ldap/servers
by Noriko Hosoi
ldap/servers/slapd/back-ldbm/ldbm_add.c | 1 +
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 8 ++++++--
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 2 +-
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 6 ++++--
ldap/servers/slapd/plugin_syntax.c | 3 +++
5 files changed, 15 insertions(+), 5 deletions(-)
New commits:
commit 2b39f92cf4bd22e2091c35b0c92e945423b311ef
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Mar 11 16:51:26 2010 -0800
572649 - DS8.2 crashes on RHEL 4 (corresponding to bob, ber_2 test case)
https://bugzilla.redhat.com/show_bug.cgi?id=572649
Fix Description: There was a chance to jump to error_return before
back_txn structure was initialized. In the error handling, the
transaction abort is called against the garbage address. Slapi_DN
also gets freed without an initialization. Now these variables
are initialized first.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index 11b2fa6..d2d6197 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -130,6 +130,7 @@ ldbm_back_add( Slapi_PBlock *pb )
inst = (ldbm_instance *) be->be_instance_info;
+ /* sdn & parentsdn need to be initialized before "goto *_return" */
slapi_sdn_init(&sdn);
slapi_sdn_init(&parentsdn);
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
index 8224114..98374ee 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
@@ -100,6 +100,12 @@ ldbm_back_delete( Slapi_PBlock *pb )
slapi_pblock_get( pb, SLAPI_OPERATION, &operation );
slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation );
+ /* sdn & parentsdn need to be initialized before "goto *_return */
+ slapi_sdn_init(&sdn);
+
+ /* dblayer_txn_init needs to be called before "goto error_return" */
+ dblayer_txn_init(li,&txn);
+
if (pb->pb_conn)
{
slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_delete", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid);
@@ -125,8 +131,6 @@ ldbm_back_delete( Slapi_PBlock *pb )
slapi_sdn_init_dn_byref(&sdn,dn);
- dblayer_txn_init(li,&txn);
-
/* The dblock serializes writes to the database,
* which reduces deadlocking in the db code,
* which means that we run faster.
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
index 3cda1d8..cf41a64 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
@@ -226,6 +226,7 @@ ldbm_back_modify( Slapi_PBlock *pb )
is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
inst = (ldbm_instance *) be->be_instance_info;
+ dblayer_txn_init(li,&txn);
if (NULL == addr)
{
goto error_return;
@@ -237,7 +238,6 @@ ldbm_back_modify( Slapi_PBlock *pb )
slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
goto error_return;
}
- dblayer_txn_init(li,&txn);
/* The dblock serializes writes to the database,
* which reduces deadlocking in the db code,
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index 5e2b185..a3f1929 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -109,6 +109,7 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
char ebuf[BUFSIZ];
CSN *opcsn = NULL;
+ /* sdn & parentsdn need to be initialized before "goto *_return" */
slapi_sdn_init(&dn_newdn);
slapi_sdn_init(&dn_parentdn);
@@ -121,6 +122,9 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
slapi_pblock_get( pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation );
is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP);
+ /* dblayer_txn_init needs to be called before "goto error_return" */
+ dblayer_txn_init(li,&txn);
+
if (pb->pb_conn)
{
slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_modrdn", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid);
@@ -159,8 +163,6 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
return( -1 );
}
- dblayer_txn_init(li,&txn);
-
/* The dblock serializes writes to the database,
* which reduces deadlocking in the db code,
* which means that we run faster.
diff --git a/ldap/servers/slapd/plugin_syntax.c b/ldap/servers/slapd/plugin_syntax.c
index 80ce12a..384692d 100644
--- a/ldap/servers/slapd/plugin_syntax.c
+++ b/ldap/servers/slapd/plugin_syntax.c
@@ -335,6 +335,7 @@ slapi_dn_syntax_check(
/* See if we need to set the error text in the pblock. */
if (errp != &errtext[0]) {
+ /* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */
slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
}
@@ -424,6 +425,7 @@ slapi_entry_syntax_check(
/* See if we need to set the error text in the pblock. */
if (errp != &errtext[0]) {
+ /* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */
slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
}
@@ -510,6 +512,7 @@ slapi_mods_syntax_check(
/* See if we need to set the error text in the pblock. */
if (errp != &errtext[0]) {
+ /* SLAPI_PB_RESULT_TEXT duplicates the text in slapi_pblock_set */
slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
}
14 years, 1 month
ldap/servers
by Noriko Hosoi
ldap/servers/slapd/back-ldbm/import-threads.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
New commits:
commit dc2f7d061279089651fb56b57183496cf6926fc7
Author: Noriko Hosoi <nhosoi(a)jiji.sjc.redhat.com>
Date: Thu Mar 11 16:37:42 2010 -0800
570107 - The import of LDIFs with base-64 encoded DNs fails,
modrdn with non-ASCII new rdn incorrect
https://bugzilla.redhat.com/show_bug.cgi?id=570107
Description: When getting the DN value from the raw ldif file,
it was strictly checking "dn: ", which was incomplete. We
should have checked "dn:: " for the Base64 encoded DN. This
patch is adding the case.
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
index 37e1f4d..6cc1b66 100644
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
@@ -521,10 +521,12 @@ import_producer(void *param)
if (!(str2entry_flags & SLAPI_STR2ENTRY_INCLUDE_VERSION_STR) &&
entryrdn_get_switch()) { /* subtree-rename: on */
char *dn = NULL;
- int rc = 0; /* estr should start with "dn: " */
+ int rc = 0; /* estr should start with "dn: " or "dn:: " */
if (strncmp(estr, "dn: ", 4) &&
- NULL == strstr(estr, "\ndn: ")) { /* in case comments precedes
+ NULL == strstr(estr, "\ndn: ") && /* in case comments precedes
the entry */
+ strncmp(estr, "dn:: ", 5) &&
+ NULL == strstr(estr, "\ndn:: ")) { /* ditto */
import_log_notice(job, "WARNING: skipping bad LDIF entry (not "
"starting with \"dn: \") ending line %d of file \"%s\"",
curr_lineno, curr_filename);
14 years, 1 month
Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/syntaxes/validate.c | 1
ldap/servers/slapd/back-ldbm/ldbm_add.c | 9 +
ldap/servers/slapd/dn.c | 153 +++++++++++++++++++------------
3 files changed, 102 insertions(+), 61 deletions(-)
New commits:
commit b46d314292ae186a64692e550e7e1fa289596f08
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Mar 11 11:10:48 2010 -0800
199923 - subtree search fails to find items under a db
containing special characters
https://bugzilla.redhat.com/show_bug.cgi?id=199923
Description: regression observed in the tests.
> as of March 04, 2010, this is happening again.
Fix Description:
dn.c: Based upon RFC 4514, the following characters in the RDN
values need to be escaped:
'+', ';', '<', '>', and '=' for the intermediate characters
'+', ';', '<', '>', '=', '#' and ' ' for leading characters
'+', ';', '<', '>', '=', and ' ' for trailing characters
validate.c: If an escaped character followed by another escaped
character, e.g., \#\<, the pointer was moved twice skipping '\'
before '<' and it makes the validation fail.
ldbm_add.c: a local variable addr was not initialized.
diff --git a/ldap/servers/plugins/syntaxes/validate.c b/ldap/servers/plugins/syntaxes/validate.c
index d0da4be..aab6d9c 100644
--- a/ldap/servers/plugins/syntaxes/validate.c
+++ b/ldap/servers/plugins/syntaxes/validate.c
@@ -535,7 +535,6 @@ int rdn_validate( const char *begin, const char *end, const char **last )
}
p++;
}
- p++;
/* Only allow 'SUTF1' chars now. */
} else if (!IS_SUTF1(*p)) {
rc = 1;
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index 3bd6eae..76cc6bb 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -112,7 +112,7 @@ ldbm_back_add( Slapi_PBlock *pb )
int is_fixup_operation= 0;
int is_ruv = 0; /* True if the current entry is RUV */
CSN *opcsn = NULL;
- entry_address addr;
+ entry_address addr = {0};
slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e );
@@ -188,7 +188,7 @@ ldbm_back_add( Slapi_PBlock *pb )
{
/* Check if an entry with the intended uniqueid already exists. */
done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_UNIQUEID_ENTRY); /* Could be through this multiple times */
- addr.dn = NULL;
+ addr.dn = addr.udn = NULL;
addr.uniqueid = (char*)slapi_entry_get_uniqueid(e); /* jcm - cast away const */
ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_UNIQUEID_ENTRY, !is_replicated_operation);
}
@@ -211,6 +211,7 @@ ldbm_back_add( Slapi_PBlock *pb )
/* Check if an entry with the intended DN already exists. */
done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_DN_ENTRY); /* Could be through this multiple times */
addr.dn = dn;
+ addr.udn = NULL;
addr.uniqueid = NULL;
ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_DN_ENTRY, !is_replicated_operation);
if(ldap_result_code==LDAP_OPERATIONS_ERROR ||
@@ -226,6 +227,7 @@ ldbm_back_add( Slapi_PBlock *pb )
{
done_with_pblock_entry(pb,SLAPI_ADD_PARENT_ENTRY); /* Could be through this multiple times */
addr.dn = (char*)slapi_sdn_get_dn (&parentsdn); /* get_copy_of_entry assumes the DN is not normalized */
+ addr.udn = NULL;
addr.uniqueid = operation->o_params.p.p_add.parentuniqueid;
ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_PARENT_ENTRY, !is_replicated_operation);
/* need to set parentsdn or parentuniqueid if either is not set? */
@@ -265,6 +267,7 @@ ldbm_back_add( Slapi_PBlock *pb )
if(have_parent_address(&parentsdn, operation->o_params.p.p_add.parentuniqueid))
{
addr.dn = (char*)slapi_sdn_get_dn (&parentsdn);
+ addr.udn = NULL;
addr.uniqueid = operation->o_params.p.p_add.parentuniqueid;
parententry = find_entry2modify_only(pb,be,&addr,&txn);
if (parententry && parententry->ep_entry) {
@@ -345,7 +348,7 @@ ldbm_back_add( Slapi_PBlock *pb )
* When we resurect a tombstone we must use its UniqueID
* to find the tombstone entry and lock it down in the cache.
*/
- addr.dn = NULL;
+ addr.dn = addr.udn = NULL;
addr.uniqueid = (char *)slapi_entry_get_uniqueid(e); /* jcm - cast away const */
tombstoneentry = find_entry2modify( pb, be, &addr, NULL );
if ( tombstoneentry==NULL )
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 6aa7ae7..3ab9327 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -77,10 +77,16 @@ hexchar2int( char c )
return( -1 );
}
-#define DNSEPARATOR(c) (c == ',' || c == ';')
-#define SEPARATOR(c) (c == ',' || c == ';' || c == '+')
-#define SPACE(c) (c == ' ' || c == '\n') /* XXX 518524 */
-#define NEEDSESCAPE(c) (c == '\\' || c == '"')
+#define DNSEPARATOR(c) (((c) == ',') || ((c) == ';'))
+#define SEPARATOR(c) (((c) == ',') || ((c) == ';') || ((c) == '+'))
+#define SPACE(c) (((c) == ' ') || ((c) == '\n')) /* XXX 518524 */
+#define NEEDSESCAPE(c) (((c) == '\\') || ((c) == '"') || ((c) == '+') || \
+ ((c) == ',') || ((c) == ';') || ((c) == '<') || ((c) == '>') || ((c) == '='))
+#define LEADNEEDSESCAPE(c) (((c) == ' ') || ((c) == '#') || NEEDSESCAPE(c))
+#if 0 /* not used */
+#define ONLYTRAILNEEDSESCAPE(c) ((c) == ' ')
+#define TRAILNEEDSESCAPE(c) (ONLYTRAILNEEDSESCAPE(c) || NEEDSESCAPE(c))
+#endif
#define B4TYPE 0
#define INTYPE 1
#define B4EQUAL 2
@@ -88,6 +94,7 @@ hexchar2int( char c )
#define INVALUE 4
#define INQUOTEDVALUE 5
#define B4SEPARATOR 6
+#define INVALUE1ST 7
#define SLAPI_DNNORM_INITIAL_RDN_AVS 10
#define SLAPI_DNNORM_SMALL_RDN_AV 512
@@ -148,6 +155,8 @@ substr_dn_normalize( char *dn, char *end )
char *d = NULL;
char *s = NULL;
char *typestart = NULL;
+ char *rdnbegin = NULL;
+ char *lastesc = NULL;
int gotesc = 0;
int state = B4TYPE;
int rdn_av_count = 0;
@@ -186,75 +195,104 @@ substr_dn_normalize( char *dn, char *end )
if ( *s == '"' || ! SPACE( *s ) ) {
value_separator = NULL;
value = d;
- state = ( *s == '"' ) ? INQUOTEDVALUE : INVALUE;
+ state = ( *s == '"' ) ? INQUOTEDVALUE : INVALUE1ST;
+ rdnbegin = d;
+ lastesc = NULL;
*d++ = *s;
}
break;
+ case INVALUE1ST:
case INVALUE:
if ( gotesc ) {
if ( SEPARATOR( *s ) ) {
value_separator = d;
- } else if ( ! NEEDSESCAPE( *s ) ) {
+ }
+ if ( INVALUE1ST == state ) {
+ if ( !LEADNEEDSESCAPE( *s )) {
+ /* checking the leading char + special chars */
+ --d; /* eliminate the \ */
+ }
+ } else if ( !NEEDSESCAPE( *s ) ) {
--d; /* eliminate the \ */
+ lastesc = d;
}
} else if ( SEPARATOR( *s ) ) {
- while ( SPACE( *(d - 1) ) )
- d--;
+ /* handling a trailing escaped space */
+ /* assuming a space is the only an extra character which
+ * is not escaped if it appears in the middle, but should
+ * be if it does at the end of the RDN value */
+ /* e.g., ou=ABC \ ,o=XYZ --> ou=ABC \ ,o=XYZ */
+ if ( lastesc ) {
+ while ( SPACE( *(d - 1) ) && d > lastesc ) {
+ d--;
+ }
+ if ( d == lastesc ) {
+ *d++ = '\\';
+ *d++ = ' '; /* escaped trailing space */
+ }
+ } else {
+ while ( SPACE( *(d - 1) ) ) {
+ d--;
+ }
+ }
if ( value_separator == dn ) { /* 2 or more separators */
- /* convert to quoted value: */
- char *L = NULL; /* char after last seperator */
- char *R; /* value character iterator */
- int escape_skips = 0; /* number of escapes we have seen after the first */
-
- for ( R = value; (R = strchr( R, '\\' )) && (R < d); L = ++R ) {
- if ( SEPARATOR( R[1] )) {
- if ( L == NULL ) {
- /* executes once, at first escape, adds opening quote */
- const size_t len = R - value;
+ /* convert to quoted value: */
+ char *L = NULL; /* char after last seperator */
+ char *R; /* value character iterator */
+ int escape_skips = 0; /* number of escapes we have seen after the first */
+
+ for ( R = value; (R = strchr( R, '\\' )) && (R < d); L = ++R ) {
+ if ( SEPARATOR( R[1] )) {
+ if ( L == NULL ) {
+ /* executes once, at first escape, adds opening quote */
+ const size_t len = R - value;
- /* make room for quote by covering escape */
- if ( len > 0 ) {
- memmove( value+1, value, len );
+ /* make room for quote by covering escape */
+ if ( len > 0 ) {
+ memmove( value+1, value, len );
+ }
+
+ *value = '"'; /* opening quote */
+ value = R + 1; /* move passed what has been parsed */
+ } else {
+ const size_t len = R - L;
+ if ( len > 0 ) {
+ /* remove the seperator */
+ memmove( value, L, len );
+ value += len; /* move passed what has been parsed */
+ }
+ --d;
+ ++escape_skips;
}
+ } /* if ( SEPARATOR( R[1] )) */
+ } /* for */
+ memmove( value, L, d - L + escape_skips );
+ *d++ = '"'; /* closing quote */
+ } /* if (value_separator == dn) */
+ state = B4TYPE;
- *value = '"'; /* opening quote */
- value = R + 1; /* move passed what has been parsed */
- } else {
- const size_t len = R - L;
- if ( len > 0 ) {
- /* remove the seperator */
- memmove( value, L, len );
- value += len; /* move passed what has been parsed */
- }
- --d;
- ++escape_skips;
- }
- }
- }
- memmove( value, L, d - L + escape_skips );
- *d++ = '"'; /* closing quote */
- }
- state = B4TYPE;
-
- /*
- * Track and sort attribute values within
- * multivalued RDNs.
- */
- if ( *s == '+' || rdn_av_count > 0 ) {
- add_rdn_av( typestart, d, &rdn_av_count,
- &rdn_avs, initial_rdn_av_stack );
- }
- if ( *s != '+' ) { /* at end of this RDN */
- if ( rdn_av_count > 1 ) {
- sort_rdn_avs( rdn_avs, rdn_av_count );
+ /*
+ * Track and sort attribute values within
+ * multivalued RDNs.
+ */
+ if ( *s == '+' || rdn_av_count > 0 ) {
+ add_rdn_av( typestart, d, &rdn_av_count,
+ &rdn_avs, initial_rdn_av_stack );
}
- if ( rdn_av_count > 0 ) {
- reset_rdn_avs( &rdn_avs, &rdn_av_count );
+ if ( *s != '+' ) { /* at end of this RDN */
+ if ( rdn_av_count > 1 ) {
+ sort_rdn_avs( rdn_avs, rdn_av_count );
+ }
+ if ( rdn_av_count > 0 ) {
+ reset_rdn_avs( &rdn_avs, &rdn_av_count );
+ }
}
- }
- *d++ = (*s == '+') ? '+' : ',';
- break;
+ *d++ = (*s == '+') ? '+' : ',';
+ break;
+ } /* else if ( SEPARATOR( *s ) ) */
+ if ( INVALUE1ST == state ) {
+ state = INVALUE;
}
*d++ = *s;
break;
@@ -355,7 +393,8 @@ substr_dn_normalize( char *dn, char *end )
* rdn to our list to sort. We should only be in the INVALUE
* or B4SEPARATOR state if we have a valid rdn component to
* be added. */
- if ((rdn_av_count > 0) && ((state == INVALUE) || (state == B4SEPARATOR))) {
+ if ((rdn_av_count > 0) && ((state == INVALUE1ST) ||
+ (state == INVALUE) || (state == B4SEPARATOR))) {
add_rdn_av( typestart, d, &rdn_av_count,
&rdn_avs, initial_rdn_av_stack );
}
14 years, 1 month
ldap/servers
by Noriko Hosoi
ldap/servers/plugins/syntaxes/validate.c | 1
ldap/servers/slapd/back-ldbm/ldbm_add.c | 9 +
ldap/servers/slapd/dn.c | 153 +++++++++++++++++++------------
3 files changed, 102 insertions(+), 61 deletions(-)
New commits:
commit f11afee0ca0c4039cebc0efe4388b95776b6da4b
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Mar 11 11:10:48 2010 -0800
199923 - subtree search fails to find items under a db
containing special characters
https://bugzilla.redhat.com/show_bug.cgi?id=199923
Description: regression observed in the tests.
> as of March 04, 2010, this is happening again.
Fix Description:
dn.c: Based upon RFC 4514, the following characters in the RDN
values need to be escaped:
'+', ';', '<', '>', and '=' for the intermediate characters
'+', ';', '<', '>', '=', '#' and ' ' for leading characters
'+', ';', '<', '>', '=', and ' ' for trailing characters
validate.c: If an escaped character followed by another escaped
character, e.g., \#\<, the pointer was moved twice skipping '\'
before '<' and it makes the validation fail.
ldbm_add.c: a local variable addr was not initialized.
diff --git a/ldap/servers/plugins/syntaxes/validate.c b/ldap/servers/plugins/syntaxes/validate.c
index d0da4be..aab6d9c 100644
--- a/ldap/servers/plugins/syntaxes/validate.c
+++ b/ldap/servers/plugins/syntaxes/validate.c
@@ -535,7 +535,6 @@ int rdn_validate( const char *begin, const char *end, const char **last )
}
p++;
}
- p++;
/* Only allow 'SUTF1' chars now. */
} else if (!IS_SUTF1(*p)) {
rc = 1;
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index 0db57f6..11b2fa6 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -112,7 +112,7 @@ ldbm_back_add( Slapi_PBlock *pb )
int is_fixup_operation= 0;
int is_ruv = 0; /* True if the current entry is RUV */
CSN *opcsn = NULL;
- entry_address addr;
+ entry_address addr = {0};
slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li );
slapi_pblock_get( pb, SLAPI_ADD_ENTRY, &e );
@@ -188,7 +188,7 @@ ldbm_back_add( Slapi_PBlock *pb )
{
/* Check if an entry with the intended uniqueid already exists. */
done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_UNIQUEID_ENTRY); /* Could be through this multiple times */
- addr.dn = NULL;
+ addr.dn = addr.udn = NULL;
addr.uniqueid = (char*)slapi_entry_get_uniqueid(e); /* jcm - cast away const */
ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_UNIQUEID_ENTRY, !is_replicated_operation);
}
@@ -211,6 +211,7 @@ ldbm_back_add( Slapi_PBlock *pb )
/* Check if an entry with the intended DN already exists. */
done_with_pblock_entry(pb,SLAPI_ADD_EXISTING_DN_ENTRY); /* Could be through this multiple times */
addr.dn = dn;
+ addr.udn = NULL;
addr.uniqueid = NULL;
ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_DN_ENTRY, !is_replicated_operation);
if(ldap_result_code==LDAP_OPERATIONS_ERROR ||
@@ -226,6 +227,7 @@ ldbm_back_add( Slapi_PBlock *pb )
{
done_with_pblock_entry(pb,SLAPI_ADD_PARENT_ENTRY); /* Could be through this multiple times */
addr.dn = (char*)slapi_sdn_get_dn (&parentsdn); /* get_copy_of_entry assumes the DN is not normalized */
+ addr.udn = NULL;
addr.uniqueid = operation->o_params.p.p_add.parentuniqueid;
ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_PARENT_ENTRY, !is_replicated_operation);
/* need to set parentsdn or parentuniqueid if either is not set? */
@@ -265,6 +267,7 @@ ldbm_back_add( Slapi_PBlock *pb )
if(have_parent_address(&parentsdn, operation->o_params.p.p_add.parentuniqueid))
{
addr.dn = (char*)slapi_sdn_get_dn (&parentsdn);
+ addr.udn = NULL;
addr.uniqueid = operation->o_params.p.p_add.parentuniqueid;
parententry = find_entry2modify_only(pb,be,&addr,&txn);
if (parententry && parententry->ep_entry) {
@@ -345,7 +348,7 @@ ldbm_back_add( Slapi_PBlock *pb )
* When we resurect a tombstone we must use its UniqueID
* to find the tombstone entry and lock it down in the cache.
*/
- addr.dn = NULL;
+ addr.dn = addr.udn = NULL;
addr.uniqueid = (char *)slapi_entry_get_uniqueid(e); /* jcm - cast away const */
tombstoneentry = find_entry2modify( pb, be, &addr, NULL );
if ( tombstoneentry==NULL )
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 2fb36e9..2e5ac00 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -77,10 +77,16 @@ hexchar2int( char c )
return( -1 );
}
-#define DNSEPARATOR(c) (c == ',' || c == ';')
-#define SEPARATOR(c) (c == ',' || c == ';' || c == '+')
-#define SPACE(c) (c == ' ' || c == '\n') /* XXX 518524 */
-#define NEEDSESCAPE(c) (c == '\\' || c == '"')
+#define DNSEPARATOR(c) (((c) == ',') || ((c) == ';'))
+#define SEPARATOR(c) (((c) == ',') || ((c) == ';') || ((c) == '+'))
+#define SPACE(c) (((c) == ' ') || ((c) == '\n')) /* XXX 518524 */
+#define NEEDSESCAPE(c) (((c) == '\\') || ((c) == '"') || ((c) == '+') || \
+ ((c) == ',') || ((c) == ';') || ((c) == '<') || ((c) == '>') || ((c) == '='))
+#define LEADNEEDSESCAPE(c) (((c) == ' ') || ((c) == '#') || NEEDSESCAPE(c))
+#if 0 /* not used */
+#define ONLYTRAILNEEDSESCAPE(c) ((c) == ' ')
+#define TRAILNEEDSESCAPE(c) (ONLYTRAILNEEDSESCAPE(c) || NEEDSESCAPE(c))
+#endif
#define B4TYPE 0
#define INTYPE 1
#define B4EQUAL 2
@@ -88,6 +94,7 @@ hexchar2int( char c )
#define INVALUE 4
#define INQUOTEDVALUE 5
#define B4SEPARATOR 6
+#define INVALUE1ST 7
#define SLAPI_DNNORM_INITIAL_RDN_AVS 10
#define SLAPI_DNNORM_SMALL_RDN_AV 512
@@ -148,6 +155,8 @@ substr_dn_normalize( char *dn, char *end )
char *d = NULL;
char *s = NULL;
char *typestart = NULL;
+ char *rdnbegin = NULL;
+ char *lastesc = NULL;
int gotesc = 0;
int state = B4TYPE;
int rdn_av_count = 0;
@@ -186,75 +195,104 @@ substr_dn_normalize( char *dn, char *end )
if ( *s == '"' || ! SPACE( *s ) ) {
value_separator = NULL;
value = d;
- state = ( *s == '"' ) ? INQUOTEDVALUE : INVALUE;
+ state = ( *s == '"' ) ? INQUOTEDVALUE : INVALUE1ST;
+ rdnbegin = d;
+ lastesc = NULL;
*d++ = *s;
}
break;
+ case INVALUE1ST:
case INVALUE:
if ( gotesc ) {
if ( SEPARATOR( *s ) ) {
value_separator = d;
- } else if ( ! NEEDSESCAPE( *s ) ) {
+ }
+ if ( INVALUE1ST == state ) {
+ if ( !LEADNEEDSESCAPE( *s )) {
+ /* checking the leading char + special chars */
+ --d; /* eliminate the \ */
+ }
+ } else if ( !NEEDSESCAPE( *s ) ) {
--d; /* eliminate the \ */
+ lastesc = d;
}
} else if ( SEPARATOR( *s ) ) {
- while ( SPACE( *(d - 1) ) )
- d--;
+ /* handling a trailing escaped space */
+ /* assuming a space is the only an extra character which
+ * is not escaped if it appears in the middle, but should
+ * be if it does at the end of the RDN value */
+ /* e.g., ou=ABC \ ,o=XYZ --> ou=ABC \ ,o=XYZ */
+ if ( lastesc ) {
+ while ( SPACE( *(d - 1) ) && d > lastesc ) {
+ d--;
+ }
+ if ( d == lastesc ) {
+ *d++ = '\\';
+ *d++ = ' '; /* escaped trailing space */
+ }
+ } else {
+ while ( SPACE( *(d - 1) ) ) {
+ d--;
+ }
+ }
if ( value_separator == dn ) { /* 2 or more separators */
- /* convert to quoted value: */
- char *L = NULL; /* char after last seperator */
- char *R; /* value character iterator */
- int escape_skips = 0; /* number of escapes we have seen after the first */
-
- for ( R = value; (R = strchr( R, '\\' )) && (R < d); L = ++R ) {
- if ( SEPARATOR( R[1] )) {
- if ( L == NULL ) {
- /* executes once, at first escape, adds opening quote */
- const size_t len = R - value;
+ /* convert to quoted value: */
+ char *L = NULL; /* char after last seperator */
+ char *R; /* value character iterator */
+ int escape_skips = 0; /* number of escapes we have seen after the first */
+
+ for ( R = value; (R = strchr( R, '\\' )) && (R < d); L = ++R ) {
+ if ( SEPARATOR( R[1] )) {
+ if ( L == NULL ) {
+ /* executes once, at first escape, adds opening quote */
+ const size_t len = R - value;
- /* make room for quote by covering escape */
- if ( len > 0 ) {
- memmove( value+1, value, len );
+ /* make room for quote by covering escape */
+ if ( len > 0 ) {
+ memmove( value+1, value, len );
+ }
+
+ *value = '"'; /* opening quote */
+ value = R + 1; /* move passed what has been parsed */
+ } else {
+ const size_t len = R - L;
+ if ( len > 0 ) {
+ /* remove the seperator */
+ memmove( value, L, len );
+ value += len; /* move passed what has been parsed */
+ }
+ --d;
+ ++escape_skips;
}
+ } /* if ( SEPARATOR( R[1] )) */
+ } /* for */
+ memmove( value, L, d - L + escape_skips );
+ *d++ = '"'; /* closing quote */
+ } /* if (value_separator == dn) */
+ state = B4TYPE;
- *value = '"'; /* opening quote */
- value = R + 1; /* move passed what has been parsed */
- } else {
- const size_t len = R - L;
- if ( len > 0 ) {
- /* remove the seperator */
- memmove( value, L, len );
- value += len; /* move passed what has been parsed */
- }
- --d;
- ++escape_skips;
- }
- }
- }
- memmove( value, L, d - L + escape_skips );
- *d++ = '"'; /* closing quote */
- }
- state = B4TYPE;
-
- /*
- * Track and sort attribute values within
- * multivalued RDNs.
- */
- if ( *s == '+' || rdn_av_count > 0 ) {
- add_rdn_av( typestart, d, &rdn_av_count,
- &rdn_avs, initial_rdn_av_stack );
- }
- if ( *s != '+' ) { /* at end of this RDN */
- if ( rdn_av_count > 1 ) {
- sort_rdn_avs( rdn_avs, rdn_av_count );
+ /*
+ * Track and sort attribute values within
+ * multivalued RDNs.
+ */
+ if ( *s == '+' || rdn_av_count > 0 ) {
+ add_rdn_av( typestart, d, &rdn_av_count,
+ &rdn_avs, initial_rdn_av_stack );
}
- if ( rdn_av_count > 0 ) {
- reset_rdn_avs( &rdn_avs, &rdn_av_count );
+ if ( *s != '+' ) { /* at end of this RDN */
+ if ( rdn_av_count > 1 ) {
+ sort_rdn_avs( rdn_avs, rdn_av_count );
+ }
+ if ( rdn_av_count > 0 ) {
+ reset_rdn_avs( &rdn_avs, &rdn_av_count );
+ }
}
- }
- *d++ = (*s == '+') ? '+' : ',';
- break;
+ *d++ = (*s == '+') ? '+' : ',';
+ break;
+ } /* else if ( SEPARATOR( *s ) ) */
+ if ( INVALUE1ST == state ) {
+ state = INVALUE;
}
*d++ = *s;
break;
@@ -355,7 +393,8 @@ substr_dn_normalize( char *dn, char *end )
* rdn to our list to sort. We should only be in the INVALUE
* or B4SEPARATOR state if we have a valid rdn component to
* be added. */
- if ((rdn_av_count > 0) && ((state == INVALUE) || (state == B4SEPARATOR))) {
+ if ((rdn_av_count > 0) && ((state == INVALUE1ST) ||
+ (state == INVALUE) || (state == B4SEPARATOR))) {
add_rdn_av( typestart, d, &rdn_av_count,
&rdn_avs, initial_rdn_av_stack );
}
14 years, 1 month
ldap/admin
by Richard Allen Megginson
ldap/admin/src/scripts/DSCreate.pm.in | 2 +-
ldap/admin/src/scripts/DSUtil.pm.in | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
New commits:
commit be17b937b06eeb0822189951a6f63cfb87749e32
Author: Endi S. Dewata <edewata(a)redhat.com>
Date: Tue Mar 9 15:58:40 2010 -0600
Bug 570542 - Root password cannot contain matching curly braces
https://bugzilla.redhat.com/show_bug.cgi?id=570542
Resolves: bug 570542
Bug Description: Root password cannot contain matching curly braces
Branch: HEAD
Fix Description: The scripts have been modified to check for matching
curly braces only at the beginning of the password. Matching curly
braces anywhere else would be accepted as a valid password.
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index f8757ff..06b2d1f 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -124,7 +124,7 @@ sub sanityCheckParams {
return ('dialog_dsrootdn_error', $inf->{slapd}->{RootDN});
}
- if ($inf->{slapd}->{RootDNPwd} =~ /\{\w+\}.+/) {
+ if ($inf->{slapd}->{RootDNPwd} =~ /^\{\w+\}.+/) {
debug(1, "The root password is already hashed - no checking will be performed\n");
} elsif (length($inf->{slapd}->{RootDNPwd}) < 8) {
debug(0, "WARNING: The root password is less than 8 characters long. You should choose a longer one.\n");
diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
index a8f3a30..c292d4e 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -728,7 +728,7 @@ sub getHashedPassword {
my $pwd = shift;
my $alg = shift;
- if ($pwd =~ /\{\w+\}.+/) {
+ if ($pwd =~ /^\{\w+\}.+/) {
return $pwd; # already hashed
}
14 years, 1 month
ldap/admin
by Richard Allen Megginson
ldap/admin/src/scripts/DSCreate.pm.in | 72 ++++++++++++++++++++---
ldap/admin/src/scripts/DSUtil.pm.in | 38 ------------
ldap/admin/src/scripts/remove-ds.pl.in | 28 +++-----
ldap/admin/src/scripts/restart-dirsrv.in | 25 ++++++-
ldap/admin/src/scripts/start-dirsrv.in | 27 +++++++-
ldap/admin/src/scripts/stop-dirsrv.in | 27 +++++++-
ldap/admin/src/scripts/template-restart-slapd.in | 2
ldap/admin/src/scripts/template-start-slapd.in | 2
ldap/admin/src/scripts/template-stop-slapd.in | 2
9 files changed, 145 insertions(+), 78 deletions(-)
New commits:
commit 7701c5626647ddfa44e4f4b11a11d3c384beffa7
Author: Endi S. Dewata <edewata(a)redhat.com>
Date: Tue Mar 9 10:56:34 2010 -0600
Bug 538525 - Ability to create instance as non-root user
https://bugzilla.redhat.com/show_bug.cgi?id=538525
Resolves: bug 538525
Bug Description: Ability to create instance as non-root user
Branch: HEAD
Fix Description: By default for root user the init config file
will be stored in /etc/sysconfig and for non-root user it will
be stored in $HOME/.dirsrv folder.
A new parameter [slapd] initconfig_dir is added to the .inf file
to specify a non-default folder for the init config folder. This
folder must exist prior to running the DS tools. The folder can
also be specified via setup-ds.pl command-line parameter
slapd.initconfig_dir.
A new parameter -d is added to the start-dirsrv, restart-dirsrv,
and stop-dirsrv to specify the non-default init config folder.
A new parameter --initconfig_dir is added to remove-ds.pl to
specify the non-default init config folder.
The templates for start-slapd, restart-slapd, stop-slapd scripts
have been modified to specify the init config folder.
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index fb2a4d7..f8757ff 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -260,6 +260,17 @@ sub createInstanceScripts {
my $perlexec = "@perlexec@" || "/usr/bin/env perl";
my $myperl = "!$perlexec";
my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL ");
+
+ # determine initconfig_dir
+ my $initconfig_dir = $inf->{slapd}->{initconfig_dir};
+ if (!$initconfig_dir) {
+ if ($ENV{USER} eq 'root') {
+ $initconfig_dir = "$inf->{General}->{prefix}@initconfigdir@";
+ } else {
+ $initconfig_dir = "$ENV{HOME}/.@package_name@";
+ }
+ }
+
my %maptable = (
"DS-ROOT" => $inf->{General}->{prefix},
"SEP" => "/", # works on all platforms
@@ -273,6 +284,7 @@ sub createInstanceScripts {
"BAK-DIR" => $inf->{slapd}->{bak_dir},
"SERVER-DIR" => $inf->{General}->{ServerRoot},
"CONFIG-DIR" => $inf->{slapd}->{config_dir},
+ "INITCONFIG-DIR" => $initconfig_dir,
"INST-DIR" => $inf->{slapd}->{inst_dir},
"RUN-DIR" => $inf->{slapd}->{run_dir},
"PRODUCT-NAME" => "slapd",
@@ -458,9 +470,21 @@ sub makeOtherConfigFiles {
return @errs;
}
+ # determine initconfig_dir
+ my $initconfig_dir = $inf->{slapd}->{initconfig_dir};
+ if (!$initconfig_dir) {
+ if ($ENV{USER} eq 'root') {
+ $initconfig_dir = "$inf->{General}->{prefix}@initconfigdir@";
+ } else {
+ $initconfig_dir = "$ENV{HOME}/.@package_name@";
+ mkpath $initconfig_dir unless -d $initconfig_dir;
+ }
+ }
+
# install instance specific initconfig script
$src = "$inf->{General}->{prefix}@configdir@/template-initconfig";
- $dest = "$inf->{General}->{prefix}@initconfigdir@/@package_name@-$inf->{slapd}->{ServerIdentifier}";
+ $dest = "$initconfig_dir/@package_name@-$inf->{slapd}->{ServerIdentifier}";
+
$! = 0; # clear errno
if (!open(SRC, "< $src")) {
@@ -1026,10 +1050,42 @@ sub stopServer {
sub removeDSInstance {
my $inst = shift;
my $force = shift;
+ my $initconfig_dir = shift;
my $baseconfigdir = $ENV{DS_CONFIG_DIR} || "@instconfigdir@";
my $instname = "slapd-$inst";
- my $configdir = "$baseconfigdir/$instname";
+ my $configdir;
+ my $rundir;
+ my $product_name;
my @errs;
+
+ # determine initconfig_dir
+ if (!$initconfig_dir) {
+ if ($ENV{USER} eq 'root') {
+ $initconfig_dir = "@initconfigdir@";
+ } else {
+ $initconfig_dir = "$ENV{HOME}/.@package_name@";
+ }
+ }
+
+ my $initconfig = "$initconfig_dir/@package_name@-$inst";
+
+ # Get the configdir, rundir and product_name from the instance initconfig script.
+ unless(open(INFILE, $initconfig)) {
+ return ( [ 'error_no_such_instance', $instname, $! ] );
+ }
+
+ my $line;
+ while($line = <INFILE>) {
+ if ($line =~ /CONFIG_DIR=(.*) ; export CONFIG_DIR/) {
+ $configdir = $1;
+ } elsif ($line =~ /RUN_DIR=(.*) ; export INST_DIR/) {
+ $rundir = $1;
+ } elsif ($line =~ /PRODUCT_NAME=(.*) ; export PRODUCT_NAME/) {
+ $product_name = $1;
+ }
+ }
+ close(INFILE);
+
if ( ! -d $configdir )
{
debug(1, "Error: $configdir does not exist: $!\n");
@@ -1097,8 +1153,8 @@ sub removeDSInstance {
if ( -d $instdir && $instdir =~ /$instname/ )
{
# clean up pid files (if any)
- remove_pidfile("STARTPIDFILE", $instdir, $instname);
- remove_pidfile("PIDFILE", $instdir, $instname);
+ remove_pidfile("STARTPIDFILE", $inst, $instdir, $instname, $rundir, $product_name);
+ remove_pidfile("PIDFILE", $inst, $instdir, $instname, $rundir, $product_name);
my $rc = rmtree($instdir);
if ( 0 == $rc )
@@ -1111,12 +1167,12 @@ sub removeDSInstance {
push @errs, remove_tree($entry, "nsslapd-schemadir", $instname, 1, "\.db\$");
# Remove the instance specific initconfig script
- if ( -f "@initconfigdir@/@package_name@-$inst" ) {
- my $rc = unlink("@initconfigdir@/@package_name@-$inst");
+ if ( -f $initconfig ) {
+ my $rc = unlink($initconfig);
if ( 0 == $rc )
{
- push @errs, [ 'error_removing_path', "@initconfigdir@/@package_name@-$inst", $! ];
- debug(1, "Warning: @initconfigdir@/@package_name@-$inst was not removed. Error: $!\n");
+ push @errs, [ 'error_removing_path', $initconfig, $! ];
+ debug(1, "Warning: $initconfig was not removed. Error: $!\n");
}
}
diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
index 79586db..a8f3a30 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -947,45 +947,9 @@ sub remove_tree
sub remove_pidfile
{
- my ($type, $instdir, $instname) = @_;
- my $serv_id;
- my $run_dir;
- my $product_name;
+ my ($type, $serv_id, $instdir, $instname, $run_dir, $product_name) = @_;
my $pidfile;
- # Get the serv_id from the start-slapd script.
- unless(open(INFILE,"$instdir/start-slapd")) {
- print("Cannot open start-slapd file for reading "); return 0;
- }
- my $line;
- while($line = <INFILE>) {
- if ($line =~ /start-dirsrv /g) {
- my @servline=split(/start-dirsrv /, $line);
- @servline=split(/\s+/, $servline[1]);
- $serv_id=$servline[0];
- }
- }
- close(INFILE);
-
- # Get the run_dir and product_name from the instance initconfig script.
- unless(open(INFILE,"@initconfigdir@/@package_name@-$serv_id")) {
- print("Couldn't open @initconfigdir@/@package_name@-$serv_id "); return 0;
- }
- while($line = <INFILE>) {
- if ($line =~ /RUN_DIR=/g) {
- my @rundir_line=split(/RUN_DIR=+/, $line);
- @rundir_line=split(/;/, $rundir_line[1]);
- $run_dir = $rundir_line[0];
- chop($run_dir);
- } elsif ($line =~ /PRODUCT_NAME=/g) {
- my @product_line=split(/PRODUCT_NAME=+/, $line);
- @product_line=split(/;/, $product_line[1]);
- $product_name = $product_line[0];
- chop($product_name);
- }
- }
- close(INFILE);
-
# Construct the pidfile name as follows:
# PIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.pid
# STARTPIDFILE=$RUN_DIR/$PRODUCT_NAME-$SERV_ID.startpid
diff --git a/ldap/admin/src/scripts/remove-ds.pl.in b/ldap/admin/src/scripts/remove-ds.pl.in
index 1d10a91..5eee37d 100755
--- a/ldap/admin/src/scripts/remove-ds.pl.in
+++ b/ldap/admin/src/scripts/remove-ds.pl.in
@@ -23,10 +23,14 @@ use strict;
use File::Basename;
use File::Path;
+use Getopt::Long;
use DSUtil;
use Resource;
use DSCreate qw(removeDSInstance);
+# process command line options
+Getopt::Long::Configure(qw(bundling)); # bundling allows -ddddd
+
my $res = new Resource("@propertydir(a)/setup-ds.res");
sub usage {
@@ -36,24 +40,16 @@ sub usage {
print(STDERR " -d - turn on debugging output\n");
}
-my $i = 0;
my $force = "";
my $instname = "";
+my $initconfig_dir = "";
-# load args from the command line
-while ($i <= $#ARGV) {
- if ( "$ARGV[$i]" eq "-f" ) {
- $force = 1;
- } elsif ("$ARGV[$i]" eq "-i") {
- $i++;
- $instname = $ARGV[$i];
- } elsif ("$ARGV[$i]" eq "-d") {
- $DSUtil::debuglevel++;
- } else {
- &usage; exit(1);
- }
- $i++;
-}
+GetOptions('help|h|?' => sub { &usage; exit(1); },
+ 'debug|d+' => \$DSUtil::debuglevel,
+ 'instance|i=s' => \$instname,
+ 'initconfig_dir|c=s' => \$initconfig_dir,
+ 'force|f' => \$force
+ );
# Make sure the instance name option was provided.
unless ($instname) {
@@ -67,7 +63,7 @@ unless ($inst) {
exit 1;
}
-my @errs = removeDSInstance($inst, $force);
+my @errs = removeDSInstance($inst, $force, $initconfig_dir);
if (@errs) {
print STDERR "The following errors occurred during removal:\n";
for (@errs) {
diff --git a/ldap/admin/src/scripts/restart-dirsrv.in b/ldap/admin/src/scripts/restart-dirsrv.in
index 29203fd..76fb176 100644
--- a/ldap/admin/src/scripts/restart-dirsrv.in
+++ b/ldap/admin/src/scripts/restart-dirsrv.in
@@ -11,7 +11,7 @@ restart_instance() {
SERV_ID=$1
server_already_stopped=0
- @sbindir@/stop-dirsrv $SERV_ID
+ @sbindir@/stop-dirsrv -d $initconfig_dir $SERV_ID
status=$?
if [ $status -eq 1 ] ; then
return 3;
@@ -20,7 +20,7 @@ restart_instance() {
server_already_stopped=1
fi
fi
- @sbindir@/start-dirsrv $SERV_ID
+ @sbindir@/start-dirsrv -d $initconfig_dir $SERV_ID
status=$?
if [ $server_already_stopped -eq 1 ] && [ $status -eq 0 ] ; then
return 2;
@@ -28,11 +28,28 @@ restart_instance() {
return $status
}
+while getopts "d:" flag
+do
+ case "$flag" in
+ d) initconfig_dir="$OPTARG";;
+ esac
+done
+shift $(($OPTIND-1))
+
+if [ "$initconfig_dir" = "" ]; then
+ if [ $USER = root ] ; then
+ initconfig_dir=@initconfigdir@
+ else
+ initconfig_dir=$HOME/.@package_name@
+ fi
+fi
+
if [ "$#" -eq 0 ]; then
# We're restarting all instances.
ret=0
- for i in @initconfigdir@/@package_name@-*; do
- inst=`echo $i | sed -e 's,@initconfigdir@/@package_name@-,,g'`
+ for i in $initconfig_dir/@package_name@-*; do
+ regex=s,$initconfig_dir/@package_name@-,,g
+ inst=`echo $i | sed -e $regex`
echo Restarting instance \"$inst\"
restart_instance $inst
if [ "$?" -ne 0 ]; then
diff --git a/ldap/admin/src/scripts/start-dirsrv.in b/ldap/admin/src/scripts/start-dirsrv.in
index 46c48d7..4e95785 100755
--- a/ldap/admin/src/scripts/start-dirsrv.in
+++ b/ldap/admin/src/scripts/start-dirsrv.in
@@ -14,8 +14,8 @@ start_instance() {
shift
# source env. for this instance
- if [ -f @initconfigdir@/@package_name@-$SERV_ID ] ; then
- . @initconfigdir@/@package_name@-$SERV_ID
+ if [ -f $initconfig_dir/@package_name@-$SERV_ID ] ; then
+ . $initconfig_dir/@package_name@-$SERV_ID
else
echo Instance $SERV_ID not found.
return 1
@@ -93,11 +93,28 @@ start_instance() {
# source env. for all instances
[ -f @initconfigdir@/@package_name@ ] && . @initconfigdir@/@package_name@
+while getopts "d:" flag
+do
+ case "$flag" in
+ d) initconfig_dir="$OPTARG";;
+ esac
+done
+shift $(($OPTIND-1))
+
+if [ "$initconfig_dir" = "" ]; then
+ if [ $USER = root ] ; then
+ initconfig_dir=@initconfigdir@
+ else
+ initconfig_dir=$HOME/.@package_name@
+ fi
+fi
+
if [ "$#" -eq 0 ]; then
# We're starting all instances.
ret=0
- for i in @initconfigdir@/@package_name@-*; do
- inst=`echo $i | sed -e 's,@initconfigdir@/@package_name@-,,g'`
+ for i in $initconfig_dir/@package_name@-*; do
+ regex=s,$initconfig_dir/@package_name@-,,g
+ inst=`echo $i | sed -e $regex`
echo Starting instance \"$inst\"
start_instance $inst
if [ "$?" -ne 0 ]; then
@@ -107,6 +124,6 @@ if [ "$#" -eq 0 ]; then
exit $ret
else
# We're starting a single instance.
- start_instance $*
+ start_instance $@
exit $?
fi
diff --git a/ldap/admin/src/scripts/stop-dirsrv.in b/ldap/admin/src/scripts/stop-dirsrv.in
index 8ba8d5d..4d88585 100755
--- a/ldap/admin/src/scripts/stop-dirsrv.in
+++ b/ldap/admin/src/scripts/stop-dirsrv.in
@@ -10,8 +10,8 @@ stop_instance() {
SERV_ID=$1
# source env. for this instance
- if [ -f @initconfigdir@/@package_name@-$SERV_ID ]; then
- . @initconfigdir@/@package_name@-$SERV_ID
+ if [ -f $initconfig_dir/@package_name@-$SERV_ID ] ; then
+ . $initconfig_dir/@package_name@-$SERV_ID
else
echo Instance $SERV_ID not found.
return 1
@@ -53,11 +53,28 @@ stop_instance() {
return 1
}
+while getopts "d:" flag
+do
+ case "$flag" in
+ d) initconfig_dir="$OPTARG";;
+ esac
+done
+shift $(($OPTIND-1))
+
+if [ "$initconfig_dir" = "" ]; then
+ if [ $USER = root ] ; then
+ initconfig_dir=@initconfigdir@
+ else
+ initconfig_dir=$HOME/.@package_name@
+ fi
+fi
+
if [ "$#" -eq 0 ]; then
# We're stopping all instances.
ret=0
- for i in @initconfigdir@/@package_name@-*; do
- inst=`echo $i | sed -e 's,@initconfigdir@/@package_name@-,,g'`
+ for i in $initconfig_dir/@package_name@-*; do
+ regex=s,$initconfig_dir/@package_name@-,,g
+ inst=`echo $i | sed -e $regex`
echo Stopping instance \"$inst\"
stop_instance $inst
if [ "$?" -ne 0 ]; then
@@ -67,6 +84,6 @@ if [ "$#" -eq 0 ]; then
exit $ret
else
# We're stopping a single instance.
- stop_instance $*
+ stop_instance $@
exit $?
fi
diff --git a/ldap/admin/src/scripts/template-restart-slapd.in b/ldap/admin/src/scripts/template-restart-slapd.in
index 19e2414..e30fca8 100644
--- a/ldap/admin/src/scripts/template-restart-slapd.in
+++ b/ldap/admin/src/scripts/template-restart-slapd.in
@@ -7,5 +7,5 @@
# 2: Server started successfully (was not running)
# 3: Server could not be stopped
-@sbindir@/restart-dirsrv {{SERV-ID}} "$@"
+@sbindir@/restart-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@"
exit $?
diff --git a/ldap/admin/src/scripts/template-start-slapd.in b/ldap/admin/src/scripts/template-start-slapd.in
index 7608d37..444a37f 100755
--- a/ldap/admin/src/scripts/template-start-slapd.in
+++ b/ldap/admin/src/scripts/template-start-slapd.in
@@ -6,5 +6,5 @@
# 1: Server could not be started
# 2: Server already running
-@sbindir@/start-dirsrv {{SERV-ID}} "$@"
+@sbindir@/start-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@"
exit $?
diff --git a/ldap/admin/src/scripts/template-stop-slapd.in b/ldap/admin/src/scripts/template-stop-slapd.in
index 3531464..1c10986 100755
--- a/ldap/admin/src/scripts/template-stop-slapd.in
+++ b/ldap/admin/src/scripts/template-stop-slapd.in
@@ -6,5 +6,5 @@
# 1: Server could not be stopped
# 2: Server was not running
-@sbindir@/stop-dirsrv {{SERV-ID}} "$@"
+@sbindir@/stop-dirsrv -d {{INITCONFIG-DIR}} {{SERV-ID}} "$@"
exit $?
14 years, 1 month
ldap/schema ldap/servers
by Richard Allen Megginson
ldap/schema/60qmail.ldif | 4 ++--
ldap/servers/plugins/syntaxes/ces.c | 9 +++++----
2 files changed, 7 insertions(+), 6 deletions(-)
New commits:
commit 2db1f5a13b7198de00b2b14232110ab42fc361ac
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Mar 8 20:53:49 2010 -0700
Add support for additional schema/matching rules included with 389
https://bugzilla.redhat.com/show_bug.cgi?id=559315
Resolves: bug 559315
Bug Description: Searching some attributes are now case sensitive when they were previously case-insensitive
Reviewed by: nhosoi (Thanks!)
Fix Description:
1) The 60qmail.ldif schema we ship used integerMatch and IA5 syntax
because we used not to support numericString syntax and matching rules -
these have been changed to use the standard qmail definitions
2) Allow IA5String syntax to use caseExactSubstringsMatch - this is required
by krbPrincipalName
diff --git a/ldap/schema/60qmail.ldif b/ldap/schema/60qmail.ldif
index 8a62548..c118bef 100644
--- a/ldap/schema/60qmail.ldif
+++ b/ldap/schema/60qmail.ldif
@@ -134,8 +134,8 @@ attributeTypes: (
1.3.6.1.4.1.7914.1.2.1.13
NAME 'qmailAccountPurge'
DESC 'The earliest date when a mailMessageStore will be purged'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ EQUALITY numericStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
SINGLE-VALUE
)
#
diff --git a/ldap/servers/plugins/syntaxes/ces.c b/ldap/servers/plugins/syntaxes/ces.c
index 07abcd5..c0855d6 100644
--- a/ldap/servers/plugins/syntaxes/ces.c
+++ b/ldap/servers/plugins/syntaxes/ces.c
@@ -85,12 +85,13 @@ static const char *caseExactOrderingMatch_names[] = {"caseExactOrderingMatch", "
static const char *caseExactSubstringsMatch_names[] = {"caseExactSubstringsMatch", "2.5.13.7", NULL};
static const char *caseExactIA5SubstringsMatch_names[] = {"caseExactIA5SubstringsMatch", CASEEXACTIA5SUBSTRINGSMATCH_OID, NULL};
-static char *dirString_syntaxes[] = {COUNTRYSTRING_SYNTAX_OID,
- DIRSTRING_SYNTAX_OID,
- PRINTABLESTRING_SYNTAX_OID,NULL};
static char *dirStringCompat_syntaxes[] = {COUNTRYSTRING_SYNTAX_OID,
PRINTABLESTRING_SYNTAX_OID,NULL};
static char *ia5String_syntaxes[] = {IA5STRING_SYNTAX_OID,NULL};
+static char *caseExactSubstrings_syntaxes[] = {IA5STRING_SYNTAX_OID, /* allow IA5 to use cesubstrs e.g. krbPrincipalName */
+ COUNTRYSTRING_SYNTAX_OID,
+ DIRSTRING_SYNTAX_OID,
+ PRINTABLESTRING_SYNTAX_OID,NULL};
/* for some reason vendorName and vendorVersion are dirstring but want
to use EQUALITY caseExactIA5Match ???? RFC 3045
@@ -171,7 +172,7 @@ DIRSTRING_SYNTAX_OID, 0, dirStringCompat_syntaxes}, /* matching rule desc */
"comparison, characters are not case folded in the Map preparation "
"step, and only Insignificant Space Handling is applied in the "
"Insignificant Character Handling step.",
-"1.3.6.1.4.1.1466.115.121.1.58", 0, dirString_syntaxes}, /* matching rule desc */
+"1.3.6.1.4.1.1466.115.121.1.58", 0, caseExactSubstrings_syntaxes}, /* matching rule desc */
{"caseExactSubstringsMatch-mr", VENDOR, DS_PACKAGE_VERSION, "caseExactSubstringsMatch matching rule plugin"}, /* plugin desc */
caseExactSubstringsMatch_names, /* matching rule name/oid/aliases */
NULL, NULL, NULL, ces_filter_sub, ces_values2keys,
14 years, 1 month
Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/syntaxes/cis.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
New commits:
commit 5962d965030a70a1cbf31081ed92d5f933e89c00
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Mar 8 14:35:17 2010 -0700
Bug 570905 - postalAddress syntax should allow empty lines (should allow $$)
https://bugzilla.redhat.com/show_bug.cgi?id=570905
Resolves: bug 570905
Bug Description: postalAddress syntax should allow empty lines (should allow $$)
Reviewed by: nhosoi (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: Even though RFC 4517 says a postal address syntax value
should not contain empty lines (e.g. $$), most, if not all, current
applications expect to be able to store $$. This adds an internal switch
to allow support for $$ for now.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit b8ff06dd240df947fee972fe13bb2826ebb02048)
diff --git a/ldap/servers/plugins/syntaxes/cis.c b/ldap/servers/plugins/syntaxes/cis.c
index 4a15e5e..284210f 100644
--- a/ldap/servers/plugins/syntaxes/cis.c
+++ b/ldap/servers/plugins/syntaxes/cis.c
@@ -79,6 +79,15 @@ static int oid_validate(struct berval *val);
static int printable_validate(struct berval *val);
/*
+ Even though the official RFC 4517 says that the postal syntax
+ line values must contain at least 1 character (i.e. no $$), it
+ seems that most, if not all, address book and other applications that
+ use postal address syntax values expect to be able to store empty
+ lines/values - so for now, allow it
+*/
+static const int postal_allow_empty_lines = 1;
+
+/*
* Attribute syntaxes. We treat all of these the same for now, even though
* the specifications (e.g., RFC 2252) impose various constraints on the
* the format for each of these.
@@ -759,19 +768,14 @@ static int postal_validate(
} else if (*p == '$') {
/* This signifies the end of a line. We need
* to ensure that the line is not empty. */
- if (p == start) {
- rc = 1;
- goto exit;
- }
-
/* make sure the value doesn't end with a '$' */
- if (p == end) {
- rc = 1;
- goto exit;
- }
-
- /* Make sure the line (start to p) is valid UTF-8. */
- if ((rc = utf8string_validate(start, p, NULL)) != 0) {
+ if ((p == start) || (p == end)) {
+ if (!postal_allow_empty_lines) {
+ rc = 1;
+ goto exit;
+ } /* else allow it */
+ } else if ((rc = utf8string_validate(start, p, NULL)) != 0) {
+ /* Make sure the line (start to p) is valid UTF-8. */
goto exit;
}
14 years, 1 month
ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/syntaxes/cis.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
New commits:
commit b8ff06dd240df947fee972fe13bb2826ebb02048
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Mar 8 14:35:17 2010 -0700
Bug 570905 - postalAddress syntax should allow empty lines (should allow $$)
https://bugzilla.redhat.com/show_bug.cgi?id=570905
Resolves: bug 570905
Bug Description: postalAddress syntax should allow empty lines (should allow $$)
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: Even though RFC 4517 says a postal address syntax value
should not contain empty lines (e.g. $$), most, if not all, current
applications expect to be able to store $$. This adds an internal switch
to allow support for $$ for now.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/syntaxes/cis.c b/ldap/servers/plugins/syntaxes/cis.c
index 77f6d55..bc4f72e 100644
--- a/ldap/servers/plugins/syntaxes/cis.c
+++ b/ldap/servers/plugins/syntaxes/cis.c
@@ -79,6 +79,15 @@ static int oid_validate(struct berval *val);
static int printable_validate(struct berval *val);
/*
+ Even though the official RFC 4517 says that the postal syntax
+ line values must contain at least 1 character (i.e. no $$), it
+ seems that most, if not all, address book and other applications that
+ use postal address syntax values expect to be able to store empty
+ lines/values - so for now, allow it
+*/
+static const int postal_allow_empty_lines = 1;
+
+/*
* Attribute syntaxes. We treat all of these the same for now, even though
* the specifications (e.g., RFC 2252) impose various constraints on the
* the format for each of these.
@@ -989,19 +998,14 @@ static int postal_validate(
} else if (*p == '$') {
/* This signifies the end of a line. We need
* to ensure that the line is not empty. */
- if (p == start) {
- rc = 1;
- goto exit;
- }
-
/* make sure the value doesn't end with a '$' */
- if (p == end) {
- rc = 1;
- goto exit;
- }
-
- /* Make sure the line (start to p) is valid UTF-8. */
- if ((rc = utf8string_validate(start, p, NULL)) != 0) {
+ if ((p == start) || (p == end)) {
+ if (!postal_allow_empty_lines) {
+ rc = 1;
+ goto exit;
+ } /* else allow it */
+ } else if ((rc = utf8string_validate(start, p, NULL)) != 0) {
+ /* Make sure the line (start to p) is valid UTF-8. */
goto exit;
}
14 years, 1 month
Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/replication/repl5.h | 6 ++++
ldap/servers/plugins/replication/repl5_protocol.c | 28 ++++++++++++++++++++++
ldap/servers/plugins/replication/repl_extop.c | 24 ++++++++++++++++++
3 files changed, 58 insertions(+)
New commits:
commit 73a74244437da7bc20fb34618318e8437c8ae9c8
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon Mar 8 15:14:14 2010 -0800
570667 - MMR: simultaneous total updates on the masters cause
deadlock and data loss
https://bugzilla.redhat.com/show_bug.cgi?id=570667
Description: In the MMR topology, if a master receives a total
update request to initialize the other master and being initialized
by the other master at the same time, the 2 replication threads hang
and the replicated backend instance could be wiped out.
To prevent the server running the total update supplier and the
consumer at the same time, REPLICA_TOTAL_EXCL_SEND and _RECV bits
have been introduced. If the server is sending the total update
to other replicas, the server rejects the total update request
on the backend. But the server can send multiple total updates
to other replicas at the same time. If the total update from
other master is in progress on the server, the server rejects
another total update from yet another master as well as a request
to initialize other replicas.
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 97ce556..c6859dd 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -521,6 +521,12 @@ void replica_write_ruv (Replica *r);
#define REPLICA_INCREMENTAL_IN_PROGRESS 2 /* Set only between start and stop inc */
#define REPLICA_TOTAL_IN_PROGRESS 4 /* Set only between start and stop total */
#define REPLICA_AGREEMENTS_DISABLED 8 /* Replica is offline */
+#define REPLICA_TOTAL_EXCL_SEND 16 /* The server is either sending or receiving
+ the total update. Introducing it if SEND
+ is active, RECV should back off. And
+ vice versa. But SEND can coexist. */
+#define REPLICA_TOTAL_EXCL_RECV 32 /* ditto */
+
PRBool replica_is_state_flag_set(Replica *r, PRInt32 flag);
void replica_set_state_flag (Replica *r, PRUint32 flag, PRBool clear);
void replica_set_tombstone_reap_stop(Replica *r, PRBool val);
diff --git a/ldap/servers/plugins/replication/repl5_protocol.c b/ldap/servers/plugins/replication/repl5_protocol.c
index 927c450..efb3271 100644
--- a/ldap/servers/plugins/replication/repl5_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_protocol.c
@@ -317,6 +317,28 @@ prot_thread_main(void *arg)
dev_debug("prot_thread_main(STATE_PERFORMING_INCREMENTAL_UPDATE): end");
break;
case STATE_PERFORMING_TOTAL_UPDATE:
+ {
+ Slapi_DN *dn = agmt_get_replarea(agmt);
+ Replica *replica = NULL;
+ Object *replica_obj = replica_get_replica_from_dn(dn);
+ if (replica_obj)
+ {
+ replica = (Replica*) object_get_data (replica_obj);
+ /* If total update against this replica is in progress,
+ * we should not initiate the total update to other replicas. */
+ if (replica_is_state_flag_set(replica, REPLICA_TOTAL_EXCL_RECV))
+ {
+ object_release(replica_obj);
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: total update on the replica is in progress. Cannot initiate the total update.\n", agmt_get_long_name(rp->agmt));
+ break;
+ }
+ else
+ {
+ replica_set_state_flag (replica, REPLICA_TOTAL_EXCL_SEND, 0);
+ }
+ }
+
PR_Lock(rp->lock);
/* stop incremental protocol if running */
@@ -332,7 +354,13 @@ prot_thread_main(void *arg)
replica initialization is completed. */
agmt_replica_init_done (agmt);
+ if (replica_obj)
+ {
+ replica_set_state_flag (replica, REPLICA_TOTAL_EXCL_SEND, 1);
+ object_release(replica_obj);
+ }
break;
+ }
case STATE_FINISHED:
dev_debug("prot_thread_main(STATE_FINISHED): exiting prot_thread_main");
done = 1;
diff --git a/ldap/servers/plugins/replication/repl_extop.c b/ldap/servers/plugins/replication/repl_extop.c
index b65c6c8..c47ea93 100644
--- a/ldap/servers/plugins/replication/repl_extop.c
+++ b/ldap/servers/plugins/replication/repl_extop.c
@@ -678,6 +678,25 @@ multimaster_extop_StartNSDS50ReplicationRequest(Slapi_PBlock *pb)
goto send_response;
}
+ if (REPL_PROTOCOL_50_TOTALUPDATE == connext->repl_protocol_version)
+ {
+ /* If total update has been initiated against other replicas or
+ * this replica is already being initialized, we should return
+ * an error immediately. */
+ if (replica_is_state_flag_set(replica,
+ REPLICA_TOTAL_EXCL_SEND|REPLICA_TOTAL_EXCL_RECV))
+ {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: total update on is initiated on the replica. Cannot execute the total update from other master.\n", repl_root);
+ response = NSDS50_REPL_REPLICA_BUSY;
+ goto send_response;
+ }
+ else
+ {
+ replica_set_state_flag (replica, REPLICA_TOTAL_EXCL_RECV, 0);
+ }
+ }
+
/* check that this replica is not a 4.0 consumer */
if (replica_is_legacy_consumer (replica))
{
@@ -861,6 +880,11 @@ multimaster_extop_StartNSDS50ReplicationRequest(Slapi_PBlock *pb)
slapi_pblock_get(pb, SLAPI_CONNECTION, &connext->connection);
send_response:
+ if (connext && replica &&
+ (REPL_PROTOCOL_50_TOTALUPDATE == connext->repl_protocol_version))
+ {
+ replica_set_state_flag (replica, REPLICA_TOTAL_EXCL_RECV, 1);
+ }
if (response != NSDS50_REPL_REPLICA_READY)
{
int resp_log_level = SLAPI_LOG_FATAL;
14 years, 1 month