389-commits October 2012

389-commits@lists.fedoraproject.org

3 participants
215 discussions

Branch '389-ds-base-1.2.11' - ldap/servers
by Noriko Hosoi 29 Oct '12

29 Oct '12

ldap/servers/slapd/abandon.c | 10 +++------ ldap/servers/slapd/opshared.c | 17 ++++++++++++--- ldap/servers/slapd/pagedresults.c | 41 +++++++++++++++++++++++++------------- ldap/servers/slapd/slap.h | 15 +++++++------ 4 files changed, 54 insertions(+), 29 deletions(-) New commits: commit 973886082b1c695a55d503f96b2e74188cbfded6 Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com> Date: Mon Oct 29 10:55:05 2012 -0700 Trac Ticket #498 - Cannot abaondon simple paged result search https://fedorahosted.org/389/ticket/498 Bug Description: The enhancement "Ticket #260 - 389 DS does not support multiple paging controls on a single connection (commit add880accaa28de8304da1c2c2f58fe8af002ebb)" broke the ability to abandon the on-going simple paged result search. 1) The abandon request expects the operation exist. When sending an abort request, the search operation could have already finished and the operation object has been released. 2) Plus, request page size is 0, it should be interpreted as abandoned. Fix Description: 1) In do_abandon, this patch eliminates to check if the operation is a simplepaged results oriented or not, since the operation object is often already released. Instead, it directly checks the internal paged results info in the connection object. To make sure the abandoned search won't go further, a flag value CONN_FLAG_PAGEDRESULTS_ABANDONED is introduced. If it is set in the pagedresults structure in the connection object, it skips any further process of the search. 2) This patch is adding a check if the given page size is 0 in the simple-paged-results control or not. If it is 0, treat is as an abandoned operation. (cherry picked from commit 47c0d96ac28c0b1cc15e7bbb77648551c309ccf5) diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c index 094ae95..9639701 100644 --- a/ldap/servers/slapd/abandon.c +++ b/ldap/servers/slapd/abandon.c @@ -152,12 +152,10 @@ do_abandon( Slapi_PBlock *pb ) 0 ); } - if ( op_is_pagedresults(o) ) { - if ( 0 == pagedresults_free_one_msgid_nolock(pb->pb_conn, id) ) { - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 - " op=%d ABANDON targetop=Simple Paged Results\n", - pb->pb_conn->c_connid, pb->pb_op->o_opid ); - } + if ( 0 == pagedresults_free_one_msgid_nolock(pb->pb_conn, id) ) { + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 + " op=%d ABANDON targetop=Simple Paged Results\n", + pb->pb_conn->c_connid, pb->pb_op->o_opid ); } else if ( NULL == o ) { slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON" " targetop=NOTFOUND msgid=%d\n", diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c index 22a3822..2701250 100644 --- a/ldap/servers/slapd/opshared.c +++ b/ldap/servers/slapd/opshared.c @@ -197,8 +197,8 @@ void modify_update_last_modified_attr(Slapi_PBlock *pb, Slapi_Mods *smods) } } - slapi_mods_add_modbvps(smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, - "modifiersname", bvals); + slapi_mods_add_modbvps(smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, + "modifiersname", bvals); /* fill in modifytimestamp */ curtime = current_time(); @@ -461,7 +461,8 @@ op_shared_search (Slapi_PBlock *pb, int send_result) &pagesize, &pr_idx); /* Let's set pr_idx even if it fails; in case, pr_idx == -1. */ slapi_pblock_set(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx); - if (LDAP_SUCCESS == rc) { + if ((LDAP_SUCCESS == rc) || + (LDAP_CANCELLED == rc) || (0 == pagesize)) { unsigned int opnote = SLAPI_OP_NOTE_SIMPLEPAGED; if (pagedresults_check_or_set_processing(pb->pb_conn, pr_idx)) { send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, @@ -483,6 +484,16 @@ op_shared_search (Slapi_PBlock *pb, int send_result) opnote |= SLAPI_OP_NOTE_UNINDEXED; } slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); + if ((LDAP_CANCELLED == rc) || (0 == pagesize)) { + /* paged-results-request was abandoned */ + pagedresults_set_response_control(pb, 0, estimate, + curr_search_count, pr_idx); + send_ldap_result(pb, 0, NULL, + "Simple Paged Results Search abandoned", + 0, NULL); + rc = LDAP_SUCCESS; + goto free_and_return; + } } else { /* parse paged-results-control failed */ if (iscritical) { /* return an error since it's critical */ diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c index d445c06..9b294eb 100644 --- a/ldap/servers/slapd/pagedresults.c +++ b/ldap/servers/slapd/pagedresults.c @@ -143,8 +143,13 @@ pagedresults_parse_control_value( Slapi_PBlock *pb, slapi_ch_free((void **)&cookie.bv_val); if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen)) { - /* Need to keep the latest msgid to prepare for the abandon. */ - conn->c_pagedresults.prl_list[*index].pr_msgid = op->o_msgid; + if (conn->c_pagedresults.prl_list[*index].pr_flags & + CONN_FLAG_PAGEDRESULTS_ABANDONED) { + rc = LDAP_CANCELLED; + } else { + /* Need to keep the latest msgid to prepare for the abandon. */ + conn->c_pagedresults.prl_list[*index].pr_msgid = op->o_msgid; + } } else { rc = LDAP_PROTOCOL_ERROR; LDAPDebug1Arg(LDAP_DEBUG_ANY, @@ -251,8 +256,13 @@ pagedresults_free_one( Connection *conn, int index ) "conn=%d paged requests list count is %d\n", conn->c_connid, conn->c_pagedresults.prl_count); } else if (index < conn->c_pagedresults.prl_maxlen) { - memset(&conn->c_pagedresults.prl_list[index], - '\0', sizeof(PagedResults)); + PagedResults *prp = conn->c_pagedresults.prl_list + index; + if (prp && prp->pr_current_be && + prp->pr_current_be->be_search_results_release && + prp->pr_search_result_set) { + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); + } + memset(prp, '\0', sizeof(PagedResults)); conn->c_pagedresults.prl_count--; rc = 0; } @@ -263,34 +273,39 @@ pagedresults_free_one( Connection *conn, int index ) return rc; } +/* Used for abandoning */ int pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid ) { int rc = -1; int i; - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_free_one: msgid=%d\n", msgid); if (conn && (msgid > -1)) { if (conn->c_pagedresults.prl_count <= 0) { - LDAPDebug2Args(LDAP_DEBUG_TRACE, - "pagedresults_free_one_msgid_nolock: " - "conn=%d paged requests list count is %d\n", - conn->c_connid, conn->c_pagedresults.prl_count); + ; /* Not a paged result. */ } else { + LDAPDebug1Arg(LDAP_DEBUG_TRACE, + "--> pagedresults_free_one: msgid=%d\n", msgid); for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) { if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) { - memset(&conn->c_pagedresults.prl_list[i], - '\0', sizeof(PagedResults)); + PagedResults *prp = conn->c_pagedresults.prl_list + i; + if (prp && prp->pr_current_be && + prp->pr_current_be->be_search_results_release && + prp->pr_search_result_set) { + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); + } + prp->pr_flags |= CONN_FLAG_PAGEDRESULTS_ABANDONED; + prp->pr_flags &= ~CONN_FLAG_PAGEDRESULTS_PROCESSING; conn->c_pagedresults.prl_count--; rc = 0; break; } } + LDAPDebug1Arg(LDAP_DEBUG_TRACE, + "<-- pagedresults_free_one: %d\n", rc); } } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_free_one: %d\n", rc); return rc; } diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index d0f2b33..e3cbc72 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1461,16 +1461,17 @@ typedef struct conn { * successfully completed. */ -#define CONN_FLAG_PAGEDRESULTS_WITH_SORT 64 /* paged results control is - * sent with server side sorting - */ +#define CONN_FLAG_PAGEDRESULTS_WITH_SORT 64/* paged results control is + * sent with server side sorting + */ -#define CONN_FLAG_PAGEDRESULTS_UNINDEXED 128 /* If the search is unindexed, +#define CONN_FLAG_PAGEDRESULTS_UNINDEXED 128/* If the search is unindexed, * store the info in c_flags */ -#define CONN_FLAG_PAGEDRESULTS_PROCESSING 256 /* there is an operation - * processing a pagedresults search - */ +#define CONN_FLAG_PAGEDRESULTS_PROCESSING 256/* there is an operation + * processing a pagedresults search + */ +#define CONN_FLAG_PAGEDRESULTS_ABANDONED 512/* pagedresults abandoned */ #define CONN_GET_SORT_RESULT_CODE (-1) #define START_TLS_OID "1.3.6.1.4.1.1466.20037"

1 0

ldap/servers
by Noriko Hosoi 29 Oct '12

29 Oct '12

ldap/servers/slapd/abandon.c | 10 +++------ ldap/servers/slapd/opshared.c | 19 +++++++++++++---- ldap/servers/slapd/pagedresults.c | 41 +++++++++++++++++++++++++------------- ldap/servers/slapd/slap.h | 15 +++++++------ 4 files changed, 55 insertions(+), 30 deletions(-) New commits: commit 47c0d96ac28c0b1cc15e7bbb77648551c309ccf5 Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com> Date: Mon Oct 29 10:55:05 2012 -0700 Trac Ticket #498 - Cannot abaondon simple paged result search https://fedorahosted.org/389/ticket/498 Bug Description: The enhancement "Ticket #260 - 389 DS does not support multiple paging controls on a single connection (commit add880accaa28de8304da1c2c2f58fe8af002ebb)" broke the ability to abandon the on-going simple paged result search. 1) The abandon request expects the operation exist. When sending an abort request, the search operation could have already finished and the operation object has been released. 2) Plus, request page size is 0, it should be interpreted as abandoned. Fix Description: 1) In do_abandon, this patch eliminates to check if the operation is a simplepaged results oriented or not, since the operation object is often already released. Instead, it directly checks the internal paged results info in the connection object. To make sure the abandoned search won't go further, a flag value CONN_FLAG_PAGEDRESULTS_ABANDONED is introduced. If it is set in the pagedresults structure in the connection object, it skips any further process of the search. 2) This patch is adding a check if the given page size is 0 in the simple-paged-results control or not. If it is 0, treat is as an abandoned operation. diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c index 094ae95..9639701 100644 --- a/ldap/servers/slapd/abandon.c +++ b/ldap/servers/slapd/abandon.c @@ -152,12 +152,10 @@ do_abandon( Slapi_PBlock *pb ) 0 ); } - if ( op_is_pagedresults(o) ) { - if ( 0 == pagedresults_free_one_msgid_nolock(pb->pb_conn, id) ) { - slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 - " op=%d ABANDON targetop=Simple Paged Results\n", - pb->pb_conn->c_connid, pb->pb_op->o_opid ); - } + if ( 0 == pagedresults_free_one_msgid_nolock(pb->pb_conn, id) ) { + slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 + " op=%d ABANDON targetop=Simple Paged Results\n", + pb->pb_conn->c_connid, pb->pb_op->o_opid ); } else if ( NULL == o ) { slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON" " targetop=NOTFOUND msgid=%d\n", diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c index afd81ac..cadf3b7 100644 --- a/ldap/servers/slapd/opshared.c +++ b/ldap/servers/slapd/opshared.c @@ -189,7 +189,7 @@ modify_update_last_modified_attr(Slapi_PBlock *pb, Slapi_Mods *smods) /* anonymous bind */ bv.bv_val = ""; bv.bv_len = 0; - } else { + } else { bv.bv_val = binddn; bv.bv_len = strlen(bv.bv_val); } @@ -204,8 +204,8 @@ modify_update_last_modified_attr(Slapi_PBlock *pb, Slapi_Mods *smods) } } - slapi_mods_add_modbvps(smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, - "modifiersname", bvals); + slapi_mods_add_modbvps(smods, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, + "modifiersname", bvals); /* fill in modifytimestamp */ curtime = current_time(); @@ -468,7 +468,8 @@ op_shared_search (Slapi_PBlock *pb, int send_result) &pagesize, &pr_idx); /* Let's set pr_idx even if it fails; in case, pr_idx == -1. */ slapi_pblock_set(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx); - if (LDAP_SUCCESS == rc) { + if ((LDAP_SUCCESS == rc) || + (LDAP_CANCELLED == rc) || (0 == pagesize)) { unsigned int opnote = SLAPI_OP_NOTE_SIMPLEPAGED; if (pagedresults_check_or_set_processing(pb->pb_conn, pr_idx)) { send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, @@ -490,6 +491,16 @@ op_shared_search (Slapi_PBlock *pb, int send_result) opnote |= SLAPI_OP_NOTE_UNINDEXED; } slapi_pblock_set( pb, SLAPI_OPERATION_NOTES, &opnote ); + if ((LDAP_CANCELLED == rc) || (0 == pagesize)) { + /* paged-results-request was abandoned */ + pagedresults_set_response_control(pb, 0, estimate, + curr_search_count, pr_idx); + send_ldap_result(pb, 0, NULL, + "Simple Paged Results Search abandoned", + 0, NULL); + rc = LDAP_SUCCESS; + goto free_and_return; + } } else { /* parse paged-results-control failed */ if (iscritical) { /* return an error since it's critical */ diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c index d445c06..9b294eb 100644 --- a/ldap/servers/slapd/pagedresults.c +++ b/ldap/servers/slapd/pagedresults.c @@ -143,8 +143,13 @@ pagedresults_parse_control_value( Slapi_PBlock *pb, slapi_ch_free((void **)&cookie.bv_val); if ((*index > -1) && (*index < conn->c_pagedresults.prl_maxlen)) { - /* Need to keep the latest msgid to prepare for the abandon. */ - conn->c_pagedresults.prl_list[*index].pr_msgid = op->o_msgid; + if (conn->c_pagedresults.prl_list[*index].pr_flags & + CONN_FLAG_PAGEDRESULTS_ABANDONED) { + rc = LDAP_CANCELLED; + } else { + /* Need to keep the latest msgid to prepare for the abandon. */ + conn->c_pagedresults.prl_list[*index].pr_msgid = op->o_msgid; + } } else { rc = LDAP_PROTOCOL_ERROR; LDAPDebug1Arg(LDAP_DEBUG_ANY, @@ -251,8 +256,13 @@ pagedresults_free_one( Connection *conn, int index ) "conn=%d paged requests list count is %d\n", conn->c_connid, conn->c_pagedresults.prl_count); } else if (index < conn->c_pagedresults.prl_maxlen) { - memset(&conn->c_pagedresults.prl_list[index], - '\0', sizeof(PagedResults)); + PagedResults *prp = conn->c_pagedresults.prl_list + index; + if (prp && prp->pr_current_be && + prp->pr_current_be->be_search_results_release && + prp->pr_search_result_set) { + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); + } + memset(prp, '\0', sizeof(PagedResults)); conn->c_pagedresults.prl_count--; rc = 0; } @@ -263,34 +273,39 @@ pagedresults_free_one( Connection *conn, int index ) return rc; } +/* Used for abandoning */ int pagedresults_free_one_msgid_nolock( Connection *conn, ber_int_t msgid ) { int rc = -1; int i; - LDAPDebug1Arg(LDAP_DEBUG_TRACE, - "--> pagedresults_free_one: msgid=%d\n", msgid); if (conn && (msgid > -1)) { if (conn->c_pagedresults.prl_count <= 0) { - LDAPDebug2Args(LDAP_DEBUG_TRACE, - "pagedresults_free_one_msgid_nolock: " - "conn=%d paged requests list count is %d\n", - conn->c_connid, conn->c_pagedresults.prl_count); + ; /* Not a paged result. */ } else { + LDAPDebug1Arg(LDAP_DEBUG_TRACE, + "--> pagedresults_free_one: msgid=%d\n", msgid); for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) { if (conn->c_pagedresults.prl_list[i].pr_msgid == msgid) { - memset(&conn->c_pagedresults.prl_list[i], - '\0', sizeof(PagedResults)); + PagedResults *prp = conn->c_pagedresults.prl_list + i; + if (prp && prp->pr_current_be && + prp->pr_current_be->be_search_results_release && + prp->pr_search_result_set) { + prp->pr_current_be->be_search_results_release(&(prp->pr_search_result_set)); + } + prp->pr_flags |= CONN_FLAG_PAGEDRESULTS_ABANDONED; + prp->pr_flags &= ~CONN_FLAG_PAGEDRESULTS_PROCESSING; conn->c_pagedresults.prl_count--; rc = 0; break; } } + LDAPDebug1Arg(LDAP_DEBUG_TRACE, + "<-- pagedresults_free_one: %d\n", rc); } } - LDAPDebug1Arg(LDAP_DEBUG_TRACE, "<-- pagedresults_free_one: %d\n", rc); return rc; } diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index 5ac1819..dbd9727 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1470,16 +1470,17 @@ typedef struct conn { * successfully completed. */ -#define CONN_FLAG_PAGEDRESULTS_WITH_SORT 64 /* paged results control is - * sent with server side sorting - */ +#define CONN_FLAG_PAGEDRESULTS_WITH_SORT 64/* paged results control is + * sent with server side sorting + */ -#define CONN_FLAG_PAGEDRESULTS_UNINDEXED 128 /* If the search is unindexed, +#define CONN_FLAG_PAGEDRESULTS_UNINDEXED 128/* If the search is unindexed, * store the info in c_flags */ -#define CONN_FLAG_PAGEDRESULTS_PROCESSING 256 /* there is an operation - * processing a pagedresults search - */ +#define CONN_FLAG_PAGEDRESULTS_PROCESSING 256/* there is an operation + * processing a pagedresults search + */ +#define CONN_FLAG_PAGEDRESULTS_ABANDONED 512/* pagedresults abandoned */ #define CONN_GET_SORT_RESULT_CODE (-1) #define START_TLS_OID "1.3.6.1.4.1.1466.20037"

1 0

Branch '389-ds-base-1.2.11' - ldap/servers
by Noriko Hosoi 26 Oct '12

26 Oct '12

ldap/servers/plugins/posix-winsync/posix-group-func.c | 1 + 1 file changed, 1 insertion(+) New commits: commit 55997a627ecf155499621b17eb7e118787536765 Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com> Date: Fri Oct 26 18:18:15 2012 -0700 Coverity defects History: The commit b9eeb2e1a8e688dfec753e8965d0e5aeb119e638 for Ticket #481 "expand nested posix groups" introduced 4 coverity defects. Commit for the fixing patch e9941a2915ac848abe9a4afe802d0432aa0c354a failed to solve 13102: Resource leak. Fix Description: This patch explicitly calls slapi_valueset_free for the leak reported object muid_old_vs. (cherry picked from commit 544f027193139a109aeb14145ae1d77c4bdcc618) diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c index 9ad636f..60528f5 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-func.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c @@ -497,6 +497,7 @@ propogateMembershipUpward(Slapi_Entry *entry, Slapi_ValueSet *muid_vs, int depth slapi_valueset_add_value(muid_upward_vs, v); } } + slapi_valueset_free(muid_old_vs); } /* Update this group's membership */

1 0

ldap/servers
by Noriko Hosoi 26 Oct '12

26 Oct '12

ldap/servers/plugins/posix-winsync/posix-group-func.c | 1 + 1 file changed, 1 insertion(+) New commits: commit 544f027193139a109aeb14145ae1d77c4bdcc618 Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com> Date: Fri Oct 26 18:18:15 2012 -0700 Coverity defects History: The commit b9eeb2e1a8e688dfec753e8965d0e5aeb119e638 for Ticket #481 "expand nested posix groups" introduced 4 coverity defects. Commit for the fixing patch e9941a2915ac848abe9a4afe802d0432aa0c354a failed to solve 13102: Resource leak. Fix Description: This patch explicitly calls slapi_valueset_free for the leak reported object muid_old_vs. diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c index 0e373da..9d744ba 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-func.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c @@ -497,6 +497,7 @@ propogateMembershipUpward(Slapi_Entry *entry, Slapi_ValueSet *muid_vs, int depth slapi_valueset_add_value(muid_upward_vs, v); } } + slapi_valueset_free(muid_old_vs); } /* Update this group's membership */

1 0

Branch '389-ds-base-1.2.11' - ldap/servers
by Noriko Hosoi 26 Oct '12

26 Oct '12

ldap/servers/slapd/back-ldbm/ldbm_delete.c | 7 +++++++ 1 file changed, 7 insertions(+) New commits: commit 31d15788d4e988646a42252f6ea351f033206a96 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Fri Oct 26 10:02:38 2012 -0700 Trac Ticket #494 - slapd entered to infinite loop during new index addition https://fedorahosted.org/389/ticket/494 Bug Description: An entry which rdn is nsuniqueid=...,nsuniqueid=... was accidentally generated. It broke the entryrdn tree and put the reindex and export into the the infinite loop. Fix Description: Added an missing check if the retrieved entry is already an tombstone or not. This tombstone is the one converted by the entryusn plugin. Please note that replication has an urp code which handles such conflicts. (cherry-picked from commit b963576d2758d29e8d21297e8f763d0373895b9f) diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c index 73c3658..528693e 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c @@ -290,6 +290,13 @@ ldbm_back_delete( Slapi_PBlock *pb ) create_tombstone_entry = (create_tombstone_entry < 0) ? 0 : 1; } } + if (create_tombstone_entry && is_tombstone_entry) { + slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_delete", + "Attempt to convert a tombstone entry %s to tombstone\n", dn); + retval = -1; + ldap_result_code = LDAP_UNWILLING_TO_PERFORM; + goto error_return; + } #if DEBUG slapi_log_error(SLAPI_LOG_REPL, "ldbm_back_delete",

1 0

ldap/servers
by Noriko Hosoi 26 Oct '12

26 Oct '12

ldap/servers/slapd/back-ldbm/ldbm_delete.c | 7 +++++++ 1 file changed, 7 insertions(+) New commits: commit b963576d2758d29e8d21297e8f763d0373895b9f Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Wed Oct 24 11:14:21 2012 -0700 Trac Ticket #494 - slapd entered to infinite loop during new index addition https://fedorahosted.org/389/ticket/494 Bug Description: An entry which rdn is nsuniqueid=...,nsuniqueid=... was accidentally generated. It broke the entryrdn tree and put the reindex and export into the the infinite loop. Fix Description: Added an missing check if the retrieved entry is already an tombstone or not. This tombstone is the one converted by the entryusn plugin. Please note that replication has an urp code which handles such conflicts. diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c index 8cbb2a8..57cc3b7 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c @@ -393,6 +393,13 @@ ldbm_back_delete( Slapi_PBlock *pb ) create_tombstone_entry = (create_tombstone_entry < 0) ? 0 : 1; } } + if (create_tombstone_entry && is_tombstone_entry) { + slapi_log_error(SLAPI_LOG_FATAL, "ldbm_back_delete", + "Attempt to convert a tombstone entry %s to tombstone\n", dn); + retval = -1; + ldap_result_code = LDAP_UNWILLING_TO_PERFORM; + goto error_return; + } #ifdef DEBUG slapi_log_error(SLAPI_LOG_REPL, "ldbm_back_delete",

1 0

Branch '389-ds-base-1.2.11' - 2 commits - ldap/servers
by Noriko Hosoi 25 Oct '12

25 Oct '12

ldap/servers/plugins/posix-winsync/posix-group-func.c | 17 ++++++++++------- ldap/servers/plugins/posix-winsync/posix-group-func.h | 2 ++ ldap/servers/plugins/posix-winsync/posix-group-task.c | 5 +++-- 3 files changed, 15 insertions(+), 9 deletions(-) New commits: commit 56ebbb20fa9f8d1add75075fdf421f53ed5348f1 Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com> Date: Wed Oct 24 16:13:32 2012 -0700 Fixing compiler warnings in the posix-winsync plugin The commit b9eeb2e1a8e688dfec753e8965d0e5aeb119e638 for Ticket #481 "expand nested posix groups" introduced these compiler warnings. 1) posix-grou-func.c . added missing format strings "%s" in searchUid. . added a function declaration hasObjectClass. . eliminated an unused variable uid_dn_value. 2) posix-group-task.c . included "slapi-private.h" for filter_escaped_value. diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c index be3a6ec..9ad636f 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-func.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c @@ -28,6 +28,8 @@ Slapi_Value ** valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */ +static int hasObjectClass(Slapi_Entry *entry, const char *objectClass); + static PRMonitor *memberuid_operation_lock = 0; void @@ -133,13 +135,13 @@ searchUid(const char *udn) } slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, - "searchUid: About to free entry\n", udn); + "searchUid: About to free entry (%s)\n", udn); slapi_entry_free(entry); } slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, - "searchUid: <==\n", udn); + "searchUid(%s): <==\n", udn); return uid; } @@ -260,7 +262,7 @@ smods_has_mod(Slapi_Mods *smods, int modtype, const char *type, const char *val) return rc; } -int +static int hasObjectClass(Slapi_Entry *entry, const char *objectClass) { int rc = 0; @@ -704,7 +706,6 @@ modGroupMembership(Slapi_Entry *entry, Slapi_Mods *smods, int *do_modify) if (smod_deluids == NULL) { /* deletion of the last value, deletes the Attribut from entry complete, this operation has no value, so we must look by self */ Slapi_Attr * um_attr = NULL; /* Entry attributes */ - Slapi_Value * uid_dn_value = NULL; /* Attribute values */ int rc = slapi_entry_attr_find(entry, "uniquemember", &um_attr); if (rc != 0 || um_attr == NULL) { diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.h b/ldap/servers/plugins/posix-winsync/posix-group-func.h index 9452022..0f0ae37 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-func.h +++ b/ldap/servers/plugins/posix-winsync/posix-group-func.h @@ -17,5 +17,7 @@ char * searchUid(const char *udn); void memberUidLock(); void memberUidUnlock(); int memberUidLockInit(); +int addUserToGroupMembership(Slapi_Entry *entry); +void propogateDeletionsUpward(Slapi_Entry *, const Slapi_DN *, Slapi_ValueSet*, Slapi_ValueSet *, int); #endif diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c index e5385b0..92ac342 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-task.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c @@ -1,4 +1,5 @@ #include "slapi-plugin.h" +#include "slapi-private.h" #include "nspr.h" #include "posix-wsp-ident.h" commit a57d9131f9d0ae7a5d9865dd6be7f37f26de376c Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com> Date: Wed Oct 24 15:27:48 2012 -0700 Coverity defects The commit b9eeb2e1a8e688dfec753e8965d0e5aeb119e638 for Ticket #481 "expand nested posix groups" introduced 4 coverity defects. Description: 13100, 13101: Missing return statement Fix description: addUserToGroupMembership and propogateDeletion- UpwardCallback are declared to return an integer value, but nothing was returned. This patch changes it to return 0. 13102: Resource leak Fix description: The memory of valueset muid_old_vs is internally allocated. It was meant to be set to muid_upward_vs and freed together when muid_upward_vs is freed. But due to the function calling order, it was not properly set and it lost the chance to be freed. This patch calls slapi_attr_get_valueset prior to slapi_valueset_set_valueset and let free muid_old_vs together with slapi_valueset_set_valueset. 13103: Uninitialized pointer read Fix description: Possibly uninitialized variable was passed to a logging function slapi_log_error, but actually it was not referred. With this patch, the variable filter is no longer to passed to the function. (cherry picked from commit e9941a2915ac848abe9a4afe802d0432aa0c354a) diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c index 66b9272..be3a6ec 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-func.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c @@ -473,15 +473,15 @@ propogateMembershipUpward(Slapi_Entry *entry, Slapi_ValueSet *muid_vs, int depth muid_here_vs = muid_vs; } else { + int i = 0; + Slapi_Value *v = NULL; /* Eliminate duplicates */ muid_upward_vs = slapi_valueset_new(); muid_here_vs = slapi_valueset_new(); + slapi_attr_get_valueset(muid_old_attr, &muid_old_vs); slapi_valueset_set_valueset(muid_upward_vs, muid_old_vs); - slapi_attr_get_valueset(muid_old_attr, &muid_old_vs); - int i = 0; - Slapi_Value *v = NULL; for (i = slapi_valueset_first_value(muid_vs, &v); i != -1; i = slapi_valueset_next_value(muid_vs, i, &v)) { @@ -542,6 +542,7 @@ propogateDeletionsUpwardCallback(Slapi_Entry *entry, void *callback_data) { struct propogateDeletionsUpwardArgs *args = (struct propogateDeletionsUpwardArgs *)(callback_data); propogateDeletionsUpward(entry, args->base_sdn, args->smod_deluids, args->del_nested_vs, args->depth); + return 0; } void @@ -920,6 +921,7 @@ addUserToGroupMembership(Slapi_Entry *entry) propogateMembershipUpward(entry, muid_vs, 0); slapi_valueset_free(muid_vs); muid_vs = NULL; + return 0; } int diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c index 4555f1b..e5385b0 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-task.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c @@ -152,9 +152,9 @@ posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int rv = SLAPI_DSE_CALLBACK_OK; } - out: +out: slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, - "posix_group_task_add: <==\n", filter); + "posix_group_task_add: <==\n"); return rv; }

1 0

2 commits - ldap/servers
by Noriko Hosoi 25 Oct '12

25 Oct '12

ldap/servers/plugins/posix-winsync/posix-group-func.c | 23 ++++++++++-------- ldap/servers/plugins/posix-winsync/posix-group-func.h | 2 + ldap/servers/plugins/posix-winsync/posix-group-task.c | 10 +++---- 3 files changed, 20 insertions(+), 15 deletions(-) New commits: commit 927b0efb4291e1d514c1bab4fb20ec8bdf8eab10 Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com> Date: Thu Oct 25 10:13:08 2012 -0700 Fixing compiler warnings in the posix-winsync plugin The commit b9eeb2e1a8e688dfec753e8965d0e5aeb119e638 for Ticket #481 "expand nested posix groups" introduced these compiler warnings. 1) posix-grou-func.c . added missing format strings "%s" in searchUid. . added a function declaration hasObjectClass. . replaced an obsolete api escape_filter_value with slapi_escape_ filter_value. . eliminated an unused variable uid_dn_value. 2) posix-group-task.c . replaced an obsolete api escape_filter_value with slapi_escape_ filter_value. diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c index be3a6ec..0e373da 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-func.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c @@ -28,6 +28,8 @@ Slapi_Value ** valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */ +static int hasObjectClass(Slapi_Entry *entry, const char *objectClass); + static PRMonitor *memberuid_operation_lock = 0; void @@ -133,13 +135,13 @@ searchUid(const char *udn) } slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, - "searchUid: About to free entry\n", udn); + "searchUid: About to free entry (%s)\n", udn); slapi_entry_free(entry); } slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, - "searchUid: <==\n", udn); + "searchUid(%s): <==\n", udn); return uid; } @@ -260,7 +262,7 @@ smods_has_mod(Slapi_Mods *smods, int modtype, const char *type, const char *val) return rc; } -int +static int hasObjectClass(Slapi_Entry *entry, const char *objectClass) { int rc = 0; @@ -298,10 +300,10 @@ posix_winsync_foreach_parent(Slapi_Entry *entry, char **attrs, plugin_search_ent char *cookie = NULL; Slapi_Backend *be = NULL; - const char *value = slapi_entry_get_ndn(entry); + char *value = slapi_entry_get_ndn(entry); size_t vallen = value ? strlen(value) : 0; - char *filter_escaped_value = slapi_ch_calloc(sizeof(char), vallen*3+1); - char *filter = slapi_ch_smprintf("(uniqueMember=%s)", escape_filter_value(value, vallen, filter_escaped_value)); + char *filter_escaped_value = slapi_escape_filter_value(value, vallen); + char *filter = slapi_ch_smprintf("(uniqueMember=%s)", filter_escaped_value); slapi_ch_free_string(&filter_escaped_value); Slapi_PBlock *search_pb = slapi_pblock_new(); @@ -704,7 +706,6 @@ modGroupMembership(Slapi_Entry *entry, Slapi_Mods *smods, int *do_modify) if (smod_deluids == NULL) { /* deletion of the last value, deletes the Attribut from entry complete, this operation has no value, so we must look by self */ Slapi_Attr * um_attr = NULL; /* Entry attributes */ - Slapi_Value * uid_dn_value = NULL; /* Attribute values */ int rc = slapi_entry_attr_find(entry, "uniquemember", &um_attr); if (rc != 0 || um_attr == NULL) { diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.h b/ldap/servers/plugins/posix-winsync/posix-group-func.h index 9452022..0f0ae37 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-func.h +++ b/ldap/servers/plugins/posix-winsync/posix-group-func.h @@ -17,5 +17,7 @@ char * searchUid(const char *udn); void memberUidLock(); void memberUidUnlock(); int memberUidLockInit(); +int addUserToGroupMembership(Slapi_Entry *entry); +void propogateDeletionsUpward(Slapi_Entry *, const Slapi_DN *, Slapi_ValueSet*, Slapi_ValueSet *, int); #endif diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c index e5385b0..8d9d8ac 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-task.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c @@ -271,15 +271,15 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data) int i; for (i = slapi_attr_first_value(muid_attr, &v); i != -1; i = slapi_attr_next_value(muid_attr, i, &v)) { - const char *muid = slapi_value_get_string(v); + char *muid = (char *)slapi_value_get_string(v); slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "_fix_memberuid iterating memberuid: %s\n", muid); size_t vallen = muid ? strlen(muid) : 0; - char *filter_escaped_value = slapi_ch_calloc(sizeof(char), vallen*3+1); - char *filter = slapi_ch_smprintf("(uid=%s)", escape_filter_value(muid, vallen, filter_escaped_value)); + char *filter_escaped_value = slapi_escape_filter_value(muid, vallen); + char *filter = slapi_ch_smprintf("(uid=%s)", filter_escaped_value); slapi_ch_free_string(&filter_escaped_value); Slapi_Entry **search_entries = NULL; commit e9941a2915ac848abe9a4afe802d0432aa0c354a Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com> Date: Wed Oct 24 15:27:48 2012 -0700 Coverity defects The commit b9eeb2e1a8e688dfec753e8965d0e5aeb119e638 for Ticket #481 "expand nested posix groups" introduced 4 coverity defects. Description: 13100, 13101: Missing return statement Fix description: addUserToGroupMembership and propogateDeletion- UpwardCallback are declared to return an integer value, but nothing was returned. This patch changes it to return 0. 13102: Resource leak Fix description: The memory of valueset muid_old_vs is internally allocated. It was meant to be set to muid_upward_vs and freed together when muid_upward_vs is freed. But due to the function calling order, it was not properly set and it lost the chance to be freed. This patch calls slapi_attr_get_valueset prior to slapi_valueset_set_valueset and let free muid_old_vs together with slapi_valueset_set_valueset. 13103: Uninitialized pointer read Fix description: Possibly uninitialized variable was passed to a logging function slapi_log_error, but actually it was not referred. With this patch, the variable filter is no longer to passed to the function. diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c index 66b9272..be3a6ec 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-func.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c @@ -473,15 +473,15 @@ propogateMembershipUpward(Slapi_Entry *entry, Slapi_ValueSet *muid_vs, int depth muid_here_vs = muid_vs; } else { + int i = 0; + Slapi_Value *v = NULL; /* Eliminate duplicates */ muid_upward_vs = slapi_valueset_new(); muid_here_vs = slapi_valueset_new(); + slapi_attr_get_valueset(muid_old_attr, &muid_old_vs); slapi_valueset_set_valueset(muid_upward_vs, muid_old_vs); - slapi_attr_get_valueset(muid_old_attr, &muid_old_vs); - int i = 0; - Slapi_Value *v = NULL; for (i = slapi_valueset_first_value(muid_vs, &v); i != -1; i = slapi_valueset_next_value(muid_vs, i, &v)) { @@ -542,6 +542,7 @@ propogateDeletionsUpwardCallback(Slapi_Entry *entry, void *callback_data) { struct propogateDeletionsUpwardArgs *args = (struct propogateDeletionsUpwardArgs *)(callback_data); propogateDeletionsUpward(entry, args->base_sdn, args->smod_deluids, args->del_nested_vs, args->depth); + return 0; } void @@ -920,6 +921,7 @@ addUserToGroupMembership(Slapi_Entry *entry) propogateMembershipUpward(entry, muid_vs, 0); slapi_valueset_free(muid_vs); muid_vs = NULL; + return 0; } int diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c index 4555f1b..e5385b0 100644 --- a/ldap/servers/plugins/posix-winsync/posix-group-task.c +++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c @@ -152,9 +152,9 @@ posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int rv = SLAPI_DSE_CALLBACK_OK; } - out: +out: slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, - "posix_group_task_add: <==\n", filter); + "posix_group_task_add: <==\n"); return rv; }

1 0

Branch '389-ds-base-1.2.10' - ldap/servers
by Noriko Hosoi 24 Oct '12

24 Oct '12

ldap/servers/slapd/abandon.c | 3 ++- ldap/servers/slapd/connection.c | 2 +- ldap/servers/slapd/opshared.c | 20 ++++++++++++++------ ldap/servers/slapd/pagedresults.c | 27 +++++++++++++++++++++------ ldap/servers/slapd/proto-slap.h | 2 +- ldap/servers/slapd/slap.h | 16 ++++++++++++---- 6 files changed, 51 insertions(+), 19 deletions(-) New commits: commit 16088c1548396cf6ea7e2e7d5a6fc11ae17dd644 Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com> Date: Wed Oct 24 13:59:42 2012 -0700 Bug 866623 - RHDS crash when attempting to free an invalid pointer https://bugzilla.redhat.com/show_bug.cgi?id=866623 Bug Description: When a simple-paged-results search is abandoned, it calls pagedresults_cleanup and cleans up the search result set stashed in the connection object. The abandoned fact is not stored any place. Thus if the further operation expecting the search result set is issued, it crould crash the server. Fix Description: This patch introduces ABANDONED flag and sets it if the simple paged results search is abandoned. Any further ops on the search are skipped. This patch is also adding a check if the given page size is 0 in the simple-paged-results control or not. If it is 0, treat is as an abandoned operation. diff --git a/ldap/servers/slapd/abandon.c b/ldap/servers/slapd/abandon.c index 8870364..5271981 100644 --- a/ldap/servers/slapd/abandon.c +++ b/ldap/servers/slapd/abandon.c @@ -152,7 +152,8 @@ do_abandon( Slapi_PBlock *pb ) 0 ); } - if (pagedresults_cleanup(pb->pb_conn, 0 /* already locked */)) { + if (pagedresults_cleanup(pb->pb_conn, PAGEDRESULTS_ABANDONED, + 0 /* already locked */)) { /* Cleaned up paged result connection */ slapi_log_access( LDAP_DEBUG_STATS, "conn=%" NSPRIu64 " op=%d ABANDON" " targetop=Simple Paged Results\n", diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c index cabfe71..1dbd493 100644 --- a/ldap/servers/slapd/connection.c +++ b/ldap/servers/slapd/connection.c @@ -201,7 +201,7 @@ connection_cleanup(Connection *conn) /* destroy any sasl context */ sasl_dispose((sasl_conn_t**)&conn->c_sasl_conn); /* PAGED_RESULTS */ - pagedresults_cleanup(conn, 0 /* do not need to lock inside */); + pagedresults_cleanup(conn, PAGEDRESULTS_CLEANALL, 0 /* do not need to lock inside */); /* free the connection socket buffer */ connection_free_private_buffer(conn); diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c index dffc2a5..b213342 100644 --- a/ldap/servers/slapd/opshared.c +++ b/ldap/servers/slapd/opshared.c @@ -422,9 +422,17 @@ op_shared_search (Slapi_PBlock *pb, int send_result) &pagesize, &curr_search_count); if (LDAP_SUCCESS == rc) { unsigned int opnote = SLAPI_OP_NOTE_SIMPLEPAGED; - if (pagedresults_check_or_set_processing(pb->pb_conn)) { - send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, - NULL, "Simple Paged Results Search already in progress on this connection", 0, NULL); + int myrc = pagedresults_check_or_set_processing(pb->pb_conn); + if ((0 == pagesize) || (myrc & CONN_FLAG_PAGEDRESULTS_ABANDONED)) { + send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, + "Simple Paged Results Search is abandoned", + 0, NULL); + goto free_and_return_nolock; + } else if (myrc) { + send_ldap_result(pb, LDAP_UNWILLING_TO_PERFORM, NULL, + "Simple Paged Results Search is " + "already in progress on this connection", + 0, NULL); goto free_and_return_nolock; } pr_reset_processing = 1; /* need to reset after we are done with this op */ @@ -535,7 +543,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result) } if (slapi_sdn_compare(basesdn, sdn)) { slapi_sdn_free(&basesdn); - basesdn = operation_get_target_spec(pb->pb_op); + basesdn = operation_get_target_spec(pb->pb_op); slapi_sdn_free(&basesdn); basesdn = slapi_sdn_dup(sdn); operation_set_target_spec (pb->pb_op, basesdn); @@ -660,7 +668,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result) pagedresults_set_search_result_set_size_estimate(pb->pb_conn, estimate); next_be = NULL; /* to break the loop */ if (curr_search_count == -1) { - pagedresults_cleanup(pb->pb_conn, 1 /* need to lock */); + pagedresults_cleanup(pb->pb_conn, 0, 1 /* need to lock */); } } else { /* be_suffix null means that we are searching the default backend @@ -811,7 +819,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result) slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET, NULL ); next_be = NULL; /* to break the loop */ if (curr_search_count == -1) { - pagedresults_cleanup(pb->pb_conn, 1 /* need to lock */); + pagedresults_cleanup(pb->pb_conn, 0, 1 /* need to lock */); } } diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c index c77ec27..ff2b81f 100644 --- a/ldap/servers/slapd/pagedresults.c +++ b/ldap/servers/slapd/pagedresults.c @@ -217,7 +217,11 @@ pagedresults_set_search_result(Connection *conn, void *sr, int locked) int rc = -1; if (conn) { if (!locked) PR_Lock(conn->c_mutex); - conn->c_search_result_set = sr; + /* In case abandoned (CONN_FLAG_PAGEDRESULTS_PROCESSING is reset), + * stop setting the search result set. */ + if (conn->c_flags & CONN_FLAG_PAGEDRESULTS_PROCESSING) { + conn->c_search_result_set = sr; + } if (!locked) PR_Unlock(conn->c_mutex); rc = 0; } @@ -370,7 +374,7 @@ pagedresults_set_timelimit(Connection *conn, time_t timelimit) * 1: simple paged result and successfully abandoned */ int -pagedresults_cleanup(Connection *conn, int needlock) +pagedresults_cleanup(Connection *conn, int flags, int needlock) { int rc = 0; @@ -389,7 +393,15 @@ pagedresults_cleanup(Connection *conn, int needlock) } conn->c_search_result_count = 0; conn->c_timelimit = 0; - conn->c_flags &= ~CONN_FLAG_PAGEDRESULTS_PROCESSING; + if (flags == PAGEDRESULTS_CLEANALL) { + conn->c_flags &= ~CONN_FLAG_PAGEDRESULTS_ALL; + } else { + conn->c_flags &= ~CONN_FLAG_PAGEDRESULTS_PROCESSING; + if (flags == PAGEDRESULTS_ABANDONED) { + conn->c_flags |= CONN_FLAG_PAGEDRESULTS_ABANDONED; + } + } + if (needlock) { PR_Unlock(conn->c_mutex); } @@ -407,9 +419,12 @@ pagedresults_check_or_set_processing(Connection *conn) int ret = 0; if (conn) { PR_Lock(conn->c_mutex); - ret = conn->c_flags&CONN_FLAG_PAGEDRESULTS_PROCESSING; - /* if ret is true, the following doesn't do anything */ - conn->c_flags |= CONN_FLAG_PAGEDRESULTS_PROCESSING; + ret = conn->c_flags & (CONN_FLAG_PAGEDRESULTS_PROCESSING | + CONN_FLAG_PAGEDRESULTS_ABANDONED); + /* if ret is true, don't set the flag. */ + if (!ret) { + conn->c_flags |= CONN_FLAG_PAGEDRESULTS_PROCESSING; + } PR_Unlock(conn->c_mutex); } return ret; diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index 1c48793..2162c2f 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -1398,7 +1398,7 @@ int pagedresults_set_unindexed(Connection *conn); int pagedresults_get_sort_result_code(Connection *conn); int pagedresults_set_sort_result_code(Connection *conn, int code); int pagedresults_set_timelimit(Connection *conn, time_t timelimit); -int pagedresults_cleanup(Connection *conn, int needlock); +int pagedresults_cleanup(Connection *conn, int flags, int needlock); int pagedresults_check_or_set_processing(Connection *conn); int pagedresults_reset_processing(Connection *conn); diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index c01e590..4d3a9e2 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1446,12 +1446,16 @@ typedef struct conn { * sent with server side sorting */ -#define CONN_FLAG_PAGEDRESULTS_UNINDEXED 128 /* If the search is unindexed, +#define CONN_FLAG_PAGEDRESULTS_UNINDEXED 128/* If the search is unindexed, * store the info in c_flags */ -#define CONN_FLAG_PAGEDRESULTS_PROCESSING 256 /* there is an operation - * processing a pagedresults search - */ +#define CONN_FLAG_PAGEDRESULTS_PROCESSING 256/* there is an operation + * processing a pagedresults search + */ +#define CONN_FLAG_PAGEDRESULTS_ABANDONED 512/* paged results op is abandoned */ +#define CONN_FLAG_PAGEDRESULTS_ALL (CONN_FLAG_PAGEDRESULTS_UNINDEXED| \ + CONN_FLAG_PAGEDRESULTS_PROCESSING| \ + CONN_FLAG_PAGEDRESULTS_ABANDONED) #define CONN_GET_SORT_RESULT_CODE (-1) #define START_TLS_OID "1.3.6.1.4.1.1466.20037" @@ -2319,4 +2323,8 @@ extern char *attr_dataversion; /* copied from replication/repl5.h */ #define RUV_STORAGE_ENTRY_UNIQUEID "ffffffff-ffffffff-ffffffff-ffffffff" +/* Flags for pagedresults_cleanup */ +#define PAGEDRESULTS_ABANDONED 1 +#define PAGEDRESULTS_CLEANALL 2 + #endif /* _slap_h_ */

1 0

ldap/servers
by Mark Reynolds 23 Oct '12

23 Oct '12

ldap/servers/slapd/log.c | 2 - ldap/servers/slapd/modify.c | 1 ldap/servers/slapd/passwd_extop.c | 1 ldap/servers/slapd/pblock.c | 7 ++-- ldap/servers/slapd/pw.c | 47 ++++++++-------------------- ldap/servers/slapd/pw_mgmt.c | 6 --- ldap/servers/slapd/pw_retry.c | 3 - ldap/servers/slapd/result.c | 1 ldap/servers/slapd/slap.h | 63 +++++++++++++++++++------------------- 9 files changed, 51 insertions(+), 80 deletions(-) New commits: commit 8639c035050484bd5a8f31bb70874d593cd1585e Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Mon Oct 22 16:17:42 2012 -0400 Ticket 147 - Internal Password Policy usage very inefficient Bug Description: When updating a userpassword, the passwordPolicy struct is allocated & freed 5 to 7 times. Fix Description: Store the passwordPolicy struct in the pblock, and when we try and create a new policy struct, return the one in the pblock. https://fedorahosted.org/389/ticket/147 Reviewed by: richm(Thanks!) diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c index e622485..ecfdb19 100644 --- a/ldap/servers/slapd/log.c +++ b/ldap/servers/slapd/log.c @@ -2581,7 +2581,7 @@ log__delete_rotated_logs() log_convert_time (logp->l_ctime, tbuf, 1); PR_snprintf (buffer, sizeof(buffer), "%s.%s", loginfo.log_access_file, tbuf); - LDAPDebug(LDAP_DEBUG_ANY,"Deleted Rotated Log: %s\n",buffer,0,0); /* MARK */ + LDAPDebug(LDAP_DEBUG_ANY,"Deleted Rotated Log: %s\n",buffer,0,0); if (PR_Delete(buffer) != PR_SUCCESS) { logp = logp->l_next; diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index da742da..424badb 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -1256,7 +1256,6 @@ static int op_shared_allow_pw_change (Slapi_PBlock *pb, LDAPMod *mod, char **old done: slapi_entry_free( e ); slapi_sdn_done (&sdn); - delete_passwdPolicy(&pwpolicy); slapi_ch_free_string(&proxydn); slapi_ch_free_string(&proxystr); return rc; diff --git a/ldap/servers/slapd/passwd_extop.c b/ldap/servers/slapd/passwd_extop.c index 3c050d6..b103a14 100644 --- a/ldap/servers/slapd/passwd_extop.c +++ b/ldap/servers/slapd/passwd_extop.c @@ -869,7 +869,6 @@ free_and_return: slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL); slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, NULL ); slapi_ch_free_string(&authmethod); - delete_passwdPolicy(&pwpolicy); slapi_entry_free(referrals); if ( targetEntry != NULL ){ diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index 9895d49..d7a726d 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -111,10 +111,11 @@ pblock_done( Slapi_PBlock *pb ) { if(pb->pb_op!=NULL) { - operation_free(&pb->pb_op,pb->pb_conn); + operation_free(&pb->pb_op,pb->pb_conn); } - slapi_ch_free((void**)&(pb->pb_vattr_context)); - slapi_ch_free((void**)&(pb->pb_result_text)); + delete_passwdPolicy(&pb->pwdpolicy); + slapi_ch_free((void**)&(pb->pb_vattr_context)); + slapi_ch_free((void**)&(pb->pb_result_text)); } void diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 04ad2ce..9135a52 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -200,7 +200,6 @@ char* slapi_encode_ext (Slapi_PBlock *pb, const Slapi_DN *sdn, char *value, char { pwpolicy = new_passwdPolicy(pb, (char*)slapi_sdn_get_ndn(sdn) ); pws_enc = pwpolicy->pw_storagescheme->pws_enc; - delete_passwdPolicy(&pwpolicy); if (pws_enc == NULL) { @@ -357,8 +356,6 @@ pw_encodevals_ext( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals ) if (pwpolicy->pw_storagescheme) { pws_enc = pwpolicy->pw_storagescheme->pws_enc; } - - delete_passwdPolicy(&pwpolicy); } /* Password scheme encryption function was not found */ @@ -678,7 +675,6 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw) { slapi_ch_free((void**)&prev_exp_date_str); pw_apply_mods(sdn, &smods); slapi_mods_done(&smods); - delete_passwdPolicy(&pwpolicy); return 0; } @@ -695,12 +691,9 @@ update_pw_info ( Slapi_PBlock *pb , char *old_pw) { } else { pw_apply_mods(sdn, &smods); slapi_mods_done(&smods); - delete_passwdPolicy(&pwpolicy); return 0; } - delete_passwdPolicy(&pwpolicy); - timestr = format_genTime ( pw_exp_date ); slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordExpirationTime", timestr); slapi_ch_free((void **)&timestr); @@ -735,7 +728,6 @@ check_pw_minage ( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) /* retrieve the entry */ e = get_entry ( pb, dn ); if ( e == NULL ) { - delete_passwdPolicy(&pwpolicy); return ( -1 ); } /* get passwordAllowChangeTime attribute */ @@ -763,14 +755,12 @@ check_pw_minage ( Slapi_PBlock *pb, const Slapi_DN *sdn, struct berval **vals) "within password minimum age", 0, NULL ); slapi_entry_free( e ); slapi_ch_free((void **) &cur_time_str ); - delete_passwdPolicy(&pwpolicy); return ( 1 ); } slapi_ch_free((void **) &cur_time_str ); } slapi_entry_free( e ); } - delete_passwdPolicy(&pwpolicy); return ( 0 ); } @@ -847,12 +837,10 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, LDAP_PWPOLICY_INVALIDPWDSYNTAX ); } pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL ); - delete_passwdPolicy(&pwpolicy); return( 1 ); } else { /* We want to skip syntax checking since this is a pre-hashed * password from replication or the root DN. */ - delete_passwdPolicy(&pwpolicy); return( 0 ); } } @@ -869,7 +857,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, LDAP_PWPOLICY_PWDTOOSHORT ); } pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL ); - delete_passwdPolicy(&pwpolicy); return ( 1 ); } @@ -984,7 +971,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, LDAP_PWPOLICY_INVALIDPWDSYNTAX ); } pw_send_ldap_result ( pb, LDAP_CONSTRAINT_VIOLATION, NULL, errormsg, 0, NULL ); - delete_passwdPolicy(&pwpolicy); return ( 1 ); } } @@ -995,7 +981,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, /* retrieve the entry */ e = get_entry ( pb, dn ); if ( e == NULL ) { - delete_passwdPolicy(&pwpolicy); return ( -1 ); } @@ -1015,7 +1000,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, LDAP_CONSTRAINT_VIOLATION, NULL, "password in history", 0, NULL ); slapi_entry_free( e ); - delete_passwdPolicy(&pwpolicy); return ( 1 ); } } @@ -1033,7 +1017,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, LDAP_CONSTRAINT_VIOLATION ,NULL, "password in history", 0, NULL); slapi_entry_free( e ); - delete_passwdPolicy(&pwpolicy); return ( 1 ); } } else @@ -1044,7 +1027,6 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, LDAP_CONSTRAINT_VIOLATION ,NULL, "password in history", 0, NULL); slapi_entry_free( e ); - delete_passwdPolicy(&pwpolicy); return ( 1 ); } } @@ -1073,13 +1055,10 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, slapi_entry_free( e ); } - delete_passwdPolicy(&pwpolicy); return 1; } } - delete_passwdPolicy(&pwpolicy); - if ( mod_op ) { /* free e only when called by modify operation */ slapi_entry_free( e ); @@ -1110,7 +1089,6 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw ) /* retrieve the entry */ e = get_entry ( pb, dn ); if ( e == NULL ) { - delete_passwdPolicy(&pwpolicy); return ( 1 ); } @@ -1176,7 +1154,6 @@ update_pw_history( Slapi_PBlock *pb, const Slapi_DN *sdn, char *old_pw ) slapi_ch_free((void **) &str ); slapi_ch_free((void **) &history_str ); slapi_entry_free( e ); - delete_passwdPolicy(&pwpolicy); return 0; } @@ -1415,8 +1392,6 @@ add_password_attrs( Slapi_PBlock *pb, Operation *op, Slapi_Entry *e ) slapi_entry_attr_merge( e, "passwordallowchangetime", bvals ); slapi_ch_free((void **) &bv.bv_val ); } - - delete_passwdPolicy(&pwpolicy); } static int @@ -1551,6 +1526,11 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) slapdFrontendConfig_t *slapdFrontendConfig; int optype = -1; + /* If we already allocated a pw policy, return it */ + if(pb && pb->pwdpolicy){ + return pb->pwdpolicy; + } + slapdFrontendConfig = getFrontendConfig(); pwdpolicy = (passwdPolicy *)slapi_ch_calloc(1, sizeof(passwdPolicy)); @@ -1838,6 +1818,9 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) if (pw_entry) { slapi_entry_free(pw_entry); } + if(pb){ + pb->pwdpolicy = pwdpolicy; + } return pwdpolicy; } else if ( e ) { slapi_entry_free( e ); @@ -1845,15 +1828,18 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) } done: - /* If we are here, that means we need to load the passwdPolicy + /* + * If we are here, that means we need to load the passwdPolicy * structure from slapdFrontendconfig */ - *pwdpolicy = slapdFrontendConfig->pw_policy; pwdscheme = (struct pw_scheme *)slapi_ch_calloc(1, sizeof(struct pw_scheme)); *pwdscheme = *slapdFrontendConfig->pw_storagescheme; pwdscheme->pws_name = strdup( slapdFrontendConfig->pw_storagescheme->pws_name ); pwdpolicy->pw_storagescheme = pwdscheme; + if(pb){ + pb->pwdpolicy = pwdpolicy; + } return pwdpolicy; @@ -2194,14 +2180,9 @@ slapi_check_account_lock ( Slapi_PBlock *pb, Slapi_Entry * bind_target_entry, in notlocked: /* account is not locked. */ - if(check_password_policy) - delete_passwdPolicy(&pwpolicy); - return ( 0 ); + return (0); locked: - if(check_password_policy) - delete_passwdPolicy(&pwpolicy); return (1); - } /* The idea here is that these functions could allow us to have password diff --git a/ldap/servers/slapd/pw_mgmt.c b/ldap/servers/slapd/pw_mgmt.c index c0055fc..05ecae1 100644 --- a/ldap/servers/slapd/pw_mgmt.c +++ b/ldap/servers/slapd/pw_mgmt.c @@ -107,7 +107,6 @@ need_new_pw( Slapi_PBlock *pb, long *t, Slapi_Entry *e, int pwresponse_req ) pw_apply_mods(sdn, &smods); } slapi_mods_done(&smods); - delete_passwdPolicy(&pwpolicy); return ( 0 ); } @@ -152,7 +151,6 @@ skip: } pw_apply_mods(sdn, &smods); slapi_mods_done(&smods); - delete_passwdPolicy(&pwpolicy); return ( 0 ); } @@ -191,7 +189,6 @@ skip: if (pb->pb_conn->c_needpw == 1) { slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); } - delete_passwdPolicy(&pwpolicy); return ( 0 ); } @@ -218,7 +215,6 @@ skip: /* Apply current modifications */ pw_apply_mods(sdn, &smods); slapi_mods_done(&smods); - delete_passwdPolicy(&pwpolicy); return (-1); } slapi_ch_free((void **) &cur_time_str ); @@ -279,7 +275,6 @@ skip: if (pb->pb_conn->c_needpw == 1) { slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); } - delete_passwdPolicy(&pwpolicy); return (2); } @@ -289,7 +284,6 @@ skip: if (pb->pb_conn->c_needpw == 1) { slapi_add_pwd_control ( pb, LDAP_CONTROL_PWEXPIRED, 0); } - delete_passwdPolicy(&pwpolicy); /* passes checking, return 0 */ return( 0 ); } diff --git a/ldap/servers/slapd/pw_retry.c b/ldap/servers/slapd/pw_retry.c index 68a6bd9..0082d0f 100644 --- a/ldap/servers/slapd/pw_retry.c +++ b/ldap/servers/slapd/pw_retry.c @@ -136,7 +136,6 @@ int set_retry_cnt_and_time ( Slapi_PBlock *pb, int count, time_t cur_time ) { slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn ); dn = slapi_sdn_get_dn(sdn); pwpolicy = new_passwdPolicy(pb, dn); - slapi_mods_init(&smods, 0); reset_time = time_plus_sec ( cur_time, @@ -150,7 +149,6 @@ int set_retry_cnt_and_time ( Slapi_PBlock *pb, int count, time_t cur_time ) { pw_apply_mods(sdn, &smods); slapi_mods_done(&smods); - delete_passwdPolicy(&pwpolicy); return rc; } @@ -190,7 +188,6 @@ int set_retry_cnt_mods(Slapi_PBlock *pb, Slapi_Mods *smods, int count) rc = LDAP_CONSTRAINT_VIOLATION; } } - delete_passwdPolicy(&pwpolicy); return rc; } diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c index 09d6b90..e124d0b 100644 --- a/ldap/servers/slapd/result.c +++ b/ldap/servers/slapd/result.c @@ -555,7 +555,6 @@ log_and_return: log_result( pb, operation, err, tag, nentries ); } - delete_passwdPolicy (&pwpolicy); LDAPDebug( LDAP_DEBUG_TRACE, "<= send_ldap_result\n", 0, 0, 0 ); } diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index 33607cb..5ac1819 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1514,6 +1514,37 @@ struct slapi_task { } slapi_task; /* End of interface to support online tasks **********************************/ +typedef struct passwordpolicyarray { + int pw_change; /* 1 - indicates that users are allowed to change the pwd */ + int pw_must_change; /* 1 - indicates that users must change pwd upon reset */ + int pw_syntax; + int pw_minlength; + int pw_mindigits; + int pw_minalphas; + int pw_minuppers; + int pw_minlowers; + int pw_minspecials; + int pw_min8bit; + int pw_maxrepeats; + int pw_mincategories; + int pw_mintokenlength; + int pw_exp; + long pw_maxage; + long pw_minage; + long pw_warning; + int pw_history; + int pw_inhistory; + int pw_lockout; + int pw_maxfailure; + int pw_unlock; + long pw_lockduration; + long pw_resetfailurecount; + int pw_gracelimit; + int pw_is_legacy; + int pw_track_update_time; + struct pw_scheme *pw_storagescheme; +} passwdPolicy; + typedef struct slapi_pblock { /* common */ Slapi_Backend *pb_backend; @@ -1666,6 +1697,7 @@ typedef struct slapi_pblock { int pb_syntax_filter_normalized; /* the syntax filter types/values are already normalized */ void *pb_syntax_filter_data; /* extra data to pass to a syntax plugin function */ int pb_paged_results_index; /* stash SLAPI_PAGED_RESULTS_INDEX */ + passwdPolicy *pwdpolicy; } slapi_pblock; /* index if substrlens */ @@ -2033,37 +2065,6 @@ typedef struct _slapdEntryPoints { #define MAX_ALLOWED_TIME_IN_SECS 2147483647 -typedef struct passwordpolicyarray { - int pw_change; /* 1 - indicates that users are allowed to change the pwd */ - int pw_must_change; /* 1 - indicates that users must change pwd upon reset */ - int pw_syntax; - int pw_minlength; - int pw_mindigits; - int pw_minalphas; - int pw_minuppers; - int pw_minlowers; - int pw_minspecials; - int pw_min8bit; - int pw_maxrepeats; - int pw_mincategories; - int pw_mintokenlength; - int pw_exp; - long pw_maxage; - long pw_minage; - long pw_warning; - int pw_history; - int pw_inhistory; - int pw_lockout; - int pw_maxfailure; - int pw_unlock; - long pw_lockduration; - long pw_resetfailurecount; - int pw_gracelimit; - int pw_is_legacy; - int pw_track_update_time; - struct pw_scheme *pw_storagescheme; -} passwdPolicy; - typedef struct _slapdFrontendConfig { Slapi_RWLock *cfg_rwlock; /* read/write lock to serialize access */ struct pw_scheme *rootpwstoragescheme;

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits October 2012