VERSION.sh | 2 ldap/servers/plugins/replication/windows_connection.c | 2 ldap/servers/plugins/replication/windows_inc_protocol.c | 6 ldap/servers/plugins/replication/windows_protocol_util.c | 4 ldap/servers/plugins/replication/windows_tot_protocol.c | 10 - ldap/servers/slapd/back-ldbm/back-ldbm.h | 3 ldap/servers/slapd/back-ldbm/id2entry.c | 126 ++++++++++----- ldap/servers/slapd/back-ldbm/ldbm_add.c | 17 -- ldap/servers/slapd/back-ldbm/ldbm_search.c | 10 - ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 2 ldap/servers/slapd/modify.c | 15 + ldap/servers/slapd/opshared.c | 36 ++-- 12 files changed, 148 insertions(+), 85 deletions(-)
New commits: commit 53f788bbae3f6c0a27466764c50b1858a69d1220 Author: Noriko Hosoi nhosoi@redhat.com Date: Fri Sep 24 11:42:31 2010 -0700
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description: This commit made for the bug 635987 introduced a bug to replication. commit 8ac525e5ac997378f4f2a386e9b96568c8d66db5 Author: Noriko Hosoi nhosoi@redhat.com Date: Tue Sep 21 15:12:07 2010 -0700
subtree_candidates (ldbm_search.c) If you do have a tombstone filter, descendants will be NULL, and idl_intersection of candidates and descendents will wipe out all of the candidates, leaving just the one entry, e->ep_id.
Changed to call idl_intersection only when the filter is not for tombstone or entryrdn_get_noancestorid (false, by default). (cherry picked from commit a7de5f2a4323d224c63f722172eee8b63752fb45)
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c index 478d18b..1b7c2e9 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_search.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c @@ -945,13 +945,17 @@ subtree_candidates( *err = entryrdn_get_subordinates(be, slapi_entry_get_sdn_const(e->ep_entry), e->ep_id, &descendants, NULL); + idl_insert(&descendants, e->ep_id); + candidates = idl_intersection(be, candidates, descendants); + idl_free(tmp); + idl_free(descendants); } else if (!has_tombstone_filter) { *err = ldbm_ancestorid_read(be, NULL, e->ep_id, &descendants); - } - idl_insert(&descendants, e->ep_id); - candidates = idl_intersection(be, candidates, descendants); - idl_free(tmp); - idl_free(descendants); + idl_insert(&descendants, e->ep_id); + candidates = idl_intersection(be, candidates, descendants); + idl_free(tmp); + idl_free(descendants); + } /* else == has_tombstone_filter: do nothing */ }
return( candidates );
commit 343bb5840e0367524cd39fc4ab99bf22d63dc89f Author: Noriko Hosoi nhosoi@redhat.com Date: Tue Sep 21 15:12:07 2010 -0700
Bug 635987 - Incorrect sub scope search result with ACL containing ldap:///self
https://bugzilla.redhat.com/show_bug.cgi?id=635987
Description: When a basedn has no descendants, the code to take an intersection of idl (which was returned from the filter search -- filter_candidates) and the basedn was skipped in subtree_candidates (ldbm_search.c). Regardless of descendants, the intersection should be taken for the idl and a tree starting with the basedn. Note: This bug was introduced with entryrdn. (cherry picked from commit 8ac525e5ac997378f4f2a386e9b96568c8d66db5)
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c index 0010a58..478d18b 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_search.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c @@ -948,12 +948,10 @@ subtree_candidates( } else if (!has_tombstone_filter) { *err = ldbm_ancestorid_read(be, NULL, e->ep_id, &descendants); } - if (descendants) { - idl_insert(&descendants, e->ep_id); - candidates = idl_intersection(be, candidates, descendants); - idl_free(tmp); - idl_free(descendants); - } + idl_insert(&descendants, e->ep_id); + candidates = idl_intersection(be, candidates, descendants); + idl_free(tmp); + idl_free(descendants); }
return( candidates );
commit 2ad2d36ca4cf9de5b79382ac3a906a254ddb20c2 Author: Nathan Kinder nkinder@redhat.com Date: Wed Sep 1 10:13:13 2010 -0700
Bug 612264 - ACI issue with (targetattr='userPassword')
If an ACI has a targetattr of userPassword and uses the USERDN keyword, the ACI may not be evaluated correctly for password change operations. This is caused by the fact that we use a dummy target entry to check if the pasword change is allowed early in the operation. This dummy entry will not have any attributes that the ACI may use.
The fix is to actually fetch the target entry with all of it's attributes. We still create a dummy entry if the target doesn't exist to prevent returning a no such entry error when we should be returning an access denied or insufficient access error. (cherry picked from commit 0b9b5e89b5c79d3253e152e1153719a2a5ef8e09)
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index ead066d..444ebb5 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -965,11 +965,16 @@ static int op_shared_allow_pw_change (Slapi_PBlock *pb, LDAPMod *mod, char **old mods[0] = mod; mods[1] = NULL;
- /* Create a bogus entry with just the target dn. This will - * only be used for checking the ACIs. */ - e = slapi_entry_alloc(); - slapi_entry_init( e, NULL, NULL ); - slapi_sdn_set_dn_byref(slapi_entry_get_sdn(e), dn); + /* We need to actually fetch the target here to use for ACI checking. */ + slapi_search_internal_get_entry(&sdn, NULL, &e, (void *)plugin_get_default_component_id()); + + /* Create a bogus entry with just the target dn if we were unable to + * find the actual entry. This will only be used for checking the ACIs. */ + if (e == NULL) { + e = slapi_entry_alloc(); + slapi_entry_init( e, NULL, NULL ); + slapi_sdn_set_dn_byref(slapi_entry_get_sdn(e), dn); + }
/* Set the backend in the pblock. The slapi_access_allowed function * needs this set to work properly. */
commit 0db11169171d97cdea7a875b03146f5d15d2b101 Author: Noriko Hosoi nhosoi@redhat.com Date: Wed Sep 22 16:28:59 2010 -0700
Bug 606920 - anonymous resource limit- nstimelimit - also applied to "cn=directory manager"
https://bugzilla.redhat.com/show_bug.cgi?id=606920
Description: Client side sizelimit / timelimit request should be honoured by the Directory Manager, too. Changing the time/ sizelimit evaluation so that if client side request exists, the value is set even if the bind user is the directory manager. (cherry picked from commit f980ff61da122b39d33bf83bc20f2b7a81b6be24)
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c index d06dd2d..29bb3ce 100644 --- a/ldap/servers/slapd/opshared.c +++ b/ldap/servers/slapd/opshared.c @@ -1370,12 +1370,18 @@ compute_limits (Slapi_PBlock *pb) } }
- if ( isroot ) { - timelimit = max_timelimit = -1; /* no limit */ - } else if ( requested_timelimit == 0 ) { - timelimit = ( max_timelimit == -1 ) ? -1 : max_timelimit; - } else if ( max_timelimit == -1 || requested_timelimit < max_timelimit ) { - timelimit = requested_timelimit; + if ( requested_timelimit ) { + /* requested limit should be applied to all (including root) */ + if ( isroot ) { + timelimit = requested_timelimit; + } else if ( (max_timelimit == -1) || + (requested_timelimit < max_timelimit) ) { + timelimit = requested_timelimit; + } else { + timelimit = max_timelimit; + } + } else if ( isroot ) { + timelimit = -1; /* no limit */ } else { timelimit = max_timelimit; } @@ -1401,12 +1407,18 @@ compute_limits (Slapi_PBlock *pb) } }
- if ( isroot ) { - sizelimit = max_sizelimit = -1; - } else if ( requested_sizelimit == 0 ) { - sizelimit = ( max_sizelimit == -1 ) ? -1 : max_sizelimit; - } else if ( max_sizelimit == -1 || requested_sizelimit < max_sizelimit ) { - sizelimit = requested_sizelimit; + if ( requested_sizelimit ) { + /* requested limit should be applied to all (including root) */ + if ( isroot ) { + sizelimit = requested_sizelimit; + } else if ( (max_sizelimit == -1) || + (requested_sizelimit < max_sizelimit) ) { + sizelimit = requested_sizelimit; + } else { + sizelimit = max_sizelimit; + } + } else if ( isroot ) { + sizelimit = -1; /* no limit */ } else { sizelimit = max_sizelimit; }
commit d623b5e729d8dfda5cb6de0589b89c6bedb6183b Author: Noriko Hosoi nhosoi@redhat.com Date: Tue Sep 14 13:46:42 2010 -0700
Bug 631862 - crash - delete entries not in cache + referint
https://bugzilla.redhat.com/show_bug.cgi?id=631862 Resolves: bug 631862 Bug Description: crash - delete entries not in cache + referint Reviewed by: rmeggins and nhosoi Branch: 389-ds-base-1.2.6 Fix Description: When deleting an entry, the referential integrity (referint) plugin does an internal search to find references to this entry (e.g. in group entries) and removes them. The search code wants to ensure that the entrydn attribute is present in the entry when using entryrdn (subtree rename). The search code sets a flag to tell the id2entry code to add the entrydn attribute if it is not present. However, it was doing this to an entry in the cache, which may be in use by another thread. The solution is to add the entrydn attribute before adding the entry to the cache. In the id2entry code, this is after the entry has been read from the id2entry db successfully, but before the entry is added to the cache. In the LDAP ADD code, this is done when the other computed operational attributes are added to the new entry. In addition to the above fix by rmeggins@redhat.com, following changes are made: 1) entrydn attribute is always added to the entry in memory before putting it in the entry cache, and the attribute is removed before writing the entry to the database. 2) eliminating id2entry_ext, which was introduced to pass flags, but it is no longer needed since only a flag ID2ENTRY_ADD_ENTRYDN was removed. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h index f0e290e..200e950 100644 --- a/ldap/servers/slapd/back-ldbm/back-ldbm.h +++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h @@ -828,9 +828,6 @@ typedef struct _back_search_result_set /* whether we call fat lock or not [608146] */ #define SERIALLOCK(li) (li->li_fat_lock)
-/* id2entry_ext flags */ -#define ID2ENTRY_ADD_ENTRYDN 0x1 - /* * 0: SUCCESS * libdb returns negative error codes diff --git a/ldap/servers/slapd/back-ldbm/id2entry.c b/ldap/servers/slapd/back-ldbm/id2entry.c index 31d3b72..9306813 100644 --- a/ldap/servers/slapd/back-ldbm/id2entry.c +++ b/ldap/servers/slapd/back-ldbm/id2entry.c @@ -60,6 +60,7 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt int len, rc; char temp_id[sizeof(ID)]; struct backentry *encrypted_entry = NULL; + char *entrydn = NULL;
LDAPDebug( LDAP_DEBUG_TRACE, "=> id2entry_add( %lu, "%s" )\n", (u_long)e->ep_id, backentry_get_ndn(e), 0 ); @@ -92,6 +93,7 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt memset(&data, 0, sizeof(data)); if (entryrdn_get_switch()) { + Slapi_Attr *eattr = NULL; struct backdn *oldbdn = NULL; Slapi_DN *sdn = slapi_sdn_dup(slapi_entry_get_sdn_const(e->ep_entry)); @@ -100,7 +102,14 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt
/* If the ID already exists in the DN cache, replace it. */ if (CACHE_ADD( &inst->inst_dncache, bdn, &oldbdn ) == 1) { - cache_replace( &inst->inst_dncache, oldbdn, bdn ); + if (slapi_sdn_compare(sdn, oldbdn->dn_sdn)) { + if (cache_replace( &inst->inst_dncache, oldbdn, bdn ) != 0) { + /* The entry was not in the cache for some reason (this + * should not happen since CACHE_ADD said it existed above). */ + LDAPDebug( LDAP_DEBUG_ANY, "id2entry_add_ext(): Entry disappeared " + "from cache (%s)\n", oldbdn->dn_sdn, 0, 0 ); + } + } CACHE_RETURN(&inst->inst_dncache, &oldbdn); /* to free oldbdn */ }
@@ -108,6 +117,13 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt LDAPDebug( LDAP_DEBUG_TRACE, "=> id2entry_add (dncache) ( %lu, "%s" )\n", (u_long)e->ep_id, slapi_entry_get_dn_const(e->ep_entry), 0 ); + /* If entrydn exists in the entry, we have to remove it before + * writing the entry to the database. */ + if (0 == slapi_entry_attr_find(e->ep_entry, + LDBM_ENTRYDN_STR, &eattr)) { + /* entrydn exists in the entry. let's removed it. */ + slapi_entry_delete_values(e->ep_entry, LDBM_ENTRYDN_STR, NULL); + } } data.dptr = slapi_entry2str_with_options(entry_to_use, &len, options); data.dsize = len + 1; @@ -133,10 +149,54 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt
if (0 == rc) { - /* DBDB the fact that we don't check the return code here is - * indicitive that there may be a latent race condition lurking - * ---what happens if the entry is already in the cache by this point? - */ + if (entryrdn_get_switch()) { + struct backentry *parententry = NULL; + ID parentid = slapi_entry_attr_get_ulong(e->ep_entry, "parentid"); + const char *myrdn = slapi_entry_get_rdn_const(e->ep_entry); + const char *parentdn = NULL; + char *myparentdn = NULL; + Slapi_Attr *eattr = NULL; + /* If the parent is in the cache, check the parent's DN and + * adjust to it if they don't match. (bz628300) */ + if (parentid && myrdn) { + parententry = cache_find_id(&inst->inst_cache, parentid); + if (parententry) { + parentdn = slapi_entry_get_dn_const(parententry->ep_entry); + if (parentdn) { + myparentdn = + slapi_dn_parent(slapi_entry_get_dn_const(e->ep_entry)); + if (myparentdn && PL_strcmp(parentdn, myparentdn)) { + Slapi_DN *sdn = slapi_entry_get_sdn(e->ep_entry); + char *newdn = NULL; + slapi_sdn_done(sdn); + newdn = slapi_ch_smprintf("%s,%s", myrdn, parentdn); + slapi_sdn_init_dn_passin(sdn, newdn); + slapi_sdn_get_ndn(sdn); /* to set ndn */ + } + slapi_ch_free_string(&myparentdn); + } + CACHE_RETURN(&inst->inst_cache, &parententry); + } + } + /* + * Adding entrydn attribute value to the entry, + * which should be done before adding the entry to the entry cache. + * Note: since we removed entrydn from the entry before writing + * it to the database, it is guaranteed not in the entry. + */ + /* slapi_ch_strdup and slapi_dn_ignore_case never returns NULL */ + entrydn = slapi_ch_strdup(slapi_entry_get_dn_const(e->ep_entry)); + entrydn = slapi_dn_ignore_case(entrydn); + slapi_entry_attr_set_charptr (e->ep_entry, + LDBM_ENTRYDN_STR, entrydn); + if (0 == slapi_entry_attr_find(e->ep_entry, + LDBM_ENTRYDN_STR, &eattr)) { + /* now entrydn should exist in the entry */ + /* Set it to operational attribute */ + eattr->a_flags = SLAPI_ATTR_FLAG_OPATTR; + } + slapi_ch_free_string(&entrydn); + } /* * For ldbm_back_add and ldbm_back_modify, this entry had been already * reserved as a tentative entry. So, it should be safe. @@ -208,7 +268,7 @@ id2entry_delete( backend *be, struct backentry *e, back_txn *txn ) }
struct backentry * -id2entry_ext( backend *be, ID id, back_txn *txn, int *err, int flags ) +id2entry( backend *be, ID id, back_txn *txn, int *err ) { ldbm_instance *inst = (ldbm_instance *) be->be_instance_info; DB *db = NULL; @@ -350,6 +410,30 @@ id2entry_ext( backend *be, ID id, back_txn *txn, int *err, int flags ) "attrcrypt_decrypt_entry failed in id2entry\n"); }
+ /* + * If return entry exists AND entryrdn switch is on, + * add the entrydn value. + */ + if (entryrdn_get_switch()) { + Slapi_Attr *eattr = NULL; + /* Check if entrydn is in the entry or not */ + if (slapi_entry_attr_find(e->ep_entry, LDBM_ENTRYDN_STR, &eattr)) { + /* entrydn does not exist in the entry */ + char *entrydn = NULL; + /* slapi_ch_strdup and slapi_dn_ignore_case never returns NULL */ + entrydn = slapi_ch_strdup(slapi_entry_get_dn_const(e->ep_entry)); + entrydn = slapi_dn_ignore_case(entrydn); + slapi_entry_attr_set_charptr (e->ep_entry, + LDBM_ENTRYDN_STR, entrydn); + if (0 == slapi_entry_attr_find(e->ep_entry, + LDBM_ENTRYDN_STR, &eattr)) { + /* now entrydn should exist in the entry */ + /* Set it to operational attribute */ + eattr->a_flags = SLAPI_ATTR_FLAG_OPATTR; + } + slapi_ch_free_string(&entrydn); + } + } retval = CACHE_ADD( &inst->inst_cache, e, &imposter ); if (1 == retval) { /* This means that someone else put the entry in the cache @@ -376,29 +460,6 @@ id2entry_ext( backend *be, ID id, back_txn *txn, int *err, int flags ) }
bail: - /* - * If return entry exists AND adding entrydn is requested AND - * entryrdn switch is on, add the entrydn value. - */ - if (e && e->ep_entry && (flags & ID2ENTRY_ADD_ENTRYDN) && - entryrdn_get_switch()) { - Slapi_Attr *eattr = NULL; - /* Check if entrydn is in the entry or not */ - if (slapi_entry_attr_find(e->ep_entry, "entrydn", &eattr)) { - /* entrydn does not exist in the entry */ - char *entrydn = NULL; - /* slapi_ch_strdup and slapi_dn_ignore_case never returns NULL */ - entrydn = slapi_ch_strdup(slapi_entry_get_dn_const(e->ep_entry)); - entrydn = slapi_dn_ignore_case(entrydn); - slapi_entry_attr_set_charptr (e->ep_entry, "entrydn", entrydn); - if (0 == slapi_entry_attr_find(e->ep_entry, "entrydn", &eattr)) { - /* now entrydn should exist in the entry */ - /* Set it to operational attribute */ - eattr->a_flags = SLAPI_ATTR_FLAG_OPATTR; - } - slapi_ch_free_string(&entrydn); - } - } slapi_ch_free( &(data.data) );
dblayer_release_id2entry( be, db ); @@ -407,10 +468,3 @@ bail: "<= id2entry( %lu ) %p (disk)\n", (u_long)id, e); return( e ); } - -struct backentry * -id2entry( backend *be, ID id, back_txn *txn, int *err ) -{ - return id2entry_ext(be, id, txn, err, 0); -} - diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c index d2d6197..c2e86f2 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_add.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c @@ -575,17 +575,12 @@ ldbm_back_add( Slapi_PBlock *pb ) if(is_resurect_operation) { - if (!entryrdn_get_switch()) { /* subtree-rename: off */ - /* add the entrydn operational attributes to the addingentry */ - add_update_entrydn_operational_attributes(addingentry); - } + add_update_entrydn_operational_attributes(addingentry); } else if (is_tombstone_operation) { - if (!entryrdn_get_switch()) { /* subtree-rename: off */ - /* Remove the entrydn operational attributes from the addingentry */ - delete_update_entrydn_operational_attributes(addingentry); - } + /* Remove the entrydn operational attributes from the addingentry */ + delete_update_entrydn_operational_attributes(addingentry); } else { @@ -978,10 +973,8 @@ add_update_entry_operational_attributes(struct backentry *ep, ID pid) bv.bv_len = strlen( buf ); entry_replace_values( ep->ep_entry, "entryid", bvp );
- if (!entryrdn_get_switch()) { /* subtree-rename: off */ - /* add the entrydn operational attribute to the entry. */ - add_update_entrydn_operational_attributes(ep); - } + /* add the entrydn operational attribute to the entry. */ + add_update_entrydn_operational_attributes(ep); }
/* diff --git a/ldap/servers/slapd/back-ldbm/ldbm_search.c b/ldap/servers/slapd/back-ldbm/ldbm_search.c index 9a4925f..0010a58 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_search.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_search.c @@ -1241,7 +1241,7 @@ ldbm_back_next_search_entry_ext( Slapi_PBlock *pb, int use_extension ) ++sr->sr_lookthroughcount; /* checked above */
/* get the entry */ - e = id2entry_ext( be, id, NULL, &err, ID2ENTRY_ADD_ENTRYDN ); + e = id2entry( be, id, NULL, &err ); if ( e == NULL ) { if ( err != 0 && err != DB_NOTFOUND ) diff --git a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h index 90ac570..c7b8154 100644 --- a/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h +++ b/ldap/servers/slapd/back-ldbm/proto-back-ldbm.h @@ -214,8 +214,6 @@ int id2entry_add( backend *be, struct backentry *e, back_txn *txn ); int id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt ); int id2entry_delete( backend *be, struct backentry *e, back_txn *txn ); struct backentry * id2entry( backend *be, ID id, back_txn *txn, int *err ); -struct backentry * id2entry_ext( backend *be, ID id, back_txn *txn, int *err, int flags ); -
/* * idl.c
commit 78283014e4fc7151c2f37fa9dc2123a778133697 Author: Rich Megginson rmeggins@redhat.com Date: Wed Sep 22 17:14:17 2010 -0600
bump version to 1.2.6.1
diff --git a/VERSION.sh b/VERSION.sh index be232cb..af18f3c 100644 --- a/VERSION.sh +++ b/VERSION.sh @@ -10,7 +10,7 @@ vendor="389 Project" # PACKAGE_VERSION is constructed from these VERSION_MAJOR=1 VERSION_MINOR=2 -VERSION_MAINT=6 +VERSION_MAINT=6.1 # if this is a PRERELEASE, set VERSION_PREREL # otherwise, comment it out # be sure to include the dot prefix in the prerel
commit 4bd78323d0bb1299a19e0ed1feebc79ff997c92f Author: Rich Megginson rmeggins@redhat.com Date: Wed Sep 22 15:56:14 2010 -0600
Bug 634561 - Server crushes when using Windows Sync Agreement
https://bugzilla.redhat.com/show_bug.cgi?id=634561 Resolves: bug 634561 Bug Description: Server crushes when using Windows Sync Agreement Reviewed by: ??? Branch: 389-ds-base-1.2.6 Fix Description: The regular replication protocol and the windows sync protocol have two completely different struct repl_connection. They are almost the same, almost identical fields, but they are different. When additional fields were added to the struct repl_connection, not at the end of the structure, and identical changes were not made to the struct repl_connection in windows_connection.c, the structures got out of sync. The authors tried to anticipate this condition by providing windows_ versions of all of the conn_ functions. We were not using the windows_ versions of these functions in all places in the winsync code. The fix is to use the windows_ versions of these functions throughout the winsync code, and to make the struct repl_connection the same size up through the char *plain field. If additional fields are added to either structure at the end, this problem should not occur in the future. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no
diff --git a/ldap/servers/plugins/replication/windows_connection.c b/ldap/servers/plugins/replication/windows_connection.c index a1e74c4..80dcd3b 100644 --- a/ldap/servers/plugins/replication/windows_connection.c +++ b/ldap/servers/plugins/replication/windows_connection.c @@ -75,6 +75,8 @@ typedef struct repl_connection int supports_ldapv3; /* 1 if does, 0 if doesn't, -1 if not determined */ int supports_ds50_repl; /* 1 if does, 0 if doesn't, -1 if not determined */ int supports_ds40_repl; /* 1 if does, 0 if doesn't, -1 if not determined */ + int supports_ds71_repl; /* 1 if does, 0 if doesn't, -1 if not determined */ + int supports_ds90_repl; /* 1 if does, 0 if doesn't, -1 if not determined */ int linger_time; /* time in seconds to leave an idle connection open */ int supports_dirsync; /* 1 if does, 0 if doesn't, -1 if not determined */ PRBool linger_active; diff --git a/ldap/servers/plugins/replication/windows_inc_protocol.c b/ldap/servers/plugins/replication/windows_inc_protocol.c index f2e9034..2b41276 100644 --- a/ldap/servers/plugins/replication/windows_inc_protocol.c +++ b/ldap/servers/plugins/replication/windows_inc_protocol.c @@ -988,9 +988,9 @@ windows_inc_run(Private_Repl_Protocol *prp) /* remove_protocol_callbacks(prp); */ prp->stopped = 1; /* Cancel any linger timer that might be in effect... */ - conn_cancel_linger(prp->conn); + windows_conn_cancel_linger(prp->conn); /* ... and disconnect, if currently connected */ - conn_disconnect(prp->conn); + windows_conn_disconnect(prp->conn); LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= windows_inc_run\n" ); }
@@ -1294,7 +1294,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu if (CONN_OPERATION_SUCCESS != replay_crc) { int operation, error; - conn_get_error(prp->conn, &operation, &error); + windows_conn_get_error(prp->conn, &operation, &error); csn_as_string(entry.op->csn, PR_FALSE, csn_str); /* Figure out what to do next */ if (CONN_OPERATION_FAILED == replay_crc) diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c index f69cb7a..06d2cad 100644 --- a/ldap/servers/plugins/replication/windows_protocol_util.c +++ b/ldap/servers/plugins/replication/windows_protocol_util.c @@ -1553,7 +1553,7 @@ windows_replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op if (CONN_OPERATION_FAILED == return_value) { int operation = 0; int error = 0; - conn_get_error(prp->conn, &operation, &error); + windows_conn_get_error(prp->conn, &operation, &error); /* The remote entry is missing. Let's add the renamed entry. */ if (LDAP_NO_SUCH_OBJECT == error) { return_value = process_replay_add(prp, @@ -4494,7 +4494,7 @@ windows_process_total_add(Private_Repl_Protocol *prp,Slapi_Entry *e, Slapi_DN* r int operation = 0; int error = 0; - conn_get_error(prp->conn, &operation, &error); + windows_conn_get_error(prp->conn, &operation, &error); if (windows_ignore_error_and_keep_going(error)) { retval = CONN_OPERATION_SUCCESS; diff --git a/ldap/servers/plugins/replication/windows_tot_protocol.c b/ldap/servers/plugins/replication/windows_tot_protocol.c index 9c22b8d..47bb3d0 100644 --- a/ldap/servers/plugins/replication/windows_tot_protocol.c +++ b/ldap/servers/plugins/replication/windows_tot_protocol.c @@ -120,7 +120,7 @@ windows_tot_run(Private_Repl_Protocol *prp) goto done; }
- conn_set_timeout(prp->conn, agmt_get_timeout(prp->agmt)); + windows_conn_set_timeout(prp->conn, agmt_get_timeout(prp->agmt));
/* acquire remote replica */ agmt_set_last_init_start(prp->agmt, current_time()); @@ -132,14 +132,14 @@ windows_tot_run(Private_Repl_Protocol *prp) if (rc != ACQUIRE_SUCCESS) { int optype, ldaprc; - conn_get_error(prp->conn, &optype, &ldaprc); + windows_conn_get_error(prp->conn, &optype, &ldaprc); agmt_set_last_init_status(prp->agmt, ldaprc, prp->last_acquire_response_code, NULL); goto done; } else if (prp->terminate) { - conn_disconnect(prp->conn); + windows_conn_disconnect(prp->conn); prp->stopped = 1; goto done; } @@ -272,7 +272,7 @@ windows_tot_stop(Private_Repl_Protocol *prp) "protocol not stopped after waiting for %d seconds " "for agreement %s\n", PR_IntervalToSeconds(now-start), agmt_get_long_name(prp->agmt)); - conn_disconnect(prp->conn); + windows_conn_disconnect(prp->conn); return_value = -1; } else @@ -383,7 +383,7 @@ int send_entry (Slapi_Entry *e, void *cb_data)
if (prp->terminate) { - conn_disconnect(prp->conn); + windows_conn_disconnect(prp->conn); prp->stopped = 1; ((callback_data*)cb_data)->rc = -1; LDAPDebug0Args( LDAP_DEBUG_TRACE, "<= send_entry\n" );