configure ldap/servers m4/systemd.m4
by William Brown
configure | 62 ++++++++++++++++++++++++++++++++++++++++++----
ldap/servers/slapd/log.c | 14 +++++-----
ldap/servers/slapd/slap.h | 4 ++
m4/systemd.m4 | 37 +++++++++++++++++++++++----
4 files changed, 99 insertions(+), 18 deletions(-)
New commits:
commit 5ddd7b9798eee712ad31c1ba436e3bdba29563f4
Author: William Brown <firstyear(a)redhat.com>
Date: Wed Apr 13 14:07:44 2016 +1000
Ticket 47968 - Disable journald logs by default
Bug Description: Due to performance, security, and other issues with journald
we cannot support this in most installs.
Fix Description: This adds a default-off configure switch for journald as part
of systemd, until such time the issues with journald are resolved.
https://fedorahosted.org/389/ticket/47968
Author: wibrown
Review by: nhosoi
diff --git a/configure b/configure
index ecdc5ee..1cf5ecb 100755
--- a/configure
+++ b/configure
@@ -693,6 +693,8 @@ OPENLDAP_TRUE
SELINUX_FALSE
SELINUX_TRUE
PACKAGE_BASE_VERSION
+JOURNALD_FALSE
+JOURNALD_TRUE
SYSTEMD_FALSE
SYSTEMD_TRUE
with_systemdgroupname
@@ -973,6 +975,7 @@ with_nunc_stans
with_nunc_stans_inc
with_nunc_stans_lib
with_systemd
+with_journald
with_systemdsystemunitdir
with_systemdsystemconfdir
with_systemdgroupname
@@ -1733,6 +1736,8 @@ Optional Packages:
--with-nunc-stans-lib=PATH
nunc-stans library directory
--with-systemd Enable Systemd native integration.
+ --with-journald Enable Journald native integration. WARNING, this
+ may cause system instability
--with-systemdsystemunitdir=PATH
Directory for systemd service files (default:
$with_systemdsystemunitdir)
@@ -21180,6 +21185,29 @@ fi
if test "$with_systemd" = yes; then
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-journald" >&5
+$as_echo_n "checking for --with-journald... " >&6; }
+
+# Check whether --with-journald was given.
+if test "${with_journald+set}" = set; then :
+ withval=$with_journald;
+ if test "$withval" = yes
+ then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: using journald logging: WARNING, this may cause system instability" >&5
+$as_echo "using journald logging: WARNING, this may cause system instability" >&6; }
+ with_systemd=yes
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
# Extract the first word of "pkg-config", so it can be a program name with args.
set dummy pkg-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@@ -21222,12 +21250,24 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Systemd with pkg-config" >&5
$as_echo_n "checking for Systemd with pkg-config... " >&6; }
- if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists systemd libsystemd-journal libsystemd-daemon ; then
- systemd_inc=`$PKG_CONFIG --cflags-only-I systemd libsystemd-journal libsystemd-daemon`
- systemd_lib=`$PKG_CONFIG --libs-only-l systemd libsystemd-journal libsystemd-daemon`
- systemd_defs="-DWITH_SYSTEMD"
+ if test "$with_journald" = yes; then
+
+ if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists systemd libsystemd-journal libsystemd-daemon ; then
+ systemd_inc=`$PKG_CONFIG --cflags-only-I systemd libsystemd-journal libsystemd-daemon`
+ systemd_lib=`$PKG_CONFIG --libs-only-l systemd libsystemd-journal libsystemd-daemon`
+ systemd_defs="-DWITH_SYSTEMD -DHAVE_JOURNALD"
+ else
+ as_fn_error $? "no Systemd / Journald pkg-config files" "$LINENO" 5
+ fi
else
- as_fn_error $? "no Systemd / Journald pkg-config files" "$LINENO" 5
+
+ if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists systemd libsystemd-daemon ; then
+ systemd_inc=`$PKG_CONFIG --cflags-only-I systemd libsystemd-daemon`
+ systemd_lib=`$PKG_CONFIG --libs-only-l systemd libsystemd-daemon`
+ systemd_defs="-DWITH_SYSTEMD"
+ else
+ as_fn_error $? "no Systemd pkg-config files" "$LINENO" 5
+ fi
fi
# Check for the pkg config provided unit paths
@@ -21319,6 +21359,14 @@ else
SYSTEMD_FALSE=
fi
+ if test -n "$with_journald"; then
+ JOURNALD_TRUE=
+ JOURNALD_FALSE='#'
+else
+ JOURNALD_TRUE='#'
+ JOURNALD_FALSE=
+fi
+
@@ -21660,6 +21708,10 @@ if test -z "${SYSTEMD_TRUE}" && test -z "${SYSTEMD_FALSE}"; then
as_fn_error $? "conditional \"SYSTEMD\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${JOURNALD_TRUE}" && test -z "${JOURNALD_FALSE}"; then
+ as_fn_error $? "conditional \"JOURNALD\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${SELINUX_TRUE}" && test -z "${SELINUX_FALSE}"; then
as_fn_error $? "conditional \"SELINUX\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index 34ca10d..13f98bb 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -412,7 +412,7 @@ log_set_backend(const char *attrname, char *value, int logtype, char *errorbuf,
backend |= LOGGING_BACKEND_INTERNAL;
} else if (slapi_UTF8NCASECMP(backendstr, "syslog", 6) == 0) {
backend |= LOGGING_BACKEND_SYSLOG;
-#ifdef WITH_SYSTEMD
+#ifdef HAVE_JOURNALD
} else if (slapi_UTF8NCASECMP(backendstr, "journald", 8) == 0 ) {
backend |= LOGGING_BACKEND_JOURNALD;
#endif
@@ -422,7 +422,7 @@ log_set_backend(const char *attrname, char *value, int logtype, char *errorbuf,
if ( !( backend & LOGGING_BACKEND_INTERNAL)
&& ! (backend & LOGGING_BACKEND_SYSLOG)
-#ifdef WITH_SYSTEMD
+#ifdef HAVE_JOURNALD
&& ! (backend & LOGGING_BACKEND_JOURNALD)
#endif
) {
@@ -1993,7 +1993,7 @@ slapd_log_audit (
/* This returns void, so we hope it worked */
syslog(LOG_NOTICE, "%s", buffer);
}
-#ifdef WITH_SYSTEMD
+#ifdef HAVE_JOURNALD
if (lbackend & LOGGING_BACKEND_JOURNALD) {
retval = sd_journal_print(LOG_NOTICE, "%s", buffer);
}
@@ -2052,7 +2052,7 @@ slapd_log_auditfail (
/* This returns void, so we hope it worked */
syslog(LOG_NOTICE, "%s", buffer);
}
-#ifdef WITH_SYSTEMD
+#ifdef HAVE_JOURNALD
if (lbackend & LOGGING_BACKEND_JOURNALD) {
retval = sd_journal_print(LOG_NOTICE, "%s", buffer);
}
@@ -2122,7 +2122,7 @@ slapd_log_error_proc(
/* va_end(ap_file); */
va_end(ap_err);
}
-#ifdef WITH_SYSTEMD
+#ifdef HAVE_JOURNALD
if (loginfo.log_backend & LOGGING_BACKEND_JOURNALD) {
va_start( ap_err, fmt );
/* va_start( ap_file, fmt ); */
@@ -2364,7 +2364,7 @@ slapi_log_error( int severity, char *subsystem, char *fmt, ... )
/* va_end(ap_file); */
va_end(ap_err);
}
-#ifdef WITH_SYSTEMD
+#ifdef HAVE_JOURNALD
if (lbackend & LOGGING_BACKEND_JOURNALD) {
va_start( ap_err, fmt );
/* va_start( ap_file, fmt ); */
@@ -2504,7 +2504,7 @@ slapi_log_access( int level,
vsyslog(LOG_INFO, fmt, ap);
va_end( ap );
}
-#ifdef WITH_SYSTEMD
+#ifdef HAVE_JOURNALD
if (lbackend & LOGGING_BACKEND_JOURNALD) {
va_start (ap, fmt );
rc = sd_journal_printv(LOG_INFO, fmt, ap);
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 57bed0e..0019c68 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -126,7 +126,9 @@ typedef struct symbol_t {
#endif
#ifdef WITH_SYSTEMD
+#ifdef HAVE_JOURNALD
#include <systemd/sd-journal.h>
+#endif
#include <systemd/sd-daemon.h>
#endif
@@ -1897,7 +1899,7 @@ typedef struct _slapdEntryPoints {
#define LOGGING_BACKEND_INTERNAL 0x1
#define LOGGING_BACKEND_SYSLOG 0x2
-#ifdef WITH_SYSTEMD
+#ifdef HAVE_JOURNALD
#define LOGGING_BACKEND_JOURNALD 0x4
#endif
diff --git a/m4/systemd.m4 b/m4/systemd.m4
index d91a9da..939af4f 100644
--- a/m4/systemd.m4
+++ b/m4/systemd.m4
@@ -23,14 +23,40 @@ AC_ARG_WITH(systemd, AS_HELP_STRING([--with-systemd],[Enable Systemd native inte
AC_MSG_RESULT(no))
if test "$with_systemd" = yes; then
+
+ AC_MSG_CHECKING(for --with-journald)
+ AC_ARG_WITH(journald, AS_HELP_STRING([--with-journald],[Enable Journald native integration. WARNING, this may cause system instability]),
+ [
+ if test "$withval" = yes
+ then
+ AC_MSG_RESULT([using journald logging: WARNING, this may cause system instability])
+ with_systemd=yes
+ else
+ AC_MSG_RESULT(no)
+ fi
+ ],
+ AC_MSG_RESULT(no))
+
AC_PATH_PROG(PKG_CONFIG, pkg-config)
AC_MSG_CHECKING(for Systemd with pkg-config)
- if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists systemd libsystemd-journal libsystemd-daemon ; then
- systemd_inc=`$PKG_CONFIG --cflags-only-I systemd libsystemd-journal libsystemd-daemon`
- systemd_lib=`$PKG_CONFIG --libs-only-l systemd libsystemd-journal libsystemd-daemon`
- systemd_defs="-DWITH_SYSTEMD"
+ if test "$with_journald" = yes; then
+
+ if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists systemd libsystemd-journal libsystemd-daemon ; then
+ systemd_inc=`$PKG_CONFIG --cflags-only-I systemd libsystemd-journal libsystemd-daemon`
+ systemd_lib=`$PKG_CONFIG --libs-only-l systemd libsystemd-journal libsystemd-daemon`
+ systemd_defs="-DWITH_SYSTEMD -DHAVE_JOURNALD"
+ else
+ AC_MSG_ERROR([no Systemd / Journald pkg-config files])
+ fi
else
- AC_MSG_ERROR([no Systemd / Journald pkg-config files])
+
+ if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists systemd libsystemd-daemon ; then
+ systemd_inc=`$PKG_CONFIG --cflags-only-I systemd libsystemd-daemon`
+ systemd_lib=`$PKG_CONFIG --libs-only-l systemd libsystemd-daemon`
+ systemd_defs="-DWITH_SYSTEMD"
+ else
+ AC_MSG_ERROR([no Systemd pkg-config files])
+ fi
fi
# Check for the pkg config provided unit paths
@@ -101,4 +127,5 @@ fi
# End of with_systemd
AM_CONDITIONAL([SYSTEMD],[test -n "$with_systemd"])
+AM_CONDITIONAL([JOURNALD],[test -n "$with_journald"])
8 years
Branch '389-ds-base-1.3.4' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/schema.c | 66 ++++++++++++++++++++++++++++++++++----------
1 file changed, 51 insertions(+), 15 deletions(-)
New commits:
commit 7927e4420fb185ae328d56cfd4741583ae1f667b
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Apr 8 14:17:12 2016 -0700
Ticket #48492 - heap corruption at schema replication.
Bug Description: If nsslapd-enquote-sup-oc is on, the server is supposed to
handle the quoted SYNTAX values although the spec is deprecated. Currently,
if nsslapd-enquote-sup-oc is on, it wraps SYNTAX values with quotes, but the
information is not passed to the openldap schema parser where the parsing the
schema fails.
Fix Description: This patch passes the info (flag LDAP_SCHEMA_ALLOW_QUOTED)
to the openldap API ldap_str2attributetype if nsslapd-enquote-sup-oc is on.
Additionally, to support the old style quoted SYNTAX values in the schema
files, loading the schema has to get the enquote information prior to the
configuration parameters evaluated. To pass the information, this patch
accepts the environment variable LDAP_SCHEMA_ALLOW_QUOTED. If it is defined
with any value, old style schema files are processed.
To set the environment variable, add
LDAP_SCHEMA_ALLOW_QUOTED="on"
to /etc/sysconfig/dirsrv-INSTANCE.
https://fedorahosted.org/389/ticket/48492
Reviewed by firstyear(a)redhat.com (Thank you, William!!)
(cherry picked from commit 955dc66d42511c2cc8d6ff18cf030508f6da2770)
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
index dd56599..806c38d 100644
--- a/ldap/servers/slapd/schema.c
+++ b/ldap/servers/slapd/schema.c
@@ -1638,6 +1638,16 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
}
if ( !aew->schema_ds4x_compat ) {
+#if defined (USE_OPENLDAP)
+ /*
+ * These values in quotes are not supported by the openldap parser.
+ * Even if nsslapd-enquote-sup-oc is on, quotes should not be added.
+ */
+ outp += put_tagged_oid( outp, "SUP ", asip->asi_superior, NULL, 0 );
+ outp += put_tagged_oid( outp, "EQUALITY ", asip->asi_mr_equality, NULL, 0 );
+ outp += put_tagged_oid( outp, "ORDERING ", asip->asi_mr_ordering, NULL, 0 );
+ outp += put_tagged_oid( outp, "SUBSTR ", asip->asi_mr_substring, NULL, 0 );
+#else
outp += put_tagged_oid( outp, "SUP ",
asip->asi_superior, NULL, aew->enquote_sup_oc );
outp += put_tagged_oid( outp, "EQUALITY ",
@@ -1646,6 +1656,7 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
asip->asi_mr_ordering, NULL, aew->enquote_sup_oc );
outp += put_tagged_oid( outp, "SUBSTR ",
asip->asi_mr_substring, NULL, aew->enquote_sup_oc );
+#endif
}
outp += put_tagged_oid( outp, "SYNTAX ", syntaxoid, syntaxlengthbuf,
@@ -4105,7 +4116,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
char **attr_names = NULL;
unsigned long flags = SLAPI_ATTR_FLAG_OVERRIDE;
/* If we ever accept openldap schema directly, then make parser_flags configurable */
- const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
+ unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
int invalid_syntax_error;
int syntaxlength = SLAPI_SYNTAXLENGTH_NONE;
int num_names = 0;
@@ -4113,6 +4124,17 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
int rc = 0;
int a, aa;
+ if (config_get_enquote_sup_oc()) {
+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
+ } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
+ char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
+ if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
+ slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
+ CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
+ }
+ }
+
/*
* OpenLDAP AttributeType struct
*
@@ -4159,7 +4181,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
/* trim any leading spaces */
input++;
}
- if((atype = ldap_str2attributetype(input, &rc, &errp, parser_flags )) == NULL){
+ if((atype = ldap_str2attributetype(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at, input,
"Failed to parse attribute, error(%d - %s) at (%s)", rc, ldap_scherr2str(rc), errp );
return invalid_syntax_error;
@@ -4478,12 +4500,23 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
char **OrigRequiredAttrsArray, **OrigAllowedAttrsArray;
char *first_oc_name = NULL;
/* If we ever accept openldap schema directly, then make parser_flags configurable */
- const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
+ unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
PRUint8 flags = 0;
int invalid_syntax_error;
int i, j;
int rc = 0;
+ if (config_get_enquote_sup_oc()) {
+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
+ } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
+ char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
+ if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
+ slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
+ CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
+ }
+ }
+
/*
* openLDAP Objectclass struct
*
@@ -4521,10 +4554,10 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
* Parse the input and create the openLdap objectclass structure
*/
while(isspace(*input)){
- /* trim any leading spaces */
+ /* trim any leading spaces */
input++;
}
- if((objClass = ldap_str2objectclass(input, &rc, &errp, parser_flags )) == NULL){
+ if((objClass = ldap_str2objectclass(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc, input,
"Failed to parse objectclass, error(%d) at (%s)", rc, errp );
return invalid_syntax_error;
@@ -5592,7 +5625,7 @@ get_tagged_oid( const char *tag, const char **inputp,
PR_ASSERT( NULL != *inputp );
PR_ASSERT( NULL != tag );
PR_ASSERT( '\0' != tag[ 0 ] );
- if('(' !=tag[0])
+ if('(' !=tag[0])
PR_ASSERT((' ' == tag[ strlen( tag ) - 1 ]) || ('(' == tag[ strlen( tag ) - 1 ]));
if ( NULL == strstr_fn ) {
@@ -5611,8 +5644,8 @@ get_tagged_oid( const char *tag, const char **inputp,
/* skip past the leading single quote, if present */
if ( *startp == '\'' ) {
++startp;
- /* skip past any extra white space */
- startp = skipWS( startp );
+ /* skip past any extra white space */
+ startp = skipWS( startp );
}
/* locate the end of the OID */
@@ -7155,6 +7188,7 @@ schema_berval_to_oclist(struct berval **oc_berval)
errorbuf[0] = '\0';
for (i = 0; oc_berval[i] != NULL; i++) {
/* parse the objectclass value */
+ oc = NULL;
if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
schema_ds4x_compat, oc_list))) {
@@ -7197,12 +7231,13 @@ schema_berval_to_atlist(struct berval **at_berval)
errorbuf[0] = '\0';
for (i = 0; at_berval[i] != NULL; i++) {
/* parse the objectclass value */
+ at = NULL;
rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
if (rc) {
slapi_log_error(SLAPI_LOG_FATAL, "schema",
- "parse_oc_str returned error: %s\n",
- errorbuf[0]?errorbuf:"unknown");
+ "schema_berval_to_atlist: parse_at_str(%s) failed - %s\n",
+ at_berval[i]->bv_val, errorbuf[0]?errorbuf:"unknown");
attr_syntax_free(at);
break;
}
@@ -7217,6 +7252,7 @@ schema_berval_to_atlist(struct berval **at_berval)
}
if (rc) {
schema_atlist_free(head);
+ head = NULL;
}
return head;
@@ -7319,12 +7355,12 @@ schema_attributetypes_superset_check(struct berval **remote_schema, char *type)
static void
modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
{
- Slapi_PBlock *newpb;
+ Slapi_PBlock *newpb;
int op_result;
- CSN *schema_csn;
+ CSN *schema_csn;
- /* allocate internal mod components: pblock*/
- newpb = slapi_pblock_new();
+ /* allocate internal mod components: pblock*/
+ newpb = slapi_pblock_new();
slapi_modify_internal_set_pb_ext (
newpb,
@@ -7333,7 +7369,7 @@ modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
NULL, /* Controls */
NULL,
(void *)plugin_get_default_component_id(),
- 0);
+ 0);
/* do modify */
slapi_modify_internal_pb (newpb);
8 years
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/schema.c | 66 ++++++++++++++++++++++++++++++++++----------
1 file changed, 51 insertions(+), 15 deletions(-)
New commits:
commit 955dc66d42511c2cc8d6ff18cf030508f6da2770
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Apr 8 14:17:12 2016 -0700
Ticket #48492 - heap corruption at schema replication.
Bug Description: If nsslapd-enquote-sup-oc is on, the server is supposed to
handle the quoted SYNTAX values although the spec is deprecated. Currently,
if nsslapd-enquote-sup-oc is on, it wraps SYNTAX values with quotes, but the
information is not passed to the openldap schema parser where the parsing the
schema fails.
Fix Description: This patch passes the info (flag LDAP_SCHEMA_ALLOW_QUOTED)
to the openldap API ldap_str2attributetype if nsslapd-enquote-sup-oc is on.
Additionally, to support the old style quoted SYNTAX values in the schema
files, loading the schema has to get the enquote information prior to the
configuration parameters evaluated. To pass the information, this patch
accepts the environment variable LDAP_SCHEMA_ALLOW_QUOTED. If it is defined
with any value, old style schema files are processed.
To set the environment variable, add
LDAP_SCHEMA_ALLOW_QUOTED="on"
to /etc/sysconfig/dirsrv-INSTANCE.
https://fedorahosted.org/389/ticket/48492
Reviewed by firstyear(a)redhat.com (Thank you, William!!)
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
index dd56599..806c38d 100644
--- a/ldap/servers/slapd/schema.c
+++ b/ldap/servers/slapd/schema.c
@@ -1638,6 +1638,16 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
}
if ( !aew->schema_ds4x_compat ) {
+#if defined (USE_OPENLDAP)
+ /*
+ * These values in quotes are not supported by the openldap parser.
+ * Even if nsslapd-enquote-sup-oc is on, quotes should not be added.
+ */
+ outp += put_tagged_oid( outp, "SUP ", asip->asi_superior, NULL, 0 );
+ outp += put_tagged_oid( outp, "EQUALITY ", asip->asi_mr_equality, NULL, 0 );
+ outp += put_tagged_oid( outp, "ORDERING ", asip->asi_mr_ordering, NULL, 0 );
+ outp += put_tagged_oid( outp, "SUBSTR ", asip->asi_mr_substring, NULL, 0 );
+#else
outp += put_tagged_oid( outp, "SUP ",
asip->asi_superior, NULL, aew->enquote_sup_oc );
outp += put_tagged_oid( outp, "EQUALITY ",
@@ -1646,6 +1656,7 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void *arg)
asip->asi_mr_ordering, NULL, aew->enquote_sup_oc );
outp += put_tagged_oid( outp, "SUBSTR ",
asip->asi_mr_substring, NULL, aew->enquote_sup_oc );
+#endif
}
outp += put_tagged_oid( outp, "SYNTAX ", syntaxoid, syntaxlengthbuf,
@@ -4105,7 +4116,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
char **attr_names = NULL;
unsigned long flags = SLAPI_ATTR_FLAG_OVERRIDE;
/* If we ever accept openldap schema directly, then make parser_flags configurable */
- const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
+ unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
int invalid_syntax_error;
int syntaxlength = SLAPI_SYNTAXLENGTH_NONE;
int num_names = 0;
@@ -4113,6 +4124,17 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
int rc = 0;
int a, aa;
+ if (config_get_enquote_sup_oc()) {
+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
+ } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
+ char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
+ if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
+ slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
+ CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
+ }
+ }
+
/*
* OpenLDAP AttributeType struct
*
@@ -4159,7 +4181,7 @@ parse_attr_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf,
/* trim any leading spaces */
input++;
}
- if((atype = ldap_str2attributetype(input, &rc, &errp, parser_flags )) == NULL){
+ if((atype = ldap_str2attributetype(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_at, input,
"Failed to parse attribute, error(%d - %s) at (%s)", rc, ldap_scherr2str(rc), errp );
return invalid_syntax_error;
@@ -4478,12 +4500,23 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
char **OrigRequiredAttrsArray, **OrigAllowedAttrsArray;
char *first_oc_name = NULL;
/* If we ever accept openldap schema directly, then make parser_flags configurable */
- const int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
+ unsigned int parser_flags = LDAP_SCHEMA_ALLOW_NONE | LDAP_SCHEMA_ALLOW_NO_OID;
PRUint8 flags = 0;
int invalid_syntax_error;
int i, j;
int rc = 0;
+ if (config_get_enquote_sup_oc()) {
+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
+ } else if (getenv("LDAP_SCHEMA_ALLOW_QUOTED")) {
+ char ebuf[SLAPI_DSE_RETURNTEXT_SIZE];
+ parser_flags |= LDAP_SCHEMA_ALLOW_QUOTED;
+ if (config_set_enquote_sup_oc(CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, "on", ebuf, CONFIG_APPLY)) {
+ slapi_log_error(SLAPI_LOG_FATAL, "schema", "Failed to enable %s: %s\n",
+ CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, ebuf);
+ }
+ }
+
/*
* openLDAP Objectclass struct
*
@@ -4521,10 +4554,10 @@ parse_objclass_str ( const char *input, struct objclass **oc, char *errorbuf,
* Parse the input and create the openLdap objectclass structure
*/
while(isspace(*input)){
- /* trim any leading spaces */
+ /* trim any leading spaces */
input++;
}
- if((objClass = ldap_str2objectclass(input, &rc, &errp, parser_flags )) == NULL){
+ if((objClass = ldap_str2objectclass(input, &rc, &errp, (const unsigned int)parser_flags )) == NULL){
schema_create_errormsg( errorbuf, errorbufsize, schema_errprefix_oc, input,
"Failed to parse objectclass, error(%d) at (%s)", rc, errp );
return invalid_syntax_error;
@@ -5592,7 +5625,7 @@ get_tagged_oid( const char *tag, const char **inputp,
PR_ASSERT( NULL != *inputp );
PR_ASSERT( NULL != tag );
PR_ASSERT( '\0' != tag[ 0 ] );
- if('(' !=tag[0])
+ if('(' !=tag[0])
PR_ASSERT((' ' == tag[ strlen( tag ) - 1 ]) || ('(' == tag[ strlen( tag ) - 1 ]));
if ( NULL == strstr_fn ) {
@@ -5611,8 +5644,8 @@ get_tagged_oid( const char *tag, const char **inputp,
/* skip past the leading single quote, if present */
if ( *startp == '\'' ) {
++startp;
- /* skip past any extra white space */
- startp = skipWS( startp );
+ /* skip past any extra white space */
+ startp = skipWS( startp );
}
/* locate the end of the OID */
@@ -7155,6 +7188,7 @@ schema_berval_to_oclist(struct berval **oc_berval)
errorbuf[0] = '\0';
for (i = 0; oc_berval[i] != NULL; i++) {
/* parse the objectclass value */
+ oc = NULL;
if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
schema_ds4x_compat, oc_list))) {
@@ -7197,12 +7231,13 @@ schema_berval_to_atlist(struct berval **at_berval)
errorbuf[0] = '\0';
for (i = 0; at_berval[i] != NULL; i++) {
/* parse the objectclass value */
+ at = NULL;
rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
if (rc) {
slapi_log_error(SLAPI_LOG_FATAL, "schema",
- "parse_oc_str returned error: %s\n",
- errorbuf[0]?errorbuf:"unknown");
+ "schema_berval_to_atlist: parse_at_str(%s) failed - %s\n",
+ at_berval[i]->bv_val, errorbuf[0]?errorbuf:"unknown");
attr_syntax_free(at);
break;
}
@@ -7217,6 +7252,7 @@ schema_berval_to_atlist(struct berval **at_berval)
}
if (rc) {
schema_atlist_free(head);
+ head = NULL;
}
return head;
@@ -7319,12 +7355,12 @@ schema_attributetypes_superset_check(struct berval **remote_schema, char *type)
static void
modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
{
- Slapi_PBlock *newpb;
+ Slapi_PBlock *newpb;
int op_result;
- CSN *schema_csn;
+ CSN *schema_csn;
- /* allocate internal mod components: pblock*/
- newpb = slapi_pblock_new();
+ /* allocate internal mod components: pblock*/
+ newpb = slapi_pblock_new();
slapi_modify_internal_set_pb_ext (
newpb,
@@ -7333,7 +7369,7 @@ modify_schema_internal_mod(Slapi_DN *sdn, Slapi_Mods *smods)
NULL, /* Controls */
NULL,
(void *)plugin_get_default_component_id(),
- 0);
+ 0);
/* do modify */
slapi_modify_internal_pb (newpb);
8 years
ldap/servers
by William Brown
ldap/servers/slapd/ssl.c | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
New commits:
commit 6186290df8b4e1fe69091ee021bb4ac7b9e951cc
Author: William Brown <firstyear(a)redhat.com>
Date: Wed Mar 30 10:57:05 2016 +1000
Ticket 48450 - Systemd password agent support
Bug Description: Directory server needs to be able to prompt for passwords with
with systemd during systemd startup, or post start up.
Fix Description: This allows Directory Server to take advantage of the svrcore
systemd integration, allowing systemd password as the "last resport" if file
or tty is not avaliable to the administrator.
https://fedorahosted.org/389/ticket/48450
Author: wibrown
Review by: nhosoi (Thanks!)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 9c98f7d..38efc73 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -1125,13 +1125,22 @@ svrcore_setup()
{
PRErrorCode errorCode;
int rv = 0;
+#ifdef WITH_SYSTEMD
+ SVRCOREStdSystemdPinObj *StdPinObj;
+ StdPinObj = (SVRCOREStdSystemdPinObj *)SVRCORE_GetRegisteredPinObj();
+#else
SVRCOREStdPinObj *StdPinObj;
-
StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj();
+#endif
+
if (StdPinObj) {
return 0; /* already registered */
}
+#ifdef WITH_SYSTEMD
+ if ( SVRCORE_CreateStdSystemdPinObj(&StdPinObj, dongle_file_name, PR_TRUE, PR_TRUE, 90) != SVRCORE_Success) {
+#else
if ( SVRCORE_CreateStdPinObj(&StdPinObj, dongle_file_name, PR_TRUE) != SVRCORE_Success) {
+#endif
errorCode = PR_GetError();
slapd_SSL_warn("Security Initialization: Unable to create PinObj ("
SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
@@ -1248,6 +1257,10 @@ slapd_ssl_init()
return -1;
}
/* authenticate */
+#ifdef WITH_SYSTEMD
+ slapd_SSL_warn("Sending pin request to SVRCore. You may need to run"
+ " systemd-tty-ask-password-agent to provide the password.");
+#endif
if (slapd_pk11_authenticate(slot, PR_TRUE, NULL) != SECSuccess) {
errorCode = PR_GetError();
slapd_SSL_warn("Security Initialization: Unable to authenticate ("
@@ -1494,6 +1507,10 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
int allowweakcipher = CIPHER_SET_DEFAULTWEAKCIPHER;
/* turn off the PKCS11 pin interactive mode */
+ /* wibrown 2016 */
+ /* We don't need to do the detection for the StdSystemPin, it does it */
+ /* automatically for us. */
+#ifndef WITH_SYSTEMD
SVRCOREStdPinObj *StdPinObj;
if (svrcore_setup()) {
@@ -1502,6 +1519,7 @@ slapd_ssl_init2(PRFileDesc **fd, int startTLS)
StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj();
SVRCORE_SetStdPinInteractive(StdPinObj, PR_FALSE);
+#endif
errorbuf[0] = '\0';
/*
@@ -2116,6 +2134,10 @@ slapd_SSL_client_auth (LDAP* ld)
/* Free config data */
if (!svrcore_setup()) {
+#ifdef WITH_SYSTEMD
+ slapd_SSL_warn("Sending pin request to SVRCore. You may need to run "
+ "systemd-tty-ask-password-agent to provide the password.");
+#endif
StdPinObj = (SVRCOREStdPinObj *)SVRCORE_GetRegisteredPinObj();
err = SVRCORE_StdPinGetPin( &pw, StdPinObj, token );
if ( err != SVRCORE_Success || pw == NULL) {
8 years
3 commits - dirsrvtests/tests ldap/servers
by William Brown
dirsrvtests/tests/suites/dna_plugin/dna_test.py | 169 +++++++++++-
dirsrvtests/tests/tickets/ticket48342_test.py | 322 ++++++++++++++++++++++++
ldap/servers/plugins/dna/dna.c | 178 ++++++++-----
3 files changed, 595 insertions(+), 74 deletions(-)
New commits:
commit 472a96b512f1b4cf6f5a0a2603c8abe77ba4c173
Author: William Brown <firstyear(a)redhat.com>
Date: Mon Apr 4 09:31:46 2016 +1000
Ticket 48342 - Prevent transaction abort if a transaction has not begun
Bug Description: Transactions may have been aborted if they had not begun yet
due to a logic issue in dna_update_config_event. Additionally, it was possible
for an operation to fail and the transaction to not be aborted, and for the
transaction to fail to start and the delete to proceed anyway!
Fix Description: Re-arrange and correct the logic around the transaction
in dna_update_config_event. Given this code is always called during startup, we
do not have the same be-txn issues as other areas of dna. This should fix the
transaction logic.
https://fedorahosted.org/389/ticket/48342
Author: wibrown
Review by: tbordaz (Thanks)
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index cac0051..2908443 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -1603,35 +1603,35 @@ dna_update_config_event(time_t event_time, void *arg)
slapi_pblock_set(dna_pb, SLAPI_BACKEND, be);
/* We need to start transaction to avoid the deadlock */
rc = slapi_back_transaction_begin(dna_pb);
- if (rc) {
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_update_config_event: failed to start transaction\n");
- }
- }
+ if (rc == 0) {
- /* First delete the existing shared config entry. This
- * will allow the entry to be updated for things like
- * port number changes, etc. */
- slapi_delete_internal_set_pb(pb, config_entry->shared_cfg_dn,
- NULL, NULL, getPluginID(), 0);
+ /* First delete the existing shared config entry. This
+ * will allow the entry to be updated for things like
+ * port number changes, etc. */
+ slapi_delete_internal_set_pb(pb, config_entry->shared_cfg_dn,
+ NULL, NULL, getPluginID(), 0);
- /* We don't care about the results */
- slapi_delete_internal_pb(pb);
+ /* We don't care about the results */
+ slapi_delete_internal_pb(pb);
- /* Now force the entry to be recreated */
- dna_update_shared_config(config_entry);
+ /* Now force the entry to be recreated */
+ rc = dna_update_shared_config(config_entry);
- if (dna_pb) {
- if (0 == rc) {
- slapi_back_transaction_commit(dna_pb);
- } else {
- if (slapi_back_transaction_abort(dna_pb) != 0) {
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, "dna_update_config_event: failed to abort transaction!\n");
+ if (0 == rc) {
+ slapi_back_transaction_commit(dna_pb);
+ } else {
+ if (slapi_back_transaction_abort(dna_pb) != 0) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, "dna_update_config_event: failed to abort transaction!\n");
+ }
}
+ slapi_pblock_destroy(dna_pb);
+ slapi_pblock_init(pb);
+ } else {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_update_config_event: failed to start transaction\n");
}
- slapi_pblock_destroy(dna_pb);
}
- slapi_pblock_init(pb);
+
}
list = PR_NEXT_LINK(list);
commit eba93f74337bc2e1e3fd4d890a1a17db13588da1
Author: William Brown <firstyear(a)redhat.com>
Date: Fri Mar 18 13:40:46 2016 +1000
Ticket 48342 - DNA: deadlock during DNA_EXTEND_EXOP_REQUEST_OID
Bug Description: dna.c would deadlock during a range extension request.
This is because of lock ordering issues. In the normal operation, we would take:
* backend lock
* dna_lock
This is because *most* operations in dna are be_txn post operations.
However, when another replica requests a range, they would call the exop request
The issue with this is that the exop request is *not* a be_txn plugin. In fact
exop plugins were never able to have a be_txn type. So the code would take:
* dna_lock
* backend lock
This is how the dead lock starts. We have largely been lucky to not see this in
production before.
Fix Description: This consumes the new RFE for betxn in plugin extendedop.
This means the locks are taken in the correct order, preventing the deadlock.
https://fedorahosted.org/389/ticket/48342
Author: wibrown
Review by: tbordaz and nhosoi (Thanks)
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index b0ea2f4..cac0051 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -277,6 +277,7 @@ static int dna_pre_op(Slapi_PBlock * pb, int modtype);
static int dna_mod_pre_op(Slapi_PBlock * pb);
static int dna_add_pre_op(Slapi_PBlock * pb);
static int dna_extend_exop(Slapi_PBlock *pb);
+static int dna_extend_exop_backend(Slapi_PBlock *pb, Slapi_Backend **target);
static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype);
static int dna_be_txn_add_pre_op(Slapi_PBlock *pb);
static int dna_be_txn_mod_pre_op(Slapi_PBlock *pb);
@@ -483,7 +484,7 @@ dna_init(Slapi_PBlock *pb)
if ((status == DNA_SUCCESS) &&
/* the range extension extended operation */
- slapi_register_plugin("extendedop", /* op type */
+ slapi_register_plugin("betxnextendedop", /* op type */
1, /* Enabled */
"dna_init", /* this function desc */
dna_exop_init, /* init func for exop */
@@ -557,7 +558,9 @@ dna_exop_init(Slapi_PBlock * pb)
slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_OIDLIST,
(void *) dna_extend_exop_oid_list) != 0 ||
slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_FN,
- (void *) dna_extend_exop) != 0) {
+ (void *) dna_extend_exop) != 0 ||
+ slapi_pblock_set(pb, SLAPI_PLUGIN_EXT_OP_BACKEND_FN,
+ (void *) dna_extend_exop_backend) != 0) {
slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
"dna_exop_init: failed to register plugin\n");
status = DNA_FAILURE;
@@ -699,6 +702,64 @@ dna_close(Slapi_PBlock * pb)
return DNA_SUCCESS;
}
+static int
+dna_parse_exop_ber(Slapi_PBlock *pb, char **shared_dn)
+{
+ int ret = -1; /* What's a better default? */
+ char *oid = NULL;
+ struct berval *reqdata = NULL;
+ BerElement *tmp_bere = NULL;
+
+ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
+ "----> dna_parse_exop_ber\n");
+
+ /* Fetch the request OID */
+ slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid);
+ if (!oid) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_parse_exop_ber: Unable to retrieve request OID.\n");
+ goto out;
+ }
+
+ /* Make sure the request OID is correct. */
+ if (strcmp(oid, DNA_EXTEND_EXOP_REQUEST_OID) != 0) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_parse_exop_ber: Received incorrect request OID.\n");
+ goto out;
+ }
+
+ /* Fetch the request data */
+ slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &reqdata);
+ if (!BV_HAS_DATA(reqdata)) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_parse_exop_ber: No request data received.\n");
+ goto out;
+ }
+
+ /* decode the exop */
+ tmp_bere = ber_init(reqdata);
+ if (tmp_bere == NULL) {
+ goto out;
+ }
+
+ if (ber_scanf(tmp_bere, "{a}", shared_dn) == LBER_ERROR) {
+ ret = LDAP_PROTOCOL_ERROR;
+ goto out;
+ }
+
+ ret = LDAP_SUCCESS;
+
+out:
+ if (NULL != tmp_bere) {
+ ber_free(tmp_bere, 1);
+ tmp_bere = NULL;
+ }
+
+ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
+ "<---- dna_parse_exop_ber %s\n", *shared_dn);
+ return ret;
+}
+
/*
* Free the global linkedl ist of shared servers
*/
@@ -832,6 +893,7 @@ dna_load_plugin_config(Slapi_PBlock *pb, int use_eventq)
* looking for valid ones. */
dna_parse_config_entry(pb, entries[i], 1);
}
+
dna_unlock();
if (use_eventq) {
@@ -1562,6 +1624,10 @@ dna_update_config_event(time_t event_time, void *arg)
if (dna_pb) {
if (0 == rc) {
slapi_back_transaction_commit(dna_pb);
+ } else {
+ if (slapi_back_transaction_abort(dna_pb) != 0) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM, "dna_update_config_event: failed to abort transaction!\n");
+ }
}
slapi_pblock_destroy(dna_pb);
}
@@ -4244,16 +4310,41 @@ static int dna_config_check_post_op(Slapi_PBlock * pb)
/****************************************************
+ * Pre Extended Operation, Backend selection
+ ***************************************************/
+static int dna_extend_exop_backend(Slapi_PBlock *pb, Slapi_Backend **target)
+{
+ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
+ "--> dna_parse_exop_backend\n");
+ Slapi_DN *shared_sdn = NULL;
+ char *shared_dn = NULL;
+ int res = -1;
+ /* Parse the oid and what exop wants us to do */
+ res = dna_parse_exop_ber(pb, &shared_dn);
+ if (res != LDAP_SUCCESS) {
+ return res;
+ }
+ if (shared_dn) {
+ shared_sdn = slapi_sdn_new_dn_byref(shared_dn);
+ *target = slapi_be_select(shared_sdn);
+ slapi_sdn_free(&shared_sdn);
+ }
+ res = LDAP_SUCCESS;
+
+ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
+ "<-- dna_parse_exop_backend %d\n", res);
+ return res;
+}
+
+
+/****************************************************
* Range Extension Extended Operation
***************************************************/
static int dna_extend_exop(Slapi_PBlock *pb)
{
int ret = SLAPI_PLUGIN_EXTENDED_NOT_HANDLED;
- struct berval *reqdata = NULL;
- BerElement *tmp_bere = NULL;
char *shared_dn = NULL;
char *bind_dn = NULL;
- char *oid = NULL;
PRUint64 lower = 0;
PRUint64 upper = 0;
@@ -4264,38 +4355,8 @@ static int dna_extend_exop(Slapi_PBlock *pb)
slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
"--> dna_extend_exop\n");
- /* Fetch the request OID */
- slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_OID, &oid);
- if (!oid) {
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_extend_exop: Unable to retrieve request OID.\n");
- goto free_and_return;
- }
-
- /* Make sure the request OID is correct. */
- if (strcmp(oid, DNA_EXTEND_EXOP_REQUEST_OID) != 0) {
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_extend_exop: Received incorrect request OID.\n");
- goto free_and_return;
- }
-
- /* Fetch the request data */
- slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &reqdata);
- if (!BV_HAS_DATA(reqdata)) {
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_extend_exop: No request data received.\n");
- goto free_and_return;
- }
-
- /* decode the exop */
- tmp_bere = ber_init(reqdata);
- if (tmp_bere == NULL) {
- goto free_and_return;
- }
-
- if (ber_scanf(tmp_bere, "{a}", &shared_dn) == LBER_ERROR) {
- ret = LDAP_PROTOCOL_ERROR;
- goto free_and_return;
+ if(dna_parse_exop_ber(pb, &shared_dn) != LDAP_SUCCESS) {
+ return ret;
}
slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM,
@@ -4365,10 +4426,6 @@ static int dna_extend_exop(Slapi_PBlock *pb)
free_and_return:
slapi_ch_free_string(&shared_dn);
slapi_ch_free_string(&bind_dn);
- if (NULL != tmp_bere) {
- ber_free(tmp_bere, 1);
- tmp_bere = NULL;
- }
slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
"<-- dna_extend_exop\n");
@@ -4530,6 +4587,7 @@ dna_release_range(char *range_dn, PRUint64 *lower, PRUint64 *upper)
if (ret == LDAP_SUCCESS) {
/* Adjust maxval in our cached config and shared config */
config_entry->maxval = *lower - 1;
+ /* This is within the dna_lock, so okay */
dna_notice_allocation(config_entry, config_entry->nextval, 0);
}
}
commit 1066c9ddf7b75b8aef2b1fff1744a6091fa92377
Author: William Brown <firstyear(a)redhat.com>
Date: Fri Mar 18 13:34:56 2016 +1000
Ticket 48342 - DNA Deadlock test cases
Bug Description: Dna plugin has a deadlock when an extended operation occurs
at the same time as the plugin conducts a be_txn_post operation.
Fix Description: This provides the test cases to reproduce that issue, and adds
a basic dna test case.
https://fedorahosted.org/389/ticket/48342
Author: tbordaz
Review by: wibrown
diff --git a/dirsrvtests/tests/suites/dna_plugin/dna_test.py b/dirsrvtests/tests/suites/dna_plugin/dna_test.py
index 6b0ab8b..e6fb745 100644
--- a/dirsrvtests/tests/suites/dna_plugin/dna_test.py
+++ b/dirsrvtests/tests/suites/dna_plugin/dna_test.py
@@ -22,8 +22,18 @@ from lib389.utils import *
logging.getLogger(__name__).setLevel(logging.DEBUG)
log = logging.getLogger(__name__)
-installation1_prefix = None
-
+USER1_DN = 'uid=user1,' + DEFAULT_SUFFIX
+USER2_DN = 'uid=user2,' + DEFAULT_SUFFIX
+USER3_DN = 'uid=user3,' + DEFAULT_SUFFIX
+BUSER1_DN = 'uid=user1,ou=branch1,' + DEFAULT_SUFFIX
+BUSER2_DN = 'uid=user2,ou=branch2,' + DEFAULT_SUFFIX
+BUSER3_DN = 'uid=user3,ou=branch2,' + DEFAULT_SUFFIX
+BRANCH1_DN = 'ou=branch1,' + DEFAULT_SUFFIX
+BRANCH2_DN = 'ou=branch2,' + DEFAULT_SUFFIX
+GROUP_OU = 'ou=groups,' + DEFAULT_SUFFIX
+PEOPLE_OU = 'ou=people,' + DEFAULT_SUFFIX
+GROUP_DN = 'cn=group,' + DEFAULT_SUFFIX
+CONFIG_AREA = 'nsslapd-pluginConfigArea'
class TopologyStandalone(object):
def __init__(self, standalone):
@@ -33,10 +43,6 @@ class TopologyStandalone(object):
@pytest.fixture(scope="module")
def topology(request):
- global installation1_prefix
- if installation1_prefix:
- args_instance[SER_DEPLOYED_DIR] = installation1_prefix
-
# Creating standalone instance ...
standalone = DirSrv(verbose=False)
args_instance[SER_HOST] = HOST_STANDALONE
@@ -51,6 +57,16 @@ def topology(request):
standalone.create()
standalone.open()
+ # Delete each instance in the end
+ def fin():
+ # This is useful for analysing the test env.
+ standalone.db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX], excludeSuffixes=[], encrypt=False, \
+ repl_data=True, outputfile='%s/ldif/%s.ldif' % (standalone.dbdir,SERVERID_STANDALONE ))
+ standalone.clearBackupFS()
+ standalone.backupFS()
+ standalone.delete()
+ request.addfinalizer(fin)
+
# Clear out the tmp dir
standalone.clearTmpDir(__file__)
@@ -70,18 +86,143 @@ def test_dna_(topology):
Write a single test here...
'''
- return
-
+ # stop the plugin, and start it
+ topology.standalone.plugins.disable(name=PLUGIN_DNA)
+ topology.standalone.plugins.enable(name=PLUGIN_DNA)
+
+ CONFIG_DN = 'cn=config,cn=' + PLUGIN_DNA + ',cn=plugins,cn=config'
+
+ log.info('Testing ' + PLUGIN_DNA + '...')
+
+ ############################################################################
+ # Configure plugin
+ ############################################################################
+
+ try:
+ topology.standalone.add_s(Entry((CONFIG_DN, {
+ 'objectclass': 'top dnaPluginConfig'.split(),
+ 'cn': 'config',
+ 'dnatype': 'uidNumber',
+ 'dnafilter': '(objectclass=top)',
+ 'dnascope': DEFAULT_SUFFIX,
+ 'dnaMagicRegen': '-1',
+ 'dnaMaxValue': '50000',
+ 'dnaNextValue': '1'
+ })))
+ except ldap.ALREADY_EXISTS:
+ try:
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'dnaNextValue', '1'),
+ (ldap.MOD_REPLACE, 'dnaMagicRegen', '-1')])
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Failed to set the DNA plugin: error ' + e.message['desc'])
+ assert False
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Failed to add config entry: error ' + e.message['desc'])
+ assert False
+
+ # Do we need to restart for the plugin?
+
+ topology.standalone.restart()
+
+ ############################################################################
+ # Test plugin
+ ############################################################################
+
+ try:
+ topology.standalone.add_s(Entry((USER1_DN, {
+ 'objectclass': 'top extensibleObject'.split(),
+ 'uid': 'user1'
+ })))
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Failed to user1: error ' + e.message['desc'])
+ assert False
+
+ # See if the entry now has the new uidNumber assignment - uidNumber=1
+ try:
+ entries = topology.standalone.search_s(USER1_DN, ldap.SCOPE_BASE, '(uidNumber=1)')
+ if not entries:
+ log.fatal('test_dna: user1 was not updated - (looking for uidNumber: 1)')
+ assert False
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Search for user1 failed: ' + e.message['desc'])
+ assert False
+
+ # Test the magic regen value
+ try:
+ topology.standalone.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'uidNumber', '-1')])
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Failed to set the magic reg value: error ' + e.message['desc'])
+ assert False
+
+ # See if the entry now has the new uidNumber assignment - uidNumber=2
+ try:
+ entries = topology.standalone.search_s(USER1_DN, ldap.SCOPE_BASE, '(uidNumber=2)')
+ if not entries:
+ log.fatal('test_dna: user1 was not updated (looking for uidNumber: 2)')
+ assert False
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Search for user1 failed: ' + e.message['desc'])
+ assert False
+
+ ################################################################################
+ # Change the config
+ ################################################################################
+
+ try:
+ topology.standalone.modify_s(CONFIG_DN, [(ldap.MOD_REPLACE, 'dnaMagicRegen', '-2')])
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Failed to set the magic reg value to -2: error ' + e.message['desc'])
+ assert False
+
+ ################################################################################
+ # Test plugin
+ ################################################################################
+
+ # Test the magic regen value
+ try:
+ topology.standalone.modify_s(USER1_DN, [(ldap.MOD_REPLACE, 'uidNumber', '-2')])
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Failed to set the magic reg value: error ' + e.message['desc'])
+ assert False
+
+ # See if the entry now has the new uidNumber assignment - uidNumber=3
+ try:
+ entries = topology.standalone.search_s(USER1_DN, ldap.SCOPE_BASE, '(uidNumber=3)')
+ if not entries:
+ log.fatal('test_dna: user1 was not updated (looking for uidNumber: 3)')
+ assert False
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Search for user1 failed: ' + e.message['desc'])
+ assert False
+
+ ############################################################################
+ # Test plugin dependency
+ ############################################################################
+
+ #test_dependency(inst, PLUGIN_AUTOMEMBER)
+
+ ############################################################################
+ # Cleanup
+ ############################################################################
+
+ try:
+ topology.standalone.delete_s(USER1_DN)
+ except ldap.LDAPError as e:
+ log.fatal('test_dna: Failed to delete test entry1: ' + e.message['desc'])
+ assert False
+
+ topology.standalone.plugins.disable(name=PLUGIN_DNA)
+
+ ############################################################################
+ # Test passed
+ ############################################################################
+
+ log.info('test_dna: PASS\n')
-def test_dna_final(topology):
- topology.standalone.delete()
- log.info('dna test suite PASSED')
+ return
def run_isolated():
- global installation1_prefix
- installation1_prefix = None
-
topo = topology(True)
test_dna_init(topo)
test_dna_(topo)
diff --git a/dirsrvtests/tests/tickets/ticket48342_test.py b/dirsrvtests/tests/tickets/ticket48342_test.py
new file mode 100644
index 0000000..104a938
--- /dev/null
+++ b/dirsrvtests/tests/tickets/ticket48342_test.py
@@ -0,0 +1,322 @@
+import os
+import sys
+import time
+import ldap
+import logging
+import pytest
+from lib389 import DirSrv, Entry, tools, tasks
+from lib389.tools import DirSrvTools
+from lib389._constants import *
+from lib389.properties import *
+from lib389.tasks import *
+from lib389.utils import *
+
+logging.getLogger(__name__).setLevel(logging.DEBUG)
+log = logging.getLogger(__name__)
+
+installation1_prefix = None
+
+PEOPLE_OU='people'
+PEOPLE_DN = "ou=%s,%s" % (PEOPLE_OU, SUFFIX)
+MAX_ACCOUNTS=5
+
+class TopologyReplication(object):
+ def __init__(self, master1, master2, master3):
+ master1.open()
+ self.master1 = master1
+ master2.open()
+ self.master2 = master2
+ master3.open()
+ self.master3 = master3
+
+
+(a)pytest.fixture(scope="module")
+def topology(request):
+ global installation1_prefix
+ if installation1_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+
+ # Creating master 1...
+ master1 = DirSrv(verbose=False)
+ if installation1_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+ args_instance[SER_HOST] = HOST_MASTER_1
+ args_instance[SER_PORT] = PORT_MASTER_1
+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_1
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+ args_master = args_instance.copy()
+ master1.allocate(args_master)
+ instance_master1 = master1.exists()
+ if instance_master1:
+ master1.delete()
+ master1.create()
+ master1.open()
+ master1.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_1)
+
+ # Creating master 2...
+ master2 = DirSrv(verbose=False)
+ if installation1_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+ args_instance[SER_HOST] = HOST_MASTER_2
+ args_instance[SER_PORT] = PORT_MASTER_2
+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_2
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+ args_master = args_instance.copy()
+ master2.allocate(args_master)
+ instance_master2 = master2.exists()
+ if instance_master2:
+ master2.delete()
+ master2.create()
+ master2.open()
+ master2.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_2)
+
+ # Creating master 3...
+ master3 = DirSrv(verbose=False)
+ if installation1_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+ args_instance[SER_HOST] = HOST_MASTER_3
+ args_instance[SER_PORT] = PORT_MASTER_3
+ args_instance[SER_SERVERID_PROP] = SERVERID_MASTER_3
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+ args_master = args_instance.copy()
+ master3.allocate(args_master)
+ instance_master3 = master3.exists()
+ if instance_master3:
+ master3.delete()
+ master3.create()
+ master3.open()
+ master3.replica.enableReplication(suffix=SUFFIX, role=REPLICAROLE_MASTER, replicaId=REPLICAID_MASTER_3)
+
+ #
+ # Create all the agreements
+ #
+ # Creating agreement from master 1 to master 2
+ properties = {RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
+ m1_m2_agmt = master1.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties)
+ if not m1_m2_agmt:
+ log.fatal("Fail to create a master -> master replica agreement")
+ sys.exit(1)
+ log.debug("%s created" % m1_m2_agmt)
+
+ # Creating agreement from master 1 to master 3
+# properties = {RA_NAME: r'meTo_$host:$port',
+# RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
+# RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
+# RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
+# RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
+# m1_m3_agmt = master1.agreement.create(suffix=SUFFIX, host=master3.host, port=master3.port, properties=properties)
+# if not m1_m3_agmt:
+# log.fatal("Fail to create a master -> master replica agreement")
+# sys.exit(1)
+# log.debug("%s created" % m1_m3_agmt)
+
+ # Creating agreement from master 2 to master 1
+ properties = {RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
+ m2_m1_agmt = master2.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties)
+ if not m2_m1_agmt:
+ log.fatal("Fail to create a master -> master replica agreement")
+ sys.exit(1)
+ log.debug("%s created" % m2_m1_agmt)
+
+ # Creating agreement from master 2 to master 3
+ properties = {RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
+ m2_m3_agmt = master2.agreement.create(suffix=SUFFIX, host=master3.host, port=master3.port, properties=properties)
+ if not m2_m3_agmt:
+ log.fatal("Fail to create a master -> master replica agreement")
+ sys.exit(1)
+ log.debug("%s created" % m2_m3_agmt)
+
+ # Creating agreement from master 3 to master 1
+# properties = {RA_NAME: r'meTo_$host:$port',
+# RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
+# RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
+# RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
+# RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
+# m3_m1_agmt = master3.agreement.create(suffix=SUFFIX, host=master1.host, port=master1.port, properties=properties)
+# if not m3_m1_agmt:
+# log.fatal("Fail to create a master -> master replica agreement")
+# sys.exit(1)
+# log.debug("%s created" % m3_m1_agmt)
+
+ # Creating agreement from master 3 to master 2
+ properties = {RA_BINDDN: defaultProperties[REPLICATION_BIND_DN],
+ RA_BINDPW: defaultProperties[REPLICATION_BIND_PW],
+ RA_METHOD: defaultProperties[REPLICATION_BIND_METHOD],
+ RA_TRANSPORT_PROT: defaultProperties[REPLICATION_TRANSPORT]}
+ m3_m2_agmt = master3.agreement.create(suffix=SUFFIX, host=master2.host, port=master2.port, properties=properties)
+ if not m3_m2_agmt:
+ log.fatal("Fail to create a master -> master replica agreement")
+ sys.exit(1)
+ log.debug("%s created" % m3_m2_agmt)
+
+ # Allow the replicas to get situated with the new agreements...
+ time.sleep(5)
+
+ #
+ # Initialize all the agreements
+ #
+ master1.agreement.init(SUFFIX, HOST_MASTER_2, PORT_MASTER_2)
+ master1.waitForReplInit(m1_m2_agmt)
+ time.sleep(5) # just to be safe
+ master2.agreement.init(SUFFIX, HOST_MASTER_3, PORT_MASTER_3)
+ master2.waitForReplInit(m2_m3_agmt)
+
+ # Check replication is working...
+ if master1.testReplication(DEFAULT_SUFFIX, master2):
+ log.info('Replication is working.')
+ else:
+ log.fatal('Replication is not working.')
+ assert False
+
+ # Delete each instance in the end
+ def fin():
+ for master in (master1, master2, master3):
+ # master.db2ldif(bename=DEFAULT_BENAME, suffixes=[DEFAULT_SUFFIX], excludeSuffixes=[], encrypt=False, \
+ # repl_data=True, outputfile='%s/ldif/%s.ldif' % (master.dbdir,SERVERID_STANDALONE ))
+ # master.clearBackupFS()
+ # master.backupFS()
+ master.delete()
+ request.addfinalizer(fin)
+
+ # Clear out the tmp dir
+ master1.clearTmpDir(__file__)
+
+ return TopologyReplication(master1, master2, master3)
+
+def _dna_config(server, nextValue=500, maxValue=510):
+ log.info("Add dna plugin config entry...%s" % server)
+
+ try:
+ server.add_s(Entry(('cn=dna config,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config', {
+ 'objectclass': 'top dnaPluginConfig'.split(),
+ 'dnaType': 'description',
+ 'dnaMagicRegen': '-1',
+ 'dnaFilter': '(objectclass=posixAccount)',
+ 'dnaScope': 'ou=people,%s' % SUFFIX,
+ 'dnaNextValue': str(nextValue),
+ 'dnaMaxValue' : str(nextValue+maxValue),
+ 'dnaSharedCfgDN': 'ou=ranges,%s' % SUFFIX
+ })))
+
+ except ldap.LDAPError as e:
+ log.error('Failed to add DNA config entry: error ' + e.message['desc'])
+ assert False
+
+ log.info("Enable the DNA plugin...")
+ try:
+ server.plugins.enable(name=PLUGIN_DNA)
+ except e:
+ log.error("Failed to enable DNA Plugin: error " + e.message['desc'])
+ assert False
+
+ log.info("Restarting the server...")
+ server.stop(timeout=120)
+ time.sleep(1)
+ server.start(timeout=120)
+ time.sleep(3)
+
+def test_ticket4026(topology):
+ """Write your replication testcase here.
+
+ To access each DirSrv instance use: topology.master1, topology.master2,
+ ..., topology.hub1, ..., topology.consumer1, ...
+
+ Also, if you need any testcase initialization,
+ please, write additional fixture for that(include finalizer).
+ """
+
+ try:
+ topology.master1.add_s(Entry((PEOPLE_DN, {
+ 'objectclass': "top extensibleObject".split(),
+ 'ou': 'people'})))
+ except ldap.ALREADY_EXISTS:
+ pass
+
+ topology.master1.add_s(Entry(('ou=ranges,' + SUFFIX, {
+ 'objectclass': 'top organizationalunit'.split(),
+ 'ou': 'ranges'
+ })))
+ for cpt in range(MAX_ACCOUNTS):
+ name = "user%d" % (cpt)
+ topology.master1.add_s(Entry(("uid=%s,%s" %(name, PEOPLE_DN), {
+ 'objectclass': 'top posixAccount extensibleObject'.split(),
+ 'uid': name,
+ 'cn': name,
+ 'uidNumber': '1',
+ 'gidNumber': '1',
+ 'homeDirectory': '/home/%s' % name
+ })))
+
+ # make master3 having more free slots that master2
+ # so master1 will contact master3
+ _dna_config(topology.master1, nextValue=100, maxValue=10)
+ _dna_config(topology.master2, nextValue=200, maxValue=10)
+ _dna_config(topology.master3, nextValue=300, maxValue=3000)
+
+ # Turn on lots of error logging now.
+
+ mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '16384')]
+ #mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '1')]
+ topology.master1.modify_s('cn=config', mod)
+ topology.master2.modify_s('cn=config', mod)
+ topology.master3.modify_s('cn=config', mod)
+
+ # We need to wait for the event in dna.c to fire to start the servers
+ # see dna.c line 899
+ time.sleep(60)
+
+ # add on master1 users with description DNA
+ for cpt in range(10):
+ name = "user_with_desc1_%d" % (cpt)
+ topology.master1.add_s(Entry(("uid=%s,%s" %(name, PEOPLE_DN), {
+ 'objectclass': 'top posixAccount extensibleObject'.split(),
+ 'uid': name,
+ 'cn': name,
+ 'description' : '-1',
+ 'uidNumber': '1',
+ 'gidNumber': '1',
+ 'homeDirectory': '/home/%s' % name
+ })))
+ # give time to negociate master1 <--> master3
+ time.sleep(10)
+ # add on master1 users with description DNA
+ for cpt in range(11,20):
+ name = "user_with_desc1_%d" % (cpt)
+ topology.master1.add_s(Entry(("uid=%s,%s" %(name, PEOPLE_DN), {
+ 'objectclass': 'top posixAccount extensibleObject'.split(),
+ 'uid': name,
+ 'cn': name,
+ 'description' : '-1',
+ 'uidNumber': '1',
+ 'gidNumber': '1',
+ 'homeDirectory': '/home/%s' % name
+ })))
+ log.info('Test complete')
+ # add on master1 users with description DNA
+ mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '16384')]
+ #mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '1')]
+ topology.master1.modify_s('cn=config', mod)
+ topology.master2.modify_s('cn=config', mod)
+ topology.master3.modify_s('cn=config', mod)
+
+ log.info('Test complete')
+
+
+if __name__ == '__main__':
+ # Run isolated
+ # -s for DEBUG mode
+# global installation1_prefix
+# installation1_prefix=None
+# topo = topology(True)
+# test_ticket4026(topo)
+ CURRENT_FILE = os.path.realpath(__file__)
+ pytest.main("-s %s" % CURRENT_FILE)
8 years
ldap/admin
by William Brown
ldap/admin/src/scripts/DSCreate.pm.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit d01e436ed2caa48c74ddc8a1097baddccc129e86
Author: William Brown <firstyear(a)redhat.com>
Date: Thu Apr 7 14:59:06 2016 +1000
Ticket 47840 - default instance scripts if undefined.
Bug Description: During the change, 47840, per instance scripts defaulted
to false if not defined in setup.inf.
Fix Description: reset the default to true, and allow setting to false if
required. This may change in a future release.
https://fedorahosted.org/389/ticket/47840
Author: wibrown
Review by: One line commit rule.
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index e62ae2c..55ecf45 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -909,7 +909,7 @@ sub setDefaults {
$inf->{General}->{prefix});
if (!defined($inf->{slapd}->{InstScriptsEnabled})) {
- $inf->{slapd}->{InstScriptsEnabled} = "false";
+ $inf->{slapd}->{InstScriptsEnabled} = "true";
}
if (!defined($inf->{General}->{StrictHostCheck})) {
8 years
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/back-ldbm/cache.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit d7bbbf29b6dcf1a282e8054c407cf9ee31cc2364
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Apr 4 17:23:16 2016 -0700
Ticket #48374 - entry cache locks not released in error conditions
Description: Ludwig Krispenz <lkrispen(a)redhat.com> found 2 missing unlocks
in the cache.c code. This patch is created based upon his report. I also
scanned the code and did not find further mistakes.
https://fedorahosted.org/389/ticket/48374
Reviewed by nhosoi(a)redhat.com.
diff --git a/ldap/servers/slapd/back-ldbm/cache.c b/ldap/servers/slapd/back-ldbm/cache.c
index f6a9cf5..9db51e9 100644
--- a/ldap/servers/slapd/back-ldbm/cache.c
+++ b/ldap/servers/slapd/back-ldbm/cache.c
@@ -1049,7 +1049,7 @@ static int entrycache_replace(struct cache *cache, struct backentry *olde,
if (!add_hash(cache->c_dntable, (void *)newndn, strlen(newndn), newe, (void **)&alte)) {
LOG("entry cache replace (%s): can't add to dn table (returned %s)\n",
newndn, alte?slapi_entry_get_dn(alte->ep_entry):"none", 0);
- cache_lock(cache);
+ cache_unlock(cache);
return 1;
}
if (!add_hash(cache->c_idtable, &(newe->ep_id), sizeof(ID), newe, (void **)&alte)) {
@@ -1507,6 +1507,7 @@ int cache_lock_entry(struct cache *cache, struct backentry *e)
if (! e->ep_mutexp) {
e->ep_mutexp = PR_NewMonitor();
if (!e->ep_mutexp) {
+ PR_Unlock(cache->c_emutexalloc_mutex);
LOG("<= cache_lock_entry (DELETED)\n", 0, 0, 0);
LDAPDebug1Arg(LDAP_DEBUG_ANY,
"cache_lock_entry: failed to create a lock for %s\n",
8 years
3 commits - configure configure.ac ldap/servers
by William Brown
configure | 7
configure.ac | 2
ldap/servers/slapd/extendop.c | 429 +++++++++++++++++++++-----------------
ldap/servers/slapd/pblock.c | 32 ++
ldap/servers/slapd/plugin.c | 180 ++++++++++-----
ldap/servers/slapd/proto-slap.h | 3
ldap/servers/slapd/slap.h | 31 +-
ldap/servers/slapd/slapi-plugin.h | 3
8 files changed, 412 insertions(+), 275 deletions(-)
New commits:
commit 1d217feed941b97a9fac67a011f6e1b9dceeb266
Author: William Brown <firstyear(a)redhat.com>
Date: Fri Mar 18 14:14:39 2016 +1000
Ticket 48769 - Fix white space in extendedop.c
Bug Description: The addition of the plugin type added white space differences
Fix Description: This change extendop.c from hard tab to soft tab.
https://fedorahosted.org/389/ticket/48769
Author: wibrown
Review by: nhosoi (Thanks!)
diff --git a/ldap/servers/slapd/extendop.c b/ldap/servers/slapd/extendop.c
index 840a898..50506a5 100644
--- a/ldap/servers/slapd/extendop.c
+++ b/ldap/servers/slapd/extendop.c
@@ -78,37 +78,37 @@ static void extop_handle_import_start(Slapi_PBlock *pb, char *extoid,
}
slapi_pblock_set(pb, SLAPI_BACKEND, be);
- slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot );
-
- {
- /* Access Control Check to see if the client is
- * allowed to use task import
- */
- char *dummyAttr = "dummy#attr";
- char *dummyAttrs[2] = { NULL, NULL };
- int rc = 0;
- char dn[128];
- Slapi_Entry *feature;
-
- /* slapi_str2entry modify its dn parameter so we must copy
- * this string each time we call it !
- */
- /* This dn is no need to be normalized. */
- PR_snprintf(dn, sizeof(dn), "dn: oid=%s,cn=features,cn=config",
- EXTOP_BULK_IMPORT_START_OID);
-
- dummyAttrs[0] = dummyAttr;
- feature = slapi_str2entry(dn, 0);
- rc = plugin_call_acl_plugin (pb, feature, dummyAttrs, NULL,
- SLAPI_ACL_WRITE, ACLPLUGIN_ACCESS_DEFAULT, NULL);
- slapi_entry_free(feature);
- if (rc != LDAP_SUCCESS)
- {
- /* Client isn't allowed to do this. */
- send_ldap_result(pb, rc, NULL, NULL, 0, NULL);
- goto out;
- }
- }
+ slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot );
+
+ {
+ /* Access Control Check to see if the client is
+ * allowed to use task import
+ */
+ char *dummyAttr = "dummy#attr";
+ char *dummyAttrs[2] = { NULL, NULL };
+ int rc = 0;
+ char dn[128];
+ Slapi_Entry *feature;
+
+ /* slapi_str2entry modify its dn parameter so we must copy
+ * this string each time we call it !
+ */
+ /* This dn is no need to be normalized. */
+ PR_snprintf(dn, sizeof(dn), "dn: oid=%s,cn=features,cn=config",
+ EXTOP_BULK_IMPORT_START_OID);
+
+ dummyAttrs[0] = dummyAttr;
+ feature = slapi_str2entry(dn, 0);
+ rc = plugin_call_acl_plugin (pb, feature, dummyAttrs, NULL,
+ SLAPI_ACL_WRITE, ACLPLUGIN_ACCESS_DEFAULT, NULL);
+ slapi_entry_free(feature);
+ if (rc != LDAP_SUCCESS)
+ {
+ /* Client isn't allowed to do this. */
+ send_ldap_result(pb, rc, NULL, NULL, 0, NULL);
+ goto out;
+ }
+ }
if (be->be_wire_import == NULL) {
/* not supported by this backend */
@@ -204,135 +204,135 @@ static void extop_handle_import_done(Slapi_PBlock *pb, char *extoid,
void
do_extended( Slapi_PBlock *pb )
{
- char *extoid = NULL, *errmsg;
- struct berval extval = {0};
- int lderr, rc;
- ber_len_t len;
- ber_tag_t tag;
- const char *name;
-
- LDAPDebug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 );
-
- /*
- * Parse the extended request. It looks like this:
- *
- * ExtendedRequest := [APPLICATION 23] SEQUENCE {
- * requestName [0] LDAPOID,
- * requestValue [1] OCTET STRING OPTIONAL
- * }
- */
-
- if ( ber_scanf( pb->pb_op->o_ber, "{a", &extoid )
- == LBER_ERROR ) {
- LDAPDebug( LDAP_DEBUG_ANY,
- "ber_scanf failed (op=extended; params=OID)\n",
- 0, 0, 0 );
- op_shared_log_error_access (pb, "EXT", "???", "decoding error: fail to get extension OID");
- send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0,
- NULL );
- goto free_and_return;
- }
- tag = ber_peek_tag(pb->pb_op->o_ber, &len);
-
- if (tag == LDAP_TAG_EXOP_REQ_VALUE) {
- if ( ber_scanf( pb->pb_op->o_ber, "o}", &extval ) == LBER_ERROR ) {
- op_shared_log_error_access (pb, "EXT", "???", "decoding error: fail to get extension value");
- send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0,
- NULL );
- goto free_and_return;
- }
- } else {
- if ( ber_scanf( pb->pb_op->o_ber, "}") == LBER_ERROR ) {
- op_shared_log_error_access (pb, "EXT", "???", "decoding error");
- send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0,
- NULL );
- goto free_and_return;
- }
- }
- if ( NULL == ( name = extended_op_oid2string( extoid ))) {
- LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s)\n", extoid, 0, 0 );
-
- slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\"\n",
- pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid );
- } else {
- LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s-%s)\n",
- extoid, name, 0 );
-
- slapi_log_access( LDAP_DEBUG_STATS,
- "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\" name=\"%s\"\n",
- pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid, name );
- }
-
- /* during a bulk import, only BULK_IMPORT_DONE is allowed!
- * (and this is the only time it's allowed)
- */
- if (pb->pb_conn->c_flags & CONN_FLAG_IMPORT) {
- if (strcmp(extoid, EXTOP_BULK_IMPORT_DONE_OID) != 0) {
- send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL);
- goto free_and_return;
- }
- extop_handle_import_done(pb, extoid, &extval);
- goto free_and_return;
- }
-
- if (strcmp(extoid, EXTOP_BULK_IMPORT_START_OID) == 0) {
- extop_handle_import_start(pb, extoid, &extval);
- goto free_and_return;
- }
-
- if (strcmp(extoid, START_TLS_OID) != 0) {
- int minssf = config_get_minssf();
-
- /* If anonymous access is disabled and we haven't
- * authenticated yet, only allow startTLS. */
- if ((config_get_anon_access_switch() != SLAPD_ANON_ACCESS_ON) && ((pb->pb_op->o_authtype == NULL) ||
- (strcasecmp(pb->pb_op->o_authtype, SLAPD_AUTH_NONE) == 0))) {
- send_ldap_result( pb, LDAP_INAPPROPRIATE_AUTH, NULL,
- "Anonymous access is not allowed.", 0, NULL );
- goto free_and_return;
- }
-
- /* If the minssf is not met, only allow startTLS. */
- if ((pb->pb_conn->c_sasl_ssf < minssf) && (pb->pb_conn->c_ssl_ssf < minssf) &&
- (pb->pb_conn->c_local_ssf < minssf)) {
- send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
- "Minimum SSF not met.", 0, NULL );
- goto free_and_return;
- }
- }
-
- /* If a password change is required, only allow the password
- * modify extended operation */
- if (!pb->pb_conn->c_isreplication_session &&
+ char *extoid = NULL, *errmsg;
+ struct berval extval = {0};
+ int lderr, rc;
+ ber_len_t len;
+ ber_tag_t tag;
+ const char *name;
+
+ LDAPDebug( LDAP_DEBUG_TRACE, "do_extended\n", 0, 0, 0 );
+
+ /*
+ * Parse the extended request. It looks like this:
+ *
+ * ExtendedRequest := [APPLICATION 23] SEQUENCE {
+ * requestName [0] LDAPOID,
+ * requestValue [1] OCTET STRING OPTIONAL
+ * }
+ */
+
+ if ( ber_scanf( pb->pb_op->o_ber, "{a", &extoid )
+ == LBER_ERROR ) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "ber_scanf failed (op=extended; params=OID)\n",
+ 0, 0, 0 );
+ op_shared_log_error_access (pb, "EXT", "???", "decoding error: fail to get extension OID");
+ send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0,
+ NULL );
+ goto free_and_return;
+ }
+ tag = ber_peek_tag(pb->pb_op->o_ber, &len);
+
+ if (tag == LDAP_TAG_EXOP_REQ_VALUE) {
+ if ( ber_scanf( pb->pb_op->o_ber, "o}", &extval ) == LBER_ERROR ) {
+ op_shared_log_error_access (pb, "EXT", "???", "decoding error: fail to get extension value");
+ send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0,
+ NULL );
+ goto free_and_return;
+ }
+ } else {
+ if ( ber_scanf( pb->pb_op->o_ber, "}") == LBER_ERROR ) {
+ op_shared_log_error_access (pb, "EXT", "???", "decoding error");
+ send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0,
+ NULL );
+ goto free_and_return;
+ }
+ }
+ if ( NULL == ( name = extended_op_oid2string( extoid ))) {
+ LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s)\n", extoid, 0, 0 );
+
+ slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\"\n",
+ pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid );
+ } else {
+ LDAPDebug( LDAP_DEBUG_ARGS, "do_extended: oid (%s-%s)\n",
+ extoid, name, 0 );
+
+ slapi_log_access( LDAP_DEBUG_STATS,
+ "conn=%" NSPRIu64 " op=%d EXT oid=\"%s\" name=\"%s\"\n",
+ pb->pb_conn->c_connid, pb->pb_op->o_opid, extoid, name );
+ }
+
+ /* during a bulk import, only BULK_IMPORT_DONE is allowed!
+ * (and this is the only time it's allowed)
+ */
+ if (pb->pb_conn->c_flags & CONN_FLAG_IMPORT) {
+ if (strcmp(extoid, EXTOP_BULK_IMPORT_DONE_OID) != 0) {
+ send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL);
+ goto free_and_return;
+ }
+ extop_handle_import_done(pb, extoid, &extval);
+ goto free_and_return;
+ }
+
+ if (strcmp(extoid, EXTOP_BULK_IMPORT_START_OID) == 0) {
+ extop_handle_import_start(pb, extoid, &extval);
+ goto free_and_return;
+ }
+
+ if (strcmp(extoid, START_TLS_OID) != 0) {
+ int minssf = config_get_minssf();
+
+ /* If anonymous access is disabled and we haven't
+ * authenticated yet, only allow startTLS. */
+ if ((config_get_anon_access_switch() != SLAPD_ANON_ACCESS_ON) && ((pb->pb_op->o_authtype == NULL) ||
+ (strcasecmp(pb->pb_op->o_authtype, SLAPD_AUTH_NONE) == 0))) {
+ send_ldap_result( pb, LDAP_INAPPROPRIATE_AUTH, NULL,
+ "Anonymous access is not allowed.", 0, NULL );
+ goto free_and_return;
+ }
+
+ /* If the minssf is not met, only allow startTLS. */
+ if ((pb->pb_conn->c_sasl_ssf < minssf) && (pb->pb_conn->c_ssl_ssf < minssf) &&
+ (pb->pb_conn->c_local_ssf < minssf)) {
+ send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL,
+ "Minimum SSF not met.", 0, NULL );
+ goto free_and_return;
+ }
+ }
+
+ /* If a password change is required, only allow the password
+ * modify extended operation */
+ if (!pb->pb_conn->c_isreplication_session &&
pb->pb_conn->c_needpw && (strcmp(extoid, EXTOP_PASSWD_OID) != 0))
- {
- char *dn = NULL;
- slapi_pblock_get(pb, SLAPI_CONN_DN, &dn);
+ {
+ char *dn = NULL;
+ slapi_pblock_get(pb, SLAPI_CONN_DN, &dn);
- (void)slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
- op_shared_log_error_access (pb, "EXT", dn ? dn : "", "need new password");
- send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL );
+ (void)slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0);
+ op_shared_log_error_access (pb, "EXT", dn ? dn : "", "need new password");
+ send_ldap_result( pb, LDAP_UNWILLING_TO_PERFORM, NULL, NULL, 0, NULL );
- slapi_ch_free_string(&dn);
- goto free_and_return;
- }
+ slapi_ch_free_string(&dn);
+ goto free_and_return;
+ }
- /* decode the optional controls - put them in the pblock */
- if ( (lderr = get_ldapmessage_controls( pb, pb->pb_op->o_ber, NULL )) != 0 )
- {
- char *dn = NULL;
- slapi_pblock_get(pb, SLAPI_CONN_DN, &dn);
+ /* decode the optional controls - put them in the pblock */
+ if ( (lderr = get_ldapmessage_controls( pb, pb->pb_op->o_ber, NULL )) != 0 )
+ {
+ char *dn = NULL;
+ slapi_pblock_get(pb, SLAPI_CONN_DN, &dn);
- op_shared_log_error_access (pb, "EXT", dn ? dn : "", "failed to decode LDAP controls");
- send_ldap_result( pb, lderr, NULL, NULL, 0, NULL );
+ op_shared_log_error_access (pb, "EXT", dn ? dn : "", "failed to decode LDAP controls");
+ send_ldap_result( pb, lderr, NULL, NULL, 0, NULL );
- slapi_ch_free_string(&dn);
- goto free_and_return;
- }
+ slapi_ch_free_string(&dn);
+ goto free_and_return;
+ }
- slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid );
- slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval );
- slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot);
+ slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid );
+ slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval );
+ slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot);
/* wibrown 201603 I want to rewrite this to get plugin p, and use that
* rather than all these plugin_call_, that loop over the plugin lists
@@ -340,10 +340,10 @@ do_extended( Slapi_PBlock *pb )
* then we just hand *p into the call functions.
* much more efficient! :)
*/
-
+
slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c calling plugins ... \n");
- rc = plugin_call_exop_plugins( pb, extoid, SLAPI_PLUGIN_EXTENDEDOP);
+ rc = plugin_call_exop_plugins( pb, extoid, SLAPI_PLUGIN_EXTENDEDOP);
slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c called exop, got %d \n", rc);
@@ -391,37 +391,37 @@ do_extended( Slapi_PBlock *pb )
} /* if be */
}
- if ( SLAPI_PLUGIN_EXTENDED_SENT_RESULT != rc ) {
- if ( SLAPI_PLUGIN_EXTENDED_NOT_HANDLED == rc ) {
- lderr = LDAP_PROTOCOL_ERROR; /* no plugin handled the op */
- errmsg = "unsupported extended operation";
- } else {
- errmsg = NULL;
- lderr = rc;
- }
- send_ldap_result( pb, lderr, NULL, errmsg, 0, NULL );
- }
+ if ( SLAPI_PLUGIN_EXTENDED_SENT_RESULT != rc ) {
+ if ( SLAPI_PLUGIN_EXTENDED_NOT_HANDLED == rc ) {
+ lderr = LDAP_PROTOCOL_ERROR; /* no plugin handled the op */
+ errmsg = "unsupported extended operation";
+ } else {
+ errmsg = NULL;
+ lderr = rc;
+ }
+ send_ldap_result( pb, lderr, NULL, errmsg, 0, NULL );
+ }
free_and_return:
- if (extoid)
- slapi_ch_free((void **)&extoid);
- if (extval.bv_val)
- slapi_ch_free((void **)&extval.bv_val);
- return;
+ if (extoid)
+ slapi_ch_free((void **)&extoid);
+ if (extval.bv_val)
+ slapi_ch_free((void **)&extval.bv_val);
+ return;
}
static const char *
extended_op_oid2string( const char *oid )
{
- const char *rval = NULL;
-
- if ( 0 == strcmp(oid, EXTOP_BULK_IMPORT_START_OID)) {
- rval = "Bulk Import Start";
- } else if ( 0 == strcmp(oid, EXTOP_BULK_IMPORT_DONE_OID)) {
- rval = "Bulk Import End";
- } else {
- rval = plugin_extended_op_oid2string( oid );
- }
+ const char *rval = NULL;
+
+ if ( 0 == strcmp(oid, EXTOP_BULK_IMPORT_START_OID)) {
+ rval = "Bulk Import Start";
+ } else if ( 0 == strcmp(oid, EXTOP_BULK_IMPORT_DONE_OID)) {
+ rval = "Bulk Import End";
+ } else {
+ rval = plugin_extended_op_oid2string( oid );
+ }
- return( rval );
+ return( rval );
}
commit f2f1a90c11c0d36004811ba9dc3fbd94bae9e33a
Author: William Brown <firstyear(a)redhat.com>
Date: Fri Mar 18 13:36:33 2016 +1000
Ticket 48769 - RFE: Be_txn extended operation plugin type
Bug Description: In cases that plugins both use be_txn for pre or post
operation, and extended operations this can lead to deadlock. Additionally
plugin authors should not need to consider transactions in their code only
focusing on solving the issue.
Fix Description: This adds a new plugin type, betxnextendedop which
automatically wraps extended operations in a transaction.
https://fedorahosted.org/389/ticket/48769
Author: wibrown
Review by: nhosoi (Thanks!)
diff --git a/ldap/servers/slapd/extendop.c b/ldap/servers/slapd/extendop.c
index 8d0b8fb..840a898 100644
--- a/ldap/servers/slapd/extendop.c
+++ b/ldap/servers/slapd/extendop.c
@@ -333,8 +333,63 @@ do_extended( Slapi_PBlock *pb )
slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_OID, extoid );
slapi_pblock_set( pb, SLAPI_EXT_OP_REQ_VALUE, &extval );
slapi_pblock_set( pb, SLAPI_REQUESTOR_ISROOT, &pb->pb_op->o_isroot);
+
+ /* wibrown 201603 I want to rewrite this to get plugin p, and use that
+ * rather than all these plugin_call_, that loop over the plugin lists
+ * We do "get plugin (oid).
+ * then we just hand *p into the call functions.
+ * much more efficient! :)
+ */
- rc = plugin_call_exop_plugins( pb, extoid );
+ slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c calling plugins ... \n");
+
+ rc = plugin_call_exop_plugins( pb, extoid, SLAPI_PLUGIN_EXTENDEDOP);
+
+ slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c called exop, got %d \n", rc);
+
+ if (rc == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED) {
+ slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c calling betxn plugins ... \n");
+ /* Look up the correct backend to use. */
+ Slapi_Backend *be = plugin_extended_op_getbackend( pb, extoid );
+
+ if ( be == NULL ) {
+ slapi_log_error(SLAPI_LOG_FATAL, NULL, "extendop.c plugin_extended_op_getbackend was unable to retrieve a backend!!!\n");
+ rc = SLAPI_PLUGIN_EXTENDED_NO_BACKEND_AVAILABLE;
+ } else {
+ /* We need to make a new be pb here because when you set SLAPI_BACKEND
+ * you overwrite the plg parts of the pb. So if we re-use pb
+ * you actually nuke the request, and everything hangs. (����������)������ ���������
+ */
+ Slapi_PBlock *be_pb = NULL;
+ be_pb = slapi_pblock_new();
+ slapi_pblock_set(be_pb, SLAPI_BACKEND, be);
+
+ int txn_rc = slapi_back_transaction_begin(be_pb);
+ if (txn_rc) {
+ slapi_log_error(SLAPI_LOG_FATAL, NULL, "exendop.c Failed to start be_txn for plugin_call_exop_plugins %d\n", txn_rc);
+ } else {
+ rc = plugin_call_exop_plugins( pb, extoid, SLAPI_PLUGIN_BETXNEXTENDEDOP);
+ slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c called betxn exop, got %d \n", rc);
+ if (rc == LDAP_SUCCESS || rc == SLAPI_PLUGIN_EXTENDED_SENT_RESULT) {
+ /* commit */
+ txn_rc = slapi_back_transaction_commit(be_pb);
+ if (txn_rc == 0) {
+ slapi_log_error(SLAPI_LOG_TRACE, NULL, "extendop.c commit with result %d \n", txn_rc);
+ } else {
+ slapi_log_error(SLAPI_LOG_FATAL, NULL, "extendop.c Unable to commit commit with result %d \n", txn_rc);
+ }
+ } else {
+ /* abort */
+ txn_rc = slapi_back_transaction_abort(be_pb);
+ slapi_log_error(SLAPI_LOG_FATAL, NULL, "extendop.c abort with result %d \n", txn_rc);
+ }
+ } /* txn_rc */
+ if (be_pb != NULL) {
+ slapi_pblock_destroy(be_pb); /* Clean up after ourselves */
+ }
+ slapi_log_error(SLAPI_LOG_TRACE, NULL, "exendop.c plugin_call_exop_plugins rc final %d\n", rc);
+ } /* if be */
+ }
if ( SLAPI_PLUGIN_EXTENDED_SENT_RESULT != rc ) {
if ( SLAPI_PLUGIN_EXTENDED_NOT_HANDLED == rc ) {
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index d373d99..d48c2d0 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -727,23 +727,33 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
/* extendedop plugin functions */
case SLAPI_PLUGIN_EXT_OP_FN:
- if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) {
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP &&
+ pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) {
return( -1 );
}
(*(IFP *)value) = pblock->pb_plugin->plg_exhandler;
break;
case SLAPI_PLUGIN_EXT_OP_OIDLIST:
- if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) {
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP &&
+ pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) {
return( -1 );
}
(*(char ***)value) = pblock->pb_plugin->plg_exoids;
break;
case SLAPI_PLUGIN_EXT_OP_NAMELIST:
- if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) {
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP &&
+ pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) {
return( -1 );
}
(*(char ***)value) = pblock->pb_plugin->plg_exnames;
break;
+ case SLAPI_PLUGIN_EXT_OP_BACKEND_FN:
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP &&
+ pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) {
+ return( -1 );
+ }
+ (*(IFP *)value) = pblock->pb_plugin->plg_be_exhandler;
+ break;
/* preoperation plugin functions */
case SLAPI_PLUGIN_PRE_BIND_FN:
@@ -2353,24 +2363,34 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value )
/* extendedop plugin functions */
case SLAPI_PLUGIN_EXT_OP_FN:
- if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) {
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP &&
+ pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) {
return( -1 );
}
pblock->pb_plugin->plg_exhandler = (IFP) value;
break;
case SLAPI_PLUGIN_EXT_OP_OIDLIST:
- if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) {
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP &&
+ pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) {
return( -1 );
}
pblock->pb_plugin->plg_exoids = (char **) value;
ldapi_register_extended_op( (char **)value );
break;
case SLAPI_PLUGIN_EXT_OP_NAMELIST:
- if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP ) {
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP &&
+ pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) {
return( -1 );
}
pblock->pb_plugin->plg_exnames = (char **) value;
break;
+ case SLAPI_PLUGIN_EXT_OP_BACKEND_FN:
+ if ( pblock->pb_plugin->plg_type != SLAPI_PLUGIN_EXTENDEDOP &&
+ pblock->pb_plugin->plg_type != SLAPI_PLUGIN_BETXNEXTENDEDOP ) {
+ return( -1 );
+ }
+ pblock->pb_plugin->plg_be_exhandler = (IFP) value;
+ break;
/* preoperation plugin functions */
case SLAPI_PLUGIN_PRE_BIND_FN:
diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c
index ddf2631..96169e6 100644
--- a/ldap/servers/slapd/plugin.c
+++ b/ldap/servers/slapd/plugin.c
@@ -485,44 +485,54 @@ plugin_call_entryfetch_plugins(char **entrystr, uint *size)
* returned by the plugins we called).
*/
int
-plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid )
+plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid, int whichtype )
{
- struct slapdplugin *p;
- int i, rc;
- int lderr = SLAPI_PLUGIN_EXTENDED_NOT_HANDLED;
-
- for ( p = global_plugin_list[PLUGIN_LIST_EXTENDED_OPERATION]; p != NULL; p = p->plg_next ) {
- if ( p->plg_exhandler != NULL ) {
- if ( p->plg_exoids != NULL ) {
- for ( i = 0; p->plg_exoids[i] != NULL; i++ ) {
- if ( strcasecmp( oid, p->plg_exoids[i] )
- == 0 ) {
- break;
- }
- }
- if ( p->plg_exoids[i] == NULL ) {
- continue;
- }
- }
+ struct slapdplugin *p;
+ int i, rc;
+ int list_type;
+ int lderr = SLAPI_PLUGIN_EXTENDED_NOT_HANDLED;
+
+ if (whichtype == SLAPI_PLUGIN_EXTENDEDOP) {
+ list_type = PLUGIN_LIST_EXTENDED_OPERATION;
+ } else if (whichtype == SLAPI_PLUGIN_BETXNEXTENDEDOP) {
+ list_type = PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION;
+ } else {
+ slapi_log_error(SLAPI_LOG_FATAL, NULL, "plugin_call_exop_plugins unknown plugin list type %d\n", whichtype);
+ return( lderr );
+ }
- slapi_pblock_set( pb, SLAPI_PLUGIN, p );
- set_db_default_result_handlers( pb );
- if ( (rc = (*p->plg_exhandler)( pb ))
- == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
- return( rc ); /* result sent */
- } else if ( rc != SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
- /*
- * simple merge: report last real error
- */
- if ( lderr == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED
- || rc != LDAP_SUCCESS ) {
- lderr = rc;
- }
- }
- }
- }
+ for ( p = global_plugin_list[list_type]; p != NULL; p = p->plg_next ) {
+ if ( p->plg_exhandler != NULL && p->plg_type == whichtype ) {
+ if ( p->plg_exoids != NULL ) {
+ for ( i = 0; p->plg_exoids[i] != NULL; i++ ) {
+ if ( strcasecmp( oid, p->plg_exoids[i] )
+ == 0 ) {
+ break;
+ }
+ }
+ if ( p->plg_exoids[i] == NULL ) {
+ continue;
+ }
+ }
+
+ slapi_pblock_set( pb, SLAPI_PLUGIN, p );
+ set_db_default_result_handlers( pb );
+ if ( (rc = (*p->plg_exhandler)( pb ))
+ == SLAPI_PLUGIN_EXTENDED_SENT_RESULT ) {
+ return( rc ); /* result sent */
+ } else if ( rc != SLAPI_PLUGIN_EXTENDED_NOT_HANDLED ) {
+ /*
+ * simple merge: report last real error
+ */
+ if ( lderr == SLAPI_PLUGIN_EXTENDED_NOT_HANDLED
+ || rc != LDAP_SUCCESS ) {
+ lderr = rc;
+ }
+ }
+ }
+ }
- return( lderr );
+ return( lderr );
}
@@ -539,36 +549,77 @@ plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid )
const char *
plugin_extended_op_oid2string( const char *oid )
{
- struct slapdplugin *p;
- int i, j;
- const char *rval = NULL;
-
- for ( p = global_plugin_list[PLUGIN_LIST_EXTENDED_OPERATION]; p != NULL;
- p = p->plg_next ) {
- if ( p->plg_exhandler != NULL && p->plg_exoids != NULL ) {
- for ( i = 0; p->plg_exoids[i] != NULL; i++ ) {
- if ( strcasecmp( oid, p->plg_exoids[i] ) == 0 ) {
- if ( NULL != p->plg_exnames ) {
- for ( j = 0; j < i && p->plg_exnames[j] != NULL; ++j ) {
- ;
- }
- rval = p->plg_exnames[j]; /* OID-related name */
- }
+ struct slapdplugin *p;
+ int i, j, l, list_type;
+ const char *rval = NULL;
+ int list_types[] = {PLUGIN_LIST_EXTENDED_OPERATION, PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION};
+
+ /* I feel there may be a better way to achieve this, but it works. */
+ for ( l = 0; l < 2; ++l ) {
+ list_type = list_types[l];
+ for ( p = global_plugin_list[list_type]; p != NULL; p = p->plg_next ) {
+ if ( p->plg_exhandler != NULL && p->plg_exoids != NULL ) {
+ for ( i = 0; p->plg_exoids[i] != NULL; i++ ) {
+ if ( strcasecmp( oid, p->plg_exoids[i] ) == 0 ) {
+ if ( NULL != p->plg_exnames ) {
+ for ( j = 0; j < i && p->plg_exnames[j] != NULL; ++j ) {
+ ;
+ }
+ rval = p->plg_exnames[j]; /* OID-related name */
+ }
+
+ if ( NULL == rval ) {
+ if ( NULL != p->plg_desc.spd_id ) {
+ rval = p->plg_desc.spd_id; /* short name */
+ } else {
+ rval = p->plg_name; /* RDN */
+ }
+ }
+ break;
+ }
+ } /* for */
+ } /* If */
+ } /* for p in global_plugin list */
+ } /* list type */
- if ( NULL == rval ) {
- if ( NULL != p->plg_desc.spd_id ) {
- rval = p->plg_desc.spd_id; /* short name */
- } else {
- rval = p->plg_name; /* RDN */
- }
- }
- break;
- }
- }
- }
- }
+ return( rval );
+}
+
+
+Slapi_Backend *
+plugin_extended_op_getbackend( Slapi_PBlock *pb, char *oid )
+{
+ struct slapdplugin *p;
+ int i;
+ int rc;
+ /* This could be an error type, but for now we expect the caller to check
+ * that it's not null
+ */
+ Slapi_Backend *result = NULL;
+
+ for ( p = global_plugin_list[PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION]; p != NULL; p = p->plg_next ) {
+ if ( p->plg_be_exhandler != NULL && p->plg_type == SLAPI_PLUGIN_BETXNEXTENDEDOP ) {
+ if ( p->plg_exoids != NULL ) {
+ for ( i = 0; p->plg_exoids[i] != NULL; i++ ) {
+ if ( strcasecmp( oid, p->plg_exoids[i] ) == 0 ) {
+ break;
+ }
+ }
+ if ( p->plg_exoids[i] == NULL ) {
+ continue;
+ }
+ }
+
+ rc = (*p->plg_be_exhandler)( pb, &result );
+ if (rc != LDAP_SUCCESS) {
+ /* Do we need to do anything? Or it is the parents job? */
+ result = NULL;
+ }
+ break;
+ }
+ }
- return( rval );
+ return( result );
}
static int
@@ -2264,6 +2315,9 @@ plugin_get_type_and_list(
} else if ( strcasecmp( plugintype, "index" ) == 0 ) {
*type = SLAPI_PLUGIN_INDEX;
plugin_list_index= PLUGIN_LIST_INDEX;
+ } else if ( strcasecmp( plugintype, "betxnextendedop" ) == 0 ) {
+ *type = SLAPI_PLUGIN_BETXNEXTENDEDOP;
+ plugin_list_index= PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION;
} else {
return( 1 ); /* unknown plugin type - pass to backend */
}
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index ff5a7fd..e9b4618 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -877,7 +877,8 @@ void global_plugin_init();
int plugin_call_plugins( Slapi_PBlock *, int );
int plugin_setup(Slapi_Entry *plugin_entry, struct slapi_componentid *group,
slapi_plugin_init_fnptr initfunc, int add_to_dit, char *returntext);
-int plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid );
+int plugin_call_exop_plugins( Slapi_PBlock *pb, char *oid, int whichtype );
+Slapi_Backend * plugin_extended_op_getbackend( Slapi_PBlock *pb, char *oid);
const char *plugin_extended_op_oid2string( const char *oid );
void plugin_closeall(int close_backends, int close_globals);
void plugin_startall(int argc, char **argv, char **plugin_list);
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 4d392b0..57bed0e 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -681,22 +681,23 @@ struct matchingRuleList {
#define PLUGIN_LIST_INTERNAL_PREOPERATION 5
#define PLUGIN_LIST_INTERNAL_POSTOPERATION 6
#define PLUGIN_LIST_EXTENDED_OPERATION 7
-#define PLUGIN_LIST_BACKEND_MAX 8
+#define PLUGIN_LIST_BE_TXN_EXTENDED_OPERATION 8
+#define PLUGIN_LIST_BACKEND_MAX 9
/* Global Plugins */
-#define PLUGIN_LIST_ACL 9
-#define PLUGIN_LIST_MATCHINGRULE 10
-#define PLUGIN_LIST_SYNTAX 11
-#define PLUGIN_LIST_ENTRY 12
-#define PLUGIN_LIST_OBJECT 13
-#define PLUGIN_LIST_PWD_STORAGE_SCHEME 14
-#define PLUGIN_LIST_VATTR_SP 15 /* DBDB */
-#define PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME 16
-#define PLUGIN_LIST_LDBM_ENTRY_FETCH_STORE 17
-#define PLUGIN_LIST_INDEX 18
-#define PLUGIN_LIST_BETXNPREOPERATION 19
-#define PLUGIN_LIST_BETXNPOSTOPERATION 20
-#define PLUGIN_LIST_GLOBAL_MAX 21
+#define PLUGIN_LIST_ACL 10
+#define PLUGIN_LIST_MATCHINGRULE 11
+#define PLUGIN_LIST_SYNTAX 12
+#define PLUGIN_LIST_ENTRY 13
+#define PLUGIN_LIST_OBJECT 14
+#define PLUGIN_LIST_PWD_STORAGE_SCHEME 15
+#define PLUGIN_LIST_VATTR_SP 16 /* DBDB */
+#define PLUGIN_LIST_REVER_PWD_STORAGE_SCHEME 17
+#define PLUGIN_LIST_LDBM_ENTRY_FETCH_STORE 18
+#define PLUGIN_LIST_INDEX 19
+#define PLUGIN_LIST_BETXNPREOPERATION 20
+#define PLUGIN_LIST_BETXNPOSTOPERATION 21
+#define PLUGIN_LIST_GLOBAL_MAX 22
/* plugin configuration attributes */
#define ATTR_PLUGIN_PATH "nsslapd-pluginPath"
@@ -900,10 +901,12 @@ struct slapdplugin {
char **plg_un_pe_exoids; /* exop oids */
char **plg_un_pe_exnames; /* exop names (may be NULL) */
IFP plg_un_pe_exhandler; /* handler */
+ IFP plg_un_pe_be_exhandler; /* handler to retrieve the be name for the operation */
} plg_un_pe;
#define plg_exoids plg_un.plg_un_pe.plg_un_pe_exoids
#define plg_exnames plg_un.plg_un_pe.plg_un_pe_exnames
#define plg_exhandler plg_un.plg_un_pe.plg_un_pe_exhandler
+#define plg_be_exhandler plg_un.plg_un_pe.plg_un_pe_be_exhandler
/* pre-operation plugin structure */
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index bf4e8c2..0dd10d9 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -6745,6 +6745,7 @@ time_t slapi_current_time( void );
#define SLAPI_PLUGIN_INDEX 18
#define SLAPI_PLUGIN_BETXNPREOPERATION 19
#define SLAPI_PLUGIN_BETXNPOSTOPERATION 20
+#define SLAPI_PLUGIN_BETXNEXTENDEDOP 21
/*
* special return values for extended operation plugins (zero or positive
@@ -6752,6 +6753,7 @@ time_t slapi_current_time( void );
*/
#define SLAPI_PLUGIN_EXTENDED_SENT_RESULT -1
#define SLAPI_PLUGIN_EXTENDED_NOT_HANDLED -2
+#define SLAPI_PLUGIN_EXTENDED_NO_BACKEND_AVAILABLE -3
/*
* Return values of plugins:
@@ -6876,6 +6878,7 @@ typedef struct slapi_plugindesc {
#define SLAPI_PLUGIN_EXT_OP_FN 300
#define SLAPI_PLUGIN_EXT_OP_OIDLIST 301
#define SLAPI_PLUGIN_EXT_OP_NAMELIST 302
+#define SLAPI_PLUGIN_EXT_OP_BACKEND_FN 1948
/* preoperation plugin functions */
#define SLAPI_PLUGIN_PRE_BIND_FN 401
commit ecaebe9c8f8755b9493fcbe67621620b3870589a
Author: William Brown <firstyear(a)redhat.com>
Date: Mon Apr 4 13:19:42 2016 +1000
Ticket 48710 - auto-dn-suffix unrecognized option
Bug Description: Configure would output the following error:
configure: WARNING: unrecognized options: --enable-auto-dn-suffix
However, the option was set correctly.
Fix Description: The option was being registered with the name "autobind" so
it was not correctly being check in autotools.
https://fedorahosted.org/389/ticket/48710
Author: wibrown
Contributors: Wes <wes(a)sol1.com.au> (Thanks for finding the mistake!)
Review by: nhosoi (Thanks!)
diff --git a/configure b/configure
index 6a03247..ecdc5ee 100755
--- a/configure
+++ b/configure
@@ -921,6 +921,7 @@ enable_pam_passthru
enable_dna
enable_ldapi
enable_autobind
+enable_auto_dn_suffix
enable_bitwise
enable_presence
enable_acctpolicy
@@ -17907,9 +17908,9 @@ if test -z "$enable_auto_dn_suffix" ; then
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --enable-auto-dn-suffix" >&5
$as_echo_n "checking for --enable-auto-dn-suffix... " >&6; }
-# Check whether --enable-autobind was given.
-if test "${enable_autobind+set}" = set; then :
- enableval=$enable_autobind;
+# Check whether --enable-auto-dn-suffix was given.
+if test "${enable_auto_dn_suffix+set}" = set; then :
+ enableval=$enable_auto_dn_suffix;
fi
if test "$enable_ldapi" = yes -a "$enable_autobind" = yes -a "$enable_auto_dn_suffix" = "yes"; then
diff --git a/configure.ac b/configure.ac
index c520022..4be4613 100644
--- a/configure.ac
+++ b/configure.ac
@@ -185,7 +185,7 @@ if test -z "$enable_auto_dn_suffix" ; then
enable_auto_dn_suffix=no # if not set on cmdline, set default
fi
AC_MSG_CHECKING(for --enable-auto-dn-suffix)
-AC_ARG_ENABLE(autobind,
+AC_ARG_ENABLE(auto-dn-suffix,
AS_HELP_STRING([--enable-auto-dn-suffix],
[enable auto bind with auto dn suffix over unix domain socket (LDAPI) support (default: no)]))
if test "$enable_ldapi" = yes -a "$enable_autobind" = yes -a "$enable_auto_dn_suffix" = "yes"; then
8 years
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/ssl.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
New commits:
commit 9b3c2736db71842cfd479530c1172d3df559815d
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Apr 1 11:13:15 2016 -0700
Ticket #48775 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged.
Description: The config entry cn=encryption,cn=config takes old and new
formats to specify SSL versions.
* old format:
nsSSL3: on|off
nsTLS1: on|off
* new format:
sslVersionMin: <min value, e.g., TLS1.0>
sslVersionMax: <max value, e.g., TLS1.3>
To enable SSLv3, both nsSSL3 needs to be on and sslVersionMin needs to
set to SSL3. But the current code logs the following warning if nsSSL3
is on, even if sslVersionMin is set to higher than SSL3:
Found unsecured configuration: nsSSL3: on; We strongly recommend to
disable nsSSL3 in cn=encryption,cn=config.
Instead, this patch changes the behaviour to log the warning only when
nsSSL3 is on and sslVersionMin is set to lower than or equal to SSL3:
Min value is too low in range: min: SSL3, max: TLS##;
We strongly recommend to set sslVersionMin higher than TLS1.0.
https://fedorahosted.org/389/ticket/48775
Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 6a23f80..9c98f7d 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -893,8 +893,6 @@ restrict_SSLVersionRange(void)
slapdNSSVersions.max = enabledNSSVersions.max;
}
if (enableSSL3) {
- slapd_SSL_warn("Found unsecure configuration: nsSSL3: on; "
- "We strongly recommend to disable nsSSL3 in %s.", configDN);
if (enableTLS1) {
if (slapdNSSVersions.min >= CURRENT_DEFAULT_SSL_VERSION) {
slapd_SSL_warn("Configured range: min: %s, max: %s; "
@@ -902,6 +900,10 @@ restrict_SSLVersionRange(void)
"Respect the supported range.",
mymin, mymax);
enableSSL3 = PR_FALSE;
+ } else {
+ slapd_SSL_warn("Min value is too low in range: min: %s, max: %s; "
+ "We strongly recommend to set sslVersionMin higher than %s.",
+ mymin, mymax, DEFVERSION);
}
if (slapdNSSVersions.max < CURRENT_DEFAULT_SSL_VERSION) {
slapd_SSL_warn("Configured range: min: %s, max: %s; "
@@ -928,7 +930,7 @@ restrict_SSLVersionRange(void)
enableSSL3 = PR_FALSE;
enableTLS1 = PR_TRUE;
} else if (slapdNSSVersions.min < CURRENT_DEFAULT_SSL_VERSION) {
- slapd_SSL_warn("Too low configured range: min: %s, max: %s; "
+ slapd_SSL_warn("Min value is too low in range: min: %s, max: %s; "
"We strongly recommend to set sslVersionMin higher than %s.",
mymin, mymax, DEFVERSION);
} else {
8 years