExpired $ ntUserCreateNewAccount $ ntUserDeleteAccount $ ntUniqueId) X-ORIGIN 'Netscape NT Synchronization' )
-objectClasses: ( 2.16.840.1.113730.3.2.9 NAME 'ntGroup' DESC 'Netscape defined objectclass' SUP top MUST ( ntUserDomainId ) MAY ( description $ l $ ou $ seeAlso $ ntGroupId $ ntGroupAttributes $ ntGroupCreateNewGroup $ ntGroupDeleteGroup $ ntGroupType $ ntUniqueId) X-ORIGIN 'Netscape NT Synchronization' )
+objectClasses: ( 2.16.840.1.113730.3.2.9 NAME 'ntGroup' DESC 'Netscape defined objectclass' SUP top MUST ( ntUserDomainId ) MAY ( description $ l $ ou $ seeAlso $ ntGroupId $ ntGroupAttributes $ ntGroupCreateNewGroup $ ntGroupDeleteGroup $ ntGroupType $ ntUniqueId $ mail ) X-ORIGIN 'Netscape NT Synchronization' )
objectClasses: ( 2.16.840.1.113730.3.2.82 NAME 'nsChangelog4Config' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.114 NAME 'nsConsumer4Config' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.36 NAME 'LDAPReplica' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( description $ l $ ou $ seeAlso $ replicaRoot $ replicaHost $ replicaPort $ replicaBindDn $ replicaCredentials $ replicaBindMethod $ replicaUseSSL $ replicaUpdateSchedule $ replicaUpdateReplayed $ replicaUpdateFailedAt $ replicaBeginORC $ replicaNickname $ replicaEntryFilter $ replicatedAttributeList $ replicaCFUpdated $ replicaAbandonedChanges $ replicaLastRelevantChange ) X-ORIGIN 'Netscape Directory Server' )
13 years, 2 months
ldap/servers
by Nathan Kinder
ldap/servers/plugins/dna/dna.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
New commits:
commit 5ebd590ee01e0fbab60bdebfe6215d3c47f5339b
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Thu Jan 13 12:40:16 2011 -0800
Bug 509897 - Validate dnaScope to ensure it is a legal DN
The current DNA code does not validate the dnaScope setting to
check if it is a valid DN. This adds validation of dnaScope. We
normalize the value first to ensure that old config entries with
values such as spaces between the DN elements still work.
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index a60690d..284203b 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -792,9 +792,24 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
value = slapi_entry_attr_get_charptr(e, DNA_SCOPE);
if (value) {
+ Slapi_DN *test_dn = NULL;
+
/* TODO - Allow multiple scope settings for a single range. This may
* make ordering the scopes tough when we put them in the clist. */
entry->scope = value;
+ /* Check if the scope is a valid DN. We want to normalize the DN
+ * first to allow old config entries with things like spaces between
+ * RDN elements to still work. */
+ test_dn = slapi_sdn_new_dn_byref(value);
+ if (slapi_dn_syntax_check(NULL, (char *)slapi_sdn_get_ndn(test_dn), 1) == 1) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "Error: Invalid DN used as scope in entry [%s]: [%s]\n",
+ entry->dn, value);
+ ret = DNA_FAILURE;
+ slapi_sdn_free(&test_dn);
+ goto bail;
+ }
+ slapi_sdn_free(&test_dn);
} else {
slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
"dna_parse_config_entry: The %s config "
13 years, 2 months
ldap/servers
by Nathan Kinder
ldap/servers/slapd/connection.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit d2727584285d7920dfdb37e2c5bbcfadd939ca8c
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Thu Jan 13 11:56:21 2011 -0800
Bug 481195 - Missing op type in log when password change required
When a password change is required, non-password change operations
are rejected with err=53. The access log currently doesn't list
anything about the operation type in the access log. This is
somewhat by design as we want to do as little processing as possible
for rejected operations. To be consistent with other code that
does an early reject of operations (such as siabling anonymous
access or SSF restrictions), we should explicitly log these as an
"UNPROCESSED OPERATION".
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index d3b3286..519546b 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -481,7 +481,7 @@ connection_need_new_password(const Connection *conn, const Operation *op, Slapi_
slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d %s\n",
pb->pb_conn->c_connid, pb->pb_op->o_opid,
- "need new password" );
+ "UNPROCESSED OPERATION - need new password" );
send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM,
NULL, NULL, 0, NULL );
r= 1;
13 years, 2 months
admserv/cfgstuff admserv/newinst
by Nathan Kinder
admserv/cfgstuff/start-ds-admin.in | 18 ++++
admserv/newinst/src/25changefedorato389.pl | 119 ++++++++++++++---------------
admserv/newinst/src/AdminMigration.pm.in | 4
admserv/newinst/src/AdminServer.pm.in | 8 -
4 files changed, 85 insertions(+), 64 deletions(-)
New commits:
commit cbd46e47c8f21ac516460d26f38a42d0c086d2cb
Author: Endi S. Dewata <edewata(a)redhat.com>
Date: Wed Oct 20 09:02:10 2010 -0400
Bug 470576 - Migration could do addition checks before commiting actions
https://bugzilla.redhat.com/show_bug.cgi?id=470576
The migrate-ds-admin.pl can fail for various reasons leaving the server
in an inconsistent state. Sometimes a manual cleanup is required before
the migration script can be run again. There is no easy way to revert the
changes done by this script, so the script has been modified such that it
can handle inconsistent state better.
The 25changefedorato389.pl has been modified such that it will only
delete old entries if the entries are actually renamed. If the old entry
is already using the new name it will not be deleted.
The 25changefedorato389.pl has also been modified such that it doesn't
return immediately when it doesn't find anything to change, but it will
continue executing the rest of the script, i.e. deleting bogus entries,
adding new entries, updating adm.conf and local.conf, and deleting old
entries.
The migrateAdminServer() has been modified to stop the admin server before
migrating it.
The start-ds-admin has been modified to wait until the pid file is created
before returning a success.
diff --git a/admserv/cfgstuff/start-ds-admin.in b/admserv/cfgstuff/start-ds-admin.in
index 8258b08..9bd3887 100644
--- a/admserv/cfgstuff/start-ds-admin.in
+++ b/admserv/cfgstuff/start-ds-admin.in
@@ -68,3 +68,21 @@ if [ -z "@with_selinux@" ] ; then
fi
$SELINUX_CMD $HTTPD $OMIT_DEFLATE -k start -f @configdir(a)/httpd.conf "$@"
+
+PIDFILE=@localstatedir@/run/@PACKAGE_BASE_NAME(a)/admin-serv.pid
+
+loop_counter=1
+# wait for 10 seconds for the pid file to appear
+max_count=10
+while test $loop_counter -le $max_count; do
+ loop_counter=`expr $loop_counter + 1`
+ if test ! -f $PIDFILE ; then
+ sleep 1;
+ else
+ PID=`cat $PIDFILE`
+ fi
+done
+if test ! -f $PIDFILE ; then
+ echo Server failed to start !!! Please check errors log for problems
+ return 1
+fi
diff --git a/admserv/newinst/src/25changefedorato389.pl b/admserv/newinst/src/25changefedorato389.pl
index 3cccce6..755365b 100644
--- a/admserv/newinst/src/25changefedorato389.pl
+++ b/admserv/newinst/src/25changefedorato389.pl
@@ -57,7 +57,8 @@ sub pre {
while ($ent) {
my $olddn = $ent->getDN();
my $newdn = $olddn;
- $count += ($newdn =~ s/cn=Fedora/cn=389/g);
+ my $renamed = ($newdn =~ s/cn=Fedora/cn=389/g);
+ $count += $renamed;
$ent->setDN($newdn);
for my $attr (keys %{$ent}) {
my @newvals = $ent->getValues($attr);
@@ -75,18 +76,15 @@ sub pre {
if ($ent->hasValue('objectclass', 'netscapeServer', 1)) {
push @sielist, $olddn;
}
- # save the old DN
- $ent->{_olddn_} = $olddn;
+ # save the old DN if renamed
+ if ($renamed) {
+ $ent->{_olddn_} = $olddn;
+ }
# add to the list of entries
push @ents, $ent;
$ent = $conn->nextEntry();
}
- if (!$count) {
- # nothing to do - just return
- debug(1, "No Fedora branding found - skipping\n");
- return ();
- }
# if a prior installation was messed up, there will be both
# a Fedora branded entry and a 389 branded entry - in this
@@ -117,62 +115,63 @@ sub pre {
# found and fixed all of them, deleted old bogus entries, now try to add
# if we get Already Exists, just skip
my @dnstodel = ();
- if ($count) { # have at least one change to make
- for my $ent (@ents) {
- $conn->add($ent);
- my $rc = $conn->getErrorCode();
- if ($rc == LDAP_TYPE_OR_VALUE_EXISTS) {
- # as a result of our corrections above, we have some
- # duplicate values - let's remove them
- # this is a list of attributes that may have DN syntax
- # and are multi valued - we have to normalize them first
- my %mydnattrs = (owner => 'owner', roleoccupant => 'roleoccupant',
- member => 'member', seealso => 'seealso',
- uniquemember => 'uniquemember',
- parentorganization => 'parentorganization',
- secretary => 'secretary', manager => 'manager',
- aliasedobjectname => 'aliasedobjectname',
- associatedname => 'associatedname',
- distinguishedname => 'distinguishedname',
- documentauthor => 'documentauthor',
- nsroledn => 'nsroledn',
- nsadminsiedn => 'nsadminsiedn',
- nsdirectoryinforef => 'nsdirectoryinforef',
- mailenhanceduniquemember => 'mailenhanceduniquemember');
- my %skipattrs = (objectclass => 'objectclass');
- for my $attr (keys %{$ent}) {
- next if ($skipattrs{lc $attr});
- my @newvals = $ent->getValues($attr);
- my %uniq = ();
- # the keys of the uniq hash will be the normalized values
- # the hash table will just throw away dups, so the
- # resultant table will have as the keys the unique
- # normalized values, and will have as the values the
- # original unique un-normalized values
- if ($mydnattrs{lc $attr}) {
- %uniq = map { normalizeDN($_) => $_ } @newvals;
- } else {
- %uniq = map { lc $_ => $_ } @newvals;
- }
- $ent->setValues($attr, values %uniq);
- }
- if ($conn->update($ent)) {
- $rc = LDAP_SUCCESS;
+ for my $ent (@ents) {
+ $conn->add($ent);
+ my $rc = $conn->getErrorCode();
+ if ($rc == LDAP_TYPE_OR_VALUE_EXISTS) {
+ # as a result of our corrections above, we have some
+ # duplicate values - let's remove them
+ # this is a list of attributes that may have DN syntax
+ # and are multi valued - we have to normalize them first
+ my %mydnattrs = (owner => 'owner', roleoccupant => 'roleoccupant',
+ member => 'member', seealso => 'seealso',
+ uniquemember => 'uniquemember',
+ parentorganization => 'parentorganization',
+ secretary => 'secretary', manager => 'manager',
+ aliasedobjectname => 'aliasedobjectname',
+ associatedname => 'associatedname',
+ distinguishedname => 'distinguishedname',
+ documentauthor => 'documentauthor',
+ nsroledn => 'nsroledn',
+ nsadminsiedn => 'nsadminsiedn',
+ nsdirectoryinforef => 'nsdirectoryinforef',
+ mailenhanceduniquemember => 'mailenhanceduniquemember');
+ my %skipattrs = (objectclass => 'objectclass');
+ for my $attr (keys %{$ent}) {
+ next if ($skipattrs{lc $attr});
+ my @newvals = $ent->getValues($attr);
+ my %uniq = ();
+ # the keys of the uniq hash will be the normalized values
+ # the hash table will just throw away dups, so the
+ # resultant table will have as the keys the unique
+ # normalized values, and will have as the values the
+ # original unique un-normalized values
+ if ($mydnattrs{lc $attr}) {
+ %uniq = map { normalizeDN($_) => $_ } @newvals;
} else {
- $rc = $conn->getErrorCode();
+ %uniq = map { lc $_ => $_ } @newvals;
}
- } elsif ($rc == LDAP_SUCCESS) {
+ $ent->setValues($attr, values %uniq);
+ }
+ if ($conn->update($ent)) {
+ $rc = LDAP_SUCCESS;
+ } else {
+ $rc = $conn->getErrorCode();
+ }
+ } elsif ($rc == LDAP_SUCCESS) {
+ # delete old entry if renamed
+ if ($ent->{_olddn_}) {
push @dnstodel, $ent->{_olddn_};
}
- if ($rc != LDAP_SUCCESS) {
- if ($rc != LDAP_ALREADY_EXISTS) {
- # just bail - it's unlikely that we would get this error from
- # far down in the tree, if we didn't already get this at
- # the top level
- return ('error_adding_entry', $ent->getDN(), $conn->getErrorString());
- } else {
- debug(1, "Entry ", $ent->getDN(), " already exists - skipping\n");
- }
+ }
+ if ($rc != LDAP_SUCCESS) {
+ if ($rc != LDAP_ALREADY_EXISTS) {
+ # just bail - it's unlikely that we would get this error from
+ # far down in the tree, if we didn't already get this at
+ # the top level
+ return ('error_adding_entry', $ent->getDN(), $conn->getErrorString());
+ } else {
+ debug(1, "Entry ", $ent->getDN(), " already exists - skipping\n");
}
}
}
diff --git a/admserv/newinst/src/AdminMigration.pm.in b/admserv/newinst/src/AdminMigration.pm.in
index 5fad60b..5cfed1c 100644
--- a/admserv/newinst/src/AdminMigration.pm.in
+++ b/admserv/newinst/src/AdminMigration.pm.in
@@ -435,6 +435,10 @@ sub migrateAdminServer {
my $mig = shift;
my @errs;
+ if (!stopAdminServer()) {
+ return 0;
+ }
+
my $configdir = $mig->{inf}->{admin}->{config_dir} ||
$ENV{ADMSERV_CONF_DIR} ||
$mig->{configdir} . "/admin-serv";
diff --git a/admserv/newinst/src/AdminServer.pm.in b/admserv/newinst/src/AdminServer.pm.in
index a082975..1293a96 100644
--- a/admserv/newinst/src/AdminServer.pm.in
+++ b/admserv/newinst/src/AdminServer.pm.in
@@ -21,10 +21,10 @@ require Exporter;
@ISA = qw(Exporter);
@EXPORT = qw(createAdminServer reconfigAdminServer
createASFilesAndDirs setFileOwnerPerms updateHttpConfFiles
- startAdminServer removeAdminServer setDefaults);
+ startAdminServer stopAdminServer removeAdminServer setDefaults);
@EXPORT_OK = qw(createAdminServer reconfigAdminServer
createASFilesAndDirs setFileOwnerPerms updateHttpConfFiles
- startAdminServer removeAdminServer setDefaults);
+ startAdminServer stopAdminServer removeAdminServer setDefaults);
use File::Path;
# tempfiles
@@ -566,11 +566,11 @@ sub stopAdminServer {
if ($status) {
# Ignore the stop failure
debug(1,"Warning: Could not stop admin server: status $status: output $output\n");
- return 1;
+ return 0;
}
} else {
debug(1, "stopping admin server: no such program $prog: cannot stop server\n");
- return;
+ return 0;
}
debug(1, "Successfully stopped admin server\n");
13 years, 2 months
ldap/admin
by Nathan Kinder
ldap/admin/src/scripts/DSMigration.pm.in | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
New commits:
commit 8aee2bd4357d2f87f870c694f9456b293b42b51c
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Thu Jan 13 10:23:24 2011 -0800
Bug 470576 - Migration could do addition checks before commiting actions
https://bugzilla.redhat.com/show_bug.cgi?id=470576
The migration script can fail for various reasons leaving the server
in an inconsistent state. Sometimes a manual cleanup is required before
the script can be run again. Since there is no easy way to revert the
changes done to the server, the script has been modified such that it
removes the server that fails to be migrated. Once the cause of the
failure has been resolved the script can be run again.
diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in
index 1bd594c..5434075 100644
--- a/ldap/admin/src/scripts/DSMigration.pm.in
+++ b/ldap/admin/src/scripts/DSMigration.pm.in
@@ -1124,7 +1124,7 @@ sub migrateDS {
if (@errs) {
$mig->msg(@errs);
$mig->msg($FATAL, 'error_creating_dsinstance', $inst);
- return 0;
+ goto cleanup;
} else {
$mig->msg('created_dsinstance', $inst);
}
@@ -1132,13 +1132,13 @@ sub migrateDS {
my $src = new FileConn("$oldconfigdir/dse.ldif", 1); # read-only
if (!$src) {
$mig->msg($FATAL, 'error_opening_dseldif', "$oldconfigdir/dse.ldif", $!);
- return 0;
+ goto cleanup;
}
my $dest = new FileConn("$mig->{configdir}/$inst/dse.ldif");
if (!$dest) {
$src->close();
$mig->msg($FATAL, 'error_opening_dseldif', "$mig->{configdir}/$inst/dse.ldif", $!);
- return 0;
+ goto cleanup;
}
@errs = migrateDSInstance($mig, $inst, $src, $dest);
@@ -1146,7 +1146,7 @@ sub migrateDS {
$dest->close();
if (@errs) {
$mig->msg(@errs);
- return 0;
+ goto cleanup;
}
# ensure any selinux relabeling gets done if needed
@@ -1157,9 +1157,20 @@ sub migrateDS {
$inf->{slapd}->{start_server} = 1;
if (@errs = DSCreate::startServer($inf)) {
$mig->msg(@errs);
- return 0;
+ goto cleanup;
}
}
+
+ next;
+
+cleanup:
+ if (-d "$mig->{configdir}/$inst") {
+ @errs = removeDSInstance($inf->{slapd}->{ServerIdentifier}, 1);
+ if (@errs) {
+ $mig->msg(@errs);
+ }
+ }
+ return 0;
}
return 1;
13 years, 2 months
mod_nss ChangeLog,1.6,1.7
by Rob Crittenden
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv21409
Modified Files:
ChangeLog
Log Message:
* Don't use memcpy as it may operate on overlapping memory (#669118)
Patch ported from mod_ssl by Stephen Gallagher <sgallagh(a)redhat.com>
Index: ChangeLog
===================================================================
RCS file: /cvs/dirsec/mod_nss/ChangeLog,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- ChangeLog 22 Sep 2010 21:20:55 -0000 1.6
+++ ChangeLog 12 Jan 2011 20:18:09 -0000 1.7
@@ -1,3 +1,7 @@
+2011-01-12 Rob Crittenden <rcritten(a)redhat.com>
+ * Don't use memcpy as it may operate on overlapping memory (#669118)
+ Patch ported from mod_ssl by Stephen Gallagher <sgallagh(a)redhat.com>
+
2010-09-22 Rob Crittenden <rcritten(a)redhat.com>
* Only call PK11_ListCerts once and pass it when configuring each
virtual server. This saves considerable time when there are a lot
13 years, 2 months