ldap/servers
by Mark Reynolds
ldap/servers/plugins/collation/collate.c | 14 +++----
ldap/servers/plugins/collation/orfilter.c | 55 +++++++++++++++++-------------
ldap/servers/slapd/back-ldbm/sort.c | 12 ++----
3 files changed, 43 insertions(+), 38 deletions(-)
New commits:
commit 43997fa8782ca93e20595ae10e303d85e5b765f4
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Tue Aug 30 10:32:45 2016 -0400
Ticket 48970 - Serverside sorting crashes the server
Bug Description: When using a matching rule and server side sorting
the server does a double-free on the matching rule
keys which crashes the server.
Fix Description: Set the pblock pointer to NULL after the keys are
freed. This prevents the double free.
Also fixed some complier warnings/indentation.
Valgrind: passed
https://fedorahosted.org/389/ticket/48970
Reviewed by: nhosoi(Thanks!)
diff --git a/ldap/servers/plugins/collation/collate.c b/ldap/servers/plugins/collation/collate.c
index 0480280..483a132 100644
--- a/ldap/servers/plugins/collation/collate.c
+++ b/ldap/servers/plugins/collation/collate.c
@@ -347,23 +347,23 @@ collation_index (indexer_t* ix, struct berval** bvec, struct berval** prefixes)
return keys;
}
+/* The destructor function for a collation-based indexer. */
static void
collation_indexer_destroy (indexer_t* ix)
- /* The destructor function for a collation-based indexer. */
{
collation_indexer_t* etc = (collation_indexer_t*) ix->ix_etc;
if (etc->converter) {
- ucnv_close(etc->converter);
- etc->converter = NULL;
+ ucnv_close(etc->converter);
+ etc->converter = NULL;
}
if (etc->collator) {
- ucol_close(etc->collator);
- etc->collator = NULL;
+ ucol_close(etc->collator);
+ etc->collator = NULL;
}
if (etc->ix_keys != NULL) {
- ber_bvecfree (etc->ix_keys);
- etc->ix_keys = NULL;
+ ber_bvecfree (etc->ix_keys);
+ etc->ix_keys = NULL;
}
slapi_ch_free((void**)&ix->ix_etc);
ix->ix_etc = NULL; /* just for hygiene */
diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c
index 8dc4246..084fdf6 100644
--- a/ldap/servers/plugins/collation/orfilter.c
+++ b/ldap/servers/plugins/collation/orfilter.c
@@ -34,7 +34,7 @@ static void
indexer_free (indexer_t* ix)
{
if (ix->ix_destroy != NULL) {
- ix->ix_destroy (ix);
+ ix->ix_destroy (ix);
}
slapi_ch_free((void**)&ix);
}
@@ -221,23 +221,28 @@ op_filter_match (or_filter_t* or, struct berval** vals)
auto indexer_t* ix = or->or_indexer;
auto struct berval** v = ix->ix_index (ix, vals, NULL);
if (v != NULL) for (; *v; ++v) {
- auto struct berval** k = or->or_match_keys;
- if (k != NULL) for (; *k; ++k) {
- switch (or->or_op) {
- case SLAPI_OP_LESS:
- if (slapi_berval_cmp (*v, *k) < 0) return 0; break;
- case SLAPI_OP_LESS_OR_EQUAL:
- if (slapi_berval_cmp (*v, *k) <= 0) return 0; break;
- case SLAPI_OP_EQUAL:
- if (SLAPI_BERVAL_EQ (*v, *k)) return 0; break;
- case SLAPI_OP_GREATER_OR_EQUAL:
- if (slapi_berval_cmp (*v, *k) >= 0) return 0; break;
- case SLAPI_OP_GREATER:
- if (slapi_berval_cmp (*v, *k) > 0) return 0; break;
- default:
- break;
- }
- }
+ auto struct berval** k = or->or_match_keys;
+ if (k != NULL) for (; *k; ++k) {
+ switch (or->or_op) {
+ case SLAPI_OP_LESS:
+ if (slapi_berval_cmp (*v, *k) < 0) return 0;
+ break;
+ case SLAPI_OP_LESS_OR_EQUAL:
+ if (slapi_berval_cmp (*v, *k) <= 0) return 0;
+ break;
+ case SLAPI_OP_EQUAL:
+ if (SLAPI_BERVAL_EQ (*v, *k)) return 0;
+ break;
+ case SLAPI_OP_GREATER_OR_EQUAL:
+ if (slapi_berval_cmp (*v, *k) >= 0) return 0;
+ break;
+ case SLAPI_OP_GREATER:
+ if (slapi_berval_cmp (*v, *k) > 0) return 0;
+ break;
+ default:
+ break;
+ }
+ }
}
return -1;
}
@@ -570,7 +575,9 @@ op_indexer_destroy (Slapi_PBlock* pb)
auto indexer_t* ix = op_indexer_get (pb);
LDAPDebug (LDAP_DEBUG_FILTER, "op_indexer_destroy(%p)\n", (void*)ix, 0, 0);
if (ix != NULL) {
- indexer_free (ix);
+ indexer_free (ix);
+ /* The keys were freed, but we need to reset the pblock pointer */
+ slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL);
}
return 0;
}
@@ -623,10 +630,10 @@ typedef struct ss_indexer_t {
static void
ss_indexer_free (ss_indexer_t* ss)
{
- slapi_ch_free((void**)&ss->ss_oid);
+ slapi_ch_free_string(&ss->ss_oid);
if (ss->ss_indexer != NULL) {
- indexer_free (ss->ss_indexer);
- ss->ss_indexer = NULL;
+ indexer_free (ss->ss_indexer);
+ ss->ss_indexer = NULL;
}
slapi_ch_free((void**)&ss);
}
@@ -647,7 +654,9 @@ ss_indexer_destroy (Slapi_PBlock* pb)
auto ss_indexer_t* ss = ss_indexer_get (pb);
LDAPDebug (LDAP_DEBUG_FILTER, "ss_indexer_destroy(%p)\n", (void*)ss, 0, 0);
if (ss) {
- ss_indexer_free (ss);
+ ss_indexer_free(ss);
+ /* The keys were freed, but we need to reset the pblock pointer */
+ slapi_pblock_set(pb, SLAPI_PLUGIN_MR_KEYS, NULL);
}
}
diff --git a/ldap/servers/slapd/back-ldbm/sort.c b/ldap/servers/slapd/back-ldbm/sort.c
index 69fe659..46f2dbd 100644
--- a/ldap/servers/slapd/back-ldbm/sort.c
+++ b/ldap/servers/slapd/back-ldbm/sort.c
@@ -32,15 +32,11 @@ static int print_out_sort_spec(char* buffer,sort_spec *s,int *size);
static void sort_spec_thing_free(sort_spec_thing *s)
{
- if (NULL != s->type) {
- slapi_ch_free((void **)&s->type);
- }
- if (NULL != s->matchrule) {
- slapi_ch_free( (void**)&s->matchrule);
- }
+ slapi_ch_free_string(&s->type);
+ slapi_ch_free_string(&s->matchrule);
if (NULL != s->mr_pb) {
destroy_matchrule_indexer(s->mr_pb);
- slapi_pblock_destroy (s->mr_pb);
+ slapi_pblock_destroy (s->mr_pb);
}
attr_done(&s->sattr);
slapi_ch_free( (void**)&s);
@@ -116,7 +112,7 @@ void sort_log_access(Slapi_PBlock *pb,sort_spec_thing *s,IDList *candidates)
/* Now output it */
ldbm_log_access_message(pb,buffer);
if (buffer != stack_buffer) {
- slapi_ch_free( (void**)&buffer);
+ slapi_ch_free_string(&buffer);
}
}
7 years, 8 months
Branch '389-ds-base-1.3.4' - ldap/servers
by Mark Reynolds
ldap/servers/slapd/daemon.c | 69 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 68 insertions(+), 1 deletion(-)
New commits:
commit 19c4638f689e88ebc1eaec030039d2a4521aa7c4
Author: Ludwig Krispenz <lkrispen(a)redhat.com>
Date: Mon Aug 1 10:47:31 2016 +0200
Ticket 48882 - server can hang in connection list processing
Bug Description: if a thread holding the connection monitor
is stuck in polling and the client doesn't
respond, the main thread can be blocked on
this connection when iterating the connection
table.
Fix Description: Implement a test and enter function for the connection
monitor, so the main thread will never wait for a
connection monitor already owned by an other thread
https://fedorahosted.org/389/ticket/48882
Reviewed by: Noriko, Thanks
(cherry picked from commit 7110db91e75f392f1c83643d9aa88895992d9c01)
diff --git a/ldap/servers/slapd/daemon.c b/ldap/servers/slapd/daemon.c
index 20993d4..75904fa 100644
--- a/ldap/servers/slapd/daemon.c
+++ b/ldap/servers/slapd/daemon.c
@@ -164,6 +164,67 @@ static void unfurl_banners(Connection_Table *ct,daemon_ports_t *ports, PRFileDes
static int write_pid_file();
static int init_shutdown_detect();
+/*
+ * NSPR has different implementations for PRMonitor, depending
+ * on the availble threading model
+ * The PR_TestAndEnterMonitor is not available for pthreads
+ * so this is a implementation based on the code in
+ * prmon.c adapted to resemble the implementation in ptsynch.c
+ *
+ * The function needs access to the elements of the PRMonitor struct.
+ * Therfor the pthread variant of PRMonitor is copied here.
+ */
+typedef struct MY_PRMonitor {
+ const char* name;
+ pthread_mutex_t lock;
+ pthread_t owner;
+ pthread_cond_t entryCV;
+ pthread_cond_t waitCV;
+ PRInt32 refCount;
+ PRUint32 entryCount;
+ PRIntn notifyTimes;
+} MY_PRMonitor;
+
+static PRBool MY_TestAndEnterMonitor(MY_PRMonitor *mon)
+{
+ pthread_t self = pthread_self();
+ PRStatus rv;
+ PRBool rc = PR_FALSE;
+
+ PR_ASSERT(mon != NULL);
+ rv = pthread_mutex_lock(&mon->lock);
+ if (rv != 0) {
+ slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor",
+ "Failed to acquire monitor mutex, error (%d)\n", rv);
+ return rc;
+ }
+ if (mon->entryCount != 0) {
+ if (pthread_equal(mon->owner, self))
+ goto done;
+ rv = pthread_mutex_unlock(&mon->lock);
+ if (rv != 0) {
+ slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor",
+ "Failed to release monitor mutex, error (%d)\n", rv);
+ }
+ return PR_FALSE;
+ }
+ /* and now I have the monitor */
+ PR_ASSERT(mon->notifyTimes == 0);
+ PR_ASSERT((mon->owner) == 0);
+ mon->owner = self;
+
+done:
+ mon->entryCount += 1;
+ rv = pthread_mutex_unlock(&mon->lock);
+ if (rv == PR_SUCCESS) {
+ rc = PR_TRUE;
+ } else {
+ slapi_log_error(SLAPI_LOG_FATAL ,"TestAndEnterMonitor",
+ "Failed to release monitor mutex, error (%d)\n", rv);
+ rc = PR_FALSE;
+ }
+ return rc;
+}
/* Globals which are used to store the sockets between
* calls to daemon_pre_setuid_init() and the daemon thread
* creation. */
@@ -1528,7 +1589,13 @@ setup_pr_read_pds(Connection_Table *ct, PRFileDesc **n_tcps, PRFileDesc **s_tcps
}
else
{
- PR_EnterMonitor(c->c_mutex);
+ /* we try to acquire the connection mutex, if it is already
+ * acquired by another thread, don't wait
+ */
+ if (PR_FALSE == MY_TestAndEnterMonitor((MY_PRMonitor *)c->c_mutex)) {
+ c = next;
+ continue;
+ }
if (c->c_flags & CONN_FLAG_CLOSING)
{
/* A worker thread has marked that this connection
7 years, 8 months
Branch '389-ds-base-1.3.3' - ldap/servers
by Mark Reynolds
ldap/servers/slapd/add.c | 15 -------
ldap/servers/slapd/libglobs.c | 14 ------
ldap/servers/slapd/proto-slap.h | 3 -
ldap/servers/slapd/pw.c | 81 ----------------------------------------
ldap/servers/slapd/pw_mgmt.c | 9 ----
5 files changed, 1 insertion(+), 121 deletions(-)
New commits:
commit 4108fbd10b85d1672ec25d14eb635ef68a51b337
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Aug 26 18:51:42 2016 -0400
Ticket 48972 - remove old pwp code that adds/removes ACIs
Bug Description: Old legacy code is still present in the DS that used
to enforce the password policy "user may change password"
using ACIs. This old code would re-add the ACI for
selfwrite on userpassword at server startup.
Fix Description: The current password policy does not depend on these access
access control rules to enforce if a user can change their
password or not.
https://fedorahosted.org/389/ticket/48972
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 32881be120f14b952de67a0d533ad94ba0956093)
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index 8f72e28..ba9bbd5 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -675,21 +675,6 @@ static void op_shared_add (Slapi_PBlock *pb)
}
slapi_pblock_set(pb, SLAPI_BACKEND, be);
- /* we set local password policy ACI for non-replicated operations only */
- if (!repl_op &&
- !operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP) &&
- !operation_is_flag_set(operation, OP_FLAG_LEGACY_REPLICATION_DN) &&
- !slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA) &&
- !slapi_be_private(be) &&
- slapi_be_issuffix (be, slapi_entry_get_sdn_const(e)))
- {
- /* this is a suffix. update the pw aci */
- slapdFrontendConfig_t *slapdFrontendConfig;
- slapdFrontendConfig = getFrontendConfig();
- pw_add_allowchange_aci(e, !slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
- }
-
if (!repl_op)
{
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index d03d39b..bb1ec7d 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -2487,13 +2487,6 @@ config_set_pw_change( const char *attrname, char *value, char *errorbuf, int app
errorbuf,
apply);
- if (retVal == LDAP_SUCCESS) {
- /* LP: Update ACI to reflect the value ! */
- if (apply)
- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
- }
-
return retVal;
}
@@ -2525,13 +2518,6 @@ config_set_pw_must_change( const char *attrname, char *value, char *errorbuf, in
errorbuf,
apply);
- if (retVal == LDAP_SUCCESS) {
- /* LP: Update ACI to reflect the value ! */
- if (apply)
- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
- }
-
return retVal;
}
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 3d0b3c1..1f5b288 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -950,9 +950,6 @@ void get_old_pw( Slapi_PBlock *pb, const Slapi_DN *sdn, char **old_pw);
int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only /*no wire/no pw policy*/);
int check_pw_minage( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) ;
void add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e );
-void mod_allowchange_aci(char *val);
-void pw_mod_allowchange_aci(int pw_prohibit_change);
-void pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change);
/*
* pw_retry.c
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index f16ac98..8232c60 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1372,69 +1372,6 @@ slapi_add_pwd_control ( Slapi_PBlock *pb, char *arg, long time) {
}
void
-pw_mod_allowchange_aci(int pw_prohibit_change)
-{
- const Slapi_DN *base;
- char *values_mod[2];
- LDAPMod mod;
- LDAPMod *mods[2];
- Slapi_Backend *be;
- char *cookie = NULL;
-
- mods[0] = &mod;
- mods[1] = NULL;
- mod.mod_type = "aci";
- mod.mod_values = values_mod;
-
- if (pw_prohibit_change) {
- mod.mod_op = LDAP_MOD_ADD;
- }
- else
- {
- /* Allow change password by default */
- /* remove the aci if it is there. it is ok to fail */
- mod.mod_op = LDAP_MOD_DELETE;
- }
-
- be = slapi_get_first_backend (&cookie);
- /* Foreach backend... */
- while (be)
- {
- /* Don't add aci on a chaining backend holding remote entries */
- if((!be->be_private) && (!slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA)))
- {
- /* There's only One suffix per DB now. No need to loop */
- base = slapi_be_getsuffix(be, 0);
- if (base != NULL)
- {
- Slapi_PBlock pb;
- int rc;
-
- pblock_init (&pb);
- values_mod[0] = DENY_PW_CHANGE_ACI;
- values_mod[1] = NULL;
- slapi_modify_internal_set_pb_ext(&pb, base, mods, NULL, NULL,
- pw_get_componentID(), 0);
- slapi_modify_internal_pb(&pb);
- slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
- if (rc == LDAP_SUCCESS){
- /*
- ** Since we modified the acl
- ** successfully, let's update the
- ** in-memory acl list
- */
- slapi_pblock_set(&pb, SLAPI_TARGET_SDN, (void *)base);
- plugin_call_acl_mods_update (&pb, LDAP_REQ_MODIFY );
- }
- pblock_done(&pb);
- }
- }
- be = slapi_get_next_backend (cookie);
- }
- slapi_ch_free((void **) &cookie);
-}
-
-void
add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e )
{
struct berval bv;
@@ -1601,24 +1538,6 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char
return ( 0 );
}
-
-void
-pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change) {
- char *aci_pw = NULL;
- const char *aciattr = "aci";
-
- aci_pw = slapi_ch_strdup(DENY_PW_CHANGE_ACI);
-
- if (pw_prohibit_change) {
- /* Add ACI */
- slapi_entry_add_string(e, aciattr, aci_pw);
- } else {
- /* Remove ACI */
- slapi_entry_delete_string(e, aciattr, aci_pw);
- }
- slapi_ch_free((void **) &aci_pw);
-}
-
int
pw_is_pwp_admin(Slapi_PBlock *pb, passwdPolicy *pwp){
Slapi_DN *bind_sdn = NULL;
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index 5a0ecb2..3072cc0 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -295,13 +295,8 @@ skip:
void
pw_init ( void )
{
- slapdFrontendConfig_t *slapdFrontendConfig;
-
pw_set_componentID(generate_componentid(NULL, COMPONENT_PWPOLICY));
-
- slapdFrontendConfig = getFrontendConfig();
- pw_mod_allowchange_aci (!slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
+
#if defined(USE_OLD_UNHASHED)
slapi_add_internal_attr_syntax( PSEUDO_ATTR_UNHASHEDUSERPASSWORD,
PSEUDO_ATTR_UNHASHEDUSERPASSWORD_OID,
@@ -312,5 +307,3 @@ pw_init ( void )
SLAPI_ATTR_FLAG_NOEXPOSE);
#endif
}
-
-
7 years, 8 months
Branch '389-ds-base-1.3.4' - ldap/servers
by Mark Reynolds
ldap/servers/slapd/add.c | 15 -------
ldap/servers/slapd/libglobs.c | 14 ------
ldap/servers/slapd/proto-slap.h | 3 -
ldap/servers/slapd/pw.c | 81 ----------------------------------------
ldap/servers/slapd/pw_mgmt.c | 9 ----
5 files changed, 1 insertion(+), 121 deletions(-)
New commits:
commit f823ea048f5fbb59f76b79854ab4eb58be015736
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Aug 26 18:51:42 2016 -0400
Ticket 48972 - remove old pwp code that adds/removes ACIs
Bug Description: Old legacy code is still present in the DS that used
to enforce the password policy "user may change password"
using ACIs. This old code would re-add the ACI for
selfwrite on userpassword at server startup.
Fix Description: The current password policy does not depend on these access
access control rules to enforce if a user can change their
password or not.
https://fedorahosted.org/389/ticket/48972
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 32881be120f14b952de67a0d533ad94ba0956093)
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index 31012a2..6b9378c 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -643,21 +643,6 @@ static void op_shared_add (Slapi_PBlock *pb)
}
slapi_pblock_set(pb, SLAPI_BACKEND, be);
- /* we set local password policy ACI for non-replicated operations only */
- if (!repl_op &&
- !operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP) &&
- !operation_is_flag_set(operation, OP_FLAG_LEGACY_REPLICATION_DN) &&
- !slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA) &&
- !slapi_be_private(be) &&
- slapi_be_issuffix (be, slapi_entry_get_sdn_const(e)))
- {
- /* this is a suffix. update the pw aci */
- slapdFrontendConfig_t *slapdFrontendConfig;
- slapdFrontendConfig = getFrontendConfig();
- pw_add_allowchange_aci(e, !slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
- }
-
if (!repl_op)
{
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index d58e4c2..f433dd5 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -2451,13 +2451,6 @@ config_set_pw_change( const char *attrname, char *value, char *errorbuf, int app
errorbuf,
apply);
- if (retVal == LDAP_SUCCESS) {
- /* LP: Update ACI to reflect the value ! */
- if (apply)
- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
- }
-
return retVal;
}
@@ -2489,13 +2482,6 @@ config_set_pw_must_change( const char *attrname, char *value, char *errorbuf, in
errorbuf,
apply);
- if (retVal == LDAP_SUCCESS) {
- /* LP: Update ACI to reflect the value ! */
- if (apply)
- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
- }
-
return retVal;
}
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index b74c3c5..8fa8a9b 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -919,9 +919,6 @@ void get_old_pw( Slapi_PBlock *pb, const Slapi_DN *sdn, char **old_pw);
int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only /*no wire/no pw policy*/);
int check_pw_minage( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) ;
void add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e );
-void mod_allowchange_aci(char *val);
-void pw_mod_allowchange_aci(int pw_prohibit_change);
-void pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change);
/*
* pw_retry.c
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 93e9078..95ff13d 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1336,69 +1336,6 @@ slapi_add_pwd_control ( Slapi_PBlock *pb, char *arg, long time) {
}
void
-pw_mod_allowchange_aci(int pw_prohibit_change)
-{
- const Slapi_DN *base;
- char *values_mod[2];
- LDAPMod mod;
- LDAPMod *mods[2];
- Slapi_Backend *be;
- char *cookie = NULL;
-
- mods[0] = &mod;
- mods[1] = NULL;
- mod.mod_type = "aci";
- mod.mod_values = values_mod;
-
- if (pw_prohibit_change) {
- mod.mod_op = LDAP_MOD_ADD;
- }
- else
- {
- /* Allow change password by default */
- /* remove the aci if it is there. it is ok to fail */
- mod.mod_op = LDAP_MOD_DELETE;
- }
-
- be = slapi_get_first_backend (&cookie);
- /* Foreach backend... */
- while (be)
- {
- /* Don't add aci on a chaining backend holding remote entries */
- if((!be->be_private) && (!slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA)))
- {
- /* There's only One suffix per DB now. No need to loop */
- base = slapi_be_getsuffix(be, 0);
- if (base != NULL)
- {
- Slapi_PBlock pb;
- int rc;
-
- pblock_init (&pb);
- values_mod[0] = DENY_PW_CHANGE_ACI;
- values_mod[1] = NULL;
- slapi_modify_internal_set_pb_ext(&pb, base, mods, NULL, NULL,
- pw_get_componentID(), 0);
- slapi_modify_internal_pb(&pb);
- slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
- if (rc == LDAP_SUCCESS){
- /*
- ** Since we modified the acl
- ** successfully, let's update the
- ** in-memory acl list
- */
- slapi_pblock_set(&pb, SLAPI_TARGET_SDN, (void *)base);
- plugin_call_acl_mods_update (&pb, LDAP_REQ_MODIFY );
- }
- pblock_done(&pb);
- }
- }
- be = slapi_get_next_backend (cookie);
- }
- slapi_ch_free((void **) &cookie);
-}
-
-void
add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e )
{
struct berval bv;
@@ -1565,24 +1502,6 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char
return ( 0 );
}
-
-void
-pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change) {
- char *aci_pw = NULL;
- const char *aciattr = "aci";
-
- aci_pw = slapi_ch_strdup(DENY_PW_CHANGE_ACI);
-
- if (pw_prohibit_change) {
- /* Add ACI */
- slapi_entry_add_string(e, aciattr, aci_pw);
- } else {
- /* Remove ACI */
- slapi_entry_delete_string(e, aciattr, aci_pw);
- }
- slapi_ch_free((void **) &aci_pw);
-}
-
int
pw_is_pwp_admin(Slapi_PBlock *pb, passwdPolicy *pwp){
Slapi_DN *bind_sdn = NULL;
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index 5ebbc2b..a704dc4 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -271,13 +271,8 @@ skip:
void
pw_init ( void )
{
- slapdFrontendConfig_t *slapdFrontendConfig;
-
pw_set_componentID(generate_componentid(NULL, COMPONENT_PWPOLICY));
-
- slapdFrontendConfig = getFrontendConfig();
- pw_mod_allowchange_aci (!slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
+
#if defined(USE_OLD_UNHASHED)
slapi_add_internal_attr_syntax( PSEUDO_ATTR_UNHASHEDUSERPASSWORD,
PSEUDO_ATTR_UNHASHEDUSERPASSWORD_OID,
@@ -288,5 +283,3 @@ pw_init ( void )
SLAPI_ATTR_FLAG_NOEXPOSE);
#endif
}
-
-
7 years, 8 months
ldap/servers
by Mark Reynolds
ldap/servers/slapd/add.c | 15 -------
ldap/servers/slapd/libglobs.c | 14 ------
ldap/servers/slapd/proto-slap.h | 3 -
ldap/servers/slapd/pw.c | 81 ----------------------------------------
ldap/servers/slapd/pw_mgmt.c | 9 ----
5 files changed, 1 insertion(+), 121 deletions(-)
New commits:
commit 32881be120f14b952de67a0d533ad94ba0956093
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Aug 26 18:51:42 2016 -0400
Ticket 48972 - remove old pwp code that adds/removes ACIs
Bug Description: Old legacy code is still present in the DS that used
to enforce the password policy "user may change password"
using ACIs. This old code would re-add the ACI for
selfwrite on userpassword at server startup.
Fix Description: The current password policy does not depend on these access
access control rules to enforce if a user can change their
password or not.
https://fedorahosted.org/389/ticket/48972
Reviewed by: nhosoi(Thanks!)
diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c
index 629017e..708d3e7 100644
--- a/ldap/servers/slapd/add.c
+++ b/ldap/servers/slapd/add.c
@@ -643,21 +643,6 @@ static void op_shared_add (Slapi_PBlock *pb)
}
slapi_pblock_set(pb, SLAPI_BACKEND, be);
- /* we set local password policy ACI for non-replicated operations only */
- if (!repl_op &&
- !operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP) &&
- !operation_is_flag_set(operation, OP_FLAG_LEGACY_REPLICATION_DN) &&
- !slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA) &&
- !slapi_be_private(be) &&
- slapi_be_issuffix (be, slapi_entry_get_sdn_const(e)))
- {
- /* this is a suffix. update the pw aci */
- slapdFrontendConfig_t *slapdFrontendConfig;
- slapdFrontendConfig = getFrontendConfig();
- pw_add_allowchange_aci(e, !slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
- }
-
if (!repl_op)
{
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index a630c6c..faf521b 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -2601,13 +2601,6 @@ config_set_pw_change( const char *attrname, char *value, char *errorbuf, int app
errorbuf,
apply);
- if (retVal == LDAP_SUCCESS) {
- /* LP: Update ACI to reflect the value ! */
- if (apply)
- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
- }
-
return retVal;
}
@@ -2638,13 +2631,6 @@ config_set_pw_must_change( const char *attrname, char *value, char *errorbuf, in
errorbuf,
apply);
- if (retVal == LDAP_SUCCESS) {
- /* LP: Update ACI to reflect the value ! */
- if (apply)
- pw_mod_allowchange_aci(!slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
- }
-
return retVal;
}
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 1f37010..712642f 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -951,9 +951,6 @@ void get_old_pw( Slapi_PBlock *pb, const Slapi_DN *sdn, char **old_pw);
int check_account_lock( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, int pwresponse_req, int account_inactivation_only /*no wire/no pw policy*/);
int check_pw_minage( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) ;
void add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e );
-void mod_allowchange_aci(char *val);
-void pw_mod_allowchange_aci(int pw_prohibit_change);
-void pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change);
int add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e);
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 7469b9e..3f2cdb0 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -1337,69 +1337,6 @@ slapi_add_pwd_control ( Slapi_PBlock *pb, char *arg, long time) {
}
void
-pw_mod_allowchange_aci(int pw_prohibit_change)
-{
- const Slapi_DN *base;
- char *values_mod[2];
- LDAPMod mod;
- LDAPMod *mods[2];
- Slapi_Backend *be;
- char *cookie = NULL;
-
- mods[0] = &mod;
- mods[1] = NULL;
- mod.mod_type = "aci";
- mod.mod_values = values_mod;
-
- if (pw_prohibit_change) {
- mod.mod_op = LDAP_MOD_ADD;
- }
- else
- {
- /* Allow change password by default */
- /* remove the aci if it is there. it is ok to fail */
- mod.mod_op = LDAP_MOD_DELETE;
- }
-
- be = slapi_get_first_backend (&cookie);
- /* Foreach backend... */
- while (be)
- {
- /* Don't add aci on a chaining backend holding remote entries */
- if((!be->be_private) && (!slapi_be_is_flag_set(be,SLAPI_BE_FLAG_REMOTE_DATA)))
- {
- /* There's only One suffix per DB now. No need to loop */
- base = slapi_be_getsuffix(be, 0);
- if (base != NULL)
- {
- Slapi_PBlock pb;
- int rc;
-
- pblock_init (&pb);
- values_mod[0] = DENY_PW_CHANGE_ACI;
- values_mod[1] = NULL;
- slapi_modify_internal_set_pb_ext(&pb, base, mods, NULL, NULL,
- pw_get_componentID(), 0);
- slapi_modify_internal_pb(&pb);
- slapi_pblock_get(&pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
- if (rc == LDAP_SUCCESS){
- /*
- ** Since we modified the acl
- ** successfully, let's update the
- ** in-memory acl list
- */
- slapi_pblock_set(&pb, SLAPI_TARGET_SDN, (void *)base);
- plugin_call_acl_mods_update (&pb, LDAP_REQ_MODIFY );
- }
- pblock_done(&pb);
- }
- }
- be = slapi_get_next_backend (cookie);
- }
- slapi_ch_free((void **) &cookie);
-}
-
-void
add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e )
{
struct berval bv;
@@ -1583,24 +1520,6 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char
return ( 0 );
}
-
-void
-pw_add_allowchange_aci(Slapi_Entry *e, int pw_prohibit_change) {
- char *aci_pw = NULL;
- const char *aciattr = "aci";
-
- aci_pw = slapi_ch_strdup(DENY_PW_CHANGE_ACI);
-
- if (pw_prohibit_change) {
- /* Add ACI */
- slapi_entry_add_string(e, aciattr, aci_pw);
- } else {
- /* Remove ACI */
- slapi_entry_delete_string(e, aciattr, aci_pw);
- }
- slapi_ch_free((void **) &aci_pw);
-}
-
int
pw_is_pwp_admin(Slapi_PBlock *pb, passwdPolicy *pwp){
Slapi_DN *bind_sdn = NULL;
diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c
index 5470556..7252c08 100644
--- a/ldap/servers/slapd/pw_mgmt.c
+++ b/ldap/servers/slapd/pw_mgmt.c
@@ -256,13 +256,8 @@ skip:
void
pw_init ( void )
{
- slapdFrontendConfig_t *slapdFrontendConfig;
-
pw_set_componentID(generate_componentid(NULL, COMPONENT_PWPOLICY));
-
- slapdFrontendConfig = getFrontendConfig();
- pw_mod_allowchange_aci (!slapdFrontendConfig->pw_policy.pw_change &&
- !slapdFrontendConfig->pw_policy.pw_must_change);
+
#if defined(USE_OLD_UNHASHED)
slapi_add_internal_attr_syntax( PSEUDO_ATTR_UNHASHEDUSERPASSWORD,
PSEUDO_ATTR_UNHASHEDUSERPASSWORD_OID,
@@ -273,5 +268,3 @@ pw_init ( void )
SLAPI_ATTR_FLAG_NOEXPOSE);
#endif
}
-
-
7 years, 8 months
Changes to 'refs/tags/389-ds-console-1.2.13'
by Noriko Hosoi
Changes since the dawn of time:
Endi S. Dewata (3):
Bug 496863 - 'Construct' button creates incorrect referral urls
Resolves: bug 574098
Bug 563513 - New replication -> No changelong configured-msg
Mark Reynolds (13):
Ticket 370 - Opening merge qualifier CoS entry using RHDS console changes the entry
Bumped version to 1.2.7
Ticket 96 - Window too large for Manage password policy
Ticket 47883 - DS Console - java exception when refreshing
Ticket 176 - DS Console should timeout when mismatched port
Ticket 47886 - DS Console - mouse wheel speed very slow
Ticket 47485 - DS instance cannot be restored from remote console
Ticket 47887 - DS Console does not correctly disable SSL
Ticket 135 - DS console - right clicking an object does not select that object
Ticket 47994 - DS Console always sets nsSSL3 to "on" when a securty setting is adjusted
Ticket 48823 - ds-console - add IPv6 support
Ticket 47469 - Cannot enter time in Replication schedule in console
Ticket 48926 - Inactive "save" button in "Password policy" dialog
Nathan Kinder (28):
171941 - Adjusted the version number and branding. I had to modify the checkVersion method to deal with running in Console 1.0. I also cleaned up references to consolesdk in the Ant build files. They should be console instead since we dropped the consolesdk naming. The external and internal imports files were adjusted to pick up the new 1.0 Console component.
171941 - checkVersion was comparing versions with greater than when it should have been using greater than or equal to
177696 - Changed usage of enum keyword as a variable name for Java 1.5 compatibility
Bug(s) fixed: 181570
Resolves: 246513
Summary: Initial fedora-ds-console specfile.
Resolves: ?
Resolves: 250137
Resolves: 250145
Resolves: 204510
Resolves: 250636
Resolves: 252036
Add default ldapjdk path as well as a settable parameter
Fixed typo from last checkin
Use less restrictive version of Open Publication License for online help docs.
Resolves: 308221
Resolves: 333171
Resolves: 178247
Resolves: 379191
Bug 599732 - Root node in directory browser shows DN syntax error
Bug 229693 - Update naming attribute when objectclass is removed
Bug 474113 - Allow access log level to be configured from Console
Bug 504803 - Allow nsslapd-*-logmaxdiskspace to be set to -1 in UI
Bug 158262 - Windows Sync UI is inconistent
Bug 533505 - Warn about CA cert trust when enabling SSL in Console
Bug 616707 - Add attribute matching rule UI to Console
Bug 705753 - Refresh problem in Console directory browser
Bug 700908 - Validate matching rules when creating a new attribute
Noriko Hosoi (32):
Changed the ldapconsole package name to <brand>-ds-<version>.jar
Modified ant move syntax to support ant 1.6.2
[186105] Admin Server Makefile updates for Internal build
Resolves: #247215
Resolves: #248073
Resolves: #379191
Resolves: #386041
Resolves: #379191
Resolves: #379191
Resolves: #379191
Resolves: #379191
Resolves: #379191
Resolves: 178947
Bug 553066 - Directory Console: do not display "subtree" index type
Bug 151705 - Need to update Console Cipher Preferences with new ciphers
Bug 661116 - 389-console Configuration tab admin permissions
Bug 387981 - plain files can be chosen on the Restore Directory dialog
Bug 450016 - RFE- Console display values in KB/MB/GB
Bug 211296 - Clean up all HTML pages (Admin Express, Repl Monitor, etc)
Bug 757773 - SSL Port issue in Console
Ticket #47380 - RFE: Winsync loses connection with AD objects when they move from the console.
Bumped version to 1.2.8
Bumped version to 1.2.9
Bug 1022104 - Remove versioned jarfiles from _javadir
Bumped version to 1.2.10
Ticket #48130 - Add "+all" and "-TLS_RSA_WITH_AES_128_GCM_SHA256" to Console Cipher Preference for TLS
Bumped version to 1.2.11
Ticket #48139 - drop support for legacy replication
Bumped version to 1.2.12
Ticket #48417 - ds-console: lower password history minimum to 1
Ticket #48933 - drop support for legacy replication - need to clean code
Bumped version to 1.2.13
Rich Megginson (39):
Bug(s) fixed: 167761
allow the definition of the console location on the command line with different directory layouts than the default
Bug(s) fixed: 178478
The console now builds jar files in the format
bump version to 1.0.3
updated spec for Fedora DS 1.1 release
Resolves: bug 428357
Bump version to 1.1.2
this is for the 1.1.2 release
Resolves: bug 469261
Resolves: bug 469261
Resolves: bug 234948
Resolves: bug 452596
Resolves: bug 178947
Resolves: bug 177334
Resolves: bug 249120
Resolves: bug 238762
Resolves: bug 179193
Resolves: bug 179184
change version to 1.1.3
Resolves: bug 487831
Resolves: bug 481213
Resolves: bug 483660
Resolves: bug 483660
updated for 1.1.3
version must correspond to ds base version - 1.2.0
rename to 389
change mode of spec file to 644
added separate doc subpackage
update to version 1.2.1
Bug 586571 - DS Console shows escaped DNs
bump version to 1.2.2
Bug 586571 - DS Console shows escaped DNs
Bug 591989 - [console] mis-matched trademark and text
bump version to 1.2.4
bump version to 1.2.5
add skin support
move dsbanner.gif to the localized jar for l10n/skinning
dsbannerlite.gif is obsolete
foxworth (2):
Import initial source drop of Fedora DirectoryConsole
Import initial source drop of Fedora DirectoryConsole
7 years, 8 months
389-ds-console.spec build.properties fedora-ds-console.spec
by Noriko Hosoi
389-ds-console.spec | 2 +-
build.properties | 2 +-
fedora-ds-console.spec | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
New commits:
commit 8f5a6391dc6ae73a4b203254d51dbc95e4414826
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Aug 26 15:33:56 2016 -0700
Bumped version to 1.2.13
diff --git a/389-ds-console.spec b/389-ds-console.spec
index 38e36ac..f6a328b 100644
--- a/389-ds-console.spec
+++ b/389-ds-console.spec
@@ -1,5 +1,5 @@
%define major_version 1.2
-%define minor_version 12
+%define minor_version 13
%define shortname 389-ds
%define pkgname dirsrv
diff --git a/build.properties b/build.properties
index 0eebe75..32330d3 100755
--- a/build.properties
+++ b/build.properties
@@ -21,7 +21,7 @@
lang=en
ldapconsole.root=..
-ldapconsole.version=1.2.12
+ldapconsole.version=1.2.13
ldapconsole.gen.version=1.2
brand=389
ldapconsole.name=${brand}-ds-${ldapconsole.version}
diff --git a/fedora-ds-console.spec b/fedora-ds-console.spec
index 9e6e4c7..610130c 100755
--- a/fedora-ds-console.spec
+++ b/fedora-ds-console.spec
@@ -1,5 +1,5 @@
%define major_version 1.2
-%define minor_version 12
+%define minor_version 13
%define shortname fedora-ds
%define pkgname dirsrv
7 years, 8 months
ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5.h | 15 ++-
ldap/servers/plugins/replication/repl5_agmt.c | 26 ++---
ldap/servers/plugins/replication/repl5_inc_protocol.c | 70 ++++++++++------
ldap/servers/plugins/replication/repl5_protocol_util.c | 65 +++++++++++++-
ldap/servers/plugins/replication/repl5_replica_config.c | 4
ldap/servers/plugins/replication/repl5_total.c | 5 -
6 files changed, 132 insertions(+), 53 deletions(-)
New commits:
commit cdf4fb4ea6f26b4198d2d6b146ca51dcd51a31ef
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Fri Aug 26 15:04:02 2016 -0400
Ticket 48957 - set proper update status to replication
agreement in case of failure
Bug Description: If a replication agreement fails to send updates it always returns
a generic error message even though there are many ways it could be
failing.
Fix Description: Set a proper error message when we fail to update a replica. Also made
all the messages consistent in format, and added new response strings
for known errors.
Also fixed some minor compiler warnings.
https://fedorahosted.org/389/ticket/48957
Reviewed by: nhosoi(Thanks!)
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 6f6c81a..13a38fd 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -91,11 +91,16 @@
#define NSDS50_REPL_BELOW_PURGEPOINT 0x07 /* Supplier provided a CSN below the consumer's purge point */
#define NSDS50_REPL_INTERNAL_ERROR 0x08 /* Something bad happened on consumer */
#define NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED 0x09 /* Replica released successfully */
-#define NSDS50_REPL_LEGACY_CONSUMER 0x0A /* replica is a legacy consumer */
-#define NSDS50_REPL_REPLICAID_ERROR 0x0B /* replicaID doesn't seem to be unique */
-#define NSDS50_REPL_DISABLED 0x0C /* replica suffix is disabled */
-#define NSDS50_REPL_UPTODATE 0x0D /* replica is uptodate */
-#define NSDS50_REPL_BACKOFF 0x0E /* replica wants master to go into backoff mode */
+#define NSDS50_REPL_LEGACY_CONSUMER 0x0A /* replica is a legacy consumer */
+#define NSDS50_REPL_REPLICAID_ERROR 0x0B /* replicaID doesn't seem to be unique */
+#define NSDS50_REPL_DISABLED 0x0C /* replica suffix is disabled */
+#define NSDS50_REPL_UPTODATE 0x0D /* replica is uptodate */
+#define NSDS50_REPL_BACKOFF 0x0E /* replica wants master to go into backoff mode */
+#define NSDS50_REPL_CL_ERROR 0x0F /* Problem reading changelog */
+#define NSDS50_REPL_CONN_ERROR 0x10 /* Problem with replication connection*/
+#define NSDS50_REPL_CONN_TIMEOUT 0x11 /* Connection timeout */
+#define NSDS50_REPL_TRANSIENT_ERROR 0x12 /* Transient error */
+#define NSDS50_REPL_RUV_ERROR 0x13 /* Problem with the RUV */
#define NSDS50_REPL_REPLICA_NO_RESPONSE 0xff /* No response received */
/* Protocol status */
diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
index 76d26a1..52cc8b6 100644
--- a/ldap/servers/plugins/replication/repl5_agmt.c
+++ b/ldap/servers/plugins/replication/repl5_agmt.c
@@ -2460,9 +2460,9 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
replmsg = NULL;
}
}
- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d %s%sLDAP error: %s%s%s",
+ PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (%d) %s%s - LDAP error: %s%s%s%s",
ldaprc, message?message:"",message?"":" - ",
- slapi_err2string(ldaprc), replmsg ? " - " : "", replmsg ? replmsg : "");
+ slapi_err2string(ldaprc), replmsg ? " (" : "", replmsg ? replmsg : "", replmsg ? ")" : "");
}
/* ldaprc == LDAP_SUCCESS */
else if (replrc != 0)
@@ -2470,16 +2470,15 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
if (replrc == NSDS50_REPL_REPLICA_BUSY)
{
PR_snprintf(ra->last_update_status, STATUS_LEN,
- "%d Can't acquire busy replica", replrc );
+ "Error (%d) Can't acquire busy replica", replrc );
}
else if (replrc == NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED)
{
- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d %s",
- ldaprc, "Replication session successful");
+ PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (0) Replication session successful");
}
else if (replrc == NSDS50_REPL_DISABLED)
{
- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d Incremental update aborted: "
+ PR_snprintf(ra->last_update_status, STATUS_LEN, "Error (%d) Incremental update aborted: "
"Replication agreement for %s\n can not be updated while the replica is disabled.\n"
"(If the suffix is disabled you must enable it then restart the server for replication to take place).",
replrc, ra->long_name ? ra->long_name : "a replica");
@@ -2493,20 +2492,18 @@ agmt_set_last_update_status (Repl_Agmt *ra, int ldaprc, int replrc, const char *
else
{
PR_snprintf(ra->last_update_status, STATUS_LEN,
- "%d Replication error acquiring replica: %s%s%s",
- replrc, protocol_response2string(replrc),
- message?" - ":"",message?message:"");
+ "Error (%d) Replication error acquiring replica: %s%s(%s)",
+ replrc, message?message:"", message?" ":"", protocol_response2string(replrc));
}
}
else if (message != NULL) /* replrc == NSDS50_REPL_REPLICA_READY == 0 */
{
- PR_snprintf(ra->last_update_status, STATUS_LEN,
- "%d Replica acquired successfully: %s",
- ldaprc, message);
+ PR_snprintf(ra->last_update_status, STATUS_LEN,
+ "Error (0) Replica acquired successfully: %s", message);
}
else
{ /* agmt_set_last_update_status(0,0,NULL) to reset agmt */
- PR_snprintf(ra->last_update_status, STATUS_LEN, "%d", ldaprc);
+ ra->last_update_status[0] = '\0';
}
}
}
@@ -2737,7 +2734,8 @@ get_agmt_status(Slapi_PBlock *pb, Slapi_Entry* e, Slapi_Entry* entryAfter,
slapi_entry_add_string(e, "nsds5replicaChangesSentSinceStartup", changecount_string);
if (ra->last_update_status[0] == '\0')
{
- slapi_entry_add_string(e, "nsds5replicaLastUpdateStatus", "0 No replication sessions started since server startup");
+ slapi_entry_add_string(e, "nsds5replicaLastUpdateStatus",
+ "Error (0) No replication sessions started since server startup");
}
else
{
diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
index 27bac5d..d1de6c5 100644
--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
@@ -671,7 +671,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
int wait_change_timer_set = 0;
int current_state = STATE_START;
int next_state = STATE_START;
- int optype, ldaprc;
int done;
int e1;
@@ -838,14 +837,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
} else if (rc == ACQUIRE_FATAL_ERROR){
next_state = STATE_STOP_FATAL_ERROR;
}
-
- if (rc != ACQUIRE_SUCCESS){
- int optype, ldaprc;
- conn_get_error(prp->conn, &optype, &ldaprc);
- agmt_set_last_update_status(prp->agmt, ldaprc,
- prp->last_acquire_response_code, "Unable to acquire replica");
- }
-
object_release(prp->replica_object);
break;
@@ -934,10 +925,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
} else if (rc == ACQUIRE_FATAL_ERROR){
next_state = STATE_STOP_FATAL_ERROR;
}
- if (rc != ACQUIRE_SUCCESS){
- conn_get_error(prp->conn, &optype, &ldaprc);
- agmt_set_last_update_status(prp->agmt, ldaprc, prp->last_acquire_response_code, "Unable to acquire replica");
- }
/*
* We either need to step the backoff timer, or
* destroy it if we don't need it anymore
@@ -1037,7 +1024,8 @@ repl5_inc_run(Private_Repl_Protocol *prp)
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Replica has no update vector. It has never been initialized.\n",
agmt_get_long_name(prp->agmt));
- agmt_set_last_update_status(prp->agmt, 0, rc, "Replica is not initialized");
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR,
+ "Replica is not initialized");
next_state = STATE_BACKOFF_START;
break;
case EXAMINE_RUV_GENERATION_MISMATCH:
@@ -1045,8 +1033,9 @@ repl5_inc_run(Private_Repl_Protocol *prp)
"%s: The remote replica has a different database generation ID than "
"the local database. You may have to reinitialize the remote replica, "
"or the local replica.\n", agmt_get_long_name(prp->agmt));
- agmt_set_last_update_status(prp->agmt, 0, rc, "Replica has different database "
- "generation ID, remote replica may need to be initialized");
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR,
+ "Replica has different database generation ID, remote "
+ "replica may need to be initialized");
next_state = STATE_BACKOFF_START;
break;
case EXAMINE_RUV_REPLICA_TOO_OLD:
@@ -1054,7 +1043,8 @@ repl5_inc_run(Private_Repl_Protocol *prp)
"%s: Replica update vector is too out of date to bring "
"into sync using the incremental protocol. The replica "
"must be reinitialized.\n", agmt_get_long_name(prp->agmt));
- agmt_set_last_update_status(prp->agmt, 0, rc, "Replica needs to be reinitialized");
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_RUV_ERROR,
+ "Replica needs to be reinitialized");
next_state = STATE_BACKOFF_START;
break;
case EXAMINE_RUV_OK:
@@ -1069,11 +1059,15 @@ repl5_inc_run(Private_Repl_Protocol *prp)
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Incremental protocol: fatal error - too much time skew between replicas!\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_EXCESSIVE_CLOCK_SKEW,
+ "fatal error - too much time skew between replicas");
next_state = STATE_STOP_FATAL_ERROR;
} else if (rc != 0) /* internal error */ {
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Incremental protocol: fatal internal error updating the CSN generator!\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_INTERNAL_ERROR,
+ "fatal internal error updating the CSN generator");
next_state = STATE_STOP_FATAL_ERROR;
} else {
/*
@@ -1097,7 +1091,8 @@ repl5_inc_run(Private_Repl_Protocol *prp)
next_state = STATE_BACKOFF_START;
} else if (rc == UPDATE_TRANSIENT_ERROR){
dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TRANSIENT_ERROR -> STATE_BACKOFF_START");
- agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update transient error. Backing off, will retry update later.");
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_TRANSIENT_ERROR,
+ "Incremental update transient error. Backing off, will retry update later.");
next_state = STATE_BACKOFF_START;
} else if (rc == UPDATE_FATAL_ERROR){
dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_FATAL_ERROR -> STATE_STOP_FATAL_ERROR");
@@ -1114,11 +1109,13 @@ repl5_inc_run(Private_Repl_Protocol *prp)
conn_disconnect (prp->conn);
} else if (rc == UPDATE_CONNECTION_LOST){
dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_CONNECTION_LOST -> STATE_BACKOFF_START");
- agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update connection error. Backing off, will retry update later.");
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CONN_ERROR,
+ "Incremental update connection error. Backing off, will retry update later.");
next_state = STATE_BACKOFF_START;
} else if (rc == UPDATE_TIMEOUT){
dev_debug("repl5_inc_run(STATE_SENDING_UPDATES) -> send_updates = UPDATE_TIMEOUT -> STATE_BACKOFF_START");
- agmt_set_last_update_status(prp->agmt, 0, rc, "Incremental update timeout error. Backing off, will retry update later.");
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CONN_TIMEOUT,
+ "Incremental update timeout error. Backing off, will retry update later.");
next_state = STATE_BACKOFF_START;
}
/* Set the updates times based off the result of send_updates() */
@@ -1173,8 +1170,6 @@ repl5_inc_run(Private_Repl_Protocol *prp)
/*
* We encountered some sort of a fatal error. Suspend.
*/
- /* XXXggood update state in replica */
- agmt_set_last_update_status(prp->agmt, -1, 0, "Incremental update has failed and requires administrator action");
dev_debug("repl5_inc_run(STATE_STOP_FATAL_ERROR)");
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Incremental update failed and requires administrator action\n",
@@ -1630,30 +1625,40 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Invalid parameter passed to cl5CreateReplayIterator\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Invalid parameter passed to cl5CreateReplayIterator");
return_value = UPDATE_FATAL_ERROR;
break;
case CL5_BAD_FORMAT: /* db data has unexpected format */
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Unexpected format encountered in changelog database\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Unexpected format encountered in changelog database");
return_value = UPDATE_FATAL_ERROR;
break;
case CL5_BAD_STATE: /* changelog is in an incorrect state for attempted operation */
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Changelog database was in an incorrect state\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Changelog database was in an incorrect state");
return_value = UPDATE_FATAL_ERROR;
break;
case CL5_BAD_DBVERSION: /* changelog has invalid dbversion */
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Incorrect dbversion found in changelog database\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Incorrect dbversion found in changelog database");
return_value = UPDATE_FATAL_ERROR;
break;
case CL5_DB_ERROR: /* database error */
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: A changelog database error was encountered\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Changelog database error was encountered");
return_value = UPDATE_FATAL_ERROR;
break;
case CL5_NOTFOUND: /* we have no changes to send */
@@ -1666,6 +1671,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Memory allocation error occurred\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "changelog memory allocation error occurred");
return_value = UPDATE_FATAL_ERROR;
break;
case CL5_SYSTEM_ERROR: /* NSPR error occurred: use PR_GetError for further info */
@@ -1694,15 +1701,20 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
break;
case CL5_PURGED_DATA: /* requested data has been purged */
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Data required to update replica has been purged. "
+ "%s: Data required to update replica has been purged from the changelog. "
"The replica must be reinitialized.\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Data required to update replica has been purged from the changelog. "
+ "The replica must be reinitialized.");
return_value = UPDATE_FATAL_ERROR;
break;
case CL5_MISSING_DATA: /* data should be in the changelog, but is missing */
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Missing data encountered\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Changelog data is missing");
return_value = UPDATE_FATAL_ERROR;
break;
case CL5_UNKNOWN_ERROR: /* unclassified error */
@@ -1738,8 +1750,9 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
rc = repl5_inc_create_async_result_thread(rd);
if (rc) {
slapi_log_error (SLAPI_LOG_FATAL, repl_plugin_name, "%s: repl5_inc_run: "
- "repl5_tot_create_async_result_thread failed; error - %d\n",
+ "repl5_inc_create_async_result_thread failed; error - %d\n",
agmt_get_long_name(prp->agmt), rc);
+ agmt_set_last_update_status(prp->agmt, 0, rc, "Failed to create result thread");
return_value = UPDATE_FATAL_ERROR;
}
}
@@ -1898,6 +1911,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: Invalid parameter passed to cl5GetNextOperationToReplay\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Invalid parameter passed to cl5GetNextOperationToReplay");
return_value = UPDATE_FATAL_ERROR;
finished = 1;
break;
@@ -1912,6 +1927,8 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"%s: A database error occurred (cl5GetNextOperationToReplay)\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Database error occurred while getting the next operation to replay");
return_value = UPDATE_FATAL_ERROR;
finished = 1;
break;
@@ -1922,8 +1939,10 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
break;
case CL5_MEMORY_ERROR:
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: A memory allocation error occurred (cl5GetNextOperationToRepla)\n",
+ "%s: A memory allocation error occurred (cl5GetNextOperationToReplay)\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_CL_ERROR,
+ "Memory allocation error occurred (cl5GetNextOperationToReplay)");
return_value = UPDATE_FATAL_ERROR;
break;
case CL5_IGNORE_OP:
@@ -1985,6 +2004,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
if (!replarea_sdn) {
slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"send_updates: Unknown replication area due to agreement not found.");
+ agmt_set_last_update_status(prp->agmt, 0, -1, "Agreement is corrupted: missing suffix");
return_value = UPDATE_FATAL_ERROR;
} else {
replica_subentry_update(replarea_sdn, rid);
diff --git a/ldap/servers/plugins/replication/repl5_protocol_util.c b/ldap/servers/plugins/replication/repl5_protocol_util.c
index ce27a8a..ce6281a 100644
--- a/ldap/servers/plugins/replication/repl5_protocol_util.c
+++ b/ldap/servers/plugins/replication/repl5_protocol_util.c
@@ -140,10 +140,18 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
crc = conn_connect(conn);
if (CONN_OPERATION_FAILED == crc)
{
+ int operation, error;
+ conn_get_error(conn, &operation, &error);
+ agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR,
+ "Problem connecting to replica");
return_value = ACQUIRE_TRANSIENT_ERROR;
}
else if (CONN_SSL_NOT_ENABLED == crc)
{
+ int operation, error;
+ conn_get_error(conn, &operation, &error);
+ agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR,
+ "Problem connecting to replica (SSL not enabled)");
return_value = ACQUIRE_FATAL_ERROR;
}
else
@@ -295,6 +303,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"an internal error occurred on the remote replica. "
"Replication is aborting.\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, extop_result,
+ "Failed to acquire replica: "
+ "Internal error occurred on the remote replica");
return_value = ACQUIRE_FATAL_ERROR;
break;
case NSDS50_REPL_PERMISSION_DENIED:
@@ -307,6 +318,11 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"supply replication updates to the replica. "
"Will retry later.\n",
agmt_get_long_name(prp->agmt), repl_binddn);
+ agmt_set_last_update_status(prp->agmt, 0, extop_result,
+ "Unable to acquire replica: permission denied. "
+ "The bind dn does not have permission to "
+ "supply replication updates to the replica. "
+ "Will retry later.");
slapi_ch_free((void **)&repl_binddn);
return_value = ACQUIRE_TRANSIENT_ERROR;
break;
@@ -321,6 +337,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"Replication is aborting.\n",
agmt_get_long_name(prp->agmt),
slapi_sdn_get_dn(repl_root));
+ agmt_set_last_update_status(prp->agmt, 0, extop_result,
+ "Unable to acquire replica: there is no "
+ "replicated area on the consumer server. "
+ "Replication is aborting.");
slapi_sdn_free(&repl_root);
return_value = ACQUIRE_FATAL_ERROR;
break;
@@ -342,6 +362,11 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"startReplicationRequest extended operation sent by the "
"supplier. Replication is aborting.\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, extop_result,
+ "Unable to acquire replica: "
+ "the consumer was unable to decode the "
+ "startReplicationRequest extended operation sent "
+ "by the supplier. Replication is aborting.");
return_value = ACQUIRE_FATAL_ERROR;
break;
case NSDS50_REPL_REPLICA_BUSY:
@@ -365,6 +390,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"by another supplier. Will try later\n",
agmt_get_long_name(prp->agmt));
}
+ agmt_set_last_update_status(prp->agmt, 0, extop_result,
+ "Unable to acquire replica: "
+ "the replica is currently being updated by another "
+ "supplier.");
return_value = ACQUIRE_REPLICA_BUSY;
break;
case NSDS50_REPL_LEGACY_CONSUMER:
@@ -373,6 +402,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"%s: Unable to acquire replica: the replica "
"is supplied by a legacy supplier. "
"Replication is aborting.\n", agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, extop_result,
+ "Unable to acquire replica: the replica is supplied "
+ "by a legacy supplier. Replication is aborting.");
return_value = ACQUIRE_FATAL_ERROR;
break;
case NSDS50_REPL_REPLICAID_ERROR:
@@ -382,6 +414,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"has the same Replica ID as this one. "
"Replication is aborting.\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, 0,
+ "Unable to aquire replica: the replica has the same "
+ "Replica ID as this one. Replication is aborting.");
return_value = ACQUIRE_FATAL_ERROR;
break;
case NSDS50_REPL_BACKOFF:
@@ -392,6 +427,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"the replica instructed us to go into "
"backoff mode. Will retry later.\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, extop_result,
+ "Unable to acquire replica: the replica instructed "
+ "us to go into backoff mode. Will retry later.");
return_value = ACQUIRE_TRANSIENT_ERROR;
break;
case NSDS50_REPL_REPLICA_READY:
@@ -450,6 +488,8 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
return_value = ACQUIRE_SUCCESS;
break;
default:
+ agmt_set_last_update_status(prp->agmt, 0, extop_result,
+ "Unable to acquire replica");
return_value = ACQUIRE_FATAL_ERROR;
}
}
@@ -461,6 +501,10 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"startReplication extended operation. "
"Replication is aborting.\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, NSDS50_REPL_DECODING_ERROR,
+ "Unable to parse the response to the "
+ "startReplication extended operation. "
+ "Replication is aborting.");
prp->last_acquire_response_code = NSDS50_REPL_INTERNAL_ERROR;
return_value = ACQUIRE_FATAL_ERROR;
}
@@ -477,6 +521,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"extended operation to consumer (%s). Will retry later.\n",
agmt_get_long_name(prp->agmt),
error ? ldap_err2string(error) : "unknown error");
+ agmt_set_last_update_status(prp->agmt, error, NSDS50_REPL_CONN_ERROR,
+ "Unable to receive the response for a startReplication "
+ "extended operation to consumer. Will retry later.");
}
}
else
@@ -486,6 +533,9 @@ acquire_replica(Private_Repl_Protocol *prp, char *prot_oid, RUV **ruv)
"%s: Unable to obtain current CSN. "
"Replication is aborting.\n",
agmt_get_long_name(prp->agmt));
+ agmt_set_last_update_status(prp->agmt, 0, 0,
+ "Unable to obtain current CSN. "
+ "Replication is aborting.");
return_value = ACQUIRE_FATAL_ERROR;
}
}
@@ -535,8 +585,8 @@ release_replica(Private_Repl_Protocol *prp)
PR_ASSERT(NULL != prp);
PR_ASSERT(NULL != prp->conn);
- if (!prp->replica_acquired)
- return;
+ if (!prp->replica_acquired)
+ return;
replarea_sdn = agmt_get_replarea(prp->agmt);
payload = NSDS50EndReplicationRequest_new((char *)slapi_sdn_get_dn(replarea_sdn)); /* XXXggood had to cast away const */
@@ -650,9 +700,14 @@ protocol_response2string (int response)
case NSDS50_REPL_BELOW_PURGEPOINT: return "csn below purge point";
case NSDS50_REPL_INTERNAL_ERROR: return "internal error";
case NSDS50_REPL_REPLICA_RELEASE_SUCCEEDED: return "replica released";
- case NSDS50_REPL_LEGACY_CONSUMER: return "replica is a legacy consumer";
- case NSDS50_REPL_REPLICAID_ERROR: return "duplicate replica ID detected";
- case NSDS50_REPL_UPTODATE: return "no change to send";
+ case NSDS50_REPL_LEGACY_CONSUMER: return "replica is a legacy consumer";
+ case NSDS50_REPL_REPLICAID_ERROR: return "duplicate replica ID detected";
+ case NSDS50_REPL_UPTODATE: return "no change to send";
+ case NSDS50_REPL_CL_ERROR: return "changelog error";
+ case NSDS50_REPL_CONN_ERROR: return "connection error";
+ case NSDS50_REPL_CONN_TIMEOUT: return "connection timeout";
+ case NSDS50_REPL_TRANSIENT_ERROR: return "transient error";
+ case NSDS50_REPL_RUV_ERROR: return "RUV error";
default: return "unknown error";
}
}
diff --git a/ldap/servers/plugins/replication/repl5_replica_config.c b/ldap/servers/plugins/replication/repl5_replica_config.c
index 011e4ca..59e5298 100644
--- a/ldap/servers/plugins/replication/repl5_replica_config.c
+++ b/ldap/servers/plugins/replication/repl5_replica_config.c
@@ -639,8 +639,8 @@ replica_config_modify (Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry*
}
done:
- if (mtnode_ext->replica)
- object_release (mtnode_ext->replica);
+ if (mtnode_ext->replica)
+ object_release (mtnode_ext->replica);
/* slapi_ch_free accepts NULL pointer */
slapi_ch_free_string(&replica_root);
diff --git a/ldap/servers/plugins/replication/repl5_total.c b/ldap/servers/plugins/replication/repl5_total.c
index 0512dfa..dcb7af5 100644
--- a/ldap/servers/plugins/replication/repl5_total.c
+++ b/ldap/servers/plugins/replication/repl5_total.c
@@ -533,8 +533,9 @@ my_ber_scanf_value(BerElement *ber, Slapi_Value **value, PRBool *deleted)
goto loser;
}
- if (attrval)
- ber_bvfree(attrval);
+ if (attrval)
+ ber_bvfree(attrval);
+
return 0;
loser:
7 years, 8 months
Changes to 'refs/tags/389-admin-console-1.1.12'
by Noriko Hosoi
Changes since the dawn of time:
Endi S. Dewata (1):
Bug 368481 - Unable to change Admin Server log paths in Console
Ludwig (1):
Ticket 47477 - Cannot restart SSL-admin server from console
Mark Reynolds (2):
Ticket 48809 - Admin conosle displays the wrong log names
Ticket 48823 - admin-console - Add IPv6 support
Nathan Kinder (10):
Resolves: 247525
Resolves: 250699
Resolves: 251427
Related: 251427
Added ldapjdk default path as well as settable path.
Use less restrictive version of Open Publication License for online help docs.
Resolves: 379211
Bug 668950 - Add posix group support to Console
Ticket 362 - Directory Console generates insufficient key strength
Ticket 47467 - Improve online help for Add CRL dialog
Noriko Hosoi (14):
[191832] Admin Server password always remembers initial password on (part 2)
Resolves: #379191
Resolves: #159011
Resolves: #416311
Resolves: #400341
Bug 151705 - Need to update Console Cipher Preferences with new ciphers
Bug 211296 - Clean up all HTML pages (Admin Express, Repl Monitor, etc)
Bug 476925 - Admin Server: Do not allow 8-bit passwords for
bump version to 1.1.9
Bug 1022104 - Remove versioned jarfiles from _javadir
bump version to 1.1.10
Bug 1234441 - Security info from Help should be removed
bump version to 1.1.11
bump version to 1.1.12
Rich Megginson (26):
Initial import of admin server console into its own module
use admserv instead of as for jar file names
remove improperly added binary files
correctly add binary files
bump version to 1.0.3
fix symlinks
Resolves: bug 400361
updated spec for Fedora DS 1.1 release
Resolves: bug 428364
Bug 428364
bump version to 1.1.2 - disable sslv2 in the ui
this is the 1.1.2 release
Resolves: bug 452596
Resolves: bug 429514
Resolves: bug 166230
change version to 1.1.3
for the 1.1.3 release
Rename to 389
these files should be mode 644
change version to 1.1.4 - add doc subpackage - relicense under plain gplv2
bump version to 1.1.5
bump version to 1.1.6
bump version to 1.1.7
admin-version is unused
Bug 723126 - Configure Admin Server -> Connection Restriction --> Add Screen is flicking consistently.
bump version to 1.1.8
7 years, 8 months
build.properties
by Noriko Hosoi
build.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit ee8aab54c6581d8e47e3c7d7494a7f2e5fb2f9a6
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri Aug 26 08:53:09 2016 -0700
bump version to 1.1.12
diff --git a/build.properties b/build.properties
index 6f9718c..6a4a693 100644
--- a/build.properties
+++ b/build.properties
@@ -21,7 +21,7 @@
lang=en
admservconsole.root=..
-admservconsole.version=1.1.11
+admservconsole.version=1.1.12
admservconsole.gen.version=1.1
brand=389
admservconsole.name=${brand}-admin-${admservconsole.version}
7 years, 8 months