ldap/servers
by Ludwig Krispenz
ldap/servers/plugins/sync/sync.h | 1
ldap/servers/plugins/sync/sync_persist.c | 8 ++----
ldap/servers/plugins/sync/sync_util.c | 16 ++++++++++---
ldap/servers/slapd/operation.c | 38 +++++++++++++++++++++++++++++++
ldap/servers/slapd/pblock.c | 12 +++++++++
ldap/servers/slapd/slapi-plugin.h | 7 +++++
6 files changed, 74 insertions(+), 8 deletions(-)
New commits:
commit a81a3ead42f83e8c928fde07db9fd2fff5ce4c96
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Mon Jun 2 14:10:54 2014 +0200
Ticket 47803 - syncrepl crash if attribute list is non-empty
Bug Description: if the list of requested attributes in a persistent
sync repl request was set, the server could
crash after a modify operation which should
send an entry
Fix Description: the reason for the crash was that the list of requested
attributes was freed when the original search
operation was completed. In the persit phase this
list was still accessed.
To fix it, a copy of the orignal op had to be used
and the list of requested attr duplicated and set
in the copy of the op.
unfortunately a reference to the original op is
still needed as the disconnet code sets the abandonned
flag to the original op
To be able to duplicate an operation, some methods to get
and set operation attributes had to be provided
https://fedorahosted.org/389/ticket/47803
Reviewed by: RichM. ThanksRichM. Thanks
diff --git a/ldap/servers/plugins/sync/sync.h b/ldap/servers/plugins/sync/sync.h
index 9168039..9c2d8be 100644
--- a/ldap/servers/plugins/sync/sync.h
+++ b/ldap/servers/plugins/sync/sync.h
@@ -158,6 +158,7 @@ typedef struct sync_queue_node {
*/
typedef struct sync_request {
Slapi_PBlock *req_pblock;
+ Slapi_Operation *req_orig_op;
PRLock *req_lock;
PRThread *req_tid;
char *req_orig_base;
diff --git a/ldap/servers/plugins/sync/sync_persist.c b/ldap/servers/plugins/sync/sync_persist.c
index 4fb4574..8d46102 100644
--- a/ldap/servers/plugins/sync/sync_persist.c
+++ b/ldap/servers/plugins/sync/sync_persist.c
@@ -292,6 +292,7 @@ sync_persist_add (Slapi_PBlock *pb)
if ( SYNC_IS_INITIALIZED() && NULL != pb ) {
/* Create the new node */
req = sync_request_alloc();
+ slapi_pblock_get(pb, SLAPI_OPERATION, &req->req_orig_op); /* neede to access original op */
req->req_pblock = sync_pblock_copy(pb);
slapi_pblock_get(pb, SLAPI_ORIGINAL_TARGET_DN, &base);
req->req_orig_base = slapi_ch_strdup(base);
@@ -566,7 +567,7 @@ sync_send_results( void *arg )
SyncQueueNode *qnode, *qnodenext;
int conn_acq_flag = 0;
Slapi_Connection *conn = NULL;
- Slapi_Operation *op = NULL;
+ Slapi_Operation *op = req->req_orig_op;
int rc;
PRUint64 connid;
int opid;
@@ -574,7 +575,6 @@ sync_send_results( void *arg )
slapi_pblock_get(req->req_pblock, SLAPI_CONN_ID, &connid);
slapi_pblock_get(req->req_pblock, SLAPI_OPERATION_ID, &opid);
slapi_pblock_get(req->req_pblock, SLAPI_CONNECTION, &conn);
- slapi_pblock_get(req->req_pblock, SLAPI_OPERATION, &op);
conn_acq_flag = sync_acquire_connection (conn);
if (conn_acq_flag) {
@@ -587,9 +587,7 @@ sync_send_results( void *arg )
while ( (conn_acq_flag == 0) && !req->req_complete && !plugin_closing) {
/* Check for an abandoned operation */
- Slapi_Operation *op;
- slapi_pblock_get(req->req_pblock, SLAPI_OPERATION, &op);
- if ( op == NULL || slapi_op_abandoned( req->req_pblock ) ) {
+ if ( op == NULL || slapi_is_operation_abandoned( op ) ) {
slapi_log_error(SLAPI_LOG_PLUGIN, "Content Synchronization Search",
"conn=%" NSPRIu64 " op=%d Operation no longer active - terminating\n",
(long long unsigned int)connid, opid);
diff --git a/ldap/servers/plugins/sync/sync_util.c b/ldap/servers/plugins/sync/sync_util.c
index 5ec5e5d..ef4a3f7 100644
--- a/ldap/servers/plugins/sync/sync_util.c
+++ b/ldap/servers/plugins/sync/sync_util.c
@@ -644,18 +644,21 @@ Slapi_PBlock *
sync_pblock_copy(Slapi_PBlock *src)
{
Slapi_Operation *operation;
+ Slapi_Operation *operation_new;
Slapi_Connection *connection;
int *scope;
int *deref;
int *filter_normalized;
char *fstr;
char **attrs, **attrs_dup;
+ char **reqattrs, **reqattrs_dup;
int *attrsonly;
int *isroot;
int *sizelimit;
int *timelimit;
struct slapdplugin *pi;
-
+ ber_int_t msgid;
+ ber_tag_t tag;
slapi_pblock_get( src, SLAPI_OPERATION, &operation );
slapi_pblock_get( src, SLAPI_CONNECTION, &connection );
@@ -664,6 +667,7 @@ sync_pblock_copy(Slapi_PBlock *src)
slapi_pblock_get( src, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized );
slapi_pblock_get( src, SLAPI_SEARCH_STRFILTER, &fstr );
slapi_pblock_get( src, SLAPI_SEARCH_ATTRS, &attrs );
+ slapi_pblock_get( src, SLAPI_SEARCH_REQATTRS, &reqattrs );
slapi_pblock_get( src, SLAPI_SEARCH_ATTRSONLY, &attrsonly );
slapi_pblock_get( src, SLAPI_REQUESTOR_ISROOT, &isroot );
slapi_pblock_get( src, SLAPI_SEARCH_SIZELIMIT, &sizelimit );
@@ -671,15 +675,21 @@ sync_pblock_copy(Slapi_PBlock *src)
slapi_pblock_get( src, SLAPI_PLUGIN, &pi);
Slapi_PBlock *dest = slapi_pblock_new();
-
- slapi_pblock_set( dest, SLAPI_OPERATION, operation );
+ operation_new = slapi_operation_new(0);
+ msgid = slapi_operation_get_msgid(operation);
+ slapi_operation_set_msgid(operation_new, msgid);
+ tag = slapi_operation_get_tag(operation);
+ slapi_operation_set_tag(operation_new, tag);
+ slapi_pblock_set( dest, SLAPI_OPERATION, operation_new );
slapi_pblock_set( dest, SLAPI_CONNECTION, connection );
slapi_pblock_set( dest, SLAPI_SEARCH_SCOPE, &scope );
slapi_pblock_set( dest, SLAPI_SEARCH_DEREF, &deref );
slapi_pblock_set( dest, SLAPI_PLUGIN_SYNTAX_FILTER_NORMALIZED, &filter_normalized );
slapi_pblock_set( dest, SLAPI_SEARCH_STRFILTER, slapi_ch_strdup(fstr) );
attrs_dup = slapi_ch_array_dup(attrs);
+ reqattrs_dup = slapi_ch_array_dup(reqattrs);
slapi_pblock_set( dest, SLAPI_SEARCH_ATTRS, attrs_dup );
+ slapi_pblock_set( dest, SLAPI_SEARCH_REQATTRS, reqattrs_dup );
slapi_pblock_set( dest, SLAPI_SEARCH_ATTRSONLY, &attrsonly );
slapi_pblock_set( dest, SLAPI_REQUESTOR_ISROOT, &isroot );
slapi_pblock_set( dest, SLAPI_SEARCH_SIZELIMIT, &sizelimit );
diff --git a/ldap/servers/slapd/operation.c b/ldap/servers/slapd/operation.c
index c82e6be..1b45c3f 100644
--- a/ldap/servers/slapd/operation.c
+++ b/ldap/servers/slapd/operation.c
@@ -52,6 +52,15 @@
#include "fe.h"
int
+slapi_is_operation_abandoned( Slapi_Operation *op )
+{
+ if (op) {
+ return( op->o_status == SLAPI_OP_STATUS_ABANDONED );
+ }
+ return 0;
+}
+
+int
slapi_op_abandoned( Slapi_PBlock *pb )
{
int op_status;
@@ -192,6 +201,11 @@ operation_init(Slapi_Operation *o, int flags)
}
+Slapi_Operation *
+slapi_operation_new(int flags)
+{
+ return (operation_new(flags));
+}
/*
* Allocate a new Slapi_Operation.
* The flag parameter indicates whether the the operation is
@@ -427,6 +441,30 @@ struct slapi_operation_parameters *operation_parameters_new()
return (slapi_operation_parameters *)slapi_ch_calloc (1, sizeof (slapi_operation_parameters));
}
+ber_tag_t
+slapi_operation_get_tag(Slapi_Operation *op)
+{
+ return op->o_tag;
+}
+
+ber_int_t
+slapi_operation_get_msgid(Slapi_Operation *op)
+{
+ return op->o_msgid;
+}
+
+void
+slapi_operation_set_tag(Slapi_Operation *op, ber_tag_t tag)
+{
+ op->o_tag = tag;
+}
+
+void
+slapi_operation_set_msgid(Slapi_Operation *op, ber_int_t msgid)
+{
+ op->o_msgid = msgid;
+}
+
LDAPMod **
copy_mods(LDAPMod **orig_mods)
{
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index d3cc55c..ff991ab 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -1463,6 +1463,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
(*(char ***)value) = pblock->pb_op->o_params.p.p_search.search_gerattrs;
}
break;
+ case SLAPI_SEARCH_REQATTRS:
+ if(pblock->pb_op!=NULL)
+ {
+ (*(char ***)value) = pblock->pb_op->o_searchattrs;
+ }
+ break;
case SLAPI_SEARCH_ATTRSONLY:
if(pblock->pb_op!=NULL)
{
@@ -3104,6 +3110,12 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
pblock->pb_op->o_params.p.p_search.search_gerattrs = (char **) value;
}
break;
+ case SLAPI_SEARCH_REQATTRS:
+ if(pblock->pb_op!=NULL)
+ {
+ pblock->pb_op->o_searchattrs = (char **) value;
+ }
+ break;
case SLAPI_SEARCH_ATTRSONLY:
if(pblock->pb_op!=NULL)
{
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index c39d3b3..b83b08a 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -5145,16 +5145,22 @@ Slapi_Value *slapi_valueset_find(const Slapi_Attr *a, const Slapi_ValueSet *vs,
* operation routines
*/
int slapi_op_abandoned( Slapi_PBlock *pb );
+int slapi_is_operation_abandoned( Slapi_Operation *op );
unsigned long slapi_op_get_type(Slapi_Operation * op);
void slapi_operation_set_flag(Slapi_Operation *op, unsigned long flag);
void slapi_operation_clear_flag(Slapi_Operation *op, unsigned long flag);
int slapi_operation_is_flag_set(Slapi_Operation *op, unsigned long flag);
+ber_tag_t slapi_operation_get_tag(Slapi_Operation *op);
+ber_int_t slapi_operation_get_msgid(Slapi_Operation *op);
+void slapi_operation_set_tag(Slapi_Operation *op, ber_tag_t tag);
+void slapi_operation_set_msgid(Slapi_Operation *op, ber_int_t msgid);
int slapi_op_reserved(Slapi_PBlock *pb);
void slapi_operation_set_csngen_handler ( Slapi_Operation *op, void *callback );
void slapi_operation_set_replica_attr_handler ( Slapi_Operation *op, void *callback );
int slapi_operation_get_replica_attr ( Slapi_PBlock *pb, Slapi_Operation *op, const char *type, void *value );
char *slapi_op_type_to_string(unsigned long type);
int slapi_op_internal( Slapi_PBlock *pb );
+Slapi_Operation *slapi_operation_new(int flags);
/*
* connection routines
@@ -7157,6 +7163,7 @@ typedef struct slapi_plugindesc {
#define SLAPI_SEARCH_STRFILTER 115
#define SLAPI_SEARCH_ATTRS 116
#define SLAPI_SEARCH_GERATTRS 1160
+#define SLAPI_SEARCH_REQATTRS 1161
#define SLAPI_SEARCH_ATTRSONLY 117
#define SLAPI_SEARCH_IS_AND 118
9 years, 10 months
Branch '389-ds-base-1.2.11' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/posix-winsync/posix-group-func.c | 4
ldap/servers/plugins/posix-winsync/posix-group-func.h | 1
ldap/servers/plugins/posix-winsync/posix-group-task.c | 72 +++++++++++---
ldap/servers/plugins/posix-winsync/posix-winsync-config.c | 3
4 files changed, 66 insertions(+), 14 deletions(-)
New commits:
commit bdb5e35f608953ca1533365788ab12f56944156c
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 2 17:32:40 2014 -0700
Ticket #47770 - #481 breaks possibility to reassemble memberuid list
Description: Patch to implement #481 "expand nested posix groups"
wiped out the code in posix_group_fix_memberuid_callback (posix-
group-task.c) to add memberuid if the entry is a posix group.
This patch adds the code back.
Plus fixed a couple of memory leaks and renamed a posix winsync
local function plugin_op_all_finished to posix_winsync_plugin_op_
all_finished not to confuse valgrind.
https://fedorahosted.org/389/ticket/47770
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
(cherry picked from commit 8d5410e2e08f2e6fdabe9ab1dc3e97b20842a34d)
(cherry picked from commit 945d113b968ef878f13848d1d7d83b70c9bc2e85)
(cherry picked from commit 2574dffa82490b2258226edf5b420abaf19a9c09)
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
index 6a7aa84..1f6be93 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
@@ -23,12 +23,12 @@
#include <string.h>
#include <nspr.h>
#include "posix-wsp-ident.h"
+#include "posix-group-func.h"
#define MAX_RECURSION_DEPTH (5)
Slapi_Value **
valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */
-static int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
static PRMonitor *memberuid_operation_lock = 0;
@@ -262,7 +262,7 @@ smods_has_mod(Slapi_Mods *smods, int modtype, const char *type, const char *val)
return rc;
}
-static int
+int
hasObjectClass(Slapi_Entry *entry, const char *objectClass)
{
int rc = 0;
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.h b/ldap/servers/plugins/posix-winsync/posix-group-func.h
index 0f0ae37..f6d53bf 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.h
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.h
@@ -19,5 +19,6 @@ void memberUidUnlock();
int memberUidLockInit();
int addUserToGroupMembership(Slapi_Entry *entry);
void propogateDeletionsUpward(Slapi_Entry *, const Slapi_DN *, Slapi_ValueSet*, Slapi_ValueSet *, int);
+int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
#endif
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c
index 3d9003f..abf0282 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-task.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c
@@ -89,7 +89,7 @@ posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"posix_group_task_add: retrieved basedn: %s\n", dn);
- if ((filter = fetch_attr(e, "filter", "(objectclass=ntGroup)")) == NULL) {
+ if ((filter = fetch_attr(e, "filter", "(&(objectclass=ntGroup)(|(uniquemember=*)(memberuid=*)))")) == NULL) {
*returncode = LDAP_OBJECT_CLASS_VIOLATION;
rv = SLAPI_DSE_CALLBACK_ERROR;
goto out;
@@ -240,6 +240,7 @@ posix_group_fix_memberuid(char *dn, char *filter_str, void *txn)
static int
posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
{
+ int i;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid ==>\n");
cb_data *the_cb_data = (cb_data *) callback_data;
@@ -253,7 +254,11 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
char *dn = slapi_entry_get_dn(e);
Slapi_DN *sdn = slapi_entry_get_sdn(e);
LDAPMod **mods = NULL;
+ int is_posix_group = 0;
+ if (hasObjectClass(e, "posixGroup")) {
+ is_posix_group = 1;
+ }
/* Clean out memberuids and dsonlymemberuids without a valid referant */
rc = slapi_entry_attr_find(e, "memberuid", &muid_attr);
if (rc == 0 && muid_attr) {
@@ -272,7 +277,6 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid scan for orphaned memberuids\n");
- int i;
for (i = slapi_attr_first_value(muid_attr, &v); i != -1;
i = slapi_attr_next_value(muid_attr, i, &v)) {
const char *muid = slapi_value_get_string(v);
@@ -337,10 +341,8 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
if (rc == 0 && obj_attr) {
int fixMembership = 0;
Slapi_ValueSet *bad_ums = NULL;
-
- int i;
- Slapi_Value * uniqval = NULL; /* uniquemeber Attribute values */
-
+ Slapi_Value *uniqval = NULL; /* uniquemeber Attribute values */
+ Slapi_ValueSet *uids = NULL;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid scan uniquemember, group %s\n", dn);
for (i = slapi_attr_first_value(obj_attr, &uniqval); i != -1;
@@ -350,11 +352,14 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
char *attrs[] = { "uid", "objectclass", NULL };
Slapi_Entry *child = getEntry(member, attrs);
- if (!child) {
+ if (child) {
+ slapi_entry_free(child);
+ } else {
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid orphaned uniquemember found: %s\n", member);
- if (strncasecmp(member, "cn=", 3) == 0) {
+ if ((strncasecmp(member, "cn=", 3) == 0) ||
+ (strncasecmp(member, "uid=", 4) == 0)) {
fixMembership = 1;
}
if (!bad_ums) {
@@ -362,12 +367,51 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
}
slapi_valueset_add_value(bad_ums, uniqval);
}
+
+ if (is_posix_group) {
+ char *uid = NULL;
+ /* search uid for member (DN) */
+ slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "search %s\n", member);
+ if ((uid = searchUid(member)) != NULL) {
+ Slapi_Value *value = slapi_value_new();
+ /* Search an entry having "member" as DN and get uid value from it. */
+ slapi_value_set_string_passin(value, uid);
+ /* add uids ValueSet */
+ if (NULL == uids) {
+ uids = slapi_valueset_new();
+ }
+ slapi_valueset_add_value(uids, value);
+ slapi_value_free(&value);
+ }
+ }
+ }
+ /* If we found some posix members, replace the existing memberuid attribute
+ * with the found values. */
+ if (uids && slapi_valueset_count(uids)) {
+ Slapi_Value *val = 0;
+ Slapi_Mod *smod = slapi_mod_new();
+ int hint = 0;
+
+ slapi_mod_init(smod, 0);
+ slapi_mod_set_operation(smod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
+ slapi_mod_set_type(smod, "memberuid");
+
+ /* Loop through all of our values and add them to smod */
+ hint = slapi_valueset_first_value(uids, &val);
+ while (val) {
+ /* this makes a copy of the berval */
+ slapi_mod_add_value(smod, slapi_value_get_berval(val));
+ hint = slapi_valueset_next_value(uids, hint, &val);
+ }
+ slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(smod));
+ slapi_mod_free(&smod);
}
+ slapi_valueset_free(uids);
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid Finishing...\n");
- if (fixMembership && posix_winsync_config_get_mapNestedGrouping()) {
+ if (fixMembership && posix_winsync_config_get_mapNestedGrouping()) {
Slapi_ValueSet *del_nested_vs = slapi_valueset_new();
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
@@ -383,7 +427,7 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
}
}
- mods = slapi_mods_get_ldapmods_passout(smods);
+ mods = slapi_mods_get_ldapmods_byref(smods);
if (mods) {
Slapi_PBlock *mod_pb = NULL;
mod_pb = slapi_pblock_new();
@@ -400,7 +444,13 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid <==\n");
- return rc;
+ /*
+ * Since Ticket #481 "expand nested posix groups",
+ * there's a possibility the found entry does not contain
+ * uniqueMember attribute. But "not found" error shoud not
+ * be returned, which stops the further fixup task.
+ */
+ return 0;
}
static void
diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
index a7fd6e9..7973137 100644
--- a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
+++ b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
@@ -72,7 +72,8 @@ posix_winsync_agmt_init(const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree)
sdn = slapi_get_first_suffix(&node, 0);
while (sdn) {
- if (slapi_sdn_isparent(sdn, ds_subtree) == 0) {
+ /* if sdn is a parent of ds_subtree or sdn is the WinSync Subtree itself */
+ if (slapi_sdn_isparent(sdn, ds_subtree) || !slapi_sdn_compare(sdn, ds_subtree)) {
theConfig.rep_suffix = sdn;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "Found suffix's '%s'\n",
slapi_sdn_get_dn(sdn));
9 years, 10 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/posix-winsync/posix-group-func.c | 4
ldap/servers/plugins/posix-winsync/posix-group-func.h | 1
ldap/servers/plugins/posix-winsync/posix-group-task.c | 72 +++++++++++---
ldap/servers/plugins/posix-winsync/posix-winsync-config.c | 3
4 files changed, 66 insertions(+), 14 deletions(-)
New commits:
commit 2574dffa82490b2258226edf5b420abaf19a9c09
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 2 17:32:40 2014 -0700
Ticket #47770 - #481 breaks possibility to reassemble memberuid list
Description: Patch to implement #481 "expand nested posix groups"
wiped out the code in posix_group_fix_memberuid_callback (posix-
group-task.c) to add memberuid if the entry is a posix group.
This patch adds the code back.
Plus fixed a couple of memory leaks and renamed a posix winsync
local function plugin_op_all_finished to posix_winsync_plugin_op_
all_finished not to confuse valgrind.
https://fedorahosted.org/389/ticket/47770
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
(cherry picked from commit 8d5410e2e08f2e6fdabe9ab1dc3e97b20842a34d)
(cherry picked from commit 945d113b968ef878f13848d1d7d83b70c9bc2e85)
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
index aa76d6c..0961df5 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
@@ -21,12 +21,12 @@
#include <nspr.h>
#include "slapi-plugin.h"
#include "posix-wsp-ident.h"
+#include "posix-group-func.h"
#define MAX_RECURSION_DEPTH (5)
Slapi_Value **
valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */
-static int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
static PRMonitor *memberuid_operation_lock = 0;
@@ -260,7 +260,7 @@ smods_has_mod(Slapi_Mods *smods, int modtype, const char *type, const char *val)
return rc;
}
-static int
+int
hasObjectClass(Slapi_Entry *entry, const char *objectClass)
{
int rc = 0;
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.h b/ldap/servers/plugins/posix-winsync/posix-group-func.h
index 85e5235..2e5391c 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.h
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.h
@@ -19,5 +19,6 @@ void memberUidUnlock();
int memberUidLockInit();
int addUserToGroupMembership(Slapi_Entry *entry);
void propogateDeletionsUpward(Slapi_Entry *, const Slapi_DN *, Slapi_ValueSet*, Slapi_ValueSet *, int);
+int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
#endif
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c
index 69c5eab..3a7e2c8 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-task.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c
@@ -89,7 +89,7 @@ posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"posix_group_task_add: retrieved basedn: %s\n", dn);
- if ((filter = fetch_attr(e, "filter", "(objectclass=ntGroup)")) == NULL) {
+ if ((filter = fetch_attr(e, "filter", "(&(objectclass=ntGroup)(|(uniquemember=*)(memberuid=*)))")) == NULL) {
*returncode = LDAP_OBJECT_CLASS_VIOLATION;
rv = SLAPI_DSE_CALLBACK_ERROR;
goto out;
@@ -240,6 +240,7 @@ posix_group_fix_memberuid(char *dn, char *filter_str, void *txn)
static int
posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
{
+ int i;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid ==>\n");
cb_data *the_cb_data = (cb_data *) callback_data;
@@ -253,7 +254,11 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
char *dn = slapi_entry_get_dn(e);
Slapi_DN *sdn = slapi_entry_get_sdn(e);
LDAPMod **mods = NULL;
+ int is_posix_group = 0;
+ if (hasObjectClass(e, "posixGroup")) {
+ is_posix_group = 1;
+ }
/* Clean out memberuids and dsonlymemberuids without a valid referant */
rc = slapi_entry_attr_find(e, "memberuid", &muid_attr);
if (rc == 0 && muid_attr) {
@@ -272,7 +277,6 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid scan for orphaned memberuids\n");
- int i;
for (i = slapi_attr_first_value(muid_attr, &v); i != -1;
i = slapi_attr_next_value(muid_attr, i, &v)) {
char *muid = (char *)slapi_value_get_string(v);
@@ -337,10 +341,8 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
if (rc == 0 && obj_attr) {
int fixMembership = 0;
Slapi_ValueSet *bad_ums = NULL;
-
- int i;
- Slapi_Value * uniqval = NULL; /* uniquemeber Attribute values */
-
+ Slapi_Value *uniqval = NULL; /* uniquemeber Attribute values */
+ Slapi_ValueSet *uids = NULL;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid scan uniquemember, group %s\n", dn);
for (i = slapi_attr_first_value(obj_attr, &uniqval); i != -1;
@@ -350,11 +352,14 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
char *attrs[] = { "uid", "objectclass", NULL };
Slapi_Entry *child = getEntry(member, attrs);
- if (!child) {
+ if (child) {
+ slapi_entry_free(child);
+ } else {
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid orphaned uniquemember found: %s\n", member);
- if (strncasecmp(member, "cn=", 3) == 0) {
+ if ((strncasecmp(member, "cn=", 3) == 0) ||
+ (strncasecmp(member, "uid=", 4) == 0)) {
fixMembership = 1;
}
if (!bad_ums) {
@@ -362,12 +367,51 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
}
slapi_valueset_add_value(bad_ums, uniqval);
}
+
+ if (is_posix_group) {
+ char *uid = NULL;
+ /* search uid for member (DN) */
+ slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "search %s\n", member);
+ if ((uid = searchUid(member)) != NULL) {
+ Slapi_Value *value = slapi_value_new();
+ /* Search an entry having "member" as DN and get uid value from it. */
+ slapi_value_set_string_passin(value, uid);
+ /* add uids ValueSet */
+ if (NULL == uids) {
+ uids = slapi_valueset_new();
+ }
+ slapi_valueset_add_value(uids, value);
+ slapi_value_free(&value);
+ }
+ }
+ }
+ /* If we found some posix members, replace the existing memberuid attribute
+ * with the found values. */
+ if (uids && slapi_valueset_count(uids)) {
+ Slapi_Value *val = 0;
+ Slapi_Mod *smod = slapi_mod_new();
+ int hint = 0;
+
+ slapi_mod_init(smod, 0);
+ slapi_mod_set_operation(smod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
+ slapi_mod_set_type(smod, "memberuid");
+
+ /* Loop through all of our values and add them to smod */
+ hint = slapi_valueset_first_value(uids, &val);
+ while (val) {
+ /* this makes a copy of the berval */
+ slapi_mod_add_value(smod, slapi_value_get_berval(val));
+ hint = slapi_valueset_next_value(uids, hint, &val);
+ }
+ slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(smod));
+ slapi_mod_free(&smod);
}
+ slapi_valueset_free(uids);
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid Finishing...\n");
- if (fixMembership && posix_winsync_config_get_mapNestedGrouping()) {
+ if (fixMembership && posix_winsync_config_get_mapNestedGrouping()) {
Slapi_ValueSet *del_nested_vs = slapi_valueset_new();
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
@@ -383,7 +427,7 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
}
}
- mods = slapi_mods_get_ldapmods_passout(smods);
+ mods = slapi_mods_get_ldapmods_byref(smods);
if (mods) {
Slapi_PBlock *mod_pb = NULL;
mod_pb = slapi_pblock_new();
@@ -400,7 +444,13 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid <==\n");
- return rc;
+ /*
+ * Since Ticket #481 "expand nested posix groups",
+ * there's a possibility the found entry does not contain
+ * uniqueMember attribute. But "not found" error shoud not
+ * be returned, which stops the further fixup task.
+ */
+ return 0;
}
static void
diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
index a7fd6e9..7973137 100644
--- a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
+++ b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
@@ -72,7 +72,8 @@ posix_winsync_agmt_init(const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree)
sdn = slapi_get_first_suffix(&node, 0);
while (sdn) {
- if (slapi_sdn_isparent(sdn, ds_subtree) == 0) {
+ /* if sdn is a parent of ds_subtree or sdn is the WinSync Subtree itself */
+ if (slapi_sdn_isparent(sdn, ds_subtree) || !slapi_sdn_compare(sdn, ds_subtree)) {
theConfig.rep_suffix = sdn;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "Found suffix's '%s'\n",
slapi_sdn_get_dn(sdn));
9 years, 10 months
Branch '389-ds-base-1.3.2' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/posix-winsync/posix-group-func.c | 4
ldap/servers/plugins/posix-winsync/posix-group-func.h | 1
ldap/servers/plugins/posix-winsync/posix-group-task.c | 72 +++++++++++---
ldap/servers/plugins/posix-winsync/posix-winsync-config.c | 3
4 files changed, 66 insertions(+), 14 deletions(-)
New commits:
commit 945d113b968ef878f13848d1d7d83b70c9bc2e85
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 2 17:32:40 2014 -0700
Ticket #47770 - #481 breaks possibility to reassemble memberuid list
Description: Patch to implement #481 "expand nested posix groups"
wiped out the code in posix_group_fix_memberuid_callback (posix-
group-task.c) to add memberuid if the entry is a posix group.
This patch adds the code back.
Plus fixed a couple of memory leaks and renamed a posix winsync
local function plugin_op_all_finished to posix_winsync_plugin_op_
all_finished not to confuse valgrind.
https://fedorahosted.org/389/ticket/47770
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
(cherry picked from commit 8d5410e2e08f2e6fdabe9ab1dc3e97b20842a34d)
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
index 4e2dae5..eb20383 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
@@ -21,12 +21,12 @@
#include <nspr.h>
#include "slapi-plugin.h"
#include "posix-wsp-ident.h"
+#include "posix-group-func.h"
#define MAX_RECURSION_DEPTH (5)
Slapi_Value **
valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */
-static int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
static PRMonitor *memberuid_operation_lock = 0;
@@ -250,7 +250,7 @@ smods_has_mod(Slapi_Mods *smods, int modtype, const char *type, const char *val)
return rc;
}
-static int
+int
hasObjectClass(Slapi_Entry *entry, const char *objectClass)
{
int rc = 0;
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.h b/ldap/servers/plugins/posix-winsync/posix-group-func.h
index 85e5235..2e5391c 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.h
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.h
@@ -19,5 +19,6 @@ void memberUidUnlock();
int memberUidLockInit();
int addUserToGroupMembership(Slapi_Entry *entry);
void propogateDeletionsUpward(Slapi_Entry *, const Slapi_DN *, Slapi_ValueSet*, Slapi_ValueSet *, int);
+int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
#endif
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c
index 9f558bf..c5ea729 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-task.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c
@@ -89,7 +89,7 @@ posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"posix_group_task_add: retrieved basedn: %s\n", dn);
- if ((filter = fetch_attr(e, "filter", "(objectclass=ntGroup)")) == NULL) {
+ if ((filter = fetch_attr(e, "filter", "(&(objectclass=ntGroup)(|(uniquemember=*)(memberuid=*)))")) == NULL) {
*returncode = LDAP_OBJECT_CLASS_VIOLATION;
rv = SLAPI_DSE_CALLBACK_ERROR;
goto out;
@@ -240,6 +240,7 @@ posix_group_fix_memberuid(char *dn, char *filter_str, void *txn)
static int
posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
{
+ int i;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid ==>\n");
cb_data *the_cb_data = (cb_data *) callback_data;
@@ -253,7 +254,11 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
char *dn = slapi_entry_get_dn(e);
Slapi_DN *sdn = slapi_entry_get_sdn(e);
LDAPMod **mods = NULL;
+ int is_posix_group = 0;
+ if (hasObjectClass(e, "posixGroup")) {
+ is_posix_group = 1;
+ }
/* Clean out memberuids and dsonlymemberuids without a valid referant */
rc = slapi_entry_attr_find(e, "memberuid", &muid_attr);
if (rc == 0 && muid_attr) {
@@ -272,7 +277,6 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid scan for orphaned memberuids\n");
- int i;
for (i = slapi_attr_first_value(muid_attr, &v); i != -1;
i = slapi_attr_next_value(muid_attr, i, &v)) {
char *muid = (char *)slapi_value_get_string(v);
@@ -337,10 +341,8 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
if (rc == 0 && obj_attr) {
int fixMembership = 0;
Slapi_ValueSet *bad_ums = NULL;
-
- int i;
- Slapi_Value * uniqval = NULL; /* uniquemeber Attribute values */
-
+ Slapi_Value *uniqval = NULL; /* uniquemeber Attribute values */
+ Slapi_ValueSet *uids = NULL;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid scan uniquemember, group %s\n", dn);
for (i = slapi_attr_first_value(obj_attr, &uniqval); i != -1;
@@ -350,11 +352,14 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
char *attrs[] = { "uid", "objectclass", NULL };
Slapi_Entry *child = getEntry(member, attrs);
- if (!child) {
+ if (child) {
+ slapi_entry_free(child);
+ } else {
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid orphaned uniquemember found: %s\n", member);
- if (strncasecmp(member, "cn=", 3) == 0) {
+ if ((strncasecmp(member, "cn=", 3) == 0) ||
+ (strncasecmp(member, "uid=", 4) == 0)) {
fixMembership = 1;
}
if (!bad_ums) {
@@ -362,12 +367,51 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
}
slapi_valueset_add_value(bad_ums, uniqval);
}
+
+ if (is_posix_group) {
+ char *uid = NULL;
+ /* search uid for member (DN) */
+ slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "search %s\n", member);
+ if ((uid = searchUid(member)) != NULL) {
+ Slapi_Value *value = slapi_value_new();
+ /* Search an entry having "member" as DN and get uid value from it. */
+ slapi_value_set_string_passin(value, uid);
+ /* add uids ValueSet */
+ if (NULL == uids) {
+ uids = slapi_valueset_new();
+ }
+ slapi_valueset_add_value(uids, value);
+ slapi_value_free(&value);
+ }
+ }
+ }
+ /* If we found some posix members, replace the existing memberuid attribute
+ * with the found values. */
+ if (uids && slapi_valueset_count(uids)) {
+ Slapi_Value *val = 0;
+ Slapi_Mod *smod = slapi_mod_new();
+ int hint = 0;
+
+ slapi_mod_init(smod, 0);
+ slapi_mod_set_operation(smod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
+ slapi_mod_set_type(smod, "memberuid");
+
+ /* Loop through all of our values and add them to smod */
+ hint = slapi_valueset_first_value(uids, &val);
+ while (val) {
+ /* this makes a copy of the berval */
+ slapi_mod_add_value(smod, slapi_value_get_berval(val));
+ hint = slapi_valueset_next_value(uids, hint, &val);
+ }
+ slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(smod));
+ slapi_mod_free(&smod);
}
+ slapi_valueset_free(uids);
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid Finishing...\n");
- if (fixMembership && posix_winsync_config_get_mapNestedGrouping()) {
+ if (fixMembership && posix_winsync_config_get_mapNestedGrouping()) {
Slapi_ValueSet *del_nested_vs = slapi_valueset_new();
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
@@ -383,7 +427,7 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
}
}
- mods = slapi_mods_get_ldapmods_passout(smods);
+ mods = slapi_mods_get_ldapmods_byref(smods);
if (mods) {
Slapi_PBlock *mod_pb = NULL;
mod_pb = slapi_pblock_new();
@@ -400,7 +444,13 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid <==\n");
- return rc;
+ /*
+ * Since Ticket #481 "expand nested posix groups",
+ * there's a possibility the found entry does not contain
+ * uniqueMember attribute. But "not found" error shoud not
+ * be returned, which stops the further fixup task.
+ */
+ return 0;
}
static void
diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
index a7fd6e9..7973137 100644
--- a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
+++ b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
@@ -72,7 +72,8 @@ posix_winsync_agmt_init(const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree)
sdn = slapi_get_first_suffix(&node, 0);
while (sdn) {
- if (slapi_sdn_isparent(sdn, ds_subtree) == 0) {
+ /* if sdn is a parent of ds_subtree or sdn is the WinSync Subtree itself */
+ if (slapi_sdn_isparent(sdn, ds_subtree) || !slapi_sdn_compare(sdn, ds_subtree)) {
theConfig.rep_suffix = sdn;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "Found suffix's '%s'\n",
slapi_sdn_get_dn(sdn));
9 years, 10 months
ldap/servers
by Noriko Hosoi
ldap/servers/plugins/posix-winsync/posix-group-func.c | 4
ldap/servers/plugins/posix-winsync/posix-group-func.h | 1
ldap/servers/plugins/posix-winsync/posix-group-task.c | 72 +++++++++++---
ldap/servers/plugins/posix-winsync/posix-winsync-config.c | 3
ldap/servers/plugins/posix-winsync/posix-winsync.c | 4
ldap/servers/plugins/posix-winsync/posix-wsp-ident.h | 2
6 files changed, 69 insertions(+), 17 deletions(-)
New commits:
commit 8d5410e2e08f2e6fdabe9ab1dc3e97b20842a34d
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Jun 2 12:42:42 2014 -0700
Ticket #47770 - #481 breaks possibility to reassemble memberuid list
Description: Patch to implement #481 "expand nested posix groups"
wiped out the code in posix_group_fix_memberuid_callback (posix-
group-task.c) to add memberuid if the entry is a posix group.
This patch adds the code back.
Plus fixed a couple of memory leaks and renamed a posix winsync
local function plugin_op_all_finished to posix_winsync_plugin_op_
all_finished not to confuse valgrind.
https://fedorahosted.org/389/ticket/47770
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
index 11e9a7f..5f841e5 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
@@ -21,12 +21,12 @@
#include <nspr.h>
#include "slapi-plugin.h"
#include "posix-wsp-ident.h"
+#include "posix-group-func.h"
#define MAX_RECURSION_DEPTH (5)
Slapi_Value **
valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */
-static int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
static PRMonitor *memberuid_operation_lock = 0;
@@ -257,7 +257,7 @@ smods_has_mod(Slapi_Mods *smods, int modtype, const char *type, const char *val)
return rc;
}
-static int
+int
hasObjectClass(Slapi_Entry *entry, const char *objectClass)
{
int rc = 0;
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.h b/ldap/servers/plugins/posix-winsync/posix-group-func.h
index e9db3a2..c37740c 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.h
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.h
@@ -20,5 +20,6 @@ int memberUidLockInit();
void memberUidLockDestroy();
int addUserToGroupMembership(Slapi_Entry *entry);
void propogateDeletionsUpward(Slapi_Entry *, const Slapi_DN *, Slapi_ValueSet*, Slapi_ValueSet *, int);
+int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
#endif
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c
index 9f558bf..c5ea729 100644
--- a/ldap/servers/plugins/posix-winsync/posix-group-task.c
+++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c
@@ -89,7 +89,7 @@ posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"posix_group_task_add: retrieved basedn: %s\n", dn);
- if ((filter = fetch_attr(e, "filter", "(objectclass=ntGroup)")) == NULL) {
+ if ((filter = fetch_attr(e, "filter", "(&(objectclass=ntGroup)(|(uniquemember=*)(memberuid=*)))")) == NULL) {
*returncode = LDAP_OBJECT_CLASS_VIOLATION;
rv = SLAPI_DSE_CALLBACK_ERROR;
goto out;
@@ -240,6 +240,7 @@ posix_group_fix_memberuid(char *dn, char *filter_str, void *txn)
static int
posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
{
+ int i;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid ==>\n");
cb_data *the_cb_data = (cb_data *) callback_data;
@@ -253,7 +254,11 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
char *dn = slapi_entry_get_dn(e);
Slapi_DN *sdn = slapi_entry_get_sdn(e);
LDAPMod **mods = NULL;
+ int is_posix_group = 0;
+ if (hasObjectClass(e, "posixGroup")) {
+ is_posix_group = 1;
+ }
/* Clean out memberuids and dsonlymemberuids without a valid referant */
rc = slapi_entry_attr_find(e, "memberuid", &muid_attr);
if (rc == 0 && muid_attr) {
@@ -272,7 +277,6 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid scan for orphaned memberuids\n");
- int i;
for (i = slapi_attr_first_value(muid_attr, &v); i != -1;
i = slapi_attr_next_value(muid_attr, i, &v)) {
char *muid = (char *)slapi_value_get_string(v);
@@ -337,10 +341,8 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
if (rc == 0 && obj_attr) {
int fixMembership = 0;
Slapi_ValueSet *bad_ums = NULL;
-
- int i;
- Slapi_Value * uniqval = NULL; /* uniquemeber Attribute values */
-
+ Slapi_Value *uniqval = NULL; /* uniquemeber Attribute values */
+ Slapi_ValueSet *uids = NULL;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid scan uniquemember, group %s\n", dn);
for (i = slapi_attr_first_value(obj_attr, &uniqval); i != -1;
@@ -350,11 +352,14 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
char *attrs[] = { "uid", "objectclass", NULL };
Slapi_Entry *child = getEntry(member, attrs);
- if (!child) {
+ if (child) {
+ slapi_entry_free(child);
+ } else {
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid orphaned uniquemember found: %s\n", member);
- if (strncasecmp(member, "cn=", 3) == 0) {
+ if ((strncasecmp(member, "cn=", 3) == 0) ||
+ (strncasecmp(member, "uid=", 4) == 0)) {
fixMembership = 1;
}
if (!bad_ums) {
@@ -362,12 +367,51 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
}
slapi_valueset_add_value(bad_ums, uniqval);
}
+
+ if (is_posix_group) {
+ char *uid = NULL;
+ /* search uid for member (DN) */
+ slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "search %s\n", member);
+ if ((uid = searchUid(member)) != NULL) {
+ Slapi_Value *value = slapi_value_new();
+ /* Search an entry having "member" as DN and get uid value from it. */
+ slapi_value_set_string_passin(value, uid);
+ /* add uids ValueSet */
+ if (NULL == uids) {
+ uids = slapi_valueset_new();
+ }
+ slapi_valueset_add_value(uids, value);
+ slapi_value_free(&value);
+ }
+ }
+ }
+ /* If we found some posix members, replace the existing memberuid attribute
+ * with the found values. */
+ if (uids && slapi_valueset_count(uids)) {
+ Slapi_Value *val = 0;
+ Slapi_Mod *smod = slapi_mod_new();
+ int hint = 0;
+
+ slapi_mod_init(smod, 0);
+ slapi_mod_set_operation(smod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
+ slapi_mod_set_type(smod, "memberuid");
+
+ /* Loop through all of our values and add them to smod */
+ hint = slapi_valueset_first_value(uids, &val);
+ while (val) {
+ /* this makes a copy of the berval */
+ slapi_mod_add_value(smod, slapi_value_get_berval(val));
+ hint = slapi_valueset_next_value(uids, hint, &val);
+ }
+ slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(smod));
+ slapi_mod_free(&smod);
}
+ slapi_valueset_free(uids);
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid Finishing...\n");
- if (fixMembership && posix_winsync_config_get_mapNestedGrouping()) {
+ if (fixMembership && posix_winsync_config_get_mapNestedGrouping()) {
Slapi_ValueSet *del_nested_vs = slapi_valueset_new();
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
@@ -383,7 +427,7 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
}
}
- mods = slapi_mods_get_ldapmods_passout(smods);
+ mods = slapi_mods_get_ldapmods_byref(smods);
if (mods) {
Slapi_PBlock *mod_pb = NULL;
mod_pb = slapi_pblock_new();
@@ -400,7 +444,13 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
"_fix_memberuid <==\n");
- return rc;
+ /*
+ * Since Ticket #481 "expand nested posix groups",
+ * there's a possibility the found entry does not contain
+ * uniqueMember attribute. But "not found" error shoud not
+ * be returned, which stops the further fixup task.
+ */
+ return 0;
}
static void
diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
index 1f025a6..81f2b6d 100644
--- a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
+++ b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
@@ -78,7 +78,8 @@ posix_winsync_agmt_init(const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree)
sdn = slapi_get_first_suffix(&node, 0);
while (sdn) {
- if (slapi_sdn_isparent(sdn, ds_subtree) == 0) {
+ /* if sdn is a parent of ds_subtree or sdn is the WinSync Subtree itself */
+ if (slapi_sdn_isparent(sdn, ds_subtree) || !slapi_sdn_compare(sdn, ds_subtree)) {
theConfig.rep_suffix = sdn;
slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "Found suffix's '%s'\n",
slapi_sdn_get_dn(sdn));
diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync.c b/ldap/servers/plugins/posix-winsync/posix-winsync.c
index bd8553d..58b6cd8 100644
--- a/ldap/servers/plugins/posix-winsync/posix-winsync.c
+++ b/ldap/servers/plugins/posix-winsync/posix-winsync.c
@@ -1980,7 +1980,7 @@ posix_winsync_plugin_close(Slapi_PBlock *pb)
"--> posix_winsync_plugin_close -- begin\n");
g_plugin_started = 0;
- plugin_op_all_finished();
+ posix_winsync_plugin_op_all_finished();
slapi_apib_unregister(WINSYNC_v1_0_GUID);
posix_winsync_config_free();
@@ -2051,7 +2051,7 @@ plugin_op_finished()
}
void
-plugin_op_all_finished()
+posix_winsync_plugin_op_all_finished()
{
while(slapi_counter_get_value(op_counter) > 0){
PR_Sleep(PR_MillisecondsToInterval(100));
diff --git a/ldap/servers/plugins/posix-winsync/posix-wsp-ident.h b/ldap/servers/plugins/posix-winsync/posix-wsp-ident.h
index 24b4052..7691e56 100644
--- a/ldap/servers/plugins/posix-winsync/posix-wsp-ident.h
+++ b/ldap/servers/plugins/posix-winsync/posix-wsp-ident.h
@@ -53,6 +53,6 @@ int posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e,
PRUint64 get_plugin_started();
void plugin_op_started();
void plugin_op_finished();
-void plugin_op_all_finished();
+void posix_winsync_plugin_op_all_finished();
#endif
9 years, 10 months
ldap/servers
by Mark Reynolds
ldap/servers/plugins/mep/mep.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit fa31627bdc7c33d5fb9d72e73690d6056d2999e6
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Mon Jun 2 09:34:28 2014 -0400
Ticket 47466 - Fix coverity issue
12632 - resource leak in mep.c
https://fedorahosted.org/389/ticket/47644
diff --git a/ldap/servers/plugins/mep/mep.c b/ldap/servers/plugins/mep/mep.c
index 9b3d5d2..6dbddbc 100644
--- a/ldap/servers/plugins/mep/mep.c
+++ b/ldap/servers/plugins/mep/mep.c
@@ -1415,7 +1415,8 @@ mep_add_managed_entry(struct configEntry *config,
"mep_add_managed_entry: Unable to create a managed "
"entry from origin entry \"%s\" using config "
"\"%s\".\n", slapi_entry_get_dn(origin), slapi_sdn_get_dn(config->sdn));
- return -1;
+ result = -1;
+ goto bail;
} else {
/* Copy the managed entry DN to use when
* creating the pointer attribute. */
9 years, 10 months