Branch '389-ds-base-1.3.4' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/retrocl/retrocl_po.c | 3 ---
1 file changed, 3 deletions(-)
New commits:
commit 1781280f133c4877f83949400294641a558f5406
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed Aug 19 10:03:50 2015 -0400
Ticket 47831 - remove debug logging from retro cl
Description: Instrumented debug logging was accidentally left in the source.
This logging is being removed.
https://fedorahosted.org/389/ticket/47931
Reviewed by: mreynolds
(cherry picked from commit db7153f89bf3dda935e6ef4f175697bda32fe720)
diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
index f689373..d9f4e6d 100644
--- a/ldap/servers/plugins/retrocl/retrocl_po.c
+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
@@ -157,14 +157,11 @@ write_replog_db(
int err = 0;
int ret = LDAP_SUCCESS;
int i;
- int mark = 0;
if (!dn) {
slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
return ret;
}
- mark = (post_entry && retrocl_entry_in_scope(post_entry));
- slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
if (post_entry){
if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
8 years, 7 months
ldap/servers
by Mark Reynolds
ldap/servers/plugins/retrocl/retrocl_po.c | 3 ---
1 file changed, 3 deletions(-)
New commits:
commit db7153f89bf3dda935e6ef4f175697bda32fe720
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed Aug 19 10:03:50 2015 -0400
Ticket 47831 - remove debug logging from retro cl
Description: Instrumented debug logging was accidentally left in the source.
This logging is being removed.
https://fedorahosted.org/389/ticket/47931
Reviewed by: mreynolds
diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
index f689373..d9f4e6d 100644
--- a/ldap/servers/plugins/retrocl/retrocl_po.c
+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
@@ -157,14 +157,11 @@ write_replog_db(
int err = 0;
int ret = LDAP_SUCCESS;
int i;
- int mark = 0;
if (!dn) {
slapi_log_error( SLAPI_LOG_PLUGIN, RETROCL_PLUGIN_NAME, "write_replog_db: NULL dn\n");
return ret;
}
- mark = (post_entry && retrocl_entry_in_scope(post_entry));
- slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME, "post in scope (%d)\n",mark);
if (post_entry){
if(!retrocl_entry_in_scope(log_e) && !retrocl_entry_in_scope(post_entry)){
8 years, 7 months
Branch '389-ds-base-1.3.4' - ldap/admin rpm/389-ds-base.spec.in
by Noriko Hosoi
ldap/admin/src/scripts/DSCreate.pm.in | 7 ++++---
ldap/admin/src/scripts/DSMigration.pm.in | 2 +-
ldap/admin/src/scripts/DSUpdate.pm.in | 2 +-
rpm/389-ds-base.spec.in | 20 +++++++++++++-------
4 files changed, 19 insertions(+), 12 deletions(-)
New commits:
commit 2c5e0d5692bcabe16a7e3b8e0d24eb3a88913155
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Aug 18 13:43:55 2015 -0700
Ticket #48243 - replica upgrade failed in starting dirsrv service due to upgrade scripts did not run
Description: In the upgrade process, there is a combination of requirements:
. the server is running.
. the server instance service is disabled.
. upgrade scripts are expected to run against the instance.
. the server is restarted once the upgrade is done.
. the server instance service remains disabled.
To fulfill the requirements,
. spec file is modified to enumerate slapd dir (except .remove) in the
/etc/dirsrv for getting the server instance.
. Start/Update perl scripts are modified not to create a symlink in
/etc/systemd/system/dirsrv.target.wants for the upgrade case, which
means the service remains disabled.
https://fedorahosted.org/389/ticket/48243
Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!)
(cherry picked from commit 29c09a5bcc7d54be1aa6880b4f2a423edd3dc463)
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index e4a4ed0..cdde339 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -1098,6 +1098,7 @@ sub updateTmpfilesDotD {
}
sub updateSystemD {
+ my $noservicelink = shift;
my $inf = shift;
my $unitdir = "@systemdsystemunitdir@";
my $confbasedir = "@systemdsystemconfdir@";
@@ -1129,7 +1130,7 @@ sub updateSystemD {
next;
} else {
my $servicelink = "$confdir/$pkgname\(a)$inst.service";
- if (! -l $servicelink) {
+ if (! -l $servicelink && ! $noservicelink) {
if (!symlink($servicefile, $servicelink)) {
debug(1, "error updating link $servicelink to $servicefile - $!\n");
push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ];
@@ -1216,7 +1217,7 @@ sub createDSInstance {
return @errs;
}
- if (@errs = updateSystemD($inf)) {
+ if (@errs = updateSystemD(0, $inf)) {
return @errs;
}
@@ -1452,7 +1453,7 @@ sub removeDSInstance {
}
# update systemd files
- push @errs, updateSystemD();
+ push @errs, updateSystemD(0);
# if we got here, report success
if (@errs) {
diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in
index e59e667..630ab43 100644
--- a/ldap/admin/src/scripts/DSMigration.pm.in
+++ b/ldap/admin/src/scripts/DSMigration.pm.in
@@ -1132,7 +1132,7 @@ sub migrateDS {
}
# do the systemd stuff
- @errs = DSCreate::updateSystemD($inf);
+ @errs = DSCreate::updateSystemD(0, $inf);
if (@errs) {
$mig->msg(@errs);
goto cleanup;
diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in
index 1809ad9..be1e67c 100644
--- a/ldap/admin/src/scripts/DSUpdate.pm.in
+++ b/ldap/admin/src/scripts/DSUpdate.pm.in
@@ -408,7 +408,7 @@ sub updateDSInstance {
push @errs, updateTmpfilesDotD($inf);
- push @errs, updateSystemD($inf);
+ push @errs, updateSystemD(1, $inf);
return @errs;
}
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
index 64541f1..ecdecb5 100644
--- a/rpm/389-ds-base.spec.in
+++ b/rpm/389-ds-base.spec.in
@@ -263,6 +263,7 @@ rm -rf $RPM_BUILD_ROOT
%post
output=/dev/null
+output2=/dev/null
%systemd_post %{pkgname}-snmp.service
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
@@ -275,12 +276,17 @@ instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
+ output2=${DEBUGPOSTTRANS}.upgrade
fi
-echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
-for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
- if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
- inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
- echo found instance $inst - getting status >> $output 2>&1 || :
+echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
+instbase="%{_sysconfdir}/%{pkgname}"
+for dir in $instbase/slapd-* ; do
+ echo dir = $dir >> $output 2>&1 || :
+ if [ ! -d "$dir" ] ; then continue ; fi
+ case "$dir" in *.removed) continue ;; esac
+ basename=`basename $dir`
+ inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
+ echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
instances="$instances $inst"
@@ -305,9 +311,9 @@ echo remove pid files . . . >> $output 2>&1 || :
echo upgrading instances . . . >> $output 2>&1 || :
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
- %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
+ %{_sbindir}/setup-ds.pl -l $output2 -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
else
- %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
+ %{_sbindir}/setup-ds.pl -l $output2 -u -s General.UpdateMode=offline >> $output 2>&1 || :
fi
# restart instances that require it
8 years, 7 months
ldap/admin rpm/389-ds-base.spec.in
by Noriko Hosoi
ldap/admin/src/scripts/DSCreate.pm.in | 7 ++++---
ldap/admin/src/scripts/DSMigration.pm.in | 2 +-
ldap/admin/src/scripts/DSUpdate.pm.in | 2 +-
rpm/389-ds-base.spec.in | 20 +++++++++++++-------
4 files changed, 19 insertions(+), 12 deletions(-)
New commits:
commit 29c09a5bcc7d54be1aa6880b4f2a423edd3dc463
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue Aug 18 13:43:55 2015 -0700
Ticket #48243 - replica upgrade failed in starting dirsrv service due to upgrade scripts did not run
Description: In the upgrade process, there is a combination of requirements:
. the server is running.
. the server instance service is disabled.
. upgrade scripts are expected to run against the instance.
. the server is restarted once the upgrade is done.
. the server instance service remains disabled.
To fulfill the requirements,
. spec file is modified to enumerate slapd dir (except .remove) in the
/etc/dirsrv for getting the server instance.
. Start/Update perl scripts are modified not to create a symlink in
/etc/systemd/system/dirsrv.target.wants for the upgrade case, which
means the service remains disabled.
https://fedorahosted.org/389/ticket/48243
Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!)
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index e4a4ed0..cdde339 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -1098,6 +1098,7 @@ sub updateTmpfilesDotD {
}
sub updateSystemD {
+ my $noservicelink = shift;
my $inf = shift;
my $unitdir = "@systemdsystemunitdir@";
my $confbasedir = "@systemdsystemconfdir@";
@@ -1129,7 +1130,7 @@ sub updateSystemD {
next;
} else {
my $servicelink = "$confdir/$pkgname\(a)$inst.service";
- if (! -l $servicelink) {
+ if (! -l $servicelink && ! $noservicelink) {
if (!symlink($servicefile, $servicelink)) {
debug(1, "error updating link $servicelink to $servicefile - $!\n");
push @errs, [ 'error_linking_file', $servicefile, $servicelink, $! ];
@@ -1216,7 +1217,7 @@ sub createDSInstance {
return @errs;
}
- if (@errs = updateSystemD($inf)) {
+ if (@errs = updateSystemD(0, $inf)) {
return @errs;
}
@@ -1452,7 +1453,7 @@ sub removeDSInstance {
}
# update systemd files
- push @errs, updateSystemD();
+ push @errs, updateSystemD(0);
# if we got here, report success
if (@errs) {
diff --git a/ldap/admin/src/scripts/DSMigration.pm.in b/ldap/admin/src/scripts/DSMigration.pm.in
index e59e667..630ab43 100644
--- a/ldap/admin/src/scripts/DSMigration.pm.in
+++ b/ldap/admin/src/scripts/DSMigration.pm.in
@@ -1132,7 +1132,7 @@ sub migrateDS {
}
# do the systemd stuff
- @errs = DSCreate::updateSystemD($inf);
+ @errs = DSCreate::updateSystemD(0, $inf);
if (@errs) {
$mig->msg(@errs);
goto cleanup;
diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in
index 1809ad9..be1e67c 100644
--- a/ldap/admin/src/scripts/DSUpdate.pm.in
+++ b/ldap/admin/src/scripts/DSUpdate.pm.in
@@ -408,7 +408,7 @@ sub updateDSInstance {
push @errs, updateTmpfilesDotD($inf);
- push @errs, updateSystemD($inf);
+ push @errs, updateSystemD(1, $inf);
return @errs;
}
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
index 64541f1..ecdecb5 100644
--- a/rpm/389-ds-base.spec.in
+++ b/rpm/389-ds-base.spec.in
@@ -263,6 +263,7 @@ rm -rf $RPM_BUILD_ROOT
%post
output=/dev/null
+output2=/dev/null
%systemd_post %{pkgname}-snmp.service
# reload to pick up any changes to systemd files
/bin/systemctl daemon-reload >$output 2>&1 || :
@@ -275,12 +276,17 @@ instances="" # instances that require a restart after upgrade
ninst=0 # number of instances found in total
if [ -n "$DEBUGPOSTTRANS" ] ; then
output=$DEBUGPOSTTRANS
+ output2=${DEBUGPOSTTRANS}.upgrade
fi
-echo looking for services in %{_sysconfdir}/systemd/system/%{groupname}.wants/* >> $output 2>&1 || :
-for service in %{_sysconfdir}/systemd/system/%{groupname}.wants/* ; do
- if [ ! -f "$service" ] ; then continue ; fi # in case nothing matches
- inst=`echo $service | sed -e 's,%{_sysconfdir}/systemd/system/%{groupname}.wants/,,'`
- echo found instance $inst - getting status >> $output 2>&1 || :
+echo looking for instances in %{_sysconfdir}/%{pkgname} > $output 2>&1 || :
+instbase="%{_sysconfdir}/%{pkgname}"
+for dir in $instbase/slapd-* ; do
+ echo dir = $dir >> $output 2>&1 || :
+ if [ ! -d "$dir" ] ; then continue ; fi
+ case "$dir" in *.removed) continue ;; esac
+ basename=`basename $dir`
+ inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
+ echo found instance $inst - getting status >> $output 2>&1 || :
if /bin/systemctl -q is-active $inst ; then
echo instance $inst is running >> $output 2>&1 || :
instances="$instances $inst"
@@ -305,9 +311,9 @@ echo remove pid files . . . >> $output 2>&1 || :
echo upgrading instances . . . >> $output 2>&1 || :
DEBUGPOSTSETUPOPT=`/usr/bin/echo $DEBUGPOSTSETUP | /usr/bin/sed -e "s/[^d]//g"`
if [ -n "$DEBUGPOSTSETUPOPT" ] ; then
- %{_sbindir}/setup-ds.pl -l $output -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
+ %{_sbindir}/setup-ds.pl -l $output2 -$DEBUGPOSTSETUPOPT -u -s General.UpdateMode=offline >> $output 2>&1 || :
else
- %{_sbindir}/setup-ds.pl -l $output -u -s General.UpdateMode=offline >> $output 2>&1 || :
+ %{_sbindir}/setup-ds.pl -l $output2 -u -s General.UpdateMode=offline >> $output 2>&1 || :
fi
# restart instances that require it
8 years, 7 months
Branch '389-ds-base-1.3.4' - dirsrvtests/tickets ldap/servers
by Mark Reynolds
dirsrvtests/tickets/ticket48233_test.py | 105 ++++++++++++++++++++++++++++++++
ldap/servers/plugins/acl/aclplugin.c | 2
2 files changed, 106 insertions(+), 1 deletion(-)
New commits:
commit 57c5d35b4a5ea3e85ae2a7471cbe487531ee3835
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Mon Aug 17 14:51:17 2015 -0400
Ticket 48233 - Server crashes in ACL_LasFindFlush during
shutdown if ACIs contain IP addresss restrictions
Bug Description: The server will crash at shutdown if there are ACI's that use IP rules.
Fix Description: When we stop the acl plugin we need to free aci avl list first, before
we free the libaccess ACL global lists. Otherwise, we dereference a freed
struct.
https://fedorahosted.org/389/ticket/48233
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 22d315b910b086d3e7edca3b6b52511d5da63802)
diff --git a/dirsrvtests/tickets/ticket48233_test.py b/dirsrvtests/tickets/ticket48233_test.py
new file mode 100644
index 0000000..387279d
--- /dev/null
+++ b/dirsrvtests/tickets/ticket48233_test.py
@@ -0,0 +1,105 @@
+import os
+import sys
+import time
+import ldap
+import logging
+import pytest
+from lib389 import DirSrv, Entry, tools, tasks
+from lib389.tools import DirSrvTools
+from lib389._constants import *
+from lib389.properties import *
+from lib389.tasks import *
+from lib389.utils import *
+
+logging.getLogger(__name__).setLevel(logging.DEBUG)
+log = logging.getLogger(__name__)
+
+installation1_prefix = None
+
+
+class TopologyStandalone(object):
+ def __init__(self, standalone):
+ standalone.open()
+ self.standalone = standalone
+
+
+(a)pytest.fixture(scope="module")
+def topology(request):
+ global installation1_prefix
+ if installation1_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+
+ # Creating standalone instance ...
+ standalone = DirSrv(verbose=False)
+ args_instance[SER_HOST] = HOST_STANDALONE
+ args_instance[SER_PORT] = PORT_STANDALONE
+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+ args_standalone = args_instance.copy()
+ standalone.allocate(args_standalone)
+ instance_standalone = standalone.exists()
+ if instance_standalone:
+ standalone.delete()
+ standalone.create()
+ standalone.open()
+
+ # Delete each instance in the end
+ def fin():
+ standalone.delete()
+ request.addfinalizer(fin)
+
+ # Clear out the tmp dir
+ standalone.clearTmpDir(__file__)
+
+ return TopologyStandalone(standalone)
+
+
+def test_ticket48233(topology):
+ """Test that ACI's that use IP restrictions do not crash the server at
+ shutdown
+ """
+
+ # Add aci to restrict access my ip
+ aci_text = ('(targetattr != "userPassword")(version 3.0;acl ' +
+ '"Enable anonymous access - IP"; allow (read,compare,search)' +
+ '(userdn = "ldap:///anyone") and (ip="127.0.0.1");)')
+
+ try:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', aci_text)])
+ except ldap.LDAPError as e:
+ log.error('Failed to add aci: (%s) error %s' % (aci_text, e.message['desc']))
+ assert False
+ time.sleep(1)
+
+ # Anonymous search to engage the aci
+ try:
+ topology.standalone.simple_bind_s("", "")
+ except ldap.LDAPError as e:
+ log.error('Failed to anonymously bind -error %s' % (e.message['desc']))
+ assert False
+
+ try:
+ entries = topology.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'objectclass=*')
+ if not entries:
+ log.fatal('Failed return an entries from search')
+ assert False
+ except ldap.LDAPError, e:
+ log.fatal('Search failed: ' + e.message['desc'])
+ assert False
+
+ # Restart the server
+ topology.standalone.restart(timeout=10)
+
+ # Check for crash
+ if topology.standalone.detectDisorderlyShutdown():
+ log.fatal('Server crashed!')
+ assert False
+
+ log.info('Test complete')
+
+
+if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
\ No newline at end of file
diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c
index 45a6315..d90996e 100644
--- a/ldap/servers/plugins/acl/aclplugin.c
+++ b/ldap/servers/plugins/acl/aclplugin.c
@@ -269,13 +269,13 @@ aclplugin_stop ( Slapi_PBlock *pb )
{
int rc = 0; /* OK */
+ free_acl_avl_list();
ACL_Destroy();
acl_destroy_aclpb_pool();
acl_remove_ext();
ACL_AttrGetterHashDestroy();
ACL_MethodHashDestroy();
ACL_DestroyPools();
- free_acl_avl_list();
aclanom__del_profile(1);
aclgroup_free();
//aclext_free_lockarray();
8 years, 7 months
dirsrvtests/tickets ldap/servers
by Mark Reynolds
dirsrvtests/tickets/ticket48233_test.py | 105 ++++++++++++++++++++++++++++++++
ldap/servers/plugins/acl/aclplugin.c | 2
2 files changed, 106 insertions(+), 1 deletion(-)
New commits:
commit 22d315b910b086d3e7edca3b6b52511d5da63802
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Mon Aug 17 14:51:17 2015 -0400
Ticket 48233 - Server crashes in ACL_LasFindFlush during
shutdown if ACIs contain IP addresss restrictions
Bug Description: The server will crash at shutdown if there are ACI's that use IP rules.
Fix Description: When we stop the acl plugin we need to free aci avl list first, before
we free the libaccess ACL global lists. Otherwise, we dereference a freed
struct.
https://fedorahosted.org/389/ticket/48233
Reviewed by: nhosoi(Thanks!)
diff --git a/dirsrvtests/tickets/ticket48233_test.py b/dirsrvtests/tickets/ticket48233_test.py
new file mode 100644
index 0000000..387279d
--- /dev/null
+++ b/dirsrvtests/tickets/ticket48233_test.py
@@ -0,0 +1,105 @@
+import os
+import sys
+import time
+import ldap
+import logging
+import pytest
+from lib389 import DirSrv, Entry, tools, tasks
+from lib389.tools import DirSrvTools
+from lib389._constants import *
+from lib389.properties import *
+from lib389.tasks import *
+from lib389.utils import *
+
+logging.getLogger(__name__).setLevel(logging.DEBUG)
+log = logging.getLogger(__name__)
+
+installation1_prefix = None
+
+
+class TopologyStandalone(object):
+ def __init__(self, standalone):
+ standalone.open()
+ self.standalone = standalone
+
+
+(a)pytest.fixture(scope="module")
+def topology(request):
+ global installation1_prefix
+ if installation1_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+
+ # Creating standalone instance ...
+ standalone = DirSrv(verbose=False)
+ args_instance[SER_HOST] = HOST_STANDALONE
+ args_instance[SER_PORT] = PORT_STANDALONE
+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+ args_standalone = args_instance.copy()
+ standalone.allocate(args_standalone)
+ instance_standalone = standalone.exists()
+ if instance_standalone:
+ standalone.delete()
+ standalone.create()
+ standalone.open()
+
+ # Delete each instance in the end
+ def fin():
+ standalone.delete()
+ request.addfinalizer(fin)
+
+ # Clear out the tmp dir
+ standalone.clearTmpDir(__file__)
+
+ return TopologyStandalone(standalone)
+
+
+def test_ticket48233(topology):
+ """Test that ACI's that use IP restrictions do not crash the server at
+ shutdown
+ """
+
+ # Add aci to restrict access my ip
+ aci_text = ('(targetattr != "userPassword")(version 3.0;acl ' +
+ '"Enable anonymous access - IP"; allow (read,compare,search)' +
+ '(userdn = "ldap:///anyone") and (ip="127.0.0.1");)')
+
+ try:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, [(ldap.MOD_ADD, 'aci', aci_text)])
+ except ldap.LDAPError as e:
+ log.error('Failed to add aci: (%s) error %s' % (aci_text, e.message['desc']))
+ assert False
+ time.sleep(1)
+
+ # Anonymous search to engage the aci
+ try:
+ topology.standalone.simple_bind_s("", "")
+ except ldap.LDAPError as e:
+ log.error('Failed to anonymously bind -error %s' % (e.message['desc']))
+ assert False
+
+ try:
+ entries = topology.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'objectclass=*')
+ if not entries:
+ log.fatal('Failed return an entries from search')
+ assert False
+ except ldap.LDAPError, e:
+ log.fatal('Search failed: ' + e.message['desc'])
+ assert False
+
+ # Restart the server
+ topology.standalone.restart(timeout=10)
+
+ # Check for crash
+ if topology.standalone.detectDisorderlyShutdown():
+ log.fatal('Server crashed!')
+ assert False
+
+ log.info('Test complete')
+
+
+if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
\ No newline at end of file
diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c
index 45a6315..d90996e 100644
--- a/ldap/servers/plugins/acl/aclplugin.c
+++ b/ldap/servers/plugins/acl/aclplugin.c
@@ -269,13 +269,13 @@ aclplugin_stop ( Slapi_PBlock *pb )
{
int rc = 0; /* OK */
+ free_acl_avl_list();
ACL_Destroy();
acl_destroy_aclpb_pool();
acl_remove_ext();
ACL_AttrGetterHashDestroy();
ACL_MethodHashDestroy();
ACL_DestroyPools();
- free_acl_avl_list();
aclanom__del_profile(1);
aclgroup_free();
//aclext_free_lockarray();
8 years, 7 months
Branch '389-ds-base-1.3.3' - dirsrvtests/suites
by Mark Reynolds
dirsrvtests/suites/acl/acl_test.py | 123 +++++++++++++++++++++++++++----------
1 file changed, 92 insertions(+), 31 deletions(-)
New commits:
commit 895dc4f814eb67c9b14112f647eb452a313e2f89
Author: Simon Pichugin <spichugi(a)redhat.com>
Date: Tue Aug 11 16:11:48 2015 +0200
Ticket #47569 - Added a testcase to ACL testsuite
Description: The attribute defined in the targetattr keyword of an ACI
is checked against the schema to make sure it is a defined attribute
when you are adding a new ACI. If you want to use an attribute subtype,
the ACI is rejected since the attribute with subtype is not defined in
the schema. We should strip off the subtype when we validate the
targetattr keyword against the schema.
Test description:
1. Define two attributes in the schema
- first will be a targetattr
- second will be a userattr
2. Add an ACI with an attribute subtype
- or language subtype
- or binary subtype
- or pronunciation subtype
Signed-off-by: Mark Reynolds <mreynolds(a)redhat.com>
(cherry picked from commit 0c4eafbc945ae4252886ba8546665a79206f3f83)
diff --git a/dirsrvtests/suites/acl/acl_test.py b/dirsrvtests/suites/acl/acl_test.py
index 74bd6c8..b85ee22 100644
--- a/dirsrvtests/suites/acl/acl_test.py
+++ b/dirsrvtests/suites/acl/acl_test.py
@@ -43,43 +43,104 @@ def topology(request):
standalone.create()
standalone.open()
+ # Delete each instance in the end
+ def fin():
+ standalone.delete()
+ request.addfinalizer(fin)
+
# Clear out the tmp dir
standalone.clearTmpDir(__file__)
return TopologyStandalone(standalone)
-def test_acl_init(topology):
- '''
- Write any test suite initialization here(if needed)
- '''
-
- return
-
-
-def test_acl_(topology):
- '''
- Write a single test here...
- '''
-
- return
-
-
-def test_acl_final(topology):
- topology.standalone.delete()
- log.info('acl test suite PASSED')
-
-
-def run_isolated():
- global installation1_prefix
- installation1_prefix = None
-
- topo = topology(True)
- test_acl_init(topo)
- test_acl_(topo)
- test_acl_final(topo)
+def add_attr(topology, attr_name):
+ """Adds attribute to the schema"""
+
+ ATTR_VALUE = """(NAME '%s' \
+ DESC 'Attribute filteri-Multi-Valued' \
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)""" % attr_name
+ mod = [(ldap.MOD_ADD, 'attributeTypes', ATTR_VALUE)]
+
+ try:
+ topology.standalone.modify_s(DN_SCHEMA, mod)
+ except ldap.LDAPError, e:
+ log.fatal('Failed to add attr (%s): error (%s)' % (attr_name,
+ e.message['desc']))
+ assert False
+
+
+(a)pytest.fixture(params=["lang-ja", "binary", "phonetic"])
+def aci_with_attr_subtype(request, topology):
+ """Adds and deletes an ACI in the DEFAULT_SUFFIX"""
+
+ TARGET_ATTR = 'protectedOperation'
+ USER_ATTR = 'allowedToPerform'
+ SUBTYPE = request.param
+
+ log.info("========Executing test with '%s' subtype========" % SUBTYPE)
+ log.info(" Add a target attribute")
+ add_attr(topology, TARGET_ATTR)
+
+ log.info(" Add a user attribute")
+ add_attr(topology, USER_ATTR)
+
+ ACI_TARGET = '(targetattr=%s;%s)' % (TARGET_ATTR, SUBTYPE)
+ ACI_ALLOW = '(version 3.0; acl "test aci for subtypes"; allow (read) '
+ ACI_SUBJECT = 'userattr = "%s;%s#GROUPDN";)' % (USER_ATTR, SUBTYPE)
+ ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
+
+ log.info(" Add an ACI with attribute subtype")
+ mod = [(ldap.MOD_ADD, 'aci', ACI_BODY)]
+ try:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, mod)
+ except ldap.LDAPError, e:
+ log.fatal('Failed to add ACI: error (%s)' % (e.message['desc']))
+ assert False
+
+ def fin():
+ log.info(" Finally, delete an ACI with the '%s' subtype" %
+ SUBTYPE)
+ mod = [(ldap.MOD_DELETE, 'aci', ACI_BODY)]
+ try:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, mod)
+ except ldap.LDAPError, e:
+ log.fatal('Failed to delete ACI: error (%s)' % (e.message['desc']))
+ assert False
+ request.addfinalizer(fin)
+
+ return ACI_BODY
+
+
+def test_aci_attr_subtype_targetattr(topology, aci_with_attr_subtype):
+ """Checks, that ACIs allow attribute subtypes in the targetattr keyword
+
+ Test description:
+ 1. Define two attributes in the schema
+ - first will be a targetattr
+ - second will be a userattr
+ 2. Add an ACI with an attribute subtype
+ - or language subtype
+ - or binary subtype
+ - or pronunciation subtype
+ """
+
+ log.info(" Search for the added attribute")
+ try:
+ entries = topology.standalone.search_s(DEFAULT_SUFFIX,
+ ldap.SCOPE_BASE,
+ '(objectclass=*)', ['aci'])
+ entry = str(entries[0])
+ assert aci_with_attr_subtype in entry
+ log.info(" The added attribute was found")
+
+ except ldap.LDAPError, e:
+ log.fatal('Search failed, error: ' + e.message['desc'])
+ assert False
if __name__ == '__main__':
- run_isolated()
-
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
8 years, 7 months
Branch '389-ds-base-1.3.4' - dirsrvtests/suites
by Mark Reynolds
dirsrvtests/suites/acl/acl_test.py | 123 +++++++++++++++++++++++++++----------
1 file changed, 92 insertions(+), 31 deletions(-)
New commits:
commit 48e506dbb4435235c71886a2c36623a942aae212
Author: Simon Pichugin <spichugi(a)redhat.com>
Date: Tue Aug 11 16:11:48 2015 +0200
Ticket #47569 - Added a testcase to ACL testsuite
Description: The attribute defined in the targetattr keyword of an ACI
is checked against the schema to make sure it is a defined attribute
when you are adding a new ACI. If you want to use an attribute subtype,
the ACI is rejected since the attribute with subtype is not defined in
the schema. We should strip off the subtype when we validate the
targetattr keyword against the schema.
Test description:
1. Define two attributes in the schema
- first will be a targetattr
- second will be a userattr
2. Add an ACI with an attribute subtype
- or language subtype
- or binary subtype
- or pronunciation subtype
Signed-off-by: Mark Reynolds <mreynolds(a)redhat.com>
(cherry picked from commit 0c4eafbc945ae4252886ba8546665a79206f3f83)
diff --git a/dirsrvtests/suites/acl/acl_test.py b/dirsrvtests/suites/acl/acl_test.py
index a500d55..c069a82 100644
--- a/dirsrvtests/suites/acl/acl_test.py
+++ b/dirsrvtests/suites/acl/acl_test.py
@@ -51,43 +51,104 @@ def topology(request):
standalone.create()
standalone.open()
+ # Delete each instance in the end
+ def fin():
+ standalone.delete()
+ request.addfinalizer(fin)
+
# Clear out the tmp dir
standalone.clearTmpDir(__file__)
return TopologyStandalone(standalone)
-def test_acl_init(topology):
- '''
- Write any test suite initialization here(if needed)
- '''
-
- return
-
-
-def test_acl_(topology):
- '''
- Write a single test here...
- '''
-
- return
-
-
-def test_acl_final(topology):
- topology.standalone.delete()
- log.info('acl test suite PASSED')
-
-
-def run_isolated():
- global installation1_prefix
- installation1_prefix = None
-
- topo = topology(True)
- test_acl_init(topo)
- test_acl_(topo)
- test_acl_final(topo)
+def add_attr(topology, attr_name):
+ """Adds attribute to the schema"""
+
+ ATTR_VALUE = """(NAME '%s' \
+ DESC 'Attribute filteri-Multi-Valued' \
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)""" % attr_name
+ mod = [(ldap.MOD_ADD, 'attributeTypes', ATTR_VALUE)]
+
+ try:
+ topology.standalone.modify_s(DN_SCHEMA, mod)
+ except ldap.LDAPError, e:
+ log.fatal('Failed to add attr (%s): error (%s)' % (attr_name,
+ e.message['desc']))
+ assert False
+
+
+(a)pytest.fixture(params=["lang-ja", "binary", "phonetic"])
+def aci_with_attr_subtype(request, topology):
+ """Adds and deletes an ACI in the DEFAULT_SUFFIX"""
+
+ TARGET_ATTR = 'protectedOperation'
+ USER_ATTR = 'allowedToPerform'
+ SUBTYPE = request.param
+
+ log.info("========Executing test with '%s' subtype========" % SUBTYPE)
+ log.info(" Add a target attribute")
+ add_attr(topology, TARGET_ATTR)
+
+ log.info(" Add a user attribute")
+ add_attr(topology, USER_ATTR)
+
+ ACI_TARGET = '(targetattr=%s;%s)' % (TARGET_ATTR, SUBTYPE)
+ ACI_ALLOW = '(version 3.0; acl "test aci for subtypes"; allow (read) '
+ ACI_SUBJECT = 'userattr = "%s;%s#GROUPDN";)' % (USER_ATTR, SUBTYPE)
+ ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
+
+ log.info(" Add an ACI with attribute subtype")
+ mod = [(ldap.MOD_ADD, 'aci', ACI_BODY)]
+ try:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, mod)
+ except ldap.LDAPError, e:
+ log.fatal('Failed to add ACI: error (%s)' % (e.message['desc']))
+ assert False
+
+ def fin():
+ log.info(" Finally, delete an ACI with the '%s' subtype" %
+ SUBTYPE)
+ mod = [(ldap.MOD_DELETE, 'aci', ACI_BODY)]
+ try:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, mod)
+ except ldap.LDAPError, e:
+ log.fatal('Failed to delete ACI: error (%s)' % (e.message['desc']))
+ assert False
+ request.addfinalizer(fin)
+
+ return ACI_BODY
+
+
+def test_aci_attr_subtype_targetattr(topology, aci_with_attr_subtype):
+ """Checks, that ACIs allow attribute subtypes in the targetattr keyword
+
+ Test description:
+ 1. Define two attributes in the schema
+ - first will be a targetattr
+ - second will be a userattr
+ 2. Add an ACI with an attribute subtype
+ - or language subtype
+ - or binary subtype
+ - or pronunciation subtype
+ """
+
+ log.info(" Search for the added attribute")
+ try:
+ entries = topology.standalone.search_s(DEFAULT_SUFFIX,
+ ldap.SCOPE_BASE,
+ '(objectclass=*)', ['aci'])
+ entry = str(entries[0])
+ assert aci_with_attr_subtype in entry
+ log.info(" The added attribute was found")
+
+ except ldap.LDAPError, e:
+ log.fatal('Search failed, error: ' + e.message['desc'])
+ assert False
if __name__ == '__main__':
- run_isolated()
-
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
8 years, 7 months
dirsrvtests/suites
by Mark Reynolds
dirsrvtests/suites/acl/acl_test.py | 123 +++++++++++++++++++++++++++----------
1 file changed, 92 insertions(+), 31 deletions(-)
New commits:
commit 0c4eafbc945ae4252886ba8546665a79206f3f83
Author: Simon Pichugin <spichugi(a)redhat.com>
Date: Tue Aug 11 16:11:48 2015 +0200
Ticket #47569 - Added a testcase to ACL testsuite
Description: The attribute defined in the targetattr keyword of an ACI
is checked against the schema to make sure it is a defined attribute
when you are adding a new ACI. If you want to use an attribute subtype,
the ACI is rejected since the attribute with subtype is not defined in
the schema. We should strip off the subtype when we validate the
targetattr keyword against the schema.
Test description:
1. Define two attributes in the schema
- first will be a targetattr
- second will be a userattr
2. Add an ACI with an attribute subtype
- or language subtype
- or binary subtype
- or pronunciation subtype
Signed-off-by: Mark Reynolds <mreynolds(a)redhat.com>
diff --git a/dirsrvtests/suites/acl/acl_test.py b/dirsrvtests/suites/acl/acl_test.py
index a500d55..c069a82 100644
--- a/dirsrvtests/suites/acl/acl_test.py
+++ b/dirsrvtests/suites/acl/acl_test.py
@@ -51,43 +51,104 @@ def topology(request):
standalone.create()
standalone.open()
+ # Delete each instance in the end
+ def fin():
+ standalone.delete()
+ request.addfinalizer(fin)
+
# Clear out the tmp dir
standalone.clearTmpDir(__file__)
return TopologyStandalone(standalone)
-def test_acl_init(topology):
- '''
- Write any test suite initialization here(if needed)
- '''
-
- return
-
-
-def test_acl_(topology):
- '''
- Write a single test here...
- '''
-
- return
-
-
-def test_acl_final(topology):
- topology.standalone.delete()
- log.info('acl test suite PASSED')
-
-
-def run_isolated():
- global installation1_prefix
- installation1_prefix = None
-
- topo = topology(True)
- test_acl_init(topo)
- test_acl_(topo)
- test_acl_final(topo)
+def add_attr(topology, attr_name):
+ """Adds attribute to the schema"""
+
+ ATTR_VALUE = """(NAME '%s' \
+ DESC 'Attribute filteri-Multi-Valued' \
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27)""" % attr_name
+ mod = [(ldap.MOD_ADD, 'attributeTypes', ATTR_VALUE)]
+
+ try:
+ topology.standalone.modify_s(DN_SCHEMA, mod)
+ except ldap.LDAPError, e:
+ log.fatal('Failed to add attr (%s): error (%s)' % (attr_name,
+ e.message['desc']))
+ assert False
+
+
+(a)pytest.fixture(params=["lang-ja", "binary", "phonetic"])
+def aci_with_attr_subtype(request, topology):
+ """Adds and deletes an ACI in the DEFAULT_SUFFIX"""
+
+ TARGET_ATTR = 'protectedOperation'
+ USER_ATTR = 'allowedToPerform'
+ SUBTYPE = request.param
+
+ log.info("========Executing test with '%s' subtype========" % SUBTYPE)
+ log.info(" Add a target attribute")
+ add_attr(topology, TARGET_ATTR)
+
+ log.info(" Add a user attribute")
+ add_attr(topology, USER_ATTR)
+
+ ACI_TARGET = '(targetattr=%s;%s)' % (TARGET_ATTR, SUBTYPE)
+ ACI_ALLOW = '(version 3.0; acl "test aci for subtypes"; allow (read) '
+ ACI_SUBJECT = 'userattr = "%s;%s#GROUPDN";)' % (USER_ATTR, SUBTYPE)
+ ACI_BODY = ACI_TARGET + ACI_ALLOW + ACI_SUBJECT
+
+ log.info(" Add an ACI with attribute subtype")
+ mod = [(ldap.MOD_ADD, 'aci', ACI_BODY)]
+ try:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, mod)
+ except ldap.LDAPError, e:
+ log.fatal('Failed to add ACI: error (%s)' % (e.message['desc']))
+ assert False
+
+ def fin():
+ log.info(" Finally, delete an ACI with the '%s' subtype" %
+ SUBTYPE)
+ mod = [(ldap.MOD_DELETE, 'aci', ACI_BODY)]
+ try:
+ topology.standalone.modify_s(DEFAULT_SUFFIX, mod)
+ except ldap.LDAPError, e:
+ log.fatal('Failed to delete ACI: error (%s)' % (e.message['desc']))
+ assert False
+ request.addfinalizer(fin)
+
+ return ACI_BODY
+
+
+def test_aci_attr_subtype_targetattr(topology, aci_with_attr_subtype):
+ """Checks, that ACIs allow attribute subtypes in the targetattr keyword
+
+ Test description:
+ 1. Define two attributes in the schema
+ - first will be a targetattr
+ - second will be a userattr
+ 2. Add an ACI with an attribute subtype
+ - or language subtype
+ - or binary subtype
+ - or pronunciation subtype
+ """
+
+ log.info(" Search for the added attribute")
+ try:
+ entries = topology.standalone.search_s(DEFAULT_SUFFIX,
+ ldap.SCOPE_BASE,
+ '(objectclass=*)', ['aci'])
+ entry = str(entries[0])
+ assert aci_with_attr_subtype in entry
+ log.info(" The added attribute was found")
+
+ except ldap.LDAPError, e:
+ log.fatal('Search failed, error: ' + e.message['desc'])
+ assert False
if __name__ == '__main__':
- run_isolated()
-
+ # Run isolated
+ # -s for DEBUG mode
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
8 years, 7 months
Branch '389-ds-base-1.3.4' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/back-ldbm/ldbm_index_config.c | 11 +++-
ldap/servers/slapd/mapping_tree.c | 52 +++++++++++++----------
2 files changed, 39 insertions(+), 24 deletions(-)
New commits:
commit 7a4b0a705ec7376e704f6ae591beabf6c8f890af
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Aug 14 11:19:24 2015 -0700
Ticket #48250 - Slapd crashes reported from latest build
Bug Description: There was a conflict between an import task and
deleting the instance. While the import task was still running,
the backend instance was removed, which should have been rejected.
Fix Description: Backend tasks keeps instance refcnt positive and
disable the backend in the mapping tree. This patch adds the
check for the mapping tree in the backend deletion callback. If
the instance refcnt is positive or the mapping tree is disabled,
the deletion is backed off.
For the backend deletion, the referral info is not needed. To
reduce unnecessary allocation and free, adding the code which
checks if the given referral variable is NULL or not to mtn_get_be.
If it is NULL, no allocation for the referral entry occurs.
https://fedorahosted.org/389/ticket/48250
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
(cherry picked from commit 01fea1f89a680358245677f72a67e9ccf196f66d)
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
index 895d846..42c8ffe 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_index_config.c
@@ -128,7 +128,7 @@ ldbm_instance_index_config_add_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_
/*
* Config DSE callback for index deletes.
- */
+ */
int
ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter, int *returncode, char *returntext, void *arg)
{
@@ -138,15 +138,19 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
const struct berval *attrValue;
int rc = SLAPI_DSE_CALLBACK_OK;
struct attrinfo *ainfo = NULL;
+ Slapi_Backend *be = NULL;
returntext[0] = '\0';
*returncode = LDAP_SUCCESS;
- if (slapi_counter_get_value(inst->inst_ref_count) > 0) {
+ if ((slapi_counter_get_value(inst->inst_ref_count) > 0) ||
+ /* check if the backend is ON or not.
+ * If offline or being deleted, non SUCCESS is returned. */
+ (slapi_mapping_tree_select(pb, &be, NULL, returntext) != LDAP_SUCCESS)) {
*returncode = LDAP_UNAVAILABLE;
rc = SLAPI_DSE_CALLBACK_ERROR;
+ goto bail;
}
-
*returncode = LDAP_SUCCESS;
slapi_entry_attr_find(e, "cn", &attr);
@@ -165,6 +169,7 @@ ldbm_instance_index_config_delete_callback(Slapi_PBlock *pb, Slapi_Entry* e, Sla
rc = SLAPI_DSE_CALLBACK_ERROR;
}
}
+bail:
return rc;
}
diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c
index ca8d6af..165eba1 100644
--- a/ldap/servers/slapd/mapping_tree.c
+++ b/ldap/servers/slapd/mapping_tree.c
@@ -2171,7 +2171,9 @@ int slapi_mapping_tree_select(Slapi_PBlock *pb, Slapi_Backend **be, Slapi_Entry
}
be[0] = NULL;
- referral[0] = NULL;
+ if (referral) {
+ referral[0] = NULL;
+ }
mtn_lock();
@@ -2658,7 +2660,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
((SLAPI_OPERATION_SEARCH == op_type)||(SLAPI_OPERATION_BIND == op_type) ||
(SLAPI_OPERATION_UNBIND == op_type) || (SLAPI_OPERATION_COMPARE == op_type))) ||
override_referral) {
- *referral = NULL;
+ if (referral) {
+ *referral = NULL;
+ }
if ((target_node == mapping_tree_root) ){
/* If we got here, then we couldn't find a matching node
* for the target. We'll use the default backend. Once
@@ -2679,22 +2683,25 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
/* there is only one backend no choice possible */
*index = 0;
} else {
- *index = mtn_get_be_distributed(pb, target_node,
- target_sdn, &flag_stop);
- if (*index == SLAPI_BE_NO_BACKEND)
- result = LDAP_UNWILLING_TO_PERFORM;
- }
- }
- if (*index == SLAPI_BE_REMOTE_BACKEND) {
- *be = NULL;
- *referral = (target_node->mtn_referral_entry ?
- slapi_entry_dup(target_node->mtn_referral_entry) :
- NULL);
+ *index = mtn_get_be_distributed(pb, target_node, target_sdn, &flag_stop);
+ if (*index == SLAPI_BE_NO_BACKEND) {
+ result = LDAP_UNWILLING_TO_PERFORM;
+ }
+ }
+ }
+ if (*index == SLAPI_BE_REMOTE_BACKEND) {
+ *be = NULL;
+ if (referral) {
+ *referral = (target_node->mtn_referral_entry ?
+ slapi_entry_dup(target_node->mtn_referral_entry) : NULL);
+ }
(*index)++;
}else if ((*index == SLAPI_BE_NO_BACKEND) || (*index >= target_node->mtn_be_count)) {
- /* we have already returned all backends -> return NULL */
+ /* we have already returned all backends -> return NULL */
*be = NULL;
- *referral = NULL;
+ if (referral) {
+ *referral = NULL;
+ }
} else {
/* return next backend, increment index */
*be = target_node->mtn_be[*index];
@@ -2749,7 +2756,9 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
* send back NULL to jump to next node
*/
*be = NULL;
- *referral = NULL;
+ if (referral) {
+ *referral = NULL;
+ }
result = LDAP_SUCCESS;
} else {
/* first time we hit this referral -> return it
@@ -2758,11 +2767,12 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
* returned this referral
*/
*be = NULL;
- *referral = (target_node->mtn_referral_entry ?
- slapi_entry_dup(target_node->mtn_referral_entry) :
- NULL);
+ if (referral) {
+ *referral = (target_node->mtn_referral_entry ?
+ slapi_entry_dup(target_node->mtn_referral_entry) : NULL);
+ }
(*index)++;
- if (NULL == *referral) {
+ if (NULL == target_node->mtn_referral_entry) {
if (errorbuf) {
PR_snprintf(errorbuf, BUFSIZ,
"Mapping tree node for %s is set to return a referral,"
@@ -2782,7 +2792,7 @@ static int mtn_get_be(mapping_tree_node *target_node, Slapi_PBlock *pb,
"mapping tree selected backend : %s\n",
slapi_be_get_name(*be));
slapi_be_Rlock(*be);
- } else if (*referral) {
+ } else if (referral && *referral) {
slapi_log_error(SLAPI_LOG_ARGS, NULL,
"mapping tree selected referral at node : %s\n",
slapi_sdn_get_dn(target_node->mtn_subtree));
8 years, 7 months