ldap/servers
by Mark Reynolds
ldap/servers/slapd/back-ldbm/ldbm_add.c | 10 ++++++
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 12 +++----
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 38 +++++++++++++++++++++++++
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 1
4 files changed, 55 insertions(+), 6 deletions(-)
New commits:
commit 2079892800843d1541a8f712d0b1395f75919ee9
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed Apr 16 15:21:21 2014 -0400
Ticket 47782 - Parent numbordinate count can be incorrectly updated if an error occurs
Bug Description: When adding and deleting entries there is a small chance that the modified
parent entry(numbsubordinates) could be replaced in the entry cache, even
if the operation fails.
Fix Description: For deletes we can simply move the cache entry switching to a safe location,
but for adds we need to unswitch the parent's entry in the cache.
https://fedorahosted.org/389/ticket/47782
Reviewed by: nhosoi(Thanks!)
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index 71ebc40..fbc1064 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -118,6 +118,7 @@ ldbm_back_add( Slapi_PBlock *pb )
CSN *opcsn = NULL;
entry_address addr = {0};
int not_an_error = 0;
+ int parent_switched = 0;
slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e );
@@ -1020,6 +1021,7 @@ ldbm_back_add( Slapi_PBlock *pb )
{
/* switch the parent entry copy into play */
modify_switch_entries( &parent_modify_c,be);
+ parent_switched = 1;
}
if (ruv_c_init) {
@@ -1099,6 +1101,14 @@ error_return:
} else if (0 == rc) {
rc = SLAPI_FAIL_GENERAL;
}
+ if (parent_switched){
+ /*
+ * Restore the old parent entry, switch the new with the original.
+ * Otherwise the numsubordinate count will be off, and could later
+ * be written to disk.
+ */
+ modify_unswitch_entries( &parent_modify_c,be);
+ }
diskfull_return:
if (disk_full) {
rc= return_on_disk_full(li);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
index a858fa0..678580c 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
@@ -1155,12 +1155,6 @@ ldbm_back_delete( Slapi_PBlock *pb )
CACHE_RETURN(&inst->inst_cache, &e);
e = NULL;
}
-
- if (parent_found)
- {
- /* Replace the old parent entry with the newly modified one */
- modify_switch_entries( &parent_modify_c,be);
- }
if (ruv_c_init) {
if (modify_switch_entries(&ruv_c, be) != 0 ) {
@@ -1172,6 +1166,12 @@ ldbm_back_delete( Slapi_PBlock *pb )
}
}
+ if (parent_found)
+ {
+ /* Replace the old parent entry with the newly modified one */
+ modify_switch_entries( &parent_modify_c,be);
+ }
+
rc= 0;
goto common_return;
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
index 8bbeae0..f8fb168 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
@@ -122,6 +122,44 @@ int modify_switch_entries(modify_context *mc,backend *be)
return ret;
}
+/*
+ * Switch the new with the old(original) - undoing modify_switch_entries()
+ * This expects modify_term() to be called next, as the old "new" entry
+ * is now gone(replaced by the original entry).
+ */
+int
+modify_unswitch_entries(modify_context *mc,backend *be)
+{
+ struct backentry *tmp_be;
+ ldbm_instance *inst = (ldbm_instance *) be->be_instance_info;
+ int ret = 0;
+
+ if (mc->old_entry!=NULL && mc->new_entry!=NULL) {
+ /* switch the entries, and reset the new, new, entry */
+ tmp_be = mc->new_entry;
+ mc->new_entry = mc->old_entry;
+ mc->new_entry->ep_state = 0;
+ mc->new_entry->ep_refcnt = 0;
+ mc->new_entry_in_cache = 0;
+ mc->old_entry = tmp_be;
+
+ ret = cache_replace(&(inst->inst_cache), mc->old_entry, mc->new_entry);
+ if (ret == 0) {
+ /*
+ * The new entry was originally locked, so since we did the
+ * switch we need to unlock the "new" entry, and return the
+ * "old" one. modify_term() will then return the "new" entry.
+ */
+ cache_unlock_entry(&inst->inst_cache, mc->new_entry);
+ CACHE_RETURN( &(inst->inst_cache), &(mc->old_entry) );
+ mc->new_entry_in_cache = 1;
+ mc->old_entry = NULL;
+ }
+ }
+
+ return ret;
+}
+
/* This routine does that part of a modify operation which involves
updating the on-disk data: updates idices, id2entry.
Copes properly with DB_LOCK_DEADLOCK. The caller must be able to cope with
diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
index 15b2307..95a28b0 100644
--- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
+++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h
@@ -365,6 +365,7 @@ void modify_init(modify_context *mc,struct backentry *old_entry);
int modify_apply_mods(modify_context *mc, Slapi_Mods *smods);
int modify_term(modify_context *mc,backend *be);
int modify_switch_entries(modify_context *mc,backend *be);
+int modify_unswitch_entries(modify_context *mc,backend *be);
int modify_apply_mods_ignore_error(modify_context *mc, Slapi_Mods *smods, int error);
/*
10 years
ldap/servers
by Ludwig Krispenz
ldap/servers/plugins/replication/repl5_updatedn_list.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
New commits:
commit f06f76e027c987afbc40f684c83057b338e817ff
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Wed Apr 16 08:41:19 2014 +0200
fix assertion failure introduced with fix for ticket 47667
diff --git a/ldap/servers/plugins/replication/repl5_updatedn_list.c b/ldap/servers/plugins/replication/repl5_updatedn_list.c
index 969505e..abf9a92 100644
--- a/ldap/servers/plugins/replication/repl5_updatedn_list.c
+++ b/ldap/servers/plugins/replication/repl5_updatedn_list.c
@@ -116,8 +116,13 @@ replica_updatedn_group_new(const Slapi_Entry *entry)
ReplicaUpdateDNList
replica_groupdn_list_new(const Slapi_ValueSet *vs)
{
+ PLHashTable *hash;
+
+ if (vs == NULL) {
+ return NULL;
+ }
/* allocate table */
- PLHashTable *hash = PL_NewHashTable(4, PL_HashString, PL_CompareStrings,
+ hash = PL_NewHashTable(4, PL_HashString, PL_CompareStrings,
updatedn_compare_dns, NULL, NULL);
if (hash == NULL) {
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name, "replica_new_updatedn_list: "
10 years
Branch '389-ds-base-1.3.2' - ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/replication/repl5_protocol_util.c | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 00f4492a3c00afa9c6386dde107c2e7dc1345e48
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Apr 11 10:26:35 2014 -0600
Ticket #47772 empty modify returns LDAP_INVALID_DN_SYNTAX
https://fedorahosted.org/389/ticket/47772
Reviewed by: tbordaz, mreynolds (Thanks!)
Branch: 389-ds-base-1.3.2
Fix Description: tbordaz pointed out a couple of other places where the
pblock modify_mods structure is being referenced directly, and needs to be
checked for NULL.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 82af970..893839d 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -695,6 +695,10 @@ repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
int strip = 1;
int i, j, k;
+ if (mods == NULL) {
+ return retval;
+ }
+
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
10 years
ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/replication/repl5_agmt.c | 2 +-
ldap/servers/plugins/replication/repl5_protocol_util.c | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
New commits:
commit 634250f788effc843846e725fe38f4c475984319
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Apr 11 10:26:35 2014 -0600
Ticket #47772 empty modify returns LDAP_INVALID_DN_SYNTAX
https://fedorahosted.org/389/ticket/47772
Reviewed by: tbordaz, mreynolds (Thanks!)
Branch: master
Fix Description: tbordaz pointed out a couple of other places where the
pblock modify_mods structure is being referenced directly, and needs to be
checked for NULL.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
index 139c8a3..9d617e7 100644
--- a/ldap/servers/plugins/replication/repl5_agmt.c
+++ b/ldap/servers/plugins/replication/repl5_agmt.c
@@ -2780,7 +2780,7 @@ agmt_update_maxcsn(Replica *r, Slapi_DN *sdn, int op, LDAPMod **mods, CSN *csn)
if(op == SLAPI_OPERATION_MODIFY)
{
slapi_rwlock_rdlock(agmt->attr_lock);
- for ( excluded_count = 0, mod_count = 0; NULL != mods[ mod_count ]; mod_count++){
+ for ( excluded_count = 0, mod_count = 0; mods && (NULL != mods[ mod_count ]); mod_count++){
if(charray_inlist(agmt->frac_attrs, mods[mod_count]->mod_type)){
excluded_count++;
} else if(charray_inlist(agmt->attrs_to_strip, mods[mod_count]->mod_type)){
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 82af970..893839d 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -695,6 +695,10 @@ repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
int strip = 1;
int i, j, k;
+ if (mods == NULL) {
+ return retval;
+ }
+
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
10 years
Branch '389-ds-base-1.3.1' - ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/replication/repl5_protocol_util.c | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit ba5938bfa94d906c2189ebc6579057b2779ee68d
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Apr 11 10:26:35 2014 -0600
Ticket #47772 empty modify returns LDAP_INVALID_DN_SYNTAX
https://fedorahosted.org/389/ticket/47772
Reviewed by: tbordaz, mreynolds (Thanks!)
Branch: 389-ds-base-1.3.1
Fix Description: tbordaz pointed out a couple of other places where the
pblock modify_mods structure is being referenced directly, and needs to be
checked for NULL.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 2d25bb4dd39d09d8b5fc5b69702d6e1cccc2c65f)
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 82af970..893839d 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -695,6 +695,10 @@ repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
int strip = 1;
int i, j, k;
+ if (mods == NULL) {
+ return retval;
+ }
+
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
10 years
Branch '389-ds-base-1.2.11' - ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/replication/repl5_protocol_util.c | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 36f51eaf0f57be33741c3736df0d9a802938a816
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Apr 11 10:26:35 2014 -0600
Ticket #47772 empty modify returns LDAP_INVALID_DN_SYNTAX
https://fedorahosted.org/389/ticket/47772
Reviewed by: tbordaz, mreynolds (Thanks!)
Branch: 389-ds-base-1.2.11
Fix Description: tbordaz pointed out a couple of other places where the
pblock modify_mods structure is being referenced directly, and needs to be
checked for NULL.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 2d25bb4dd39d09d8b5fc5b69702d6e1cccc2c65f)
(cherry picked from commit ba5938bfa94d906c2189ebc6579057b2779ee68d)
(cherry picked from commit 1f3d9f685f2adbb4dc0ebcec3def4ecf68a87013)
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 4449170..2fbe7c4 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -695,6 +695,10 @@ repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
int strip = 1;
int i, j, k;
+ if (mods == NULL) {
+ return retval;
+ }
+
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
10 years
Branch '389-ds-base-1.3.0' - ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/replication/repl5_protocol_util.c | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 1f3d9f685f2adbb4dc0ebcec3def4ecf68a87013
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Apr 11 10:26:35 2014 -0600
Ticket #47772 empty modify returns LDAP_INVALID_DN_SYNTAX
https://fedorahosted.org/389/ticket/47772
Reviewed by: tbordaz, mreynolds (Thanks!)
Branch: 389-ds-base-1.3.0
Fix Description: tbordaz pointed out a couple of other places where the
pblock modify_mods structure is being referenced directly, and needs to be
checked for NULL.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 2d25bb4dd39d09d8b5fc5b69702d6e1cccc2c65f)
(cherry picked from commit ba5938bfa94d906c2189ebc6579057b2779ee68d)
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index 4449170..2fbe7c4 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -695,6 +695,10 @@ repl5_strip_fractional_mods(Repl_Agmt *agmt, LDAPMod ** mods)
int strip = 1;
int i, j, k;
+ if (mods == NULL) {
+ return retval;
+ }
+
if (a) {
/* Iterate through the fractional attr list */
for ( i = 0; a[i] != NULL; i++ )
10 years
Branch '389-ds-base-1.2.11' - ldap/servers
by Mark Reynolds
ldap/servers/slapd/back-ldbm/import-threads.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
New commits:
commit 73d63726151dedd930f1ad3bbd2dd050506a57d9
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Mon Apr 14 15:49:33 2014 -0400
Ticket 47736 - Import incorrectly updates numsubordinates for tombstone entries
Bug Description: Imports incorrectly updates numsubordinates when processing
tombstone entries.
Fix Description: Fix the logic in the condition test for updating parentid.
https://fedorahosted.org/389/ticket/47736
Reviewed by: rmeggins & nhosoi(Thanks!!)
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
index d30936e..e615bb1 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -2349,9 +2349,9 @@ import_foreman(void *param)
goto error;
}
- if (entryrdn_get_switch() /* subtree-rename: on */ ||
- !slapi_entry_flag_is_set(fi->entry->ep_entry,
- SLAPI_ENTRY_FLAG_TOMBSTONE)) {
+ if ((entryrdn_get_switch() /* subtree-rename: on */ &&
+ !slapi_entry_flag_is_set(fi->entry->ep_entry, SLAPI_ENTRY_FLAG_TOMBSTONE)) ||
+ !entryrdn_get_switch() ) {
/* parentid index
* (we have to do this here, because the parentID is dependent on
* looking up by entrydn/entryrdn.)
@@ -2362,7 +2362,7 @@ import_foreman(void *param)
if (ret != 0)
goto error;
}
-
+
if (!slapi_entry_flag_is_set(fi->entry->ep_entry,
SLAPI_ENTRY_FLAG_TOMBSTONE)) {
/* Lastly, before we're finished with the entry, pass it to the
10 years
ldap/servers
by Ludwig Krispenz
ldap/servers/plugins/retrocl/retrocl.h | 1 +
ldap/servers/plugins/retrocl/retrocl_cn.c | 17 +++++++++++++++--
ldap/servers/plugins/retrocl/retrocl_po.c | 7 ++++++-
ldap/servers/slapd/back-ldbm/ldbm_add.c | 4 ++++
ldap/servers/slapd/slapi-plugin.h | 1 +
ldap/servers/slapd/slapi-private.h | 1 +
6 files changed, 28 insertions(+), 3 deletions(-)
New commits:
commit adc4dd06c5b26e451944eac52544a28c5386bb9a
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Fri Apr 11 12:01:57 2014 +0200
Ticket 47712 - betxn: retro changelog broken after cancelled transaction
Bug Description: If a transaction is aborted (eg failing automember) and
the retrocl is either broken (first txn after enabling rcl)
or there are gaps in the changenumbers
The reason that there are gaps in changenumbers is that
if the txn is undone the entry is removed from the
RCL database, but the last changnumer was incremented already
The reason that the RCL seems to be broken is that
the entry is removed from the database, but is still in
the entry cache. For the first change the changenumber is
always recreated and it detects the entry in the entrycache
and returns "already exists". If the gaps would be avoided
this would also happen for later failures.
Fix Description: If the RCL postop function is called with an error set in the
pblock, set a flag that next time a chnagenumber will be
assigned it is recreated from the database.
It is not possible to remove the CL entry from the entry cache
from the RCL plugin, cache functions are not available.
The only solution is to avoid keeing RCL entries in the
entry cache after their initial creation. Extend the
operation flags to trigger a removal from cache in
ldbm_back_add()
https://fedorahosted.org/389/ticket/47712
Reviewed by: richm, thanks
diff --git a/ldap/servers/plugins/retrocl/retrocl.h b/ldap/servers/plugins/retrocl/retrocl.h
index 7c6865a..052c369 100644
--- a/ldap/servers/plugins/retrocl/retrocl.h
+++ b/ldap/servers/plugins/retrocl/retrocl.h
@@ -159,6 +159,7 @@ extern void retrocl_set_first_changenumber(changeNumber cn);
extern changeNumber retrocl_get_last_changenumber(void);
extern void retrocl_commit_changenumber(void);
extern void retrocl_release_changenumber(void);
+extern void retrocl_set_check_changenumber(void);
extern changeNumber retrocl_assign_changenumber(void);
extern int retrocl_get_changenumbers(void);
extern void retrocl_forget_changenumbers(void);
diff --git a/ldap/servers/plugins/retrocl/retrocl_cn.c b/ldap/servers/plugins/retrocl/retrocl_cn.c
index f816730..6a39e63 100644
--- a/ldap/servers/plugins/retrocl/retrocl_cn.c
+++ b/ldap/servers/plugins/retrocl/retrocl_cn.c
@@ -45,6 +45,7 @@
static changeNumber retrocl_internal_cn = 0;
static changeNumber retrocl_first_cn = 0;
+static int check_last_changenumber = 0;
/*
* Function: a2changeNumber
@@ -408,15 +409,20 @@ changeNumber retrocl_assign_changenumber(void)
slapi_rwlock_wrlock(retrocl_cn_lock);
- if(retrocl_internal_cn <= retrocl_first_cn){
+ if((check_last_changenumber) ||
+ ((retrocl_internal_cn <= retrocl_first_cn) &&
+ (retrocl_internal_cn > 1 ))){
/* the numbers have become out of sync - retrocl_get_changenumbers
* gets called only once during startup and it may have had a problem
* getting the last changenumber.
* If there was any problem then update the lastchangenumber from the changelog db.
* This function is being called by only the thread that is actually writing
* to the changelog.
+ *
+ * after the first change was applied both _cn numbers are 1, that's ok
*/
- retrocl_update_lastchangenumber();
+ retrocl_update_lastchangenumber();
+ check_last_changenumber = 0;
}
retrocl_internal_cn++;
cn = retrocl_internal_cn;
@@ -425,3 +431,10 @@ changeNumber retrocl_assign_changenumber(void)
return cn;
}
+
+void retrocl_set_check_changenumber(void)
+{
+ slapi_rwlock_wrlock(retrocl_cn_lock);
+ check_last_changenumber = 1;
+ slapi_rwlock_unlock(retrocl_cn_lock);
+}
diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
index 0e2abc8..0e32d06 100644
--- a/ldap/servers/plugins/retrocl/retrocl_po.c
+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
@@ -367,7 +367,8 @@ write_replog_db(
newPb = slapi_pblock_new ();
slapi_add_entry_internal_set_pb( newPb, e, NULL /* controls */,
g_plg_identity[PLUGIN_RETROCL],
- 0 /* actions */ );
+ /* dont leave entry in cache if main oparation is aborted */
+ SLAPI_OP_FLAG_NEVER_CACHE);
slapi_add_internal_pb (newPb);
slapi_pblock_get( newPb, SLAPI_PLUGIN_INTOP_RESULT, &rc );
slapi_pblock_destroy(newPb);
@@ -607,6 +608,10 @@ int retrocl_postob (Slapi_PBlock *pb, int optype)
if (rc != LDAP_SUCCESS) {
LDAPDebug1Arg(LDAP_DEBUG_TRACE,"not applying change if op failed %d\n",rc);
+ /* this could also mean that the changenumber is no longer correct
+ * set a flag to check at next assignment
+ */
+ retrocl_set_check_changenumber();
return SLAPI_PLUGIN_SUCCESS;
}
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index 7834b40..71ebc40 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -113,6 +113,7 @@ ldbm_back_add( Slapi_PBlock *pb )
int is_resurect_operation= 0;
int is_tombstone_operation= 0;
int is_fixup_operation= 0;
+ int is_remove_from_cache= 0;
int is_ruv = 0; /* True if the current entry is RUV */
CSN *opcsn = NULL;
entry_address addr = {0};
@@ -131,6 +132,7 @@ ldbm_back_add( Slapi_PBlock *pb )
is_tombstone_operation= operation_is_flag_set(operation,OP_FLAG_TOMBSTONE_ENTRY);
is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP);
is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
+ is_remove_from_cache = operation_is_flag_set(operation, OP_FLAG_NEVER_CACHE);
inst = (ldbm_instance *) be->be_instance_info;
if (inst && inst->inst_ref_count) {
@@ -1166,6 +1168,8 @@ common_return:
}
}
}
+ if (is_remove_from_cache)
+ CACHE_REMOVE(&inst->inst_cache, addingentry);
CACHE_RETURN( &inst->inst_cache, &addingentry );
}
if (inst->inst_ref_count) {
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index 7fbadb3..6b4d80e 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -221,6 +221,7 @@ NSPR_API(PRUint32) PR_fprintf(struct PRFileDesc* fd, const char *fmt, ...)
#define SLAPI_OP_FLAG_NEVER_CHAIN 0x000800 /* Do not chain the operation */
#define SLAPI_OP_FLAG_NO_ACCESS_CHECK 0x10000 /* Do not check for access control - bypass them */
#define SLAPI_OP_FLAG_BYPASS_REFERRALS 0x40000 /* Useful for performing internal operations on read-only replica */
+#define SLAPI_OP_FLAG_NEVER_CACHE 0x200000 /* added entry should not be kept in cache */
#define SLAPI_OC_FLAG_REQUIRED 0x0001
#define SLAPI_OC_FLAG_ALLOWED 0x0002
diff --git a/ldap/servers/slapd/slapi-private.h b/ldap/servers/slapd/slapi-private.h
index 2fb0524..3443425 100644
--- a/ldap/servers/slapd/slapi-private.h
+++ b/ldap/servers/slapd/slapi-private.h
@@ -442,6 +442,7 @@ char *slapi_filter_to_string_internal( const struct slapi_filter *f, char *buf,
#define OP_FLAG_PAGED_RESULTS 0x040000 /* simple paged results */
#define OP_FLAG_SERVER_SIDE_SORTING 0x080000 /* server side sorting */
#define OP_FLAG_REVERSE_CANDIDATE_ORDER 0x100000 /* reverse the search candidate list */
+#define OP_FLAG_NEVER_CACHE 0x200000 /* never keep the entry in cache */
/* reverse search states */
#define REV_STARTED 1
10 years
Branch '389-ds-base-1.2.11' - 3 commits - ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/chainingdb/cb_config.c | 4 +--
ldap/servers/plugins/chainingdb/cb_instance.c | 4 +--
ldap/servers/plugins/chainingdb/cb_modify.c | 2 -
ldap/servers/plugins/replication/cl5_config.c | 2 -
ldap/servers/plugins/replication/legacy_consumer.c | 2 -
ldap/servers/plugins/replication/repl5_agmt.c | 2 -
ldap/servers/plugins/replication/repl5_replica_config.c | 4 +--
ldap/servers/plugins/uiduniq/7bit.c | 2 -
ldap/servers/plugins/uiduniq/uid.c | 2 -
ldap/servers/slapd/auditlog.c | 2 -
ldap/servers/slapd/back-ldbm/ldbm_attrcrypt_config.c | 2 -
ldap/servers/slapd/back-ldbm/ldbm_config.c | 2 -
ldap/servers/slapd/back-ldbm/ldbm_instance_config.c | 2 -
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 4 +--
ldap/servers/slapd/back-ldif/modify.c | 2 -
ldap/servers/slapd/bind.c | 6 +++-
ldap/servers/slapd/configdse.c | 4 +--
ldap/servers/slapd/mapping_tree.c | 2 -
ldap/servers/slapd/modify.c | 21 +++++++++-------
ldap/servers/slapd/schema.c | 2 -
ldap/servers/slapd/search.c | 6 +++-
ldap/servers/slapd/task.c | 2 -
ldap/servers/slapd/test-plugins/testpostop.c | 2 -
23 files changed, 47 insertions(+), 36 deletions(-)
New commits:
commit 9f174daf9e0382364b4d6837c3c3af973f7f3ee0
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Apr 9 13:43:37 2014 -0600
Ticket #47772 empty modify returns LDAP_INVALID_DN_SYNTAX
https://fedorahosted.org/389/ticket/47772
Reviewed by: mreynolds (Thanks!)
Branch: 389-ds-base-1.2.11
Fix Description: Do not call normalize_mods2bvals if mods is NULL - just allow
the empty modify op to proceed. Since normalize_mods2bvals only cares about
DN syntax attributes, it is appropriate to return LDAP_INVALID_DN_SYNTAX if
normalize_mods2bvals returns NULL.
Since this fix allows NULL mods to proceed throughout the code, I checked for
all places that SLAPI_MODIFY_MODS was used, to make sure we don't try to
dereference NULL mods, and to make sure the NULL mods were handled correctly
otherwise.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry-picked with conflicts from f5730129dfbc4ef3808735051b12cbfda518f4fb)
(cherry picked from commit 469c9b9c68806e46b14595da5aec49517af60028)
(cherry picked from commit 60c36f1c6aea1913bd7f719b9efb892092317917)
(cherry picked from commit 1a39cf36137d522f81bc003d07c21da53371a69d)
diff --git a/ldap/servers/plugins/chainingdb/cb_config.c b/ldap/servers/plugins/chainingdb/cb_config.c
index 7cbd7ba..25f466d 100644
--- a/ldap/servers/plugins/chainingdb/cb_config.c
+++ b/ldap/servers/plugins/chainingdb/cb_config.c
@@ -380,7 +380,7 @@ cb_config_modify_check_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slap
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
- for (i = 0; mods[i] ; i++) {
+ for (i = 0; mods && mods[i] ; i++) {
attr_name = mods[i]->mod_type;
if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS )) {
@@ -413,7 +413,7 @@ cb_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
- for (i = 0; mods[i] ; i++) {
+ for (i = 0; mods && mods[i] ; i++) {
attr_name = mods[i]->mod_type;
if ( !strcasecmp ( attr_name, CB_CONFIG_GLOBAL_FORWARD_CTRLS )) {
diff --git a/ldap/servers/plugins/chainingdb/cb_instance.c b/ldap/servers/plugins/chainingdb/cb_instance.c
index db0cf37..c7394e1 100644
--- a/ldap/servers/plugins/chainingdb/cb_instance.c
+++ b/ldap/servers/plugins/chainingdb/cb_instance.c
@@ -305,7 +305,7 @@ int cb_instance_modify_config_check_callback(Slapi_PBlock *pb, Slapi_Entry* entr
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
/* First pass to validate input */
- for (i = 0; mods[i] && LDAP_SUCCESS == rc; i++) {
+ for (i = 0; mods && mods[i] && LDAP_SUCCESS == rc; i++) {
attr_name = mods[i]->mod_type;
/* specific processing for multi-valued attributes */
@@ -378,7 +378,7 @@ int cb_instance_modify_config_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefor
/* input checked in the preop modify callback */
- for (i = 0; mods[i] && LDAP_SUCCESS == rc; i++) {
+ for (i = 0; mods && mods[i] && LDAP_SUCCESS == rc; i++) {
attr_name = mods[i]->mod_type;
/* specific processing for multi-valued attributes */
diff --git a/ldap/servers/plugins/chainingdb/cb_modify.c b/ldap/servers/plugins/chainingdb/cb_modify.c
index 06e6b82..65acb58 100644
--- a/ldap/servers/plugins/chainingdb/cb_modify.c
+++ b/ldap/servers/plugins/chainingdb/cb_modify.c
@@ -291,7 +291,7 @@ cb_remove_illegal_mods(cb_backend_instance *inst, LDAPMod **mods)
slapi_rwlock_wrlock(inst->rwl_config_lock);
for (j=0; inst->illegal_attributes[j]; j++) {
- for ( i = 0; mods[i] != NULL; i++ ) {
+ for ( i = 0; mods && mods[i] != NULL; i++ ) {
if (slapi_attr_types_equivalent(inst->illegal_attributes[j],mods[i]->mod_type)) {
tmp = mods[i];
for ( j = i; mods[j] != NULL; j++ ) {
diff --git a/ldap/servers/plugins/replication/cl5_config.c b/ldap/servers/plugins/replication/cl5_config.c
index 980cb7f..900cfc0 100644
--- a/ldap/servers/plugins/replication/cl5_config.c
+++ b/ldap/servers/plugins/replication/cl5_config.c
@@ -340,7 +340,7 @@ changelog5_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entr
config.maxAge = slapi_ch_strdup(CL5_STR_IGNORE);
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
- for (i = 0; mods[i] != NULL; i++)
+ for (i = 0; mods && mods[i] != NULL; i++)
{
if (mods[i]->mod_op & LDAP_MOD_DELETE)
{
diff --git a/ldap/servers/plugins/replication/legacy_consumer.c b/ldap/servers/plugins/replication/legacy_consumer.c
index aa5a9b5..8eb928b 100644
--- a/ldap/servers/plugins/replication/legacy_consumer.c
+++ b/ldap/servers/plugins/replication/legacy_consumer.c
@@ -321,7 +321,7 @@ legacy_consumer_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
slapi_rwlock_wrlock (legacy_consumer_config_lock);
- for (i = 0; (mods[i] && (!not_allowed)); i++)
+ for (i = 0; mods && (mods[i] && (!not_allowed)); i++)
{
if (mods[i]->mod_op & LDAP_MOD_DELETE)
{
diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
index fec0f8e..708966a 100644
--- a/ldap/servers/plugins/replication/repl5_agmt.c
+++ b/ldap/servers/plugins/replication/repl5_agmt.c
@@ -1838,7 +1838,7 @@ agmt_notify_change(Repl_Agmt *agmt, Slapi_PBlock *pb)
int i, j;
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
- for (i = 0; !affects_non_fractional_attribute && NULL != agmt->frac_attrs[i]; i++)
+ for (i = 0; mods && !affects_non_fractional_attribute && NULL != agmt->frac_attrs[i]; i++)
{
for (j = 0; !affects_non_fractional_attribute && NULL != mods[j]; j++)
{
diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
index 1390ab4..b8dd605 100644
--- a/ldap/servers/plugins/replication/repl5_replica_config.c
+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
@@ -349,7 +349,7 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
if (*returncode != LDAP_SUCCESS)
break;
- for (i = 0; (mods[i] && (LDAP_SUCCESS == rc)); i++)
+ for (i = 0; mods && (mods[i] && (LDAP_SUCCESS == rc)); i++)
{
if (*returncode != LDAP_SUCCESS)
break;
@@ -600,7 +600,7 @@ replica_config_post_modify(Slapi_PBlock *pb,
if (*returncode != LDAP_SUCCESS)
break;
- for (i = 0; (mods[i] && (LDAP_SUCCESS == rc)); i++)
+ for (i = 0; mods && (mods[i] && (LDAP_SUCCESS == rc)); i++)
{
if (*returncode != LDAP_SUCCESS)
break;
diff --git a/ldap/servers/plugins/uiduniq/7bit.c b/ldap/servers/plugins/uiduniq/7bit.c
index 0459bb5..f690b4e 100644
--- a/ldap/servers/plugins/uiduniq/7bit.c
+++ b/ldap/servers/plugins/uiduniq/7bit.c
@@ -455,7 +455,7 @@ preop_modify(Slapi_PBlock *pb)
which are add or replace ops and are bvalue encoded
*/
/* find out how many mods meet this criteria */
- for(mods=firstMods;*mods;mods++)
+ for(mods=firstMods;mods && *mods;mods++)
{
mod = *mods;
if ((slapi_attr_type_cmp(mod->mod_type, attr_name, 1) == 0) && /* mod contains target attr */
diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c
index 984b93e..d4f0c84 100644
--- a/ldap/servers/plugins/uiduniq/uid.c
+++ b/ldap/servers/plugins/uiduniq/uid.c
@@ -761,7 +761,7 @@ preop_modify(Slapi_PBlock *pb)
which are add or replace ops and are bvalue encoded
*/
/* find out how many mods meet this criteria */
- for(;*mods;mods++)
+ for(;mods && *mods;mods++)
{
mod = *mods;
if ((slapi_attr_type_cmp(mod->mod_type, attrName, 1) == 0) && /* mod contains target attr */
diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
index f6afd10..fabe21e 100644
--- a/ldap/servers/slapd/auditlog.c
+++ b/ldap/servers/slapd/auditlog.c
@@ -154,7 +154,7 @@ write_audit_file(
addlenstr( l, attr_changetype );
addlenstr( l, ": modify\n" );
mods = change;
- for ( j = 0; mods[j] != NULL; j++ )
+ for ( j = 0; (mods != NULL) && (mods[j] != NULL); j++ )
{
int operationtype= mods[j]->mod_op & ~LDAP_MOD_BVALUES;
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt_config.c b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt_config.c
index 0b7deaa..86479c9 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt_config.c
@@ -287,7 +287,7 @@ ldbm_instance_attrcrypt_config_modify_callback(Slapi_PBlock *pb, Slapi_Entry *e,
return SLAPI_DSE_CALLBACK_ERROR;
}
- for (i = 0; mods[i] != NULL; i++) {
+ for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) {
char *config_attr = (char *)mods[i]->mod_type;
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_config.c b/ldap/servers/slapd/back-ldbm/ldbm_config.c
index b713f73..b35004a 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_config.c
@@ -2006,7 +2006,7 @@ int ldbm_config_modify_entry_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefore
* 2nd pass: set apply mods to 1 to apply changes to internal storage
*/
for ( apply_mod = 0; apply_mod <= 1 && LDAP_SUCCESS == rc; apply_mod++ ) {
- for (i = 0; mods[i] && LDAP_SUCCESS == rc; i++) {
+ for (i = 0; mods && mods[i] && LDAP_SUCCESS == rc; i++) {
attr_name = mods[i]->mod_type;
/* There are some attributes that we don't care about, like modifiersname. */
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
index f41bd88..2037618 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c
@@ -767,7 +767,7 @@ ldbm_instance_modify_config_entry_callback(Slapi_PBlock *pb, Slapi_Entry* entryB
* 2nd pass: set apply mods to 1 to apply changes to internal storage
*/
for ( apply_mod = 0; apply_mod <= 1 && LDAP_SUCCESS == rc; apply_mod++ ) {
- for (i = 0; mods[i] && LDAP_SUCCESS == rc; i++) {
+ for (i = 0; mods && mods[i] && LDAP_SUCCESS == rc; i++) {
attr_name = mods[i]->mod_type;
if (strcasecmp(attr_name, CONFIG_INSTANCE_SUFFIX) == 0) {
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
index 32510ab..b8b6114 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
@@ -253,7 +253,7 @@ modify_apply_check_expand(
* If the objectClass attribute type was modified in any way, expand
* the objectClass values to reflect the inheritance hierarchy.
*/
- for ( i = 0; mods[i] != NULL && !repl_op; ++i ) {
+ for ( i = 0; (mods != NULL) && (mods[i] != NULL) && !repl_op; ++i ) {
if ( 0 == strcasecmp( SLAPI_ATTR_OBJECTCLASS, mods[i]->mod_type )) {
slapi_schema_expand_objectclasses( ec->ep_entry );
break;
@@ -854,7 +854,7 @@ remove_illegal_mods(LDAPMod **mods)
LDAPMod *tmp;
/* remove any attempts by the user to modify these attrs */
- for ( i = 0; mods[i] != NULL; i++ ) {
+ for ( i = 0; (mods != NULL) && (mods[i] != NULL); i++ ) {
if ( strcasecmp( mods[i]->mod_type, numsubordinates ) == 0
|| strcasecmp( mods[i]->mod_type, hassubordinates ) == 0 )
{
diff --git a/ldap/servers/slapd/back-ldif/modify.c b/ldap/servers/slapd/back-ldif/modify.c
index 7fff067..9a92b17 100644
--- a/ldap/servers/slapd/back-ldif/modify.c
+++ b/ldap/servers/slapd/back-ldif/modify.c
@@ -560,7 +560,7 @@ apply_mods( Slapi_Entry *e, LDAPMod **mods )
LDAPDebug( LDAP_DEBUG_TRACE, "=> apply_mods\n", 0, 0, 0 );
err = LDAP_SUCCESS;
- for ( j = 0; mods[j] != NULL; j++ ) {
+ for ( j = 0; (mods != NULL) && (mods[j] != NULL); j++ ) {
switch ( mods[j]->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_ADD:
LDAPDebug( LDAP_DEBUG_ARGS, " add: %s\n",
diff --git a/ldap/servers/slapd/configdse.c b/ldap/servers/slapd/configdse.c
index 12175c4..9265b98 100644
--- a/ldap/servers/slapd/configdse.c
+++ b/ldap/servers/slapd/configdse.c
@@ -392,7 +392,7 @@ modify_config_dse(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, in
*/
for ( apply_mods = 0; apply_mods <= 1; apply_mods++ ) {
int i = 0;
- for (i = 0; (mods[i] && (LDAP_SUCCESS == rc)); i++) {
+ for (i = 0; mods && (mods[i] && (LDAP_SUCCESS == rc)); i++) {
/* send all aci modifications to the backend */
config_attr = (char *)mods[i]->mod_type;
if (ignore_attr_type(config_attr))
@@ -487,7 +487,7 @@ postop_modify_config_dse(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry
slapi_pblock_get( pb, SLAPI_MODIFY_MODS, &mods );
returntext[0] = '\0';
- for (i = 0; mods[i]; i++) {
+ for (i = 0; mods && mods[i]; i++) {
if (mods[i]->mod_op & LDAP_MOD_REPLACE ) {
/* Check if the server needs to be restarted */
for (j = 0; j < num_requires_restart; j++)
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
index 2e8cbff..841ed32 100644
--- a/ldap/servers/slapd/mapping_tree.c
+++ b/ldap/servers/slapd/mapping_tree.c
@@ -1074,7 +1074,7 @@ int mapping_tree_entry_modify_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefor
return SLAPI_DSE_CALLBACK_ERROR;
}
- for (i = 0; mods[i] != NULL; i++) {
+ for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) {
if ( (strcasecmp(mods[i]->mod_type, "cn") == 0) ||
(strcasecmp(mods[i]->mod_type,
MAPPING_TREE_PARENT_ATTRIBUTE) == 0) )
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 014be1c..5f8a0ac 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -391,14 +391,17 @@ do_modify( Slapi_PBlock *pb )
mods = slapi_mods_get_ldapmods_passout (&smods);
/* normalize the mods */
- normalized_mods = normalize_mods2bvals((const LDAPMod**)mods);
- ldap_mods_free (mods, 1 /* Free the Array and the Elements */);
- if (normalized_mods == NULL) {
- op_shared_log_error_access(pb, "MOD", rawdn?rawdn:"",
- "mod includes invalid dn format");
- send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL,
- "mod includes invalid dn format", 0, NULL);
- goto free_and_return;
+ if (mods) {
+ normalized_mods = normalize_mods2bvals((const LDAPMod**)mods);
+ ldap_mods_free (mods, 1 /* Free the Array and the Elements */);
+ if (normalized_mods == NULL) {
+ /* NOTE: normalize_mods2bvals only handles DN syntax currently */
+ op_shared_log_error_access(pb, "MOD", rawdn?rawdn:"",
+ "mod includes invalid dn format");
+ send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL,
+ "mod includes invalid dn format", 0, NULL);
+ goto free_and_return;
+ }
}
slapi_pblock_set(pb, SLAPI_MODIFY_MODS, normalized_mods);
@@ -1396,7 +1399,7 @@ hash_rootpw (LDAPMod **mods)
return 0;
}
- for (i=0; mods[i] != NULL; i++) {
+ for (i=0; (mods != NULL) && (mods[i] != NULL); i++) {
LDAPMod *mod = mods[i];
if (strcasecmp (mod->mod_type, CONFIG_ROOTPW_ATTRIBUTE) != 0)
continue;
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
index 045989d..28c1ffc 100644
--- a/ldap/servers/slapd/schema.c
+++ b/ldap/servers/slapd/schema.c
@@ -1676,7 +1676,7 @@ modify_schema_dse (Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entr
* True for DS 4.x as well, although it tried to keep going even after
* an error was detected (which was very wrong).
*/
- for (i = 0; rc == SLAPI_DSE_CALLBACK_OK && mods[i]; i++) {
+ for (i = 0; rc == SLAPI_DSE_CALLBACK_OK && mods && mods[i]; i++) {
schema_dse_attr_name = (char *) mods[i]->mod_type;
num_mods++; /* incr the number of mods */
diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
index 5fc0b08..2fe1de7 100644
--- a/ldap/servers/slapd/task.c
+++ b/ldap/servers/slapd/task.c
@@ -774,7 +774,7 @@ static int task_modify(Slapi_PBlock *pb, Slapi_Entry *e,
/* ignore eAfter, just scan the mods for anything unacceptable */
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
- for (i = 0; mods[i] != NULL; i++) {
+ for (i = 0; (mods != NULL) && (mods[i] != NULL); i++) {
/* for some reason, "modifiersName" and "modifyTimestamp" are
* stuck in by the server */
if ((strcasecmp(mods[i]->mod_type, "ttl") != 0) &&
diff --git a/ldap/servers/slapd/test-plugins/testpostop.c b/ldap/servers/slapd/test-plugins/testpostop.c
index f18f4ab..d91ddd4 100644
--- a/ldap/servers/slapd/test-plugins/testpostop.c
+++ b/ldap/servers/slapd/test-plugins/testpostop.c
@@ -355,7 +355,7 @@ write_changelog(
that has been added, replaced, or deleted. */
fprintf( fp, "changetype: modify\n" );
mods = (LDAPMod **)change;
- for ( j = 0; mods[j] != NULL; j++ ) {
+ for ( j = 0; (mods != NULL) && (mods[j] != NULL); j++ ) {
switch ( mods[j]->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_ADD:
fprintf( fp, "add: %s\n", mods[j]->mod_type );
commit 9426e0788c85fef950d41d2d5427b5b67fa6b0fd
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Apr 9 13:24:26 2014 -0600
Ticket #47774 mem leak in do_search - rawbase not freed upon certain errors
https://fedorahosted.org/389/ticket/47774
Reviewed by: nhosoi (Thanks!)
Branch: 389-ds-base-1.2.11
Fix Description: Free the local rawbase variable if it was not set in the
pblock.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 1d5c6d6ca300a45305dba631a334ae9a1857d4cb)
(cherry picked from commit b065515935daa8fffe7a8eef3a66621cc8702018)
(cherry picked from commit 97f58ff4787ecb87780fde7245e354ec75e73125)
(cherry picked from commit 33bf4d42727804f5c10ce30834a2340c99cad459)
diff --git a/ldap/servers/slapd/search.c b/ldap/servers/slapd/search.c
index 9f165a1..1f0050c 100644
--- a/ldap/servers/slapd/search.c
+++ b/ldap/servers/slapd/search.c
@@ -69,6 +69,7 @@ do_search( Slapi_PBlock *pb )
int i, err, attrsonly;
ber_int_t scope, deref, sizelimit, timelimit;
char *rawbase = NULL;
+ int rawbase_set_in_pb = 0; /* was rawbase set in pb? */
char *base = NULL, *fstr = NULL;
struct slapi_filter *filter = NULL;
char **attrs = NULL;
@@ -339,6 +340,7 @@ do_search( Slapi_PBlock *pb )
}
slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET_DN, rawbase );
+ rawbase_set_in_pb = 1; /* rawbase is now owned by pb */
slapi_pblock_set( pb, SLAPI_SEARCH_SCOPE, &scope );
slapi_pblock_set( pb, SLAPI_SEARCH_DEREF, &deref );
slapi_pblock_set( pb, SLAPI_SEARCH_FILTER, filter );
@@ -375,7 +377,9 @@ free_and_return:;
operation->o_flags &= ~OP_FLAG_PS;
}
/* we strdup'd this above - need to free */
- slapi_pblock_get(pb, SLAPI_ORIGINAL_TARGET_DN, &rawbase);
+ if (rawbase_set_in_pb) {
+ slapi_pblock_get(pb, SLAPI_ORIGINAL_TARGET_DN, &rawbase);
+ }
slapi_ch_free_string(&rawbase);
}
}
commit 7655ff76c90651d817bfbd70313228c9818ad591
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Apr 9 13:19:08 2014 -0600
Ticket #47773 - mem leak in do_bind when there is an error
https://fedorahosted.org/389/ticket/47773
Reviewed by: nhosoi (Thanks!)
Branch: 389-ds-base-1.2.11
Fix Description: Do not get the SLAPI_BIND_TARGET_SDN from the pblock and
free it in the clean up code if it was never set in the pblock - just free
the local variable sdn in this case.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit 2a57b521b86b24c0f0a8ddfbea4169c71ee4e896)
(cherry picked from commit c0606d45b91e87e4d0d90dec0812d20a0b23f545)
(cherry picked from commit 39eab765d9c6552c246bed13903807eca4c96887)
(cherry picked from commit 0911134c2c6d97243a7f6652a9a861bf7e28d91b)
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index 97b236e..92d7965 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -131,6 +131,7 @@ do_bind( Slapi_PBlock *pb )
ber_tag_t ber_rc;
int rc = 0;
Slapi_DN *sdn = NULL;
+ int bind_sdn_in_pb = 0; /* is sdn set in the pb? */
Slapi_Entry *referral;
char errorbuf[BUFSIZ];
char **supported, **pmech;
@@ -369,6 +370,7 @@ do_bind( Slapi_PBlock *pb )
isroot = slapi_dn_isroot( slapi_sdn_get_ndn(sdn) );
slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &isroot );
slapi_pblock_set( pb, SLAPI_BIND_TARGET_SDN, (void*)sdn );
+ bind_sdn_in_pb = 1; /* pb now owns sdn */
slapi_pblock_set( pb, SLAPI_BIND_METHOD, &method );
slapi_pblock_set( pb, SLAPI_BIND_SASLMECHANISM, saslmech );
slapi_pblock_set( pb, SLAPI_BIND_CREDENTIALS, &cred );
@@ -861,7 +863,9 @@ account_locked:
free_and_return:;
if (be)
slapi_be_Unlock(be);
- slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
+ if (bind_sdn_in_pb) {
+ slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &sdn);
+ }
slapi_sdn_free(&sdn);
slapi_ch_free_string( &saslmech );
slapi_ch_free( (void **)&cred.bv_val );
10 years