ldap/admin
by Noriko Hosoi
ldap/admin/src/scripts/DSUtil.pm.in | 47 ++++++++++++++++++++----------------
1 file changed, 27 insertions(+), 20 deletions(-)
New commits:
commit f26658cab99c77d26f15efe4f06b1f6f7e472f0b
Author: Noriko Hosoi <nhosoi(a)totoro.sjc.redhat.com>
Date: Fri Mar 23 13:00:25 2012 -0700
Trac Ticket #46 - setup-ds-admin.pl does not like ipv6 only hostnames
https://fedorahosted.org/389/ticket/46
Fix Description:
Perl functions gethostbyname/gethostbyaddr do not support IPv6
addresses. This patch replaces the obsolete functions with the
ones from Socket::GetAddrInfo.
diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
index 4ee6af0..2f3306b 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -59,6 +59,8 @@ require Exporter;
use strict;
use Socket;
+use Socket::GetAddrInfo qw( :newapi getaddrinfo getnameinfo AI_CANONNAME );
+use NetAddr::IP::Util qw( ipv6_n2x );
use File::Temp qw(tempfile tempdir);
use File::Basename qw(dirname);
@@ -207,31 +209,36 @@ sub checkHostname {
}
}
- # see if we can resolve the hostname
- my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyname($hn);
- if (!$name) {
- if ($res) {
- return $res->getText('warning_no_such_hostname', $hn);
- } else {
- return "Warning: could not resolve hostname $hn\n";
- }
+ # see if we can resolve the hostname (IPv6 supported)
+ my %hints = ( flags => AI_CANONNAME, socktype => SOCK_STREAM );
+ my ( $err, @aires ) = getaddrinfo( $hn, "ldap", \%hints );
+ if ($err) {
+ return $res->getText('warning_no_such_hostname', $hn);
}
- debug(1, "found for hostname $hn: name=$name\n");
- debug(1, "aliases=$aliases\n");
- debug(1, "addrtype=$addrtype\n");
my $found = 0;
my @hostip = ();
- # see if reverse resolution works
- foreach my $ii (@addrs) {
- my $hn2 = gethostbyaddr($ii, $addrtype);
- my $ip = join('.', unpack('C4', $ii));
- debug(1, "\thost=$hn2 ip=$ip\n");
- push @hostip, [$hn2, $ip];
- if (lc($hn) eq lc($hn2)) {
- $found = 1;
- last;
+ while ( my $ai = shift @aires ) {
+ debug(1, "found for hostname $hn: name=$ai->{canonname}\n");
+ my $ip;
+ if ($ai->{family} == AF_INET) {
+ my ( $port, $ipaddr ) = unpack_sockaddr_in( $ai->{addr} );
+ $ip = inet_ntoa($ipaddr);
+ } else {
+ my ( $port, $ipaddr ) = unpack_sockaddr_in6( $ai->{addr} );
+ $ip = ipv6_n2x($ipaddr);
+ }
+ debug(1, "ipaddr=", $ip, "\n");
+ # see if reverse resolution works
+ my ( $err, $hn2, $service ) = getnameinfo( $ai->{addr} );
+ if (!$err) {
+ push @hostip, [$hn2, $ip];
+ if (lc($hn) eq lc($hn2)) {
+ $found = 1;
+ last;
+ }
}
}
+
if (!$found) {
my $retstr = "";
if ($res) {
12 years, 1 month
ldap/servers
by Richard Allen Megginson
ldap/servers/plugins/replication/windows_protocol_util.c | 20 ++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
New commits:
commit d6deb25c214e523b582a246ed60ac15d3f65c271
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Fri Mar 23 14:19:03 2012 -0600
Ticket #324 - Sync with group attribute containing () fails
https://fedorahosted.org/389/ticket/324
Resolves: Ticket #324
Bug Description: Sync with group attribute containing () fails
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: When constructing the ldap filter used to retrieve the
entry, the values must be filter escaped.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
index eb7fd00..0c16bdd 100644
--- a/ldap/servers/plugins/replication/windows_protocol_util.c
+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
@@ -2789,8 +2789,15 @@ find_entry_by_attr_value_remote(const char *attribute, const char *value, Slapi_
char *filter = NULL;
const char *searchbase = NULL;
Slapi_Entry *found_entry = NULL;
-
- filter = PR_smprintf("(%s=%s)",attribute,value);
+ char *filter_escaped_value = NULL;
+ size_t vallen = 0;
+
+ vallen = value ? strlen(value) : 0;
+ filter_escaped_value = slapi_ch_calloc(sizeof(char), vallen*3+1);
+ escape_filter_value(value, vallen, filter_escaped_value);
+ /* should not have to escape attribute names */
+ filter = PR_smprintf("(%s=%s)",attribute,filter_escaped_value);
+ slapi_ch_free_string(&filter_escaped_value);
searchbase = slapi_sdn_get_dn(windows_private_get_windows_subtree(prp->agmt));
cres = windows_search_entry(prp->conn, (char*)searchbase, filter, &found_entry);
if (cres)
@@ -2915,11 +2922,18 @@ find_entry_by_attr_value(const char *attribute, const char *value, Slapi_Entry *
int scope = LDAP_SCOPE_SUBTREE;
char **attrs = NULL;
LDAPControl **server_controls = NULL;
+ char *filter_escaped_value = NULL;
+ size_t vallen = 0;
if (pb == NULL)
goto done;
- query = slapi_ch_smprintf("(%s=%s)", attribute, value);
+ vallen = value ? strlen(value) : 0;
+ filter_escaped_value = slapi_ch_calloc(sizeof(char), vallen*3+1);
+ escape_filter_value(value, vallen, filter_escaped_value);
+ /* should not have to escape attribute names */
+ query = slapi_ch_smprintf("(%s=%s)", attribute, filter_escaped_value);
+ slapi_ch_free_string(&filter_escaped_value);
if (query == NULL)
goto done;
12 years, 1 month
ldap/servers
by Mark Reynolds
ldap/servers/snmp/main.c | 1 +
1 file changed, 1 insertion(+)
New commits:
commit 58dc93c0a63b60abd13926b3d6dbfbc8e049e023
Author: Mark Reynolds <mareynol(a)redhat.com>
Date: Fri Mar 23 11:44:00 2012 -0400
Ticket #319 - ldap-agent crashes on start with signal SIGSEGV
Bug Description: If you have two or more slapd instances defined in
ldap-agent.conf file, the agent will crash at startup.
Fix Description: When using openldap, we were not reseting the buffer
length between dse.ldif files. So we end passing in a
huge buffer length for the first line of the new file,
which leads to invalid memory being read later on.
https://fedorahosted.org/389/ticket/319
diff --git a/ldap/servers/snmp/main.c b/ldap/servers/snmp/main.c
index a255880..53af972 100644
--- a/ldap/servers/snmp/main.c
+++ b/ldap/servers/snmp/main.c
@@ -382,6 +382,7 @@ load_config(char *conf_path)
/* Open dse.ldif */
#if defined(USE_OPENLDAP)
dse_fp = ldif_open(serv_p->dse_ldif, "r");
+ buflen = 0;
#else
dse_fp = fopen(serv_p->dse_ldif, "r");
#endif
12 years, 1 month
Changes to 'refs/tags/389-admin-1.1.28'
by Richard Allen Megginson
Changes since 389-admin-1.1.11:
Endi S. Dewata (3):
Bug 573889 - Migration does not remove deprecated schema
Bug 644929 - FDS to 389 DS migration results in both Fedora and 389 entries
Bug 470576 - Migration could do addition checks before commiting actions
Mark Reynolds (1):
Ticket #286 - compilation fixes for 'format-security'
Nathan Kinder (42):
Bug 648949 - Merge selinux policy into base OS
Regenerated autoconf files
Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled
Bug 668950 - Add posix group support to Console
Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
Bug 618897 - Wrong permissions when creating instance from Console
Bug 493424 - remove unneeded modules for admin server apache config
Bug 614690 - Don't use exec to call genrb
Bug 699815 - (cov#10859) Add missing braces in mod_admserv code
Bug 699815 - (cov#10858) getenv() called twice in viewlog cgi
Bug 699815 - (cov#10849,10851) Remove unused variables
Bug 699907 - (cov#10844) Uninitialized time struct
Bug 699907 - (cov#10843) Use of uninitialized variable in logging code
Bug 699907 - (cov#10840) Use of uninitialized buffer in security cgi
Bug 699907 - (cov#10836) Use of uninitialized var in http conn code
Bug 699907 - (cov#10833) Use of uninitialized vars in SNMP code
Bug 700532 - (cov#10832) Incorrect if condition in dsalib
Bug 700875 - (cov#10778) Cleanup ds_bring_up_server_install() in dsalib
Bug 700890 - (cov#10812) Check return value of open() properly in libadmin
Bug 700948 - (cov#10846) - Use of uninitialized variable in mod_admserv
Bug 700948 - (cov#10845) Use of uninitialized variable in mod_admserv
Bug 700948 - (cov#10839) Use of uninitialized variable in security cgi
Bug 700948 - (cov#10837) Use of uninitialized variable in monreplication
Bug 700948 - (cov#10835) Use of unitialized pointer in config cgi
Bug 700948 - (cov#10813) dynamic overrun possibility in ds_listdb cgi
Bug 700948 - (cov#10842) Use of unintialized variable in statusping
Bug 700948 - (cov#10842) Use of unintialized variable in statusping
Bug 702150 - (cov#10823) File descriptors leaked in help cgi
Bug 702150 - (cov#10822,10821) file descriptor leaks in config cgi
Bug 702150 - (cov#10820,10819) file descriptor leaks in readlog cgi
Bug 702150 - leak of config array in dsalib
Bug 702150 - (cov#10816) file descriptor leak in dsalib
Bug 702150 - (cov#10817) Leak of string in libdsa
Bug 702150 - Resouce leaks in htmladmin.c
Bug 702705 - (cov#10830) NULL pointer dereference in htmladmin
Bug 702705 - NULL pointer dereferences in viewlog cgi
Bug 702705 - (cov#10803) NULL pointer dereference in security cgi
Bug 702705 - (cov#10785) NULL pointer dereference in ds_snmpctrl
Bug 702705 - (cov#10784,10783) NULL pointer dereferences in dsalib
Bug 719056 - migrate-ds-admin.pl needs to update SELinux policy
Bug 724808 - startup CGIs write temp file to /
Bug 730079 - Update SELinux policy during upgrades
Noriko Hosoi (13):
Bug 151705 - Need to update Console Cipher Preferences with new ciphers
start-ds-admin.in -- replaced "return 1" with "exit 1"
Bug 616260 - libds-admin-serv linking fails due to unresolved link-time dependencies
Bug 618858 - move start-ds-admin env file into main admin server
Bug 387981 - plain files can be chosen on the Restore Directory dialog
Bug 604881 - admin server log files have incorrect permissions/ownerships
Bug 604881 - admin server log files have incorrect permissions/ownerships
Bug 245278 - Changing to a password with a single quote does not work
Bug 211296 - Clean up all HTML pages (Admin Express, Repl Monitor, etc)
Bug 158926 - Unable to install CA certificate when using
Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
Bug 476925 - Admin Server: Do not allow 8-bit passwords for
Trac Ticket #307 - htmladmin keeps segfaulting
Rich Megginson (50):
bump version to 1.1.12.a1
initial support for openldap
add selinux policy for dsgw
skip LD_PRELOAD if using openldap
add more log information if nss init fails
add even more nss debugging
Bug 618454 - mod_admserv should only clear NSS caches and shutdown if NSS is initialized
bump version to 1.1.12.a2
fix building with mozldap
bump version to 1.1.12.a3
fix autotool build issues with properties files
setup-ds-admin.pl -u exits with ServerAdminID and as_uid related error
Bug 656441 - Missing library path entry causes LD_PRELOAD error
bump version to 1.1.13
bump version to 1.1.14.a1
Bug 664671 - Admin server segfault when full SSL access (http+ldap+console) required
bump version to 1.1.14
bump version to 1.1.15
bump version to 1.1.16
Bug 703990 - Support upgrade from Red Hat Directory Server
bump version to 1.1.17
add support for different skins
skip rebranding current brand
bump version to 1.1.18
look for separate openldap ldif library
bump version to 1.1.19
Bug 710372 - Not able to open the Manage Certificate from DS-console
better NSS error handling - reduce memory leaks
fix typo in NSS_Shutdown warning message
added tests for the security cgi
Bug 713000 - Migration stops if old admin server cannot be stopped
Bug 718079 - Perl errors when running migrate-ds-admin.pl
Bug 718285 - AdminServer should use "service" command instead of start/stop/restart scripts
bump version to 1.1.20
bump version to 1.1.21
handle binary upgrade
add man pages for ds_removal and ds_unregister
bump version to 1.1.22
fix binary paths
bump version to 1.1.23
bump version to 1.1.24
Bug 695741 - Providing native systemd file for upcoming F16 Feature Systemd
Bug 740959 - 389-console put CA certificates into wrong database
bump version to 1.1.25
Bug 767823 - selinux: need to allow admin server to connect to ldap port
bump version to 1.1.26
Ticket #161 - Review and address latest Coverity issues
Ticket #281 - TLS not working with latest openldap
bump version to 1.1.27
bump version to 1.1.28
---
Makefile.am | 104
Makefile.in | 1444
VERSION.sh | 4
aclocal.m4 | 6991 ---
admserv/cfgstuff/httpd-2.2.conf.in | 13
admserv/cfgstuff/httpd.conf.in | 2
admserv/cfgstuff/initconfig.in | 5
admserv/cfgstuff/start-ds-admin.in | 83
admserv/cgi-ds/ds_listdb.c | 26
admserv/cgi-ds/ds_snmpctrl.c | 5
admserv/cgi-src40/ReadLog.c | 18
admserv/cgi-src40/admlib.mk | 119
admserv/cgi-src40/admpw.c | 70
admserv/cgi-src40/cgicommon.h | 1
admserv/cgi-src40/cgicommon.properties | 3
admserv/cgi-src40/config.c | 34
admserv/cgi-src40/dllglue.c | 42
admserv/cgi-src40/ds_create.in | 6
admserv/cgi-src40/dsconfig.c | 9
admserv/cgi-src40/head.html | 1
admserv/cgi-src40/help.c | 15
admserv/cgi-src40/htmladmin.c | 800
admserv/cgi-src40/htmladmin.properties | 42
admserv/cgi-src40/monreplication.c | 6
admserv/cgi-src40/repl-monitor-cgi.pl.in | 37
admserv/cgi-src40/restartsrv.c | 8
admserv/cgi-src40/sec-activate.c | 21
admserv/cgi-src40/security.c | 196
admserv/cgi-src40/statpingserv.c | 81
admserv/cgi-src40/stopsrv.c | 9
admserv/cgi-src40/ugdsconfig.c | 38
admserv/cgi-src40/viewdata.c | 156
admserv/cgi-src40/viewdata.properties | 2
admserv/cgi-src40/viewlog.c | 74
admserv/cgi-src40/viewlog.properties | 6
admserv/genrb_wrapper.sh | 2
admserv/html/admserv.html.in | 11
admserv/html/htmladmin.html.in | 13
admserv/html/monreplication.html | 20
admserv/html/viewdata.html | 6
admserv/html/viewlog.html | 14
admserv/makeUpgradeTar.sh | 30
admserv/newinst/src/25changefedorato389.pl | 250
admserv/newinst/src/25rebrand.pl.in | 413
admserv/newinst/src/30updateglobalpref.pl.in | 9
admserv/newinst/src/AdminMigration.pm.in | 79
admserv/newinst/src/AdminServer.pm.in | 141
admserv/newinst/src/AdminUtil.pm.in | 78
admserv/newinst/src/ConfigDSDialogs.pm | 30
admserv/newinst/src/dirserver.map.in | 1
admserv/newinst/src/setup-ds-admin.res.in | 3
admserv/schema/ldif/02globalpreferences.ldif.tmpl | 49
admserv/schema/ldif/10dsdata.ldif.tmpl | 39
compile | 21
config.guess | 302
config.h.in | 24
config.sub | 232
configure |40598 ++++++++++------------
configure.ac | 106
depcomp | 172
include/base/file.h | 3
include/base/util.h | 3
include/libadmin/libadmin.h | 92
include/libdsa/dsalib.h | 15
install-sh | 517
lib/base/file.cpp | 22
lib/base/nscputil.cpp | 46
lib/libadmin/dllglue.c | 77
lib/libadmin/httpcon.c | 2
lib/libadmin/referer.c | 4
lib/libadmin/template.c | 29
lib/libadmin/util.c | 1003
lib/libdsa/dsalib_conf.c | 37
lib/libdsa/dsalib_confs.c | 79
lib/libdsa/dsalib_location.c | 46
lib/libdsa/dsalib_tailf.c | 1
lib/libdsa/dsalib_updown.c | 78
lib/libdsa/dsalib_util.c | 48
ltmain.sh |13199 +++----
m4/mozldap.m4 | 116
m4/openldap.m4 | 138
m4/selinux.m4 | 3
man/man8/ds_removal.8 | 54
man/man8/ds_unregister.8 | 48
man/man8/restart-ds-admin.8 | 10
man/man8/start-ds-admin.8 | 10
man/man8/stop-ds-admin.8 | 10
missing | 104
mod_admserv/mod_admserv.c | 182
mod_admserv/mod_admserv.h | 15
mod_restartd/mod_restartd-2.2.c | 6
selinux/dirsrv-admin.fc.in | 5
selinux/dirsrv-admin.te | 2
tests/ds_create/testget.1 | 2
tests/htmladmin/testget.2 | 2
tests/htmladmin/testget.3 | 2
tests/htmladmin/testget.4 | 2
tests/htmladmin/testget.5 | 2
tests/htmladmin/testget.6 | 2
tests/htmladmin/testget.7 | 2
tests/htmladmin/testget.8 | 2
tests/security/testpost.1 | 1
tests/security/testpost.10 | 1
tests/security/testpost.11 | 1
tests/security/testpost.12 | 1
tests/security/testpost.13 | 1
tests/security/testpost.14 | 1
tests/security/testpost.15 | 1
tests/security/testpost.16 | 1
tests/security/testpost.17 | 1
tests/security/testpost.18 | 1
tests/security/testpost.19 | 1
tests/security/testpost.2 | 1
tests/security/testpost.20 | 1
tests/security/testpost.21 | 1
tests/security/testpost.3 | 1
tests/security/testpost.4 | 1
tests/security/testpost.5 | 1
tests/security/testpost.6 | 1
tests/security/testpost.7 | 1
tests/security/testpost.8 | 1
tests/security/testpost.9 | 1
tests/setup.sh | 250
tests/ugdsconfig/testget.10 | 2
tests/viewdata/testget.2 | 2
tests/viewdata/testget.3 | 2
tests/viewdata/testget.4 | 2
tests/viewlog/testget.3 | 2
tests/viewlog/testget.4 | 2
wrappers/systemd.service.in | 24
130 files changed, 33076 insertions(+), 36365 deletions(-)
---
12 years, 1 month
VERSION.sh
by Richard Allen Megginson
VERSION.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 800e08a89aabaabecaf3309e6a8f6306b8bfd205
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Mar 22 09:44:05 2012 -0600
bump version to 1.1.28
diff --git a/VERSION.sh b/VERSION.sh
index ff6be42..762df84 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -11,7 +11,7 @@ vendorurl=http://port389.org
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=1
-VERSION_MAINT=27
+VERSION_MAINT=28
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
12 years, 1 month
admserv/cgi-src40
by Noriko Hosoi
admserv/cgi-src40/htmladmin.c | 77 ++++++++++++++++++++++-------------
admserv/cgi-src40/statpingserv.c | 84 ++++++++++++++++++++-------------------
2 files changed, 93 insertions(+), 68 deletions(-)
New commits:
commit 26869affd9e594ae71c3a7ad4b7c230c78f4fde2
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Mar 15 17:07:44 2012 -0700
Trac Ticket #307 - htmladmin keeps segfaulting
https://fedorahosted.org/389/ticket/307
Fix Description:
PR_GetHostByName was used to get PRHostEnt in htmladmin, but it
was called only when the first character of host was not digit.
The direct cause of the crash was the PRHostEnt variable to fill
in in PR_GetHostByName was not initialized, thus if the hostname
started with digit, the uninitialized, garbage address in the
variable was accessed, which crashed htmladmin.
This patch removes the hostname check and replaces PR_GetHostByName
with PR_GetAddrInfoByName to support IPv6 environment. Also, to
support numerical address, PR_StringToNetAddr is added before
trying PR_GetAddrInfoByName.
Another cgi statpingserv has the same coding style. It is being
fixed, too.
diff --git a/admserv/cgi-src40/htmladmin.c b/admserv/cgi-src40/htmladmin.c
index a294766..09d0ad0 100644
--- a/admserv/cgi-src40/htmladmin.c
+++ b/admserv/cgi-src40/htmladmin.c
@@ -854,6 +854,7 @@ LDAP *server_bind(const char *securitydir, char *host, int port, int security, c
return server;
}
+#if 0 /* NOT USED */
/* rate is specified in seconds */
static int get_topology_refresh_rate(AdmldapInfo admInfo) {
@@ -868,7 +869,7 @@ static int get_topology_refresh_rate(AdmldapInfo admInfo) {
return rate;
}
-
+#endif
/* rate is specified in seconds */
static int get_cgi_timeout_rate(AdmldapInfo admInfo) {
@@ -895,38 +896,58 @@ static int get_cgi_timeout_rate(AdmldapInfo admInfo) {
* -1 = unknown error
*/
-int server_status(char *host, int port) {
-
- PRHostEnt *hstruct;
- PRHostEnt hent;
- char buf[PR_NETDB_BUF_SIZE];
+int
+server_status(char *host, int port)
+{
+ PRNetAddr *netaddr = NULL;
PRStatus err;
-
PRFileDesc *req_socket= NULL;
- int retcode;
- PRNetAddr netAddr;
-
- if(!isdigit(host[0])) {
- err = PR_GetHostByName(host,
- buf,
- PR_NETDB_BUF_SIZE,
- &hent);
- if(err == PR_FAILURE)
- return -1;
- }
+ int retcode = 0;
- hstruct = &hent;
- PR_InitializeNetAddr(PR_IpAddrNull, (PRUint16)port, &netAddr);
- netAddr.inet.ip = *((PRUint32*)hstruct->h_addr_list[0]);
-
- req_socket = PR_NewTCPSocket();
- retcode = PR_Connect(req_socket, &netAddr, 10000);
+ if (NULL == host) {
+ return -1;
+ }
- if(retcode != 0)
- return 0;
- else
- return 1;
+ netaddr = (PRNetAddr *)calloc(1, sizeof(PRNetAddr));
+ if (NULL == netaddr) {
+ rpt_err(APP_ERROR, "Failed to allocate PRNetAddr", NULL, NULL);
+ return -1;
+ }
+ err = PR_StringToNetAddr(host, netaddr);
+ if (PR_SUCCESS == err) {
+ PR_InitializeNetAddr(PR_IpAddrNull, (PRUint16)port, netaddr);
+ } else {
+ PRAddrInfo *infop = PR_GetAddrInfoByName(host,
+ PR_AF_UNSPEC, (PR_AI_ADDRCONFIG|PR_AI_NOCANONNAME));
+ if (infop) {
+ void *iter = NULL;
+ memset( netaddr, 0, sizeof( PRNetAddr ));
+ /* need just one address */
+ iter = PR_EnumerateAddrInfo(iter, infop, (PRUint16)port, netaddr);
+ if (NULL == iter) {
+ rpt_err(APP_ERROR, "Failed to enumerate addrinfo", NULL, NULL);
+ retcode = -1;
+ }
+ PR_FreeAddrInfo(infop);
+ } else {
+ rpt_err(APP_ERROR, "Failed to get addrinfo", NULL, NULL);
+ retcode = -1;
+ }
+ }
+ if (retcode < 0) {
+ free(netaddr);
+ return retcode;
+ } else {
+ req_socket = PR_NewTCPSocket();
+ err = PR_Connect(req_socket, netaddr, 10000);
+ free(netaddr);
+ if (PR_SUCCESS == err) {
+ return 1;
+ } else {
+ return 0;
+ }
+ }
}
diff --git a/admserv/cgi-src40/statpingserv.c b/admserv/cgi-src40/statpingserv.c
index 363eed3..d6e55f7 100644
--- a/admserv/cgi-src40/statpingserv.c
+++ b/admserv/cgi-src40/statpingserv.c
@@ -59,16 +59,13 @@ int main(int argc, char *argv[])
char *m;
char *qs = getenv("QUERY_STRING");
- PRHostEnt hent;
- char buf[PR_NETDB_BUF_SIZE];
PRStatus err;
char gifbuf[BUFSIZ];
PRInt32 bytes;
PRFileDesc *req_socket= NULL;
- int retcode;
- PRNetAddr netAddr;
-
+ int retcode = 0;
+ PRNetAddr *netaddr = NULL;
char *result;
char *host;
int port;
@@ -79,13 +76,6 @@ int main(int argc, char *argv[])
struct PRFileInfo64 prfileinfo;
m = getenv("REQUEST_METHOD");
- /*
- {
- int d=1;
- while(d>0)
- {;}
- }
- */
if(!strcmp(m, "GET")) {
if(qs)
@@ -93,54 +83,68 @@ int main(int argc, char *argv[])
result = get_cgi_var("result", NULL, NULL);
host = get_cgi_var("host", NULL, NULL);
- portstr = get_cgi_var("port", NULL, NULL);
- if (portstr) {
- port = atoi(portstr);
- } else {
- port = 0;
- }
+ portstr = get_cgi_var("port", NULL, NULL);
+ if (portstr) {
+ port = atoi(portstr);
+ } else {
+ port = 0;
+ }
if(result && !strcmp(result, "text"))
fprintf(stdout, "Content-type: text/html\n");
else
fprintf(stdout, "Content-type: image/gif\n");
- if (!host || !port) {
- rpt_err(APP_ERROR, "Invalid hostname and/or port number!", NULL, NULL);
- }
- if(!isdigit(host[0])) {
- err = PR_GetHostByName(host, buf, sizeof(buf), &hent);
- if(err == PR_FAILURE) {
- rpt_err(APP_ERROR, "Cannot resolve host name!", NULL, NULL);
- }
-
- PR_InitializeNetAddr(PR_IpAddrNull, (PRUint16)port, &netAddr);
- memcpy((void *) &netAddr.inet.ip, (void const *) hent.h_addr_list[0], sizeof(netAddr.inet.ip));
+ if (!host || !port) {
+ rpt_err(APP_ERROR, "Invalid hostname and/or port number!", NULL, NULL);
+ return -1;
+ }
+ netaddr = (PRNetAddr *)calloc(1, sizeof(PRNetAddr));
+ if (NULL == netaddr) {
+ rpt_err(APP_ERROR, "Failed to allocate PRNetAddr", NULL, NULL);
+ return -1;
+ }
+ err = PR_StringToNetAddr(host, netaddr);
+ if (PR_SUCCESS == err) {
+ PR_InitializeNetAddr(PR_IpAddrNull, (PRUint16)port, netaddr);
} else {
- PR_InitializeNetAddr(PR_IpAddrNull, (PRUint16)port, &netAddr);
- err = PR_StringToNetAddr(host, &netAddr);
- if(err == PR_FAILURE) {
- rpt_err(APP_ERROR, "Cannot parse host address!", NULL, NULL);
+ PRAddrInfo *infop = PR_GetAddrInfoByName(host,
+ PR_AF_UNSPEC, (PR_AI_ADDRCONFIG|PR_AI_NOCANONNAME));
+ if (infop) {
+ void *iter = NULL;
+ memset( netaddr, 0, sizeof( PRNetAddr ));
+ /* need just one address */
+ iter = PR_EnumerateAddrInfo(iter, infop, (PRUint16)port, netaddr);
+ if (NULL == iter) {
+ rpt_err(APP_ERROR, "Failed to enumerate addrinfo", NULL, NULL);
+ retcode = -1;
+ }
+ PR_FreeAddrInfo(infop);
+ } else {
+ rpt_err(APP_ERROR, "Failed to get addrinfo", NULL, NULL);
+ retcode = -1;
}
}
- req_socket = PR_NewTCPSocket();
-
- retcode = PR_Connect(req_socket, &netAddr, 10000);
+ if (retcode > -1) {
+ req_socket = PR_NewTCPSocket();
+ retcode = PR_Connect(req_socket, netaddr, 10000);
+ }
+ free(netaddr);
if (retcode != 0) {
/* SERVER IS DOWN - output the OFF button */
if(result && !strcmp(result, "text")) {
- rpt_success("The server is DOWN.");
- return 1;
+ rpt_success("The server is DOWN.");
+ return 1;
}
file = PR_smprintf("%s/togoff.gif", ICONDIR);
}
else {
/* SERVER IS RUNNING - output of ON button */
if(result && !strcmp(result, "text")) {
- rpt_success("The server is UP.");
- return 1;
+ rpt_success("The server is UP.");
+ return 1;
}
file = PR_smprintf("%s/togon.gif", ICONDIR);
}
12 years, 1 month
admserv/cgi-src40 mod_admserv/mod_admserv.c
by Mark Reynolds
admserv/cgi-src40/htmladmin.c | 46 +++++++++++++++++++++---------------------
admserv/cgi-src40/stopsrv.c | 4 +--
admserv/cgi-src40/viewdata.c | 4 +--
admserv/cgi-src40/viewlog.c | 12 +++++-----
mod_admserv/mod_admserv.c | 4 +--
5 files changed, 35 insertions(+), 35 deletions(-)
New commits:
commit 00c2b1876cf0c239f6ac2a5c491e2d71acd579b4
Author: Mark Reynolds <mareynol(a)redhat.com>
Date: Thu Mar 15 11:20:00 2012 -0400
Ticket #286 - compilation fixes for 'format-security'
Bug Description: If you compile with "-Wformat-security -Werror=format-security" the
compilation will fail.
Fix Description: Added the missing the format string.
https://fedorahosted.org/389/ticket/286
diff --git a/admserv/cgi-src40/htmladmin.c b/admserv/cgi-src40/htmladmin.c
index e79ad82..a294766 100644
--- a/admserv/cgi-src40/htmladmin.c
+++ b/admserv/cgi-src40/htmladmin.c
@@ -981,7 +981,7 @@ int output_topology(AdmldapInfo ldapInfo,
}
- fprintf(stdout, getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_HEADER));
+ fprintf(stdout, "%s", getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_HEADER));
for(domain_entry = ldap_first_entry(server, domain_result);
domain_entry != NULL;
@@ -1334,7 +1334,7 @@ int output_topology(AdmldapInfo ldapInfo,
PR_smprintf_free((char *)log_link);
}
- fprintf(stdout, getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_OUTPUT_TOPOLOGY_TABLE_FOOTER));
util_ldap_value_free(vals);
} else {
@@ -1563,7 +1563,7 @@ int main(int argc, char *argv[])
m = getenv("REQUEST_METHOD");
- fprintf(stdout, getResourceString(DBT_MAIN_CONTENT_TYPE));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_CONTENT_TYPE));
if(m && !strcmp(m, "GET")) {
@@ -1587,15 +1587,15 @@ int main(int argc, char *argv[])
* Load the frames.
*/
- fprintf(stdout, getResourceString(DBT_MAIN_FRAME_HEADER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAME_HEADER));
fprintf(stdout, "%s", view ? viewparam : "");
- fprintf(stdout, getResourceString(DBT_MAIN_FRAME_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAME_FOOTER));
}
else if(operation && !strcmp(operation, "empty")) {
/* Message frame */
- fprintf(stdout, getResourceString(DBT_MAIN_MESSAGE_FRAME));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_MESSAGE_FRAME));
}
else if(operation && !strcmp(operation, "topframepaint")) {
FILE *html = open_html_file(MY_PAGE);
@@ -1606,11 +1606,11 @@ int main(int argc, char *argv[])
}
}
else if(operation && !strcmp(operation, "framepaint")) {
- fprintf(stdout, getResourceString(DBT_MAIN_FRAMESET_HEADER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAMESET_HEADER));
fprintf(stdout, "%s", view ? viewparam : "");
- fprintf(stdout, getResourceString(DBT_MAIN_FRAMESET_BODY));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAMESET_BODY));
fprintf(stdout, "%s", view ? viewparam : "");
- fprintf(stdout, getResourceString(DBT_MAIN_FRAMESET_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_FRAMESET_FOOTER));
}
else if(operation && !strcmp(operation, "viewselect")) {
/*
@@ -1636,7 +1636,7 @@ int main(int argc, char *argv[])
if(server)
selections = get_all_users_views(server, binddn, ldapInfo);
- fprintf(stdout, getResourceString(DBT_MAIN_BODY_HEADER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_BODY_HEADER));
found=0;
i=0;
@@ -1658,7 +1658,7 @@ int main(int argc, char *argv[])
- fprintf(stdout, getResourceString(DBT_MAIN_BODY_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_BODY_FOOTER));
}
else {
@@ -1741,10 +1741,10 @@ int main(int argc, char *argv[])
count++;
}
if(count == max_count) {
- fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
- fprintf(stdout, getResourceString(DBT_STOP_SERVER_ERROR));
- fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
- fprintf(stdout, getResourceString(DBT_MAIN_PAGE_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
+ fprintf(stdout, "%s", getResourceString(DBT_STOP_SERVER_ERROR));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_PAGE_FOOTER));
return 1;
}
}
@@ -1757,10 +1757,10 @@ int main(int argc, char *argv[])
count++;
}
if(count == max_count) {
- fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
- fprintf(stdout, getResourceString(DBT_START_SERVER_ERROR));
- fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
- fprintf(stdout, getResourceString(DBT_MAIN_PAGE_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
+ fprintf(stdout, "%s", getResourceString(DBT_START_SERVER_ERROR));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_PAGE_FOOTER));
return 1;
}
}
@@ -1769,7 +1769,7 @@ int main(int argc, char *argv[])
output_topology:
- fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_HEADER));
rv = output_topology(ldapInfo,
binddn,
@@ -1777,13 +1777,13 @@ output_topology:
view);
if(rv == -1) {
- fprintf(stdout, getResourceString(DBT_MAIN_LDAP_ERROR));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_LDAP_ERROR));
}
- fprintf(stdout, getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TOPOLOGY_BODY_FOOTER));
}
- fprintf(stdout, getResourceString(DBT_MAIN_PAGE_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_PAGE_FOOTER));
}
return 0;
}
diff --git a/admserv/cgi-src40/stopsrv.c b/admserv/cgi-src40/stopsrv.c
index 780a6d0..436989e 100644
--- a/admserv/cgi-src40/stopsrv.c
+++ b/admserv/cgi-src40/stopsrv.c
@@ -120,7 +120,7 @@ int main(int argc, char *argv[])
}
else {
if(return_format && !strcmp(return_format, "html")) {
- fprintf(stdout, getResourceString(DBT_UNIX_STOP_FAIL));
+ fprintf(stdout, "%s", getResourceString(DBT_UNIX_STOP_FAIL));
}
else {
rpt_err(SYSTEM_ERROR,
@@ -170,7 +170,7 @@ int main(int argc, char *argv[])
}
else {
if(return_format && !strcmp(return_format, "html")) {
- fprintf(stdout, getResourceString(DBT_UNIX_STOP_SUCCESS));
+ fprintf(stdout, "%s", getResourceString(DBT_UNIX_STOP_SUCCESS));
}
else {
rpt_unknown("Admin server should be shutdown on user request");
diff --git a/admserv/cgi-src40/viewdata.c b/admserv/cgi-src40/viewdata.c
index 25b66c9..7dd5d80 100644
--- a/admserv/cgi-src40/viewdata.c
+++ b/admserv/cgi-src40/viewdata.c
@@ -446,9 +446,9 @@ int main(int argc, char *argv[])
while(next_html_line(html, line)) {
if(parse_line(line, NULL)) {
if(directive_is(line, "SHOW_DATA")) {
- fprintf(stdout, getResourceString(DBT_MAIN_TABLE_HEADER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TABLE_HEADER));
output_data(server, sie);
- fprintf(stdout, getResourceString(DBT_MAIN_TABLE_FOOTER));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TABLE_FOOTER));
}
else if(directive_is(line, "ID_TITLE")) {
char **vals;
diff --git a/admserv/cgi-src40/viewlog.c b/admserv/cgi-src40/viewlog.c
index a47b5cf..e4ec208 100644
--- a/admserv/cgi-src40/viewlog.c
+++ b/admserv/cgi-src40/viewlog.c
@@ -192,7 +192,7 @@ void display_logfiles(char *logdir, char *default_logfile)
token = strtok(NULL, seps);
}
}
- fprintf(stdout, getResourceString(DBT_DISPLAY_LOGFILE_SELECT_BEGIN));
+ fprintf(stdout, "%s", getResourceString(DBT_DISPLAY_LOGFILE_SELECT_BEGIN));
logfiles = list_directory(logdir, 0);
@@ -209,9 +209,9 @@ void display_logfiles(char *logdir, char *default_logfile)
}
if(!at_least_one)
- fprintf(stdout, getResourceString(DBT_DISPLAY_LOGFILE_NO_LOG));
+ fprintf(stdout, "%s", getResourceString(DBT_DISPLAY_LOGFILE_NO_LOG));
- fprintf(stdout, getResourceString(DBT_DISPLAY_LOGFILE_SELECT_END));
+ fprintf(stdout, "%s", getResourceString(DBT_DISPLAY_LOGFILE_SELECT_END));
}
@@ -458,19 +458,19 @@ int main(int argc, char *argv[])
PR_snprintf(full_path, sizeof(full_path), "%s%c%s", logdir, FILE_PATHSEP, file);
cmd = fopen(full_path, "r");
- fprintf(stdout, getResourceString(DBT_MAIN_WIDTH));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_WIDTH));
PR_snprintf(tmp, sizeof(tmp), getResourceString(DBT_SUBTITLE), num, file, (str)? getResourceString(DBT_WITH) : "",
(str)? str : "");
fprintf(stdout, (const char*)getResourceString(DBT_MAIN_TABLE), tmp);
- fprintf(stdout, getResourceString(DBT_MAIN_TABLE_FONT));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TABLE_FONT));
/* begin search */
if(cmd) {
search_file(cmd, atoi(num), str);
fclose(cmd);
}
- fprintf(stdout, getResourceString(DBT_MAIN_TABLE_FONT_CLOSE));
+ fprintf(stdout, "%s", getResourceString(DBT_MAIN_TABLE_FONT_CLOSE));
} else {
fputs(line, stdout);
}
diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index e27a7a1..f2c91fe 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -1074,7 +1074,7 @@ check_auth_tasks_cache(char *dn, const char *userdn, request_rec *r, long now, i
return OK;
bad:
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, msg);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "%s", msg);
if (send_response) {
return admserv_error_std(r, msg);
}
@@ -2052,7 +2052,7 @@ admserv_host_ip_check(request_rec *r)
msg = apr_psprintf(r->pool, "admserv_host_ip_check: Unauthorized host ip=%s, connection rejected",
clientIP);
- ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, msg);
+ ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r, "%s", msg);
return admserv_error(r, HTTP_UNAUTHORIZED, msg);
}
12 years, 1 month
ldap/servers
by Noriko Hosoi
ldap/servers/plugins/dna/dna.c | 4 ----
1 file changed, 4 deletions(-)
New commits:
commit 77cacd96c1648373939a0bf3a4cba81b42cafda3
Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com>
Date: Thu Mar 15 09:46:23 2012 -0700
coverity 12606 Logically dead code
The previous fix (commit 325abca7135d06225adf5380d726de60dacda5a4)
for "Ticket #303 - make DNA range requests work with transactions"
introduced this dead code. Since dna_pre_op does not allocate
an entry "e", there is no need to check the flag "free_entry" and
free it.
Reviewed by mareynol(a)redhat.com (Thanks, Mark!!).
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index c744e0a..ce2486e 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -3214,7 +3214,6 @@ dna_pre_op(Slapi_PBlock * pb, int modtype)
char *dn = NULL;
Slapi_Mods *smods = NULL;
LDAPMod **mods;
- int free_entry = 0;
int ret = 0;
slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
@@ -3308,9 +3307,6 @@ dna_pre_op(Slapi_PBlock * pb, int modtype)
slapi_mods_free(&smods);
}
bail:
- if (free_entry && e)
- slapi_entry_free(e);
-
if (resulting_e)
slapi_entry_free(resulting_e);
12 years, 1 month
Branch 'Directory_Server_8_2_Branch' - ldap/servers
by Noriko Hosoi
ldap/servers/plugins/replication/repl5_inc_protocol.c | 44 +++++++++++++++---
1 file changed, 38 insertions(+), 6 deletions(-)
New commits:
commit 72401ea2588d3aec7622155fdf5dd9e5af7f8f95
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Thu Mar 8 12:06:37 2012 -0700
Bug 800173 - RHDS fractional replication with excluded password policy attributes leads to wrong error messages.
https://bugzilla.redhat.com/show_bug.cgi?id=800173
Resolves: Bug 800173
Bug Description: RHDS fractional replication with excluded password policy attributes leads to wrong error messages.
Reviewed by: nhosoi (Thanks!)
Branch: Directory_Server_8_2_Branch
Fix Description: Fractional replication can remove _all_ mods in an add or
modify operation. The mozldap SDK will return an err=89 LDAP_PARAM_ERROR
in this case. The solution is to just skip add and modify operations
that contain no data.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
index 4de9fc7..9279506 100644
--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
@@ -158,6 +158,9 @@ typedef struct result_data
*/
#define PROTOCOL_IS_SHUTDOWN(prp) (event_occurred(prp, EVENT_PROTOCOL_SHUTDOWN) || prp->terminate)
+/* mods should be LDAPMod **mods */
+#define MODS_ARE_EMPTY(mods) ((mods == NULL) || (mods[0] == NULL))
+
/* Forward declarations */
static PRUint32 event_occurred(Private_Repl_Protocol *prp, PRUint32 event);
static void reset_events (Private_Repl_Protocol *prp);
@@ -1389,6 +1392,11 @@ replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op, int *m
char csn_str[CSN_STRSIZE]; /* For logging only */
csn_as_string(op->csn, PR_FALSE, csn_str);
+ if (message_id) {
+ /* if we get out of this function without setting message_id, it means
+ we didn't send an op, so no result needs to be processed */
+ *message_id = 0;
+ }
/* Construct the replication info control that accompanies the operation */
if (SLAPI_OPERATION_ADD == op->operation_type)
@@ -1447,8 +1455,17 @@ replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op, int *m
{
repl5_strip_fractional_mods(prp->agmt,entryattrs);
}
- return_value = conn_send_add(prp->conn, op->target_address.dn,
- entryattrs, update_control, message_id);
+ if (MODS_ARE_EMPTY(entryattrs)) {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: replay_update: %s operation (dn=\"%s\" csn=%s) "
+ "not sent - empty\n",
+ agmt_get_long_name(prp->agmt),
+ op2string(op->operation_type), op->target_address.dn, csn_str);
+ return_value = CONN_OPERATION_SUCCESS;
+ } else {
+ return_value = conn_send_add(prp->conn, op->target_address.dn,
+ entryattrs, update_control, message_id);
+ }
ldap_mods_free(entryattrs, 1);
}
break;
@@ -1459,8 +1476,17 @@ replay_update(Private_Repl_Protocol *prp, slapi_operation_parameters *op, int *m
{
repl5_strip_fractional_mods(prp->agmt,op->p.p_modify.modify_mods);
}
- return_value = conn_send_modify(prp->conn, op->target_address.dn,
- op->p.p_modify.modify_mods, update_control, message_id);
+ if (MODS_ARE_EMPTY(op->p.p_modify.modify_mods)) {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: replay_update: %ss operation (dn=\"%s\" csn=%s) "
+ "not sent - empty\n",
+ agmt_get_long_name(prp->agmt),
+ op2string(op->operation_type), op->target_address.dn, csn_str);
+ return_value = CONN_OPERATION_SUCCESS;
+ } else {
+ return_value = conn_send_modify(prp->conn, op->target_address.dn,
+ op->p.p_modify.modify_mods, update_control, message_id);
+ }
break;
case SLAPI_OPERATION_DELETE:
return_value = conn_send_delete(prp->conn, op->target_address.dn,
@@ -1867,7 +1893,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
replica_id = csn_get_replicaid(entry.op->csn);
uniqueid = entry.op->target_address.uniqueid;
- if (prp->repl50consumer)
+ if (prp->repl50consumer && message_id)
{
int operation, error = 0;
@@ -1879,7 +1905,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
csn_as_string(entry.op->csn, PR_FALSE, csn_str);
return_value = repl5_inc_update_from_op_result(prp, replay_crc, error, csn_str, uniqueid, replica_id, &finished, num_changes_sent);
}
- else {
+ else if (message_id) {
/* Queue the details for pickup later in the response thread */
repl5_inc_operation *sop = NULL;
sop = repl5_inc_operation_new();
@@ -1889,6 +1915,12 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
sop->replica_id = replica_id;
sop->uniqueid = slapi_ch_strdup(uniqueid);
repl5_int_push_operation(rd,sop);
+ } else {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "%s: Skipping update operation with no message_id (uniqueid %s, CSN %s):\n",
+ agmt_get_long_name(prp->agmt),
+ entry.op->target_address.uniqueid, csn_str);
+ agmt_inc_last_update_changecount (prp->agmt, csn_get_replicaid(entry.op->csn), 1 /*skipped*/);
}
}
break;
12 years, 1 month
ldap/admin ldap/ldif ldap/servers
by Noriko Hosoi
ldap/admin/src/scripts/dnaplugindepends.ldif | 3
ldap/ldif/template-dnaplugin.ldif.in | 2
ldap/servers/plugins/dna/dna.c | 1066 +++++++++++++++------------
ldap/servers/slapd/operation.c | 9
ldap/servers/slapd/pagedresults.c | 3
ldap/servers/slapd/slapi-plugin.h | 1
6 files changed, 614 insertions(+), 470 deletions(-)
New commits:
commit 325abca7135d06225adf5380d726de60dacda5a4
Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com>
Date: Wed Mar 14 09:22:16 2012 -0700
Trac Ticket #303 - make DNA range requests work with transactions
https://fedorahosted.org/389/ticket/303
Fix Description:
1. pre_op: Adding missing dnatypes or replacing the magicregen
value with the current uid/gidNumber value is done at the
be_pre_op phase. Modify can use the entry set in pblock
with SLAPI_MODIFY_EXISTING_ENTRY (instead of getting the
entry by searching it internally). Also, if the operation
is a replication op, the pre_op is skipped.
2. The type of DNA plug-in is changed to bepreoperation.
Upgrade script "setup-ds.pl -u" takes care of the plugin
type change, as well.
3. post_op: Moving dna_config_check_post_op to BE_TXN_POST_OP.
If it is an internal operation, the dna post op is being
skipped to avoid self re-entrant deadlock.
4. Fixed memory leaks on DNA_NEEDS_UPDATE and an uninitialized
variable access.
diff --git a/ldap/admin/src/scripts/dnaplugindepends.ldif b/ldap/admin/src/scripts/dnaplugindepends.ldif
index 9622c42..403158d 100644
--- a/ldap/admin/src/scripts/dnaplugindepends.ldif
+++ b/ldap/admin/src/scripts/dnaplugindepends.ldif
@@ -2,3 +2,6 @@ dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
add: nsslapd-plugin-depends-on-type
nsslapd-plugin-depends-on-type: database
+-
+replace: nsslapd-pluginType
+nsslapd-pluginType: bepreoperation
diff --git a/ldap/ldif/template-dnaplugin.ldif.in b/ldap/ldif/template-dnaplugin.ldif.in
index aa0008a..61b317a 100644
--- a/ldap/ldif/template-dnaplugin.ldif.in
+++ b/ldap/ldif/template-dnaplugin.ldif.in
@@ -5,7 +5,7 @@ objectclass: extensibleObject
objectclass: nsContainer
cn: Distributed Numeric Assignment Plugin
nsslapd-plugininitfunc: dna_init
-nsslapd-plugintype: preoperation
+nsslapd-plugintype: bepreoperation
nsslapd-pluginenabled: off
nsslapd-pluginPath: libdna-plugin
nsslapd-plugin-depends-on-type: database
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index 5631186..c744e0a 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -210,7 +210,6 @@ static char *dna_extend_exop_oid_list[] = {
int dna_init(Slapi_PBlock * pb);
static int dna_start(Slapi_PBlock * pb);
static int dna_close(Slapi_PBlock * pb);
-static int dna_internal_preop_init(Slapi_PBlock *pb);
static int dna_postop_init(Slapi_PBlock * pb);
static int dna_exop_init(Slapi_PBlock * pb);
static int dna_be_txn_preop_init(Slapi_PBlock *pb);
@@ -232,7 +231,6 @@ static int dna_load_host_port();
*
*/
static char *dna_get_dn(Slapi_PBlock * pb);
-static Slapi_DN *dna_get_sdn(Slapi_PBlock * pb);
static int dna_dn_is_config(char *dn);
static int dna_get_next_value(struct configEntry * config_entry,
char **next_value_ret);
@@ -264,6 +262,7 @@ static int dna_list_contains_types(char **list, char **types);
static void dna_list_remove_type(char **list, char *type);
static int dna_is_multitype_range(struct configEntry *config_entry);
static void dna_create_valcheck_filter(struct configEntry *config_entry, PRUint64 value, char **filter);
+static int dna_isrepl(Slapi_PBlock *pb);
/**
*
@@ -350,8 +349,6 @@ const char *getPluginDN()
return _PluginDN;
}
-static int plugin_is_betxn = 0;
-
/*
dna_init
-------------
@@ -362,28 +359,17 @@ dna_init(Slapi_PBlock *pb)
{
int status = DNA_SUCCESS;
char *plugin_identity = NULL;
- Slapi_Entry *plugin_entry = NULL;
char *plugin_type = NULL;
- int preadd = SLAPI_PLUGIN_PRE_ADD_FN;
- int premod = SLAPI_PLUGIN_PRE_MODIFY_FN;
+ int preadd = SLAPI_PLUGIN_BE_PRE_ADD_FN;
+ int premod = SLAPI_PLUGIN_BE_PRE_MODIFY_FN;
slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
"--> dna_init\n");
- if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY, &plugin_entry) == 0) &&
- plugin_entry &&
- (plugin_type = slapi_entry_attr_get_charptr(plugin_entry, "nsslapd-plugintype")) &&
- plugin_type && strstr(plugin_type, "betxn")) {
- plugin_is_betxn = 1;
- preadd = SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN;
- premod = SLAPI_PLUGIN_BE_TXN_PRE_MODIFY_FN;
- }
- slapi_ch_free_string(&plugin_type);
-
/**
- * Store the plugin identity for later use.
- * Used for internal operations
- */
+ * Store the plugin identity for later use.
+ * Used for internal operations
+ */
slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &plugin_identity);
PR_ASSERT(plugin_identity);
@@ -404,25 +390,8 @@ dna_init(Slapi_PBlock *pb)
status = DNA_FAILURE;
}
- if ((status == DNA_SUCCESS) && !plugin_is_betxn &&
- /* internal preoperation */
- slapi_register_plugin("internalpreoperation", /* op type */
- 1, /* Enabled */
- "dna_init", /* this function desc */
- dna_internal_preop_init, /* init func */
- DNA_INT_PREOP_DESC, /* plugin desc */
- NULL, /* ? */
- plugin_identity /* access control */
- )) {
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_init: failed to register internalpreoperation plugin\n");
- status = DNA_FAILURE;
- }
if (status == DNA_SUCCESS) {
- plugin_type = "postoperation";
- if (plugin_is_betxn) {
- plugin_type = "betxnpostoperation";
- }
+ plugin_type = "betxnpostoperation";
/* the config change checking post op */
if (slapi_register_plugin(plugin_type, /* op type */
1, /* Enabled */
@@ -477,42 +446,14 @@ dna_init(Slapi_PBlock *pb)
return status;
}
-/* not used when using plugin as a betxn plugin - betxn plugins are called for both internal and external ops */
-static int
-dna_internal_preop_init(Slapi_PBlock *pb)
-{
- int status = DNA_SUCCESS;
-
- if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
- SLAPI_PLUGIN_VERSION_01) != 0 ||
- slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
- (void *) &pdesc) != 0 ||
- slapi_pblock_set(pb, SLAPI_PLUGIN_INTERNAL_PRE_MODIFY_FN,
- (void *) dna_mod_pre_op) != 0 ||
- slapi_pblock_set(pb, SLAPI_PLUGIN_INTERNAL_PRE_ADD_FN,
- (void *) dna_add_pre_op) != 0) {
- status = DNA_FAILURE;
- }
-
- return status;
-}
-
static int
dna_postop_init(Slapi_PBlock *pb)
{
int status = DNA_SUCCESS;
- int addfn = SLAPI_PLUGIN_POST_ADD_FN;
- int delfn = SLAPI_PLUGIN_POST_DELETE_FN;
- int modfn = SLAPI_PLUGIN_POST_MODIFY_FN;
- int mdnfn = SLAPI_PLUGIN_POST_MODRDN_FN;
-
- if (plugin_is_betxn) {
- addfn = SLAPI_PLUGIN_BE_TXN_POST_ADD_FN;
- delfn = SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN;
- modfn = SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN;
- mdnfn = SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN;
- }
-
+ int addfn = SLAPI_PLUGIN_BE_TXN_POST_ADD_FN;
+ int delfn = SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN;
+ int modfn = SLAPI_PLUGIN_BE_TXN_POST_MODIFY_FN;
+ int mdnfn = SLAPI_PLUGIN_BE_TXN_POST_MODRDN_FN;
if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION,
SLAPI_PLUGIN_VERSION_01) != 0 ||
slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
@@ -577,7 +518,7 @@ static int
dna_start(Slapi_PBlock * pb)
{
Slapi_DN *pluginsdn = NULL;
- const char *plugindn = NULL;
+ const char *plugindn = NULL;
slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
"--> dna_start\n");
@@ -597,10 +538,10 @@ dna_start(Slapi_PBlock * pb)
}
/**
- * Get the plug-in target dn from the system
- * and store it for future use. This should avoid
- * hardcoding of DN's in the code.
- */
+ * Get the plug-in target dn from the system
+ * and store it for future use. This should avoid
+ * hardcoding of DN's in the code.
+ */
slapi_pblock_get(pb, SLAPI_TARGET_SDN, &pluginsdn);
if (NULL == pluginsdn || 0 == slapi_sdn_get_ndn_len(pluginsdn)) {
slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM,
@@ -748,7 +689,7 @@ dna_load_plugin_config()
time(&now);
slapi_eq_once(dna_update_config_event, NULL, now + 30);
- cleanup:
+cleanup:
slapi_free_search_results_internal(search_pb);
slapi_pblock_destroy(search_pb);
dna_unlock();
@@ -790,12 +731,7 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
goto bail;
}
- entry = (struct configEntry *)
- slapi_ch_calloc(1, sizeof(struct configEntry));
- if (NULL == entry) {
- ret = DNA_FAILURE;
- goto bail;
- }
+ entry = (struct configEntry *)slapi_ch_calloc(1, sizeof(struct configEntry));
value = slapi_entry_get_ndn(e);
if (value) {
@@ -927,7 +863,7 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM,
"----------> %s [%s]\n", DNA_SCOPE, entry->scope);
- /* optional, if not specified set -1 which is converted to the max unisgnee
+ /* optional, if not specified set -1 which is converted to the max unsigned
* value */
value = slapi_entry_attr_get_charptr(e, DNA_MAXVAL);
if (value) {
@@ -945,6 +881,7 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
Slapi_Entry *shared_e = NULL;
Slapi_DN *sdn = NULL;
char *normdn = NULL;
+ char *attrs[2];
sdn = slapi_sdn_new_dn_passin(value);
@@ -956,7 +893,10 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
slapi_ch_free_string(&value);
goto bail;
}
- slapi_search_internal_get_entry(sdn, NULL, &shared_e, getPluginID());
+ /* We don't need attributes */
+ attrs[0] = "cn";
+ attrs[1] = NULL;
+ slapi_search_internal_get_entry(sdn, attrs, &shared_e, getPluginID());
/* Make sure that the shared config entry exists. */
if (!shared_e) {
@@ -983,18 +923,19 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
goto bail;
}
entry->shared_cfg_base = slapi_ch_strdup(normdn);
+ slapi_sdn_free(&sdn);
/* We prepend the host & port of this instance as a
* multi-part RDN for the shared config entry. */
normdn = slapi_create_dn_string("%s=%s+%s=%s,%s", DNA_HOSTNAME,
- hostname, DNA_PORTNUM, portnum, normdn);
+ hostname, DNA_PORTNUM, portnum,
+ entry->shared_cfg_base);
if (NULL == normdn) {
slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
"dna_parse_config_entry: failed to create dn: "
"%s=%s+%s=%s,%s", DNA_HOSTNAME,
hostname, DNA_PORTNUM, portnum, value);
ret = DNA_FAILURE;
- slapi_sdn_free(&sdn);
goto bail;
}
entry->shared_cfg_dn = normdn;
@@ -1002,7 +943,6 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM,
"----------> %s [%s]\n", DNA_SHARED_CFG_DN,
entry->shared_cfg_base);
- slapi_sdn_free(&sdn);
}
value = slapi_entry_attr_get_charptr(e, DNA_THRESHOLD);
@@ -1037,7 +977,7 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
char *p = NULL;
/* the next range value is in the form "<lower>-<upper>" */
- if ((p = strstr(value, "-")) != NULL) {
+ if ((p = strchr(value, '-')) != NULL) {
*p = '\0';
++p;
entry->next_range_lower = strtoull(value, 0, 0);
@@ -1151,7 +1091,7 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
entry_added = 1;
}
- bail:
+bail:
if (0 == entry_added) {
/* Don't log error if we weren't asked to apply config */
if ((apply != 0) && (entry != NULL)) {
@@ -1173,43 +1113,28 @@ dna_parse_config_entry(Slapi_Entry * e, int apply)
static void
dna_free_config_entry(struct configEntry ** entry)
{
- struct configEntry *e = *entry;
-
- if (e == NULL)
+ struct configEntry *e;
+ if ((entry == NULL) || (*entry == NULL)) {
return;
+ }
+ e = *entry;
if (e->dn) {
slapi_log_error(SLAPI_LOG_CONFIG, DNA_PLUGIN_SUBSYSTEM,
"freeing config entry [%s]\n", e->dn);
slapi_ch_free_string(&e->dn);
}
- if (e->types)
- slapi_ch_array_free(e->types);
+ slapi_ch_array_free(e->types);
+ slapi_ch_free_string(&e->prefix);
+ slapi_ch_free_string(&e->filter);
+ slapi_filter_free(e->slapi_filter, 1);
+ slapi_ch_free_string(&e->generate);
+ slapi_ch_free_string(&e->scope);
+ slapi_ch_free_string(&e->shared_cfg_base);
+ slapi_ch_free_string(&e->shared_cfg_dn);
- if (e->prefix)
- slapi_ch_free_string(&e->prefix);
-
- if (e->filter)
- slapi_ch_free_string(&e->filter);
-
- if (e->slapi_filter)
- slapi_filter_free(e->slapi_filter, 1);
-
- if (e->generate)
- slapi_ch_free_string(&e->generate);
-
- if (e->scope)
- slapi_ch_free_string(&e->scope);
-
- if (e->shared_cfg_base)
- slapi_ch_free_string(&e->shared_cfg_base);
-
- if (e->shared_cfg_dn)
- slapi_ch_free_string(&e->shared_cfg_dn);
-
- if (e->lock)
- slapi_destroy_mutex(e->lock);
+ slapi_destroy_mutex(e->lock);
slapi_ch_free((void **) entry);
}
@@ -1237,8 +1162,12 @@ dna_delete_config()
static void
dna_free_shared_server(struct dnaServer **server)
{
- struct dnaServer *s = *server;
+ struct dnaServer *s;
+ if ((NULL == server) || (NULL == *server)) {
+ return;
+ }
+ s = *server;
slapi_ch_free_string(&s->host);
slapi_ch_free((void **)server);
@@ -1256,7 +1185,6 @@ dna_delete_shared_servers(PRCList **servers)
}
slapi_ch_free((void **)servers);
- *servers = NULL;
return;
}
@@ -1827,19 +1755,6 @@ static char *dna_get_dn(Slapi_PBlock * pb)
return (char *)slapi_sdn_get_dn(sdn);
}
-static Slapi_DN *
-dna_get_sdn(Slapi_PBlock * pb)
-{
- Slapi_DN *sdn = 0;
- slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
- "--> dna_get_sdn\n");
- slapi_pblock_get(pb, SLAPI_TARGET_SDN, &sdn);
- slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
- "<-- dna_get_sdn\n");
-
- return sdn;
-}
-
/* config check
matching config dn or a descendent reloads config
*/
@@ -1909,8 +1824,8 @@ dna_first_free_value(struct configEntry *config_entry,
Slapi_PBlock *pb = NULL;
LDAPControl **ctrls = NULL;
char *filter = NULL;
- char *prefix;
- int multitype;
+ char *prefix = NULL;
+ int multitype = 0;
int result, status;
PRUint64 tmpval, sval, i;
char *strval = NULL;
@@ -2842,371 +2757,557 @@ dna_create_valcheck_filter(struct configEntry *config_entry, PRUint64 value, cha
}
}
-/* for mods and adds:
- where dn's are supplied, the closest in scope
- is used as long as the type filter matches
- and the type has not been generated yet.
-*/
-
-static int dna_pre_op(Slapi_PBlock * pb, int modtype)
+/* This function is called at BEPREOP timing to add uid/gidNumber
+ * if modtype is missing */
+static int
+_dna_pre_op_add(Slapi_PBlock *pb, Slapi_Entry *e)
{
- struct configEntry *config_entry = NULL;
- struct slapi_entry *e = NULL;
- Slapi_Entry *test_e = NULL;
- Slapi_Entry *resulting_e = NULL;
- Slapi_DN *tmp_dn = NULL;
+ int ret = 0;
PRCList *list = NULL;
- struct berval *bv = NULL;
- char **types_to_generate = NULL;
- char **generated_types = NULL;
- char *errstr = NULL;
+ struct configEntry *config_entry = NULL;
char *dn = NULL;
char *value = NULL;
- char *type = NULL;
- Slapi_Mod *next_mod = NULL;
- Slapi_Mods *smods = NULL;
- Slapi_Mod *smod = NULL;
- Slapi_Attr *attr = NULL;
- LDAPMod **mods;
+ char **types_to_generate = NULL;
+ char **generated_types = NULL;
PRUint64 setval = 0;
- int free_entry = 0;
- int e_numvals = 0;
- int numvals = 0;
- int ret = 0;
- int len = 0;
int i;
- slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
- "--> dna_pre_op\n");
-
- /* Just bail if we aren't ready to service requests yet. */
- if (!g_plugin_started)
+ /* Bail out if the plug-in close function was just called. */
+ if (!g_plugin_started) {
goto bail;
+ }
- if (0 == (dn = dna_get_dn(pb)))
+ if (0 == (dn = dna_get_dn(pb))) {
goto bail;
+ }
+ /*
+ * Find the config that matches this entry, Set the types that need to be
+ * generated to DNA_NEEDS_UPDATE. The be_txn_preop will set the values if
+ * the operation hasn't been rejected by that point.
+ *
+ * We also check if we need to get the next range of values, and grab them.
+ * We do this here so we don't have to do it in the be_txn_preop.
+ */
+ dna_read_lock();
- if (LDAP_CHANGETYPE_ADD == modtype) {
- slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
- } else {
- tmp_dn = dna_get_sdn(pb);
- if (tmp_dn) {
- slapi_search_internal_get_entry(tmp_dn, 0, &e, getPluginID());
- free_entry = 1;
- }
+ if (!PR_CLIST_IS_EMPTY(dna_global_config)) {
+ list = PR_LIST_HEAD(dna_global_config);
- /* grab the mods - we'll put them back later with
- * our modifications appended
- */
- slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
- smods = slapi_mods_new();
- slapi_mods_init_passin(smods, mods);
+ while (list != dna_global_config && LDAP_SUCCESS == ret) {
+ config_entry = (struct configEntry *) list;
- /* We need the resulting entry after the mods are applied to
- * see if the entry is within the scope. */
- if (e) {
- resulting_e = slapi_entry_dup(e);
- if (mods && (slapi_entry_apply_mods(resulting_e, mods) != LDAP_SUCCESS)) {
- /* The mods don't apply cleanly, so we just let this op go
- * to let the main server handle it. */
- goto bailmod;
+ /* Did we already service all of these configured types? */
+ if (dna_list_contains_types(generated_types, config_entry->types)) {
+ goto next;
}
- }
- }
-
- if (e == NULL)
- goto bailmod;
- if (dna_dn_is_config(dn)) {
- /* Validate config changes, but don't apply them.
- * This allows us to reject invalid config changes
- * here at the pre-op stage. Applying the config
- * needs to be done at the post-op stage. */
+ /* is the entry in scope? */
+ if (config_entry->scope &&
+ !slapi_dn_issuffix(dn, config_entry->scope)) {
+ goto next;
+ }
- /* For a MOD, we need to check the resulting entry */
- if (LDAP_CHANGETYPE_ADD == modtype) {
- test_e = e;
- } else {
- test_e = resulting_e;
- }
+ /* does the entry match the filter? */
+ if (config_entry->slapi_filter) {
+ ret = slapi_vattr_filter_test(pb, e, config_entry->slapi_filter,
+ 0);
+ if (LDAP_SUCCESS != ret) {
+ goto next;
+ }
+ }
- if (dna_parse_config_entry(test_e, 0) != DNA_SUCCESS) {
- /* Refuse the operation if config parsing failed. */
- ret = LDAP_UNWILLING_TO_PERFORM;
- if (LDAP_CHANGETYPE_ADD == modtype) {
- errstr = slapi_ch_smprintf("Not a valid DNA configuration entry.");
+ if (dna_is_multitype_range(config_entry)) {
+ /* For a multi-type range, we only generate a value
+ * for types where the magic value is set. We do not
+ * generate a value for missing types. */
+ for (i = 0; config_entry->types && config_entry->types[i];
+ i++) {
+ value = slapi_entry_attr_get_charptr(e,
+ config_entry->types[i]);
+
+ if (value &&
+ !slapi_UTF8CASECMP(config_entry->generate, value)) {
+ slapi_ch_array_add(&types_to_generate,
+ slapi_ch_strdup(config_entry->types[i]));
+ }
+ slapi_ch_free_string(&value);
+ }
} else {
- errstr = slapi_ch_smprintf("Changes result in an invalid "
- "DNA configuration.");
+ /* For a single type range, we generate the value if
+ * the magic value is set or if the type is missing. */
+ value = slapi_entry_attr_get_charptr(e, config_entry->types[0]);
+
+ if ((value &&
+ !slapi_UTF8CASECMP(config_entry->generate, value)) ||
+ (0 == value)) {
+ slapi_ch_array_add(&types_to_generate,
+ slapi_ch_strdup(config_entry->types[0]));
+ }
+ slapi_ch_free_string(&value);
}
- }
- /* We're done, so just bail. */
- goto bailmod;
- } else {
- /* Bail out if the plug-in close function was just called. */
- if (!g_plugin_started) {
- goto bailmod;
- }
- /*
- * Find the config that matches this entry, Set the types that need to be
- * generated to DNA_NEEDS_UPDATE. The be_txn_preop will set the values if
- * the operation hasn't been rejected by that point.
- *
- * We also check if we need to get the next range of values, and grab them.
- * We do this here so we don't have to do it in the be_txn_preop.
- */
- dna_read_lock();
-
- if (!PR_CLIST_IS_EMPTY(dna_global_config)) {
- list = PR_LIST_HEAD(dna_global_config);
- while (list != dna_global_config && LDAP_SUCCESS == ret) {
- config_entry = (struct configEntry *) list;
-
- /* Did we already service all of these configured types? */
- if (dna_list_contains_types(generated_types, config_entry->types)) {
- goto next;
+ if (types_to_generate && types_to_generate[0]) {
+ /* add - add to entry */
+ for (i = 0; types_to_generate && types_to_generate[i]; i++) {
+ slapi_entry_attr_set_charptr(e, types_to_generate[i],
+ /* no need to dup */
+ DNA_NEEDS_UPDATE);
}
- /* is the entry in scope? */
- if (config_entry->scope) {
- if (!slapi_dn_issuffix(dn, config_entry->scope))
- goto next;
+ /* Make sure we don't generate for this
+ * type again by keeping a list of types
+ * we have generated for already.
+ */
+ if (generated_types == NULL) {
+ /* If we don't have a list of generated types yet,
+ * we can just use the types_to_generate list so
+ * we don't have to allocate anything. */
+ generated_types = types_to_generate;
+ types_to_generate = NULL;
+ } else {
+ /* Just reuse the elements out of types_to_generate for the
+ * generated types list to avoid allocating them again. */
+ for (i = 0; types_to_generate && types_to_generate[i]; ++i) {
+ slapi_ch_array_add(&generated_types, types_to_generate[i]);
+ types_to_generate[i] = NULL;
+ }
}
- /* does the entry match the filter? */
- if (config_entry->slapi_filter) {
- /* For a MOD operation, we need to check the filter
- * against the resulting entry. */
- if (LDAP_CHANGETYPE_ADD == modtype) {
- test_e = e;
+ /* free up */
+ slapi_ch_array_free(types_to_generate);
+ types_to_generate = NULL;
+
+ /*
+ * Now grab the next value and see if we need to get the next range
+ */
+ slapi_lock_mutex(config_entry->lock);
+
+ ret = dna_first_free_value(config_entry, &setval);
+ if (LDAP_SUCCESS != ret) {
+ /* check if we overflowed the configured range */
+ if (setval > config_entry->maxval) {
+ /* try for a new range or fail */
+ ret = dna_fix_maxval(config_entry, 0);
+ if (LDAP_SUCCESS != ret) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_pre_op: no more values available!!\n");
+ slapi_unlock_mutex(config_entry->lock);
+ break;
+ }
+
+ /* Make sure dna_first_free_value() doesn't error out */
+ ret = dna_first_free_value(config_entry, &setval);
+ if (LDAP_SUCCESS != ret){
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_pre_op: failed to allocate a new ID\n");
+ slapi_unlock_mutex(config_entry->lock);
+ break;
+ }
} else {
- test_e = resulting_e;
+ /* dna_first_free_value() failed for some unknown reason */
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_pre_op: failed to allocate a new ID!!\n");
+ slapi_unlock_mutex(config_entry->lock);
+ break;
}
+ }
+
+ /* Check if we passed the threshold and try to fix maxval if so.
+ * We don't need to do this if we already have a next range on
+ * deck. We don't check the result of dna_fix_maxval() since
+ * we aren't completely out of values yet. Any failure here is
+ * really a soft failure. */
+ if ((config_entry->next_range_lower == 0) &&
+ (config_entry->remaining <= config_entry->threshold)) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_pre_op: Passed threshold of %"
+ NSPRIu64 " remaining values "
+ "for range %s. (%" NSPRIu64 " values remain)\n",
+ config_entry->threshold, config_entry->dn,
+ config_entry->remaining);
+ dna_fix_maxval(config_entry, 0);
+ }
+
+ slapi_unlock_mutex(config_entry->lock);
+ } else if (types_to_generate) {
+ slapi_ch_free((void **)&types_to_generate);
+ }
+next:
+ ret = 0;
+ list = PR_NEXT_LINK(list);
+ }
+ }
+
+ dna_unlock();
+
+ slapi_ch_array_free(generated_types);
+bail:
+ return ret;
+}
+
+/* This function is called at BEPREOP timing to add uid/gidNumber
+ * if modtype is missing */
+static int
+_dna_pre_op_modify(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Mods *smods)
+{
+ int ret = 0;
+ PRCList *list = NULL;
+ struct configEntry *config_entry = NULL;
+ char *dn = NULL;
+ char *value = NULL;
+ Slapi_Mod *next_mod = NULL;
+ Slapi_Mod *smod = NULL;
+ Slapi_Attr *attr = NULL;
+ char *type = NULL;
+ int e_numvals = 0;
+ int numvals = 0;
+ struct berval *bv = NULL;
+ char **types_to_generate = NULL;
+ char **generated_types = NULL;
+ PRUint64 setval = 0;
+ int len = 0;
+ int i;
- if (LDAP_SUCCESS != slapi_vattr_filter_test(pb, test_e, config_entry->slapi_filter, 0))
+ /* Bail out if the plug-in close function was just called. */
+ if (!g_plugin_started) {
+ goto bail;
+ }
+
+ if (0 == (dn = dna_get_dn(pb))) {
+ goto bail;
+ }
+ /*
+ * Find the config that matches this entry, Set the types that need to be
+ * generated to DNA_NEEDS_UPDATE. The be_txn_preop will set the values if
+ * the operation hasn't been rejected by that point.
+ *
+ * We also check if we need to get the next range of values, and grab them.
+ * We do this here so we don't have to do it in the be_txn_preop.
+ */
+ dna_read_lock();
+
+ if (!PR_CLIST_IS_EMPTY(dna_global_config)) {
+ list = PR_LIST_HEAD(dna_global_config);
+
+ while (list != dna_global_config && LDAP_SUCCESS == ret) {
+ config_entry = (struct configEntry *) list;
+
+ /* Did we already service all of these configured types? */
+ if (dna_list_contains_types(generated_types, config_entry->types)) {
+ goto next;
+ }
+
+ /* is the entry in scope? */
+ if (config_entry->scope &&
+ !slapi_dn_issuffix(dn, config_entry->scope)) {
+ goto next;
+ }
+
+ /* does the entry match the filter? */
+ if (config_entry->slapi_filter) {
+ ret = slapi_vattr_filter_test(pb, e,
+ config_entry->slapi_filter, 0);
+ if (LDAP_SUCCESS != ret) {
goto next;
}
+ }
- if (LDAP_CHANGETYPE_ADD == modtype) {
- if (dna_is_multitype_range(config_entry)) {
- /* For a multi-type range, we only generate a value
- * for types where the magic value is set. We do not
- * generate a value for missing types. */
- for (i = 0; config_entry->types && config_entry->types[i]; i++) {
- value = slapi_entry_attr_get_charptr(e, config_entry->types[i]);
-
- if (value && !slapi_UTF8CASECMP(config_entry->generate, value)) {
- slapi_ch_array_add(&types_to_generate, slapi_ch_strdup(config_entry->types[i]));
+ /* check mods for magic value */
+ next_mod = slapi_mod_new();
+ smod = slapi_mods_get_first_smod(smods, next_mod);
+ while (smod) {
+ type = (char *)slapi_mod_get_type(smod);
+
+ /* See if the type matches any configured type. */
+ if (dna_list_contains_type(config_entry->types, type)) {
+ /* If all values are being deleted, we need to
+ * generate a new value. We don't do this for
+ * multi-type ranges since they require the magic
+ * value to be specified to trigger generation. */
+ if (SLAPI_IS_MOD_DELETE(slapi_mod_get_operation(smod)) &&
+ !dna_is_multitype_range(config_entry)) {
+ numvals = slapi_mod_get_num_values(smod);
+
+ if (numvals == 0) {
+ slapi_ch_array_add(&types_to_generate,
+ slapi_ch_strdup(type));
+ } else {
+ e_numvals = 0;
+ slapi_entry_attr_find(e, type, &attr);
+ if (attr) {
+ slapi_attr_get_numvalues(attr, &e_numvals);
+ if (numvals >= e_numvals) {
+ slapi_ch_array_add(&types_to_generate,
+ slapi_ch_strdup(type));
+ }
}
- slapi_ch_free_string(&value);
}
} else {
- /* For a single type range, we generate the value if
- * the magic value is set or if the type is missing. */
- value = slapi_entry_attr_get_charptr(e, config_entry->types[0]);
-
- if ((value && !slapi_UTF8CASECMP(config_entry->generate, value)) || 0 == value) {
- slapi_ch_array_add(&types_to_generate, slapi_ch_strdup(config_entry->types[0]));
+ /* This is either adding or replacing a value */
+ bv = slapi_mod_get_first_value(smod);
+
+ /* If this type is already in the to be generated
+ * list, a previous mod in this same modify operation
+ * either removed all values or set the magic value.
+ * It's possible that this mod is adding a valid value,
+ * which means we would not want to generate a new value.
+ * It is safe to remove this type from the to be
+ * generated list since it will be re-added here if
+ * necessary. */
+ if (dna_list_contains_type(types_to_generate, type)) {
+ dna_list_remove_type(types_to_generate, type);
}
- slapi_ch_free_string(&value);
- }
- } else {
- /* check mods for magic value */
- next_mod = slapi_mod_new();
- smod = slapi_mods_get_first_smod(smods, next_mod);
- while (smod) {
- type = (char *)slapi_mod_get_type(smod);
-
- /* See if the type matches any configured type. */
- if (dna_list_contains_type(config_entry->types, type)) {
- /* If all values are being deleted, we need to
- * generate a new value. We don't do this for
- * multi-type ranges since they require the magic
- * value to be specified to trigger generation. */
- if (SLAPI_IS_MOD_DELETE(slapi_mod_get_operation(smod)) &&
- !dna_is_multitype_range(config_entry)) {
- numvals = slapi_mod_get_num_values(smod);
-
- if (numvals == 0) {
- slapi_ch_array_add(&types_to_generate, slapi_ch_strdup(type));
- } else {
- e_numvals = 0;
- slapi_entry_attr_find(e, type, &attr);
- if (attr) {
- slapi_attr_get_numvalues(attr, &e_numvals);
- if (numvals >= e_numvals) {
- slapi_ch_array_add(&types_to_generate, slapi_ch_strdup(type));
- }
- }
- }
- } else {
- /* This is either adding or replacing a value */
- bv = slapi_mod_get_first_value(smod);
-
- /* If this type is already in the to be generated
- * list, a previous mod in this same modify operation
- * either removed all values or set the magic value.
- * It's possible that this mod is adding a valid value,
- * which means we would not want to generate a new value.
- * It is safe to remove this type from the to be
- * generated list since it will be re-added here if
- * necessary. */
- if (dna_list_contains_type(types_to_generate, type)) {
- dna_list_remove_type(types_to_generate, type);
- }
- /* If we have a value, see if it's the magic value. */
- if (bv) {
- len = strlen(config_entry->generate);
- if (len == bv->bv_len) {
- if (!slapi_UTF8NCASECMP(bv->bv_val,
- config_entry->generate,
- len)) {
- slapi_ch_array_add(&types_to_generate,
- slapi_ch_strdup(type));
- }
- }
- } else if (!dna_is_multitype_range(config_entry)) {
- /* This is a replace with no new values, so we need
- * to generate a new value if this is not a multi-type
- * range. */
- slapi_ch_array_add(&types_to_generate,slapi_ch_strdup(type));
+ /* If we have a value, see if it's the magic value. */
+ if (bv) {
+ len = strlen(config_entry->generate);
+ if (len == bv->bv_len) {
+ if (!slapi_UTF8NCASECMP(bv->bv_val,
+ config_entry->generate,
+ len)) {
+ slapi_ch_array_add(&types_to_generate,
+ slapi_ch_strdup(type));
}
}
+ } else if (!dna_is_multitype_range(config_entry)) {
+ /* This is a replace with no new values,
+ * so we need to generate a new value if this
+ * is not a multi-type range. */
+ slapi_ch_array_add(&types_to_generate,slapi_ch_strdup(type));
}
- slapi_mod_done(next_mod);
- smod = slapi_mods_get_next_smod(smods, next_mod);
}
- slapi_mod_free(&next_mod);
}
+ slapi_mod_done(next_mod);
+ smod = slapi_mods_get_next_smod(smods, next_mod);
+ }
+ slapi_mod_free(&next_mod);
- /* We need to perform one last check for modify operations. If an
- * entry within the scope has not triggered generation yet, we need
- * to see if a value exists for the managed type in the resulting
- * entry. This will catch a modify operation that brings an entry
- * into scope for a managed range, but doesn't supply a value for
- * the managed type. We don't do this for multi-type ranges. */
- if ((LDAP_CHANGETYPE_MODIFY == modtype) && (!types_to_generate ||
- (types_to_generate && !types_to_generate[0])) &&
- !dna_is_multitype_range(config_entry)) {
- if (slapi_entry_attr_find(resulting_e, config_entry->types[0], &attr) != 0) {
- slapi_ch_array_add(&types_to_generate, slapi_ch_strdup(config_entry->types[0]));
- }
+ /* We need to perform one last check for modify operations. If an
+ * entry within the scope has not triggered generation yet, we need
+ * to see if a value exists for the managed type in the resulting
+ * entry. This will catch a modify operation that brings an entry
+ * into scope for a managed range, but doesn't supply a value for
+ * the managed type. We don't do this for multi-type ranges. */
+ if ((!types_to_generate ||
+ (types_to_generate && !types_to_generate[0])) &&
+ !dna_is_multitype_range(config_entry)) {
+ if (slapi_entry_attr_find(e, config_entry->types[0], &attr)
+ != 0) {
+ slapi_ch_array_add(&types_to_generate,
+ slapi_ch_strdup(config_entry->types[0]));
}
+ }
- if (types_to_generate && types_to_generate[0]) {
- /* do the mod */
- if (LDAP_CHANGETYPE_ADD == modtype) {
- /* add - add to entry */
- for (i = 0; types_to_generate && types_to_generate[i]; i++) {
- slapi_entry_attr_set_charptr(e, types_to_generate[i],
- slapi_ch_strdup(DNA_NEEDS_UPDATE));
- }
- } else {
- /* mod - add to mods */
- for (i = 0; types_to_generate && types_to_generate[i]; i++) {
- slapi_mods_add_string(smods, LDAP_MOD_REPLACE, types_to_generate[i],
- slapi_ch_strdup(DNA_NEEDS_UPDATE));
- }
- }
+ if (types_to_generate && types_to_generate[0]) {
+ /* mod - add to mods */
+ for (i = 0; types_to_generate && types_to_generate[i]; i++) {
+ slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
+ types_to_generate[i],
+ /* no need to dup */
+ DNA_NEEDS_UPDATE);
+ }
- /* Make sure we don't generate for this
- * type again by keeping a list of types
- * we have generated for already.
- */
- if (generated_types == NULL) {
- /* If we don't have a list of generated types yet,
- * we can just use the types_to_generate list so
- * we don't have to allocate anything. */
- generated_types = types_to_generate;
- types_to_generate = NULL;
- } else {
- /* Just reuse the elements out of types_to_generate for the
- * generated types list to avoid allocating them again. */
- for (i = 0; types_to_generate && types_to_generate[i]; ++i) {
- slapi_ch_array_add(&generated_types, types_to_generate[i]);
- types_to_generate[i] = NULL;
- }
+ /* Make sure we don't generate for this
+ * type again by keeping a list of types
+ * we have generated for already.
+ */
+ if (generated_types == NULL) {
+ /* If we don't have a list of generated types yet,
+ * we can just use the types_to_generate list so
+ * we don't have to allocate anything. */
+ generated_types = types_to_generate;
+ types_to_generate = NULL;
+ } else {
+ /* Just reuse the elements out of types_to_generate for the
+ * generated types list to avoid allocating them again. */
+ for (i = 0; types_to_generate && types_to_generate[i]; ++i) {
+ slapi_ch_array_add(&generated_types, types_to_generate[i]);
+ types_to_generate[i] = NULL;
}
+ }
- /* free up */
- slapi_ch_free_string(&value);
- slapi_ch_array_free(types_to_generate);
- types_to_generate = NULL;
+ /* free up */
+ slapi_ch_free_string(&value);
+ slapi_ch_array_free(types_to_generate);
+ types_to_generate = NULL;
- /*
- * Now grab the next value and see if we need to get the next range
- */
- slapi_lock_mutex(config_entry->lock);
-
- ret = dna_first_free_value(config_entry, &setval);
- if (LDAP_SUCCESS != ret) {
- /* check if we overflowed the configured range */
- if (setval > config_entry->maxval) {
- /* try for a new range or fail */
- ret = dna_fix_maxval(config_entry, 0);
- if (LDAP_SUCCESS != ret) {
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_pre_op: no more values available!!\n");
- slapi_unlock_mutex(config_entry->lock);
- break;
- }
+ /*
+ * Now grab the next value and see if we need to get the next range
+ */
+ slapi_lock_mutex(config_entry->lock);
- /* Make sure dna_first_free_value() doesn't error out */
- ret = dna_first_free_value(config_entry, &setval);
- if (LDAP_SUCCESS != ret){
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_pre_op: failed to allocate a new ID\n");
- slapi_unlock_mutex(config_entry->lock);
- break;
- }
- } else {
- /* dna_first_free_value() failed for some unknown reason */
- slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_pre_op: failed to allocate a new ID!!\n");
- slapi_unlock_mutex(config_entry->lock);
- break;
+ ret = dna_first_free_value(config_entry, &setval);
+ if (LDAP_SUCCESS != ret) {
+ /* check if we overflowed the configured range */
+ if (setval > config_entry->maxval) {
+ /* try for a new range or fail */
+ ret = dna_fix_maxval(config_entry, 0);
+ if (LDAP_SUCCESS != ret) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_pre_op: no more values available!!\n");
+ slapi_unlock_mutex(config_entry->lock);
+ break;
}
- }
- /* Check if we passed the threshold and try to fix maxval if so. We
- * don't need to do this if we already have a next range on deck.
- * We don't check the result of dna_fix_maxval() since we aren't
- * completely out of values yet. Any failure here is really a
- * soft failure. */
- if ((config_entry->next_range_lower == 0) && (config_entry->remaining <= config_entry->threshold)) {
+ /* Make sure dna_first_free_value() doesn't error out */
+ ret = dna_first_free_value(config_entry, &setval);
+ if (LDAP_SUCCESS != ret){
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_pre_op: failed to allocate a new ID\n");
+ slapi_unlock_mutex(config_entry->lock);
+ break;
+ }
+ } else {
+ /* dna_first_free_value() failed for some unknown reason */
slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
- "dna_pre_op: Passed threshold of %" NSPRIu64 " remaining values "
- "for range %s. (%" NSPRIu64 " values remain)\n",
- config_entry->threshold, config_entry->dn, config_entry->remaining);
- dna_fix_maxval(config_entry, 0);
+ "dna_pre_op: failed to allocate a new ID!!\n");
+ slapi_unlock_mutex(config_entry->lock);
+ break;
}
+ }
- slapi_unlock_mutex(config_entry->lock);
- } else if (types_to_generate) {
- slapi_ch_free((void **)&types_to_generate);
+ /* Check if we passed the threshold and try to fix maxval if so.
+ * We don't need to do this if we already have a next range on
+ * deck. We don't check the result of dna_fix_maxval() since
+ * we aren't completely out of values yet. Any failure here is
+ * really a soft failure. */
+ if ((config_entry->next_range_lower == 0) &&
+ (config_entry->remaining <= config_entry->threshold)) {
+ slapi_log_error(SLAPI_LOG_FATAL, DNA_PLUGIN_SUBSYSTEM,
+ "dna_pre_op: Passed threshold of %"
+ NSPRIu64 " remaining values "
+ "for range %s. (%" NSPRIu64 " values remain)\n",
+ config_entry->threshold, config_entry->dn,
+ config_entry->remaining);
+ dna_fix_maxval(config_entry, 0);
}
- next:
- list = PR_NEXT_LINK(list);
+ slapi_unlock_mutex(config_entry->lock);
+ } else if (types_to_generate) {
+ slapi_ch_free((void **)&types_to_generate);
}
+next:
+ ret = 0;
+ list = PR_NEXT_LINK(list);
}
+ }
- dna_unlock();
+ dna_unlock();
+
+ slapi_ch_array_free(generated_types);
+bail:
+ return ret;
+}
+/* for mods and adds:
+ where dn's are supplied, the closest in scope
+ is used as long as the type filter matches
+ and the type has not been generated yet.
+*/
+
+static int
+dna_pre_op(Slapi_PBlock * pb, int modtype)
+{
+ struct slapi_entry *e = NULL;
+ Slapi_Entry *test_e = NULL;
+ Slapi_Entry *resulting_e = NULL;
+ char *errstr = NULL;
+ char *dn = NULL;
+ Slapi_Mods *smods = NULL;
+ LDAPMod **mods;
+ int free_entry = 0;
+ int ret = 0;
+
+ slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
+ "--> dna_pre_op\n");
+
+ /* Just bail if we aren't ready to service requests yet. */
+ if (!g_plugin_started) {
+ goto bail;
+ }
+
+ if (0 == (dn = dna_get_dn(pb))) {
+ goto bail;
+ }
+
+ if (dna_isrepl(pb)) {
+ /* if repl, the dna values should be already in the entry. */
+ goto bail;
+ }
+
+ if (LDAP_CHANGETYPE_ADD == modtype) {
+ slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
+ if (NULL == e) {
+ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM,
+ "dna_pre_op: no add entry set for add\n");
+ goto bail;
+ }
+ } else {
+ slapi_pblock_get(pb, SLAPI_MODIFY_EXISTING_ENTRY, &e);
+ if (NULL == e) {
+ slapi_log_error(SLAPI_LOG_PLUGIN, DNA_PLUGIN_SUBSYSTEM,
+ "dna_pre_op: no pre op entry set for modify\n");
+ goto bail;
+ }
+ /* grab the mods - we'll put them back later with
+ * our modifications appended
+ */
+ slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
+ smods = slapi_mods_new();
+ slapi_mods_init_passin(smods, mods);
+
+ /* We need the resulting entry after the mods are applied to
+ * see if the entry is within the scope. */
+ resulting_e = slapi_entry_dup(e);
+ if (mods &&
+ (slapi_entry_apply_mods(resulting_e, mods) != LDAP_SUCCESS)) {
+ /* The mods don't apply cleanly, so we just let this op go
+ * to let the main server handle it. */
+ goto bail;
+ }
+ }
+
+ /* For a MOD, we need to check the resulting entry */
+ if (LDAP_CHANGETYPE_ADD == modtype) {
+ test_e = e;
+ } else {
+ test_e = resulting_e;
}
- bailmod:
+ if (dna_dn_is_config(dn)) {
+ /* Validate config changes, but don't apply them.
+ * This allows us to reject invalid config changes
+ * here at the pre-op stage. Applying the config
+ * needs to be done at the post-op stage. */
+
+ if (dna_parse_config_entry(test_e, 0) != DNA_SUCCESS) {
+ /* Refuse the operation if config parsing failed. */
+ ret = LDAP_UNWILLING_TO_PERFORM;
+ if (LDAP_CHANGETYPE_ADD == modtype) {
+ errstr = slapi_ch_smprintf("Not a valid DNA configuration entry.");
+ } else {
+ errstr = slapi_ch_smprintf("Changes result in an invalid "
+ "DNA configuration.");
+ }
+ }
+ } else {
+ if (LDAP_CHANGETYPE_ADD == modtype) {
+ ret = _dna_pre_op_add(pb, test_e);
+ } else {
+ ret = _dna_pre_op_modify(pb, test_e, smods);
+ }
+ if (ret) {
+ goto bail;
+ }
+ }
+
+ /* We're done. */
if (LDAP_CHANGETYPE_MODIFY == modtype) {
/* Put the updated mods back into place. */
mods = slapi_mods_get_ldapmods_passout(smods);
slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods);
slapi_mods_free(&smods);
}
-
- bail:
- slapi_ch_array_free(generated_types);
-
+bail:
if (free_entry && e)
slapi_entry_free(e);
@@ -3288,14 +3389,22 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
"--> dna_be_txn_pre_op\n");
- if (!g_plugin_started)
+ if (!g_plugin_started) {
goto bail;
+ }
- if (0 == (dn = dna_get_dn(pb)))
- goto bail;
+ if (0 == (dn = dna_get_dn(pb))) {
+ goto bail;
+ }
- if (dna_dn_is_config(dn))
- goto bail;
+ if (dna_dn_is_config(dn)) {
+ goto bail;
+ }
+
+ if (dna_isrepl(pb)) {
+ /* if repl, the dna values should be already in the entry. */
+ goto bail;
+ }
if (LDAP_CHANGETYPE_ADD == modtype) {
slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e);
@@ -3303,9 +3412,9 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
slapi_pblock_get(pb, SLAPI_MODIFY_EXISTING_ENTRY, &e);
}
- if (e == NULL){
+ if (e == NULL) {
goto bail;
- } else if (LDAP_CHANGETYPE_MODIFY == modtype){
+ } else if (LDAP_CHANGETYPE_MODIFY == modtype) {
slapi_pblock_get(pb, SLAPI_MODIFY_MODS, &mods);
smods = slapi_mods_new();
slapi_mods_init_passin(smods, mods);
@@ -3347,6 +3456,8 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
if (value && !slapi_UTF8CASECMP(value, DNA_NEEDS_UPDATE)) {
slapi_ch_array_add(&types_to_generate,
slapi_ch_strdup(config_entry->types[i]));
+ /* Need to remove DNA_NEEDS_UPDATE */
+ slapi_entry_attr_delete(e, config_entry->types[i]);
}
slapi_ch_free_string(&value);
}
@@ -3358,6 +3469,8 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
if (0 == value || (value && !slapi_UTF8CASECMP(value, DNA_NEEDS_UPDATE)) ) {
slapi_ch_array_add(&types_to_generate,
slapi_ch_strdup(config_entry->types[0]));
+ /* Need to remove DNA_NEEDS_UPDATE */
+ slapi_entry_attr_delete(e, config_entry->types[0]);
}
slapi_ch_free_string(&value);
}
@@ -3390,29 +3503,30 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
}
} else {
/* This is either adding or replacing a value */
- bv = slapi_mod_get_first_value(smod);
-
- if (dna_list_contains_type(types_to_generate, type)) {
- dna_list_remove_type(types_to_generate, type);
- }
-
- /* If we have a value, see if it's the magic value. */
- if (bv) {
- if (!slapi_UTF8CASECMP(bv->bv_val,DNA_NEEDS_UPDATE)) {
- slapi_ch_array_add(&types_to_generate, slapi_ch_strdup(type));
- }
- } else if (!dna_is_multitype_range(config_entry)) {
- /* This is a replace with no new values, so we need
- * to generate a new value if this is not a multi-type range. */
- slapi_ch_array_add(&types_to_generate, slapi_ch_strdup(type));
- }
- }
- }
- slapi_mod_done(next_mod);
- smod = slapi_mods_get_next_smod(smods, next_mod);
- }
- slapi_mod_free(&next_mod);
- }
+ bv = slapi_mod_get_first_value(smod);
+
+ if (dna_list_contains_type(types_to_generate, type)) {
+ dna_list_remove_type(types_to_generate, type);
+ }
+
+ /* If we have a value, see if it's the magic value. */
+ if (bv) {
+ if (!slapi_UTF8CASECMP(bv->bv_val,
+ DNA_NEEDS_UPDATE)) {
+ slapi_ch_array_add(&types_to_generate, slapi_ch_strdup(type));
+ }
+ } else if (!dna_is_multitype_range(config_entry)) {
+ /* This is a replace with no new values, so we need
+ * to generate a new value if this is not a multi-type range. */
+ slapi_ch_array_add(&types_to_generate, slapi_ch_strdup(type));
+ }
+ }
+ }
+ slapi_mod_done(next_mod);
+ smod = slapi_mods_get_next_smod(smods, next_mod);
+ }
+ slapi_mod_free(&next_mod);
+ }
/* We need to perform one last check for modify operations. If an
* entry within the scope has not triggered generation yet, we need
* to see if a value exists for the managed type in the resulting
@@ -3456,7 +3570,6 @@ static int dna_be_txn_pre_op(Slapi_PBlock *pb, int modtype)
slapi_entry_attr_set_charptr(e, types_to_generate[i], new_value);
}
} else {
- /* mod - add to mods */
for (i = 0; types_to_generate && types_to_generate[i]; i++) {
slapi_mods_add_string(smods, LDAP_MOD_REPLACE, types_to_generate[i], new_value);
@@ -3534,9 +3647,12 @@ static int dna_config_check_post_op(Slapi_PBlock * pb)
slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
"--> dna_config_check_post_op\n");
- if ((dn = dna_get_dn(pb))) {
- if (dna_dn_is_config(dn))
- dna_load_plugin_config();
+ if (!slapi_op_internal(pb)) { /* If internal, no need to check. */
+ if ((dn = dna_get_dn(pb))) {
+ if (dna_dn_is_config(dn)) {
+ dna_load_plugin_config();
+ }
+ }
}
slapi_log_error(SLAPI_LOG_TRACE, DNA_PLUGIN_SUBSYSTEM,
@@ -3901,6 +4017,22 @@ bail:
dna_unlock();
}
+/*
+ * dna_isrepl()
+ *
+ * Returns 1 if the operation associated with pb
+ * is a replicated op. Returns 0 otherwise.
+ */
+static int
+dna_isrepl(Slapi_PBlock *pb)
+{
+ int is_repl = 0;
+
+ slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_repl);
+
+ return is_repl;
+}
+
void dna_dump_config_entry(struct configEntry * entry)
{
diff --git a/ldap/servers/slapd/operation.c b/ldap/servers/slapd/operation.c
index 1a7599b..13e05c1 100644
--- a/ldap/servers/slapd/operation.c
+++ b/ldap/servers/slapd/operation.c
@@ -62,6 +62,15 @@ slapi_op_abandoned( Slapi_PBlock *pb )
return 0;
}
+int
+slapi_op_internal( Slapi_PBlock *pb )
+{
+ if (pb && pb->pb_op) {
+ return operation_is_flag_set(pb->pb_op, OP_FLAG_INTERNAL);
+ }
+ return 0;
+}
+
void
operation_out_of_disk_space()
{
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index ea64b5c..ea7de14 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -758,11 +758,10 @@ pagedresults_reset_timedout(Connection *conn)
int i;
PagedResults *prp = NULL;
- LDAPDebug0Args(LDAP_DEBUG_TRACE, "--> pagedresults_reset_timedout\n");
if (NULL == conn) {
- LDAPDebug0Args(LDAP_DEBUG_TRACE, "<-- pagedresults_reset_timedout: -\n");
return 0;
}
+ LDAPDebug0Args(LDAP_DEBUG_TRACE, "--> pagedresults_reset_timedout\n");
for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
prp = conn->c_pagedresults.prl_list + i;
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index e4703bd..63eeb37 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -4731,6 +4731,7 @@ void slapi_operation_set_csngen_handler ( Slapi_Operation *op, void *callback );
void slapi_operation_set_replica_attr_handler ( Slapi_Operation *op, void *callback );
int slapi_operation_get_replica_attr ( Slapi_PBlock *pb, Slapi_Operation *op, const char *type, void *value );
char *slapi_op_type_to_string(unsigned long type);
+int slapi_op_internal( Slapi_PBlock *pb );
/*
* LDAPMod manipulation routines
12 years, 1 month