dirsrvtests/tickets
by Mark Reynolds
dirsrvtests/tickets/ticket48325_test.py | 270 ++++++++++++++++++++++++++++++++
1 file changed, 270 insertions(+)
New commits:
commit a534583fdc7aaaeda11d87fdaf09cfaa603fb48f
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue Nov 10 13:54:30 2015 -0500
Ticket 48325 - Add lib389 test script
Description: Add test script to test replication promotion
https://fedorahosted.org/389/ticket/48325
Reviewed by: wibrown(Thanks!)
diff --git a/dirsrvtests/tickets/ticket48325_test.py b/dirsrvtests/tickets/ticket48325_test.py
new file mode 100644
index 0000000..3505d1a
--- /dev/null
+++ b/dirsrvtests/tickets/ticket48325_test.py
@@ -0,0 +1,270 @@
+import os
+import sys
+import time
+import ldap
+import logging
+import pytest
+from lib389 import DirSrv, Entry, tools, tasks
+from lib389.tools import DirSrvTools
+from lib389._constants import *
+from lib389.properties import *
+from lib389.tasks import *
+from lib389.utils import *
+
+logging.getLogger(__name__).setLevel(logging.DEBUG)
+log = logging.getLogger(__name__)
+
+installation1_prefix = None
+
+
+class TopologyReplication(object):
+ def __init__(self, master1, hub1, consumer1):
+ master1.open()
+ self.master1 = master1
+ hub1.open()
+ self.hub1 = hub1
+ consumer1.open()
+ self.consumer1 = consumer1
+
+
+(a)pytest.fixture(scope="module")
+def topology(request):
+ global installation1_prefix
+ if installation1_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+
+ # Creating master 1...
+ master1 = DirSrv(verbose=False)
+ args_instance[SER_HOST] = HOST_MASTER_1
+ args_instance[SER_PORT] = PORT_MASTER_1
+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+ args_master = args_instance.copy()
+ master1.allocate(args_master)
+ instance_master1 = master1.exists()
+ if instance_master1:
+ master1.delete()
+ master1.create()
+ master1.open()
+ master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER,
+ replicaId=REPLICAID_MASTER_1)
+
+ # Creating hub 1...
+ hub1 = DirSrv(verbose=False)
+ args_instance[SER_HOST] = HOST_HUB_1
+ args_instance[SER_PORT] = PORT_HUB_1
+ args_instance[SER_SERVERID_PROP] = SERVERID_HUB_1
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+ args_hub = args_instance.copy()
+ hub1.allocate(args_hub)
+ instance_hub1 = hub1.exists()
+ if instance_hub1:
+ hub1.delete()
+ hub1.create()
+ hub1.open()
+ hub1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_HUB,
+ replicaId=REPLICAID_HUB_1)
+
+ # Creating consumer 1...
+ consumer1 = DirSrv(verbose=False)
+ args_instance[SER_HOST] = HOST_CONSUMER_1
+ args_instance[SER_PORT] = PORT_CONSUMER_1
+ args_instance[SER_SERVERID_PROP] = SERVERID_CONSUMER_1
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+ args_consumer = args_instance.copy()
+ consumer1.allocate(args_consumer)
+ instance_consumer1 = consumer1.exists()
+ if instance_consumer1:
+ consumer1.delete()
+ consumer1.create()
+ consumer1.open()
+ consumer1.changelog.create()
+ consumer1.replica.enableReplication(suffix=SUFFIX,
+ role=REPLICAROLE_CONSUMER,
+ replicaId=CONSUMER_REPLICAID)
+
+ #
+ # Create all the agreements
+ #
+ # Creating agreement from master 1 to hub 1
+ properties = {RA_NAME: r'meTo_$host:$port',
+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
+ m1_h1_agmt = master1.agreement.create(suffix=SUFFIX, host=hub1.host,
+ port=hub1.port,
+ properties=properties)
+ if not m1_h1_agmt:
+ log.fatal("Fail to create a master -> hub replica agreement")
+ sys.exit(1)
+ log.debug("%s created" % m1_h1_agmt)
+
+ # Creating agreement from hub 1 to consumer 1
+ properties = {RA_NAME: r'meTo_$host:$port',
+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
+ h1_c1_agmt = hub1.agreement.create(suffix=SUFFIX, host=consumer1.host,
+ port=consumer1.port,
+ properties=properties)
+ if not h1_c1_agmt:
+ log.fatal("Fail to create a hub -> consumer replica agreement")
+ sys.exit(1)
+ log.debug("%s created" % h1_c1_agmt)
+
+ # Allow the replicas to get situated with the new agreements...
+ time.sleep(5)
+
+ #
+ # Initialize all the agreements
+ #
+ master1.agreement.init(SUFFIX, HOST_HUB_1, PORT_HUB_1)
+ master1.waitForReplInit(m1_h1_agmt)
+ hub1.agreement.init(SUFFIX, HOST_CONSUMER_1, PORT_CONSUMER_1)
+ hub1.waitForReplInit(h1_c1_agmt)
+
+ # Check replication is working...
+ if master1.testReplication(DEFAULT_SUFFIX, consumer1):
+ log.info('Replication is working.')
+ else:
+ log.fatal('Replication is not working.')
+ assert False
+
+ # Delete each instance in the end
+ def fin():
+ master1.delete()
+ hub1.delete()
+ consumer1.delete()
+ pass
+
+ request.addfinalizer(fin)
+
+ # Clear out the tmp dir
+ master1.clearTmpDir(__file__)
+
+ return TopologyReplication(master1, hub1, consumer1)
+
+
+def checkFirstElement(ds, rid):
+ """
+ Return True if the first RUV element is for the specified rid
+ """
+ try:
+ entry = ds.search_s(DEFAULT_SUFFIX,
+ ldap.SCOPE_SUBTREE,
+ REPLICA_RUV_FILTER,
+ ['nsds50ruv'])
+ assert entry
+ entry = entry[0]
+ except ldap.LDAPError as e:
+ log.fatal('Failed to retrieve RUV entry: %s' % str(e))
+ assert False
+
+ ruv_elements = entry.getValues('nsds50ruv')
+ if ('replica %s ' % rid) in ruv_elements[1]:
+ return True
+ else:
+ return False
+
+
+def test_ticket48325(topology):
+ """
+ Test that the RUV element order is correctly maintained when promoting
+ a hub or consumer.
+ """
+
+ #
+ # Promote consumer to master
+ #
+ try:
+ DN = topology.consumer1.replica._get_mt_entry(DEFAULT_SUFFIX)
+ topology.consumer1.modify_s(DN, [(ldap.MOD_REPLACE,
+ 'nsDS5ReplicaType',
+ '3'),
+ (ldap.MOD_REPLACE,
+ 'nsDS5ReplicaID',
+ '1234'),
+ (ldap.MOD_REPLACE,
+ 'nsDS5Flags',
+ '1')])
+ except ldap.LDAPError as e:
+ log.fatal('Failed to promote consuemr to master: error %s' % str(e))
+ assert False
+ time.sleep(1)
+
+ #
+ # Check ruv has been reordered
+ #
+ if not checkFirstElement(topology.consumer1, '1234'):
+ log.fatal('RUV was not reordered')
+ assert False
+
+ #
+ # Create repl agreement from the newly promoted master to master1
+ #
+ properties = {RA_NAME: r'meTo_$host:$port',
+ RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
+ new_agmt = topology.consumer1.agreement.create(suffix=SUFFIX,
+ host=topology.master1.host,
+ port=topology.master1.port,
+ properties=properties)
+
+ if not new_agmt:
+ log.fatal("Fail to create new agmt from old consumer to the master")
+ assert False
+
+ #
+ # Test replication is working
+ #
+ if topology.consumer1.testReplication(DEFAULT_SUFFIX, topology.master1):
+ log.info('Replication is working.')
+ else:
+ log.fatal('Replication is not working.')
+ assert False
+
+ #
+ # Promote hub to master
+ #
+ try:
+ DN = topology.hub1.replica._get_mt_entry(DEFAULT_SUFFIX)
+ topology.hub1.modify_s(DN, [(ldap.MOD_REPLACE,
+ 'nsDS5ReplicaType',
+ '3'),
+ (ldap.MOD_REPLACE,
+ 'nsDS5ReplicaID',
+ '5678')])
+ except ldap.LDAPError as e:
+ log.fatal('Failed to promote consuemr to master: error %s' % str(e))
+ assert False
+ time.sleep(1)
+
+ #
+ # Check ruv has been reordered
+ #
+ if not checkFirstElement(topology.hub1, '5678'):
+ log.fatal('RUV was not reordered')
+ assert False
+
+ #
+ # Test replication is working
+ #
+ if topology.hub1.testReplication(DEFAULT_SUFFIX, topology.master1):
+ log.info('Replication is working.')
+ else:
+ log.fatal('Replication is not working.')
+ assert False
+
+ # Done
+ log.info('Test complete')
+
+
+if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
\ No newline at end of file
8 years, 4 months
rpm/389-ds-base.spec.in
by Noriko Hosoi
rpm/389-ds-base.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit b3a80f2a1269f6595a6d22b2544b6ade9ebabc65
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Nov 11 10:26:22 2015 -0800
bump nunc-stans version to 0.1.7
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
index 724e625..ff85863 100644
--- a/rpm/389-ds-base.spec.in
+++ b/rpm/389-ds-base.spec.in
@@ -16,7 +16,7 @@
%global use_nunc_stans __NUNC_STANS_ON__
%if %{use_nunc_stans}
-%global nunc_stans_ver 0.1.6
+%global nunc_stans_ver 0.1.7
%endif
# fedora 15 and later uses tmpfiles.d
8 years, 4 months
3 commits - dirsrvtests/suites ldap/admin ldap/servers
by William Brown
dirsrvtests/suites/mep_plugin/mep_test.py | 93 ------------------------------
ldap/admin/src/scripts/DSCreate.pm.in | 9 +-
ldap/servers/slapd/daemon.c | 23 ++++++-
3 files changed, 25 insertions(+), 100 deletions(-)
New commits:
commit 49aaf98732d1e16dde3edb81272de8203aded21c
Author: William Brown <firstyear(a)redhat.com>
Date: Fri Nov 6 14:56:44 2015 +1000
Ticket 48311 -nunc-stans: Attempt to release connection that is not acquired
https://fedorahosted.org/389/ticket/48311
Bug Description: DS with nunc stans enabled produces lots of messages like
[13/Oct/2015:11:29:24 -0400] connection - conn=98 fd=161 Attempt to release
connection that is not acquired
FixDescription: From the original patch:
* Do not call connection_acquire_nolock() inside a PR_ASSERT call.
* Also changed other PR_ASSERTs to only be called if DEBUG is set
This additionally guarantees the return codes of these functions since we have
removed the PR_ASSERT that previously wrapped these function calls. If these
assertions fail, we log to the error log in all cases.
Author: wibrown
Review by: mreynolds, nhosoi (Thanks!)
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 90f0523..5d70647 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -1836,7 +1836,12 @@ ns_handle_closure(struct ns_job_t *job)
#ifdef DEBUG
PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
#else
- NS_JOB_IS_THREAD(ns_job_get_type(job));
+ /* This doesn't actually confirm it's in the event loop thread, but it's a start */
+ if (NS_JOB_IS_THREAD(ns_job_get_type(job)) != 0) {
+ LDAPDebug2Args(LDAP_DEBUG_ANY, "ns_handle_closure: Attempt to close outside of event loop thread %" NSPRIu64 " for fd=%d\n",
+ c->c_connid, c->c_sd);
+ return;
+ }
#endif
PR_Lock(c->c_mutex);
connection_release_nolock_ext(c, 1); /* release ref acquired for event framework */
@@ -1893,7 +1898,14 @@ ns_connection_post_io_or_closing(Connection *conn)
#ifdef DEBUG
PR_ASSERT(0 == connection_acquire_nolock(conn));
#else
- connection_acquire_nolock(conn); /* event framework now has a reference */
+ if (connection_acquire_nolock(conn) != 0) { /* event framework now has a reference */
+ /*
+ * This has already been logged as an error in ./ldap/servers/slapd/connection.c
+ * The error occurs when we get a connection in a closing state.
+ * For now we return, but there is probably a better way to handle the error case.
+ */
+ return;
+ }
#endif
ns_add_io_timeout_job(conn->c_tp, conn->c_prfd, &tv,
NS_JOB_READ|NS_JOB_PRESERVE_FD,
@@ -1919,7 +1931,12 @@ ns_handle_pr_read_ready(struct ns_job_t *job)
#ifdef DEBUG
PR_ASSERT(0 == NS_JOB_IS_THREAD(ns_job_get_type(job)));
#else
- NS_JOB_IS_THREAD(ns_job_get_type(job));
+ /* This doesn't actually confirm it's in the event loop thread, but it's a start */
+ if (NS_JOB_IS_THREAD(ns_job_get_type(job)) != 0) {
+ LDAPDebug2Args(LDAP_DEBUG_ANY, "ns_handle_pr_read_ready: Attempt to handle read ready outside of event loop thread %" NSPRIu64 " for fd=%d\n",
+ c->c_connid, c->c_sd);
+ return;
+ }
#endif
PR_Lock(c->c_mutex);
commit 7bb6a9a856600a99d9865b3aea02fb59ac975c66
Author: William Brown <firstyear(a)redhat.com>
Date: Tue Nov 3 09:19:54 2015 +1000
Ticket #48317: SELinux port labeling retry attempts are excessive
https://fedorahosted.org/389/ticket/48317
Bug Description: In dscreate.pm we attempt to label the ldap_port_t type 60
times in the case of a failure. This is excessive, and it means the setup-ds.pl
appears to hang in certain cases.
Fix Description:
Reduce this number to 5 attempts, and when debug is enabled, display the amount
of attempts remaining.
Author: wibrown(a)redhat.com
Review by: nhosoi(a)redhat.com (Thank you Noriko!)
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index 3ce5a73..7f272f6 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -1011,10 +1011,11 @@ sub updateSelinuxPolicy {
if ($need_label == 1) {
my $semanage_err;
my $rc;
- my $retry = 60;
+ # 60 is a bit excessive, we should fail faster.
+ my $retry = 5;
$ENV{LANG} = "C";
while (($retry > 0) && ($semanage_err = `semanage port -a -t ldap_port_t -p tcp $inf->{slapd}->{ServerPort} 2>&1`) && ($rc = $?)) {
- debug(1, "Adding port $inf->{slapd}->{ServerPort} to selinux policy failed - $semanage_err (return code: $rc).\n");
+ debug(1, "Adding port $inf->{slapd}->{ServerPort} to selinux policy failed - $semanage_err (return code: $rc, $retry attempts remain).\n");
debug(1, "Retrying in 5 seconds\n");
sleep(5);
$retry--;
@@ -1413,13 +1414,13 @@ sub removeDSInstance {
{
my $semanage_err;
my $rc;
- my $retry = 60;
+ my $retry = 5;
$ENV{LANG} = "C";
while (($retry > 0) && ($semanage_err = `semanage port -d -t ldap_port_t -p tcp $port 2>&1`) && ($rc = $?)) {
if (($semanage_err =~ /defined in policy, cannot be deleted/) || ($semanage_err =~ /is not defined/)) {
$retry = -1;
} else {
- debug(1, "Warning: Port $port not removed from selinux policy correctly. Error: $semanage_err\n");
+ debug(1, "Warning: Port $port not removed from selinux policy correctly, $retry attempts remain. Error: $semanage_err\n");
debug(1, "Retrying in 5 seconds\n");
sleep(5);
$retry--;
commit 02d7b19be95764255f5d948aa5eebf4af49c4ed9
Author: William Brown <wibrown(a)redhat.com>
Date: Wed Oct 28 09:31:06 2015 +1000
Ticket 48313 - MEP suite tests for major functionality
https://fedorahosted.org/389/ticket/48313
http://directory.fedoraproject.org/docs/389ds/design/mep-rework.html
http://www.port389.org/docs/389ds/design/managed-entry-design.html
Bug Description: The managed entries plugin works well for the IPA use case, but
has a number of shortcomings when used with existing objects. Before the rewrite
as described can be carried out, a complete functional test suite of MEP is
required to validate the changes made to the plugin do not break existing use
cases.
Fix Description: This patch provides tests that cover the current states MEP is
capable of handling. This does not cover the states that will be covered by the
rework of the plugin.
Author: wibrown
Reviewed by: spichugi (Thank you!)
diff --git a/dirsrvtests/suites/mep_plugin/mep_test.py b/dirsrvtests/suites/mep_plugin/mep_test.py
deleted file mode 100644
index 2bda08d..0000000
--- a/dirsrvtests/suites/mep_plugin/mep_test.py
+++ /dev/null
@@ -1,93 +0,0 @@
-# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2015 Red Hat, Inc.
-# All rights reserved.
-#
-# License: GPL (version 3 or any later version).
-# See LICENSE for details.
-# --- END COPYRIGHT BLOCK ---
-#
-import os
-import sys
-import time
-import ldap
-import logging
-import pytest
-from lib389 import DirSrv, Entry, tools, tasks
-from lib389.tools import DirSrvTools
-from lib389._constants import *
-from lib389.properties import *
-from lib389.tasks import *
-from lib389.utils import *
-
-logging.getLogger(__name__).setLevel(logging.DEBUG)
-log = logging.getLogger(__name__)
-
-installation1_prefix = None
-
-
-class TopologyStandalone(object):
- def __init__(self, standalone):
- standalone.open()
- self.standalone = standalone
-
-
-(a)pytest.fixture(scope="module")
-def topology(request):
- global installation1_prefix
- if installation1_prefix:
- args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-
- # Creating standalone instance ...
- standalone = DirSrv(verbose=False)
- args_instance[SER_HOST] = HOST_STANDALONE
- args_instance[SER_PORT] = PORT_STANDALONE
- args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
- args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
- args_standalone = args_instance.copy()
- standalone.allocate(args_standalone)
- instance_standalone = standalone.exists()
- if instance_standalone:
- standalone.delete()
- standalone.create()
- standalone.open()
-
- # Clear out the tmp dir
- standalone.clearTmpDir(__file__)
-
- return TopologyStandalone(standalone)
-
-
-def test_mep_init(topology):
- '''
- Write any test suite initialization here(if needed)
- '''
-
- return
-
-
-def test_mep_(topology):
- '''
- Write a single test here...
- '''
-
- return
-
-
-def test_mep_final(topology):
- topology.standalone.delete()
- log.info('mep test suite PASSED')
-
-
-def run_isolated():
- global installation1_prefix
- installation1_prefix = None
-
- topo = topology(True)
- test_mep_init(topo)
- test_mep_(topo)
- test_mep_final(topo)
-
-
-if __name__ == '__main__':
- run_isolated()
-
8 years, 4 months
Changes to '725c471333972cd89a114436823c8d6a427b811c'
by William Brown
New branch '725c471333972cd89a114436823c8d6a427b811c' available with the following commits:
commit 49aaf98732d1e16dde3edb81272de8203aded21c
Author: William Brown <firstyear(a)redhat.com>
Date: Fri Nov 6 14:56:44 2015 +1000
Ticket 48311 -nunc-stans: Attempt to release connection that is not acquired
https://fedorahosted.org/389/ticket/48311
Bug Description: DS with nunc stans enabled produces lots of messages like
[13/Oct/2015:11:29:24 -0400] connection - conn=98 fd=161 Attempt to release
connection that is not acquired
FixDescription: From the original patch:
* Do not call connection_acquire_nolock() inside a PR_ASSERT call.
* Also changed other PR_ASSERTs to only be called if DEBUG is set
This additionally guarantees the return codes of these functions since we have
removed the PR_ASSERT that previously wrapped these function calls. If these
assertions fail, we log to the error log in all cases.
Author: wibrown
Review by: mreynolds, nhosoi (Thanks!)
commit 7bb6a9a856600a99d9865b3aea02fb59ac975c66
Author: William Brown <firstyear(a)redhat.com>
Date: Tue Nov 3 09:19:54 2015 +1000
Ticket #48317: SELinux port labeling retry attempts are excessive
https://fedorahosted.org/389/ticket/48317
Bug Description: In dscreate.pm we attempt to label the ldap_port_t type 60
times in the case of a failure. This is excessive, and it means the setup-ds.pl
appears to hang in certain cases.
Fix Description:
Reduce this number to 5 attempts, and when debug is enabled, display the amount
of attempts remaining.
Author: wibrown(a)redhat.com
Review by: nhosoi(a)redhat.com (Thank you Noriko!)
commit 02d7b19be95764255f5d948aa5eebf4af49c4ed9
Author: William Brown <wibrown(a)redhat.com>
Date: Wed Oct 28 09:31:06 2015 +1000
Ticket 48313 - MEP suite tests for major functionality
https://fedorahosted.org/389/ticket/48313
http://directory.fedoraproject.org/docs/389ds/design/mep-rework.html
http://www.port389.org/docs/389ds/design/managed-entry-design.html
Bug Description: The managed entries plugin works well for the IPA use case, but
has a number of shortcomings when used with existing objects. Before the rewrite
as described can be carried out, a complete functional test suite of MEP is
required to validate the changes made to the plugin do not break existing use
cases.
Fix Description: This patch provides tests that cover the current states MEP is
capable of handling. This does not cover the states that will be covered by the
rework of the plugin.
Author: wibrown
Reviewed by: spichugi (Thank you!)
8 years, 4 months
Branch '389-ds-base-1.3.4' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/acl/aclutil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 1a6390d6ffa743f38be206f7ed7bb0ac3bcfe26b
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Nov 10 15:35:41 2015 -0800
Ticket #48344 - acl - regression - trailing ', (comma)' in macro matched value is not removed.
Description: acl_match_macro_in_target in acl plug-in returns matched value
with a trailing comma, e.g., "o=kaki.com,". It's used to create a group DN,
e.g., "cn=Domain Administrators,ou=Groups,o=kaki.como=ace industry,c=us".
Due to the duplicated commas, the bind unexpectedly fails with 50 (insufficient
access).
In getting the matched value from target DN, it checks if a character at the
end position is a comma or not. If it is, '\0' is set there. The position
was one byte ahead. It was introduced by #48141 - aci with wildcard and macro
not correctly evaluated.
https://fedorahosted.org/389/ticket/48344
Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!)
(cherry picked from commit 8e421fb9af2752144cc93e62090fd873524c5633)
diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c
index 2f37107..308cf8b 100644
--- a/ldap/servers/plugins/acl/aclutil.c
+++ b/ldap/servers/plugins/acl/aclutil.c
@@ -935,7 +935,7 @@ acl_match_macro_in_target( const char *ndn, char * match_this,
matched_val_len = ndn_len-macro_suffix_len-
ndn_prefix_end;
- if (ndn[ndn_len - macro_suffix_len] == ',')
+ if (ndn[ndn_len - macro_suffix_len - 1] == ',')
matched_val_len -= 1;
matched_val = (char *)slapi_ch_malloc(matched_val_len + 1);
8 years, 4 months
ldap/servers
by Noriko Hosoi
ldap/servers/plugins/acl/aclutil.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 8e421fb9af2752144cc93e62090fd873524c5633
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Nov 10 15:35:41 2015 -0800
Ticket #48344 - acl - regression - trailing ', (comma)' in macro matched value is not removed.
Description: acl_match_macro_in_target in acl plug-in returns matched value
with a trailing comma, e.g., "o=kaki.com,". It's used to create a group DN,
e.g., "cn=Domain Administrators,ou=Groups,o=kaki.como=ace industry,c=us".
Due to the duplicated commas, the bind unexpectedly fails with 50 (insufficient
access).
In getting the matched value from target DN, it checks if a character at the
end position is a comma or not. If it is, '\0' is set there. The position
was one byte ahead. It was introduced by #48141 - aci with wildcard and macro
not correctly evaluated.
https://fedorahosted.org/389/ticket/48344
Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!)
diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c
index 2f37107..308cf8b 100644
--- a/ldap/servers/plugins/acl/aclutil.c
+++ b/ldap/servers/plugins/acl/aclutil.c
@@ -935,7 +935,7 @@ acl_match_macro_in_target( const char *ndn, char * match_this,
matched_val_len = ndn_len-macro_suffix_len-
ndn_prefix_end;
- if (ndn[ndn_len - macro_suffix_len] == ',')
+ if (ndn[ndn_len - macro_suffix_len - 1] == ',')
matched_val_len -= 1;
matched_val = (char *)slapi_ch_malloc(matched_val_len + 1);
8 years, 4 months
rpm/389-ds-base.spec.in
by Noriko Hosoi
rpm/389-ds-base.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 4fb541208f67bf155ed07abf4bae8b45d1a68fd7
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Nov 9 13:14:15 2015 -0800
bump nunc-stans version to 0.1.6
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
index 52a0245..724e625 100644
--- a/rpm/389-ds-base.spec.in
+++ b/rpm/389-ds-base.spec.in
@@ -16,7 +16,7 @@
%global use_nunc_stans __NUNC_STANS_ON__
%if %{use_nunc_stans}
-%global nunc_stans_ver 0.1.5
+%global nunc_stans_ver 0.1.6
%endif
# fedora 15 and later uses tmpfiles.d
8 years, 4 months