389-commits June 2014

389-commits@lists.fedoraproject.org

5 participants
66 discussions

Branch '389-ds-base-1.3.1' - ldap/servers
by Mark Reynolds 10 Jun '14

10 Jun '14

ldap/servers/plugins/mep/mep.c | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) New commits: commit aa9933e99e537027c0de15ccda996cdfcbd9c5a7 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Mon Jun 9 12:27:04 2014 -0400 Ticket 47813 - managed entry plugin fails to update member pointer on modrdn operation Bug Description: A modrdn on an existing managed entry failed to update the entry pointer becuase part of the update is to add the managed entry objectclass - which already exists in the managed entry. This caused the new pointer value to not be added to the managed entry. Fix Description: During a modrdn operation perform the objectclass addition in a separate operation, as we don't know if the entry already has the objectclass or not. https://fedorahosted.org/389/ticket/47813 TET: passed Jenkins: passed Reviewed by: rmeggins(Thanks!) (cherry picked from commit 0fe78df27bea0ed29f5f74266bc530832e0d8906) diff --git a/ldap/servers/plugins/mep/mep.c b/ldap/servers/plugins/mep/mep.c index b84eb69..57fadd8 100644 --- a/ldap/servers/plugins/mep/mep.c +++ b/ldap/servers/plugins/mep/mep.c @@ -1462,38 +1462,57 @@ mep_add_managed_entry(struct configEntry *config, /* Add forward link to origin entry. */ LDAPMod oc_mod; LDAPMod pointer_mod; - LDAPMod *mods[3]; + LDAPMod *mods[2]; char *oc_vals[2]; char *pointer_vals[2]; /* Clear out the pblock for reuse. */ slapi_pblock_init(mod_pb); - /* Add the origin entry objectclass. */ + /* + * Add the origin entry objectclass. Do not check the result + * as we could be here because of a modrdn operation - in which + * case the objectclass already exists. + */ oc_vals[0] = MEP_ORIGIN_OC; oc_vals[1] = 0; oc_mod.mod_op = LDAP_MOD_ADD; oc_mod.mod_type = SLAPI_ATTR_OBJECTCLASS; oc_mod.mod_values = oc_vals; + mods[0] = &oc_mod; + mods[1] = NULL; - /* Add a pointer to the managed entry. */ + /* add the objectclass */ + slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(origin), + mods, 0, 0, mep_get_plugin_id(), 0); + slapi_modify_internal_pb(mod_pb); + slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &result); + if (result != LDAP_SUCCESS && result != LDAP_TYPE_OR_VALUE_EXISTS){ + slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM, + "mep_add_managed_entry: Failed to add managed entry " + "objectclass in origin entry \"%s\", error (%s)\n", + slapi_entry_get_dn(origin), ldap_err2string(result)); + goto bail; + } + slapi_pblock_init(mod_pb); + + /* + * Now, add a pointer to the managed entry. + */ pointer_vals[0] = managed_dn; pointer_vals[1] = 0; pointer_mod.mod_op = LDAP_MOD_ADD; pointer_mod.mod_type = MEP_MANAGED_ENTRY_TYPE; pointer_mod.mod_values = pointer_vals; + mods[0] = &pointer_mod; + mods[1] = NULL; - mods[0] = &oc_mod; - mods[1] = &pointer_mod; - mods[2] = 0; - - /* Perform the modify operation. */ slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM, "Adding %s pointer to \"%s\" in entry \"%s\"\n.", MEP_MANAGED_ENTRY_TYPE, managed_dn, slapi_entry_get_dn(origin)); - slapi_modify_internal_set_pb_ext(mod_pb, - slapi_entry_get_sdn(origin), - mods, 0, 0, mep_get_plugin_id(), 0); + + slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(origin), + mods, 0, 0, mep_get_plugin_id(), 0); slapi_modify_internal_pb(mod_pb); slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);

1 0

Branch '389-ds-base-1.3.2' - ldap/servers
by Mark Reynolds 10 Jun '14

10 Jun '14

ldap/servers/plugins/mep/mep.c | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) New commits: commit 420bcdfbc3efebb78adbce7b2e46bdbe9223d0c1 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Mon Jun 9 12:27:04 2014 -0400 Ticket 47813 - managed entry plugin fails to update member pointer on modrdn operation Bug Description: A modrdn on an existing managed entry failed to update the entry pointer becuase part of the update is to add the managed entry objectclass - which already exists in the managed entry. This caused the new pointer value to not be added to the managed entry. Fix Description: During a modrdn operation perform the objectclass addition in a separate operation, as we don't know if the entry already has the objectclass or not. https://fedorahosted.org/389/ticket/47813 TET: passed Jenkins: passed Reviewed by: rmeggins(Thanks!) (cherry picked from commit 0fe78df27bea0ed29f5f74266bc530832e0d8906) diff --git a/ldap/servers/plugins/mep/mep.c b/ldap/servers/plugins/mep/mep.c index bc6c130..ffd6667 100644 --- a/ldap/servers/plugins/mep/mep.c +++ b/ldap/servers/plugins/mep/mep.c @@ -1462,38 +1462,57 @@ mep_add_managed_entry(struct configEntry *config, /* Add forward link to origin entry. */ LDAPMod oc_mod; LDAPMod pointer_mod; - LDAPMod *mods[3]; + LDAPMod *mods[2]; char *oc_vals[2]; char *pointer_vals[2]; /* Clear out the pblock for reuse. */ slapi_pblock_init(mod_pb); - /* Add the origin entry objectclass. */ + /* + * Add the origin entry objectclass. Do not check the result + * as we could be here because of a modrdn operation - in which + * case the objectclass already exists. + */ oc_vals[0] = MEP_ORIGIN_OC; oc_vals[1] = 0; oc_mod.mod_op = LDAP_MOD_ADD; oc_mod.mod_type = SLAPI_ATTR_OBJECTCLASS; oc_mod.mod_values = oc_vals; + mods[0] = &oc_mod; + mods[1] = NULL; - /* Add a pointer to the managed entry. */ + /* add the objectclass */ + slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(origin), + mods, 0, 0, mep_get_plugin_id(), 0); + slapi_modify_internal_pb(mod_pb); + slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &result); + if (result != LDAP_SUCCESS && result != LDAP_TYPE_OR_VALUE_EXISTS){ + slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM, + "mep_add_managed_entry: Failed to add managed entry " + "objectclass in origin entry \"%s\", error (%s)\n", + slapi_entry_get_dn(origin), ldap_err2string(result)); + goto bail; + } + slapi_pblock_init(mod_pb); + + /* + * Now, add a pointer to the managed entry. + */ pointer_vals[0] = managed_dn; pointer_vals[1] = 0; pointer_mod.mod_op = LDAP_MOD_ADD; pointer_mod.mod_type = MEP_MANAGED_ENTRY_TYPE; pointer_mod.mod_values = pointer_vals; + mods[0] = &pointer_mod; + mods[1] = NULL; - mods[0] = &oc_mod; - mods[1] = &pointer_mod; - mods[2] = 0; - - /* Perform the modify operation. */ slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM, "Adding %s pointer to \"%s\" in entry \"%s\"\n.", MEP_MANAGED_ENTRY_TYPE, managed_dn, slapi_entry_get_dn(origin)); - slapi_modify_internal_set_pb_ext(mod_pb, - slapi_entry_get_sdn(origin), - mods, 0, 0, mep_get_plugin_id(), 0); + + slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(origin), + mods, 0, 0, mep_get_plugin_id(), 0); slapi_modify_internal_pb(mod_pb); slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);

1 0

ldap/servers
by Mark Reynolds 10 Jun '14

10 Jun '14

ldap/servers/plugins/mep/mep.c | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) New commits: commit 0fe78df27bea0ed29f5f74266bc530832e0d8906 Author: Mark Reynolds <mreynolds(a)redhat.com> Date: Mon Jun 9 12:27:04 2014 -0400 Ticket 47813 - managed entry plugin fails to update member pointer on modrdn operation Bug Description: A modrdn on an existing managed entry failed to update the entry pointer becuase part of the update is to add the managed entry objectclass - which already exists in the managed entry. This caused the new pointer value to not be added to the managed entry. Fix Description: During a modrdn operation perform the objectclass addition in a separate operation, as we don't know if the entry already has the objectclass or not. https://fedorahosted.org/389/ticket/47813 TET: passed Jenkins: passed Reviewed by: rmeggins(Thanks!) diff --git a/ldap/servers/plugins/mep/mep.c b/ldap/servers/plugins/mep/mep.c index 6dbddbc..76ba827 100644 --- a/ldap/servers/plugins/mep/mep.c +++ b/ldap/servers/plugins/mep/mep.c @@ -1442,38 +1442,57 @@ mep_add_managed_entry(struct configEntry *config, /* Add forward link to origin entry. */ LDAPMod oc_mod; LDAPMod pointer_mod; - LDAPMod *mods[3]; + LDAPMod *mods[2]; char *oc_vals[2]; char *pointer_vals[2]; /* Clear out the pblock for reuse. */ slapi_pblock_init(mod_pb); - /* Add the origin entry objectclass. */ + /* + * Add the origin entry objectclass. Do not check the result + * as we could be here because of a modrdn operation - in which + * case the objectclass already exists. + */ oc_vals[0] = MEP_ORIGIN_OC; oc_vals[1] = 0; oc_mod.mod_op = LDAP_MOD_ADD; oc_mod.mod_type = SLAPI_ATTR_OBJECTCLASS; oc_mod.mod_values = oc_vals; + mods[0] = &oc_mod; + mods[1] = NULL; - /* Add a pointer to the managed entry. */ + /* add the objectclass */ + slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(origin), + mods, 0, 0, mep_get_plugin_id(), 0); + slapi_modify_internal_pb(mod_pb); + slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &result); + if (result != LDAP_SUCCESS && result != LDAP_TYPE_OR_VALUE_EXISTS){ + slapi_log_error(SLAPI_LOG_FATAL, MEP_PLUGIN_SUBSYSTEM, + "mep_add_managed_entry: Failed to add managed entry " + "objectclass in origin entry \"%s\", error (%s)\n", + slapi_entry_get_dn(origin), ldap_err2string(result)); + goto bail; + } + slapi_pblock_init(mod_pb); + + /* + * Now, add a pointer to the managed entry. + */ pointer_vals[0] = managed_dn; pointer_vals[1] = 0; pointer_mod.mod_op = LDAP_MOD_ADD; pointer_mod.mod_type = MEP_MANAGED_ENTRY_TYPE; pointer_mod.mod_values = pointer_vals; + mods[0] = &pointer_mod; + mods[1] = NULL; - mods[0] = &oc_mod; - mods[1] = &pointer_mod; - mods[2] = 0; - - /* Perform the modify operation. */ slapi_log_error(SLAPI_LOG_PLUGIN, MEP_PLUGIN_SUBSYSTEM, "Adding %s pointer to \"%s\" in entry \"%s\"\n.", MEP_MANAGED_ENTRY_TYPE, managed_dn, slapi_entry_get_dn(origin)); - slapi_modify_internal_set_pb_ext(mod_pb, - slapi_entry_get_sdn(origin), - mods, 0, 0, mep_get_plugin_id(), 0); + + slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(origin), + mods, 0, 0, mep_get_plugin_id(), 0); slapi_modify_internal_pb(mod_pb); slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);

1 0

dirsrvtests/tickets
by Noriko Hosoi 06 Jun '14

06 Jun '14

dirsrvtests/tickets/ticket47313_test.py | 3 dirsrvtests/tickets/ticket47808_test.py | 212 ++++++++++++++++++++++++++++++++ 2 files changed, 215 insertions(+) New commits: commit ba9c8b61ec63ce69711ac77da296ea96d2f366dc Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Fri Jun 6 16:00:46 2014 -0700 Ticket 47808 - CI test: add test case for ticket 47808 Bug Description: If be_txn plugin fails in ldbm_back_add, adding entry is double freed. Test Description: It enables attribute uniqueness plugin with sn as a unique attribute Add an entry 1 with sn = ENTRY_NAME Add an entry 2 with sn = ENTRY_NAME If the second add does not crash the server and the following search found none, the bug is fixed. https://fedorahosted.org/389/ticket/47808 diff --git a/dirsrvtests/tickets/ticket47313_test.py b/dirsrvtests/tickets/ticket47313_test.py index f010de9..370dfc6 100644 --- a/dirsrvtests/tickets/ticket47313_test.py +++ b/dirsrvtests/tickets/ticket47313_test.py @@ -196,6 +196,9 @@ def test_ticket47313_run(topology): topology.standalone.delete_s(entry_dn_en_only) def test_ticket47313_final(topology): + mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '0')] + topology.standalone.modify_s(DN_CONFIG, mod) + topology.standalone.stop(timeout=10) def run_isolated(): diff --git a/dirsrvtests/tickets/ticket47808_test.py b/dirsrvtests/tickets/ticket47808_test.py new file mode 100644 index 0000000..4bfb4ce --- /dev/null +++ b/dirsrvtests/tickets/ticket47808_test.py @@ -0,0 +1,212 @@ +import os +import sys +import time +import ldap +import logging +import socket +import time +import logging +import pytest +from lib389 import DirSrv, Entry, tools +from lib389.tools import DirSrvTools +from lib389._constants import * +from lib389.properties import * +from constants import * + +log = logging.getLogger(__name__) + +installation_prefix = '/home/nhosoi/install' + +ATTRIBUTE_UNIQUENESS_PLUGIN = 'cn=attribute uniqueness,cn=plugins,cn=config' +ENTRY_NAME = 'test_entry' + + +class TopologyStandalone(object): + def __init__(self, standalone): + standalone.open() + self.standalone = standalone + + +#(a)pytest.fixture(scope="module") +def topology(request): + ''' + This fixture is used to standalone topology for the 'module'. + At the beginning, It may exists a standalone instance. + It may also exists a backup for the standalone instance. + + Principle: + If standalone instance exists: + restart it + If backup of standalone exists: + create/rebind to standalone + + restore standalone instance from backup + else: + Cleanup everything + remove instance + remove backup + Create instance + Create backup + ''' + global installation_prefix + + if installation_prefix: + args_instance[SER_DEPLOYED_DIR] = installation_prefix + + standalone = DirSrv(verbose=True) + + # Args for the standalone instance + args_instance[SER_HOST] = HOST_STANDALONE + args_instance[SER_PORT] = PORT_STANDALONE + args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE + args_standalone = args_instance.copy() + standalone.allocate(args_standalone) + + # Get the status of the backups + backup_standalone = standalone.checkBackupFS() + + # Get the status of the instance and restart it if it exists + instance_standalone = standalone.exists() + if instance_standalone: + # assuming the instance is already stopped, just wait 5 sec max + standalone.stop(timeout=5) + standalone.start(timeout=10) + + if backup_standalone: + # The backup exist, assuming it is correct + # we just re-init the instance with it + if not instance_standalone: + standalone.create() + # Used to retrieve configuration information (dbdir, confdir...) + standalone.open() + + # restore standalone instance from backup + standalone.stop(timeout=10) + standalone.restoreFS(backup_standalone) + standalone.start(timeout=10) + + else: + # We should be here only in two conditions + # - This is the first time a test involve standalone instance + # - Something weird happened (instance/backup destroyed) + # so we discard everything and recreate all + + # Remove the backup. So even if we have a specific backup file + # (e.g backup_standalone) we clear backup that an instance may have created + if backup_standalone: + standalone.clearBackupFS() + + # Remove the instance + if instance_standalone: + standalone.delete() + + # Create the instance + standalone.create() + + # Used to retrieve configuration information (dbdir, confdir...) + standalone.open() + + # Time to create the backups + standalone.stop(timeout=10) + standalone.backupfile = standalone.backupFS() + standalone.start(timeout=10) + + # + # Here we have standalone instance up and running + # Either coming from a backup recovery + # or from a fresh (re)init + # Time to return the topology + return TopologyStandalone(standalone) + + +def test_ticket47808_run(topology): + """ + It enables attribute uniqueness plugin with sn as a unique attribute + Add an entry 1 with sn = ENTRY_NAME + Add an entry 2 with sn = ENTRY_NAME + If the second add does not crash the server and the following search found none, + the bug is fixed. + """ + + # bind as directory manager + topology.standalone.log.info("Bind as %s" % DN_DM) + topology.standalone.simple_bind_s(DN_DM, PASSWORD) + + topology.standalone.log.info("\n\n######################### SETUP ATTR UNIQ PLUGIN ######################\n") + + # enable attribute uniqueness plugin + mod = [(ldap.MOD_REPLACE, 'nsslapd-pluginEnabled', 'on'), (ldap.MOD_REPLACE, 'nsslapd-pluginarg0', 'sn'), (ldap.MOD_REPLACE, 'nsslapd-pluginarg1', SUFFIX)] + topology.standalone.modify_s(ATTRIBUTE_UNIQUENESS_PLUGIN, mod) + + topology.standalone.log.info("\n\n######################### ADD USER 1 ######################\n") + + # Prepare entry 1 + entry_name = '%s 1' % (ENTRY_NAME) + entry_dn_1 = 'cn=%s, %s' % (entry_name, SUFFIX) + entry_1 = Entry(entry_dn_1) + entry_1.setValues('objectclass', 'top', 'person') + entry_1.setValues('sn', ENTRY_NAME) + entry_1.setValues('cn', entry_name) + topology.standalone.log.info("Try to add Add %s: %r" % (entry_1, entry_1)) + topology.standalone.add_s(entry_1) + + topology.standalone.log.info("\n\n######################### Restart Server ######################\n") + topology.standalone.stop(timeout=10) + topology.standalone.start(timeout=10) + + topology.standalone.log.info("\n\n######################### ADD USER 2 ######################\n") + + # Prepare entry 2 having the same sn, which crashes the server + entry_name = '%s 2' % (ENTRY_NAME) + entry_dn_2 = 'cn=%s, %s' % (entry_name, SUFFIX) + entry_2 = Entry(entry_dn_2) + entry_2.setValues('objectclass', 'top', 'person') + entry_2.setValues('sn', ENTRY_NAME) + entry_2.setValues('cn', entry_name) + topology.standalone.log.info("Try to add Add %s: %r" % (entry_2, entry_2)) + try: + topology.standalone.add_s(entry_2) + except: + topology.standalone.log.warn("Adding %s failed" % entry_dn_2) + pass + + topology.standalone.log.info("\n\n######################### IS SERVER UP? ######################\n") + ents = topology.standalone.search_s(entry_dn_1, ldap.SCOPE_BASE, '(objectclass=*)') + assert len(ents) == 1 + topology.standalone.log.info("Yes, it's up.") + + topology.standalone.log.info("\n\n######################### CHECK USER 2 NOT ADDED ######################\n") + topology.standalone.log.info("Try to search %s" % entry_dn_2) + try: + ents = topology.standalone.search_s(entry_dn_2, ldap.SCOPE_BASE, '(objectclass=*)') + except ldap.NO_SUCH_OBJECT: + topology.standalone.log.info("Found none") + + topology.standalone.log.info("\n\n######################### DELETE USER 1 ######################\n") + + topology.standalone.log.info("Try to delete %s " % entry_dn_1) + topology.standalone.delete_s(entry_dn_1) + +def test_ticket47808_final(topology): + topology.standalone.stop(timeout=10) + +def run_isolated(): + ''' + run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..) + To run isolated without py.test, you need to + - edit this file and comment '@pytest.fixture' line before 'topology' function. + - set the installation prefix + - run this program + ''' + global installation_prefix + installation_prefix = '/home/nhosoi/install' + + topo = topology(True) + test_ticket47808_run(topo) + + test_ticket47808_final(topo) + + +if __name__ == '__main__': + run_isolated() +

1 0

ldap/ldif ldap/schema ldap/servers
by Noriko Hosoi 05 Jun '14

05 Jun '14

ldap/ldif/template-dse.ldif.in | 1 + ldap/schema/01core389.ldif | 1 + ldap/servers/slapd/libglobs.c | 32 ++++++++++++++++++++++++++++++++ ldap/servers/slapd/proto-slap.h | 2 ++ ldap/servers/slapd/pw.c | 5 +++-- ldap/servers/slapd/slap.h | 2 ++ 6 files changed, 41 insertions(+), 2 deletions(-) New commits: commit ab6438901fd1481ceceb40d6dff8935ac656dc04 Author: Nathan Kinder <nkinder(a)redhat.com> Date: Mon Mar 17 17:35:24 2014 -0700 Ticket 47753 - Add switch to disable pre-hashed password checking By default, 389 DS doesn't allow pre-hashed passwords to be set by anyone other than Directory Manager. This privilege can be delegated to other users by adding them to the Password Administrators group. This works fine for most cases, but there are cases where one might want to allow anyone to set pre-hashed passwords. An example is the FreeIPA project, who has their own SLAPI plug-in that controls pre-hashed password checking. We should add a switch to completely disable pre-hashed password checking to support this case. https://fedorahosted.org/389/ticket/47753 Reviewed by mreynolds(a)redhat.com diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in index 8f00772..85662a3 100644 --- a/ldap/ldif/template-dse.ldif.in +++ b/ldap/ldif/template-dse.ldif.in @@ -59,6 +59,7 @@ nsslapd-max-filter-nest-level: 40 nsslapd-ndn-cache-enabled: on nsslapd-sasl-mapping-fallback: off nsslapd-dynamic-plugins: off +nsslapd-allow-hashed-passwords: off dn: cn=features,cn=config objectclass: top diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif index 6a2d28c..6199277 100644 --- a/ldap/schema/01core389.ldif +++ b/ldap/schema/01core389.ldif @@ -298,6 +298,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2303 NAME 'nsslapd-ignore-time-skew' DES attributeTypes: ( 2.16.840.1.113730.3.1.2304 NAME 'nsslapd-dynamic-plugins' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2305 NAME 'nsslapd-moddn-aci' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) attributeTypes: ( 2.16.840.1.113730.3.1.2306 NAME 'nsslapd-return-default-opattr' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' ) +attributeTypes: ( 2.16.840.1.113730.3.1.2307 NAME 'nsslapd-allow-hashed-passwords' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' ) # # objectclasses # diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c index fbe10ff..e890aed 100644 --- a/ldap/servers/slapd/libglobs.c +++ b/ldap/servers/slapd/libglobs.c @@ -228,6 +228,7 @@ slapi_onoff_t init_pw_is_legacy; slapi_onoff_t init_pw_track_update_time; slapi_onoff_t init_pw_change; slapi_onoff_t init_pw_exp; +slapi_onoff_t init_allow_hashed_pw; slapi_onoff_t init_pw_syntax; slapi_onoff_t init_schemacheck; slapi_onoff_t init_schemamod; @@ -744,6 +745,10 @@ static struct config_get_and_set { log_set_expirationtimeunit, SLAPD_AUDIT_LOG, (void**)&global_slapdFrontendConfig.auditlog_exptimeunit, CONFIG_STRING_OR_UNKNOWN, NULL, INIT_AUDITLOG_EXPTIMEUNIT}, + {CONFIG_ALLOW_HASHED_PW_ATTRIBUTE, config_set_allow_hashed_pw, + NULL, 0, + (void**)&global_slapdFrontendConfig.allow_hashed_pw, + CONFIG_ON_OFF, NULL, &init_allow_hashed_pw}, {CONFIG_PW_SYNTAX_ATTRIBUTE, config_set_pw_syntax, NULL, 0, (void**)&global_slapdFrontendConfig.pw_policy.pw_syntax, @@ -1458,6 +1463,7 @@ FrontendConfig_init () { init_pwpolicy_local = cfg->pwpolicy_local = LDAP_OFF; init_pw_change = cfg->pw_policy.pw_change = LDAP_ON; init_pw_must_change = cfg->pw_policy.pw_must_change = LDAP_OFF; + init_allow_hashed_pw = cfg->allow_hashed_pw = LDAP_OFF; init_pw_syntax = cfg->pw_policy.pw_syntax = LDAP_OFF; init_pw_exp = cfg->pw_policy.pw_exp = LDAP_OFF; cfg->pw_policy.pw_minlength = 8; @@ -2527,6 +2533,20 @@ config_set_pwpolicy_local( const char *attrname, char *value, char *errorbuf, in } int +config_set_allow_hashed_pw( const char *attrname, char *value, char *errorbuf, int apply ) { + int retVal = LDAP_SUCCESS; + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + retVal = config_set_onoff ( attrname, + value, + &(slapdFrontendConfig->allow_hashed_pw), + errorbuf, + apply); + + return retVal; +} + +int config_set_pw_syntax( const char *attrname, char *value, char *errorbuf, int apply ) { int retVal = LDAP_SUCCESS; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); @@ -4820,6 +4840,18 @@ config_get_pw_must_change() { return retVal; } +int +config_get_allow_hashed_pw() +{ + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + int retVal; + + CFG_ONOFF_LOCK_READ(slapdFrontendConfig); + retVal = (int)slapdFrontendConfig->allow_hashed_pw; + CFG_ONOFF_UNLOCK_READ(slapdFrontendConfig); + + return retVal; +} int config_get_pw_syntax() { diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index 34c4ac6..c987b4a 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -323,6 +323,7 @@ int config_set_errorlog(const char *attrname, char *value, char *errorbuf, int a int config_set_pw_change(const char *attrname, char *value, char *errorbuf, int apply ); int config_set_pw_must_change(const char *attrname, char *value, char *errorbuf, int apply ); int config_set_pwpolicy_local(const char *attrname, char *value, char *errorbuf, int apply ); +int config_set_allow_hashed_pw( const char *attrname, char *value, char *errorbuf, int apply ); int config_set_pw_syntax(const char *attrname, char *value, char *errorbuf, int apply ); int config_set_pw_minlength(const char *attrname, char *value, char *errorbuf, int apply ); int config_set_pw_mindigits(const char *attrname, char *value, char *errorbuf, int apply ); @@ -447,6 +448,7 @@ char *config_get_pw_storagescheme(); int config_get_pw_change(); int config_get_pw_history(); int config_get_pw_must_change(); +int config_get_allow_hashed_pw(); int config_get_pw_syntax(); int config_get_pw_minlength(); int config_get_pw_mindigits(); diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index b4a3295..a4d2dc6 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -820,8 +820,9 @@ check_pw_syntax_ext ( Slapi_PBlock *pb, const Slapi_DN *sdn, Slapi_Value **vals, */ for ( i = 0; vals[ i ] != NULL; ++i ){ if (slapi_is_encoded((char *)slapi_value_get_string(vals[i]))) { - if ((!is_replication && ((internal_op && pb->pb_conn && !slapi_dn_isroot(pb->pb_conn->c_dn)) || - (!internal_op && !pw_is_pwp_admin(pb, pwpolicy))))) { + if (!is_replication && !config_get_allow_hashed_pw() && + ((internal_op && pb->pb_conn && !slapi_dn_isroot(pb->pb_conn->c_dn)) || + (!internal_op && !pw_is_pwp_admin(pb, pwpolicy)))) { PR_snprintf( errormsg, BUFSIZ, "invalid password syntax - passwords with storage scheme are not allowed"); if ( pwresponse_req == 1 ) { diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index bbc1dc5..d234c13 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -2066,6 +2066,7 @@ typedef struct _slapdEntryPoints { #define CONFIG_GROUPEVALNESTLEVEL_ATTRIBUTE "nsslapd-groupevalnestlevel" #define CONFIG_NAGLE_ATTRIBUTE "nsslapd-nagle" #define CONFIG_PWPOLICY_LOCAL_ATTRIBUTE "nsslapd-pwpolicy-local" +#define CONFIG_ALLOW_HASHED_PW_ATTRIBUTE "nsslapd-allow-hashed-passwords" #define CONFIG_PW_CHANGE_ATTRIBUTE "passwordChange" #define CONFIG_PW_MUSTCHANGE_ATTRIBUTE "passwordMustChange" #define CONFIG_PW_SYNTAX_ATTRIBUTE "passwordCheckSyntax" @@ -2278,6 +2279,7 @@ typedef struct _slapdFrontendConfig { slapi_onoff_t pwpolicy_local; slapi_onoff_t pw_is_global_policy; + slapi_onoff_t allow_hashed_pw; passwdPolicy pw_policy; /* ACCESS LOG */

1 0

ldap/servers
by Noriko Hosoi 05 Jun '14

05 Jun '14

ldap/servers/slapd/modify.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) New commits: commit ccc61a3a589a47844a7e6eeb13f87e1351637618 Author: Nathan Kinder <nkinder(a)redhat.com> Date: Mon Mar 17 19:34:45 2014 -0700 Ticket 47752 - Don't add unhashed password mod if we don't have an unhashed value When performing a modify operation to replace the userpassword with a pre-hashed value, the modify code adds a LDAPMod that replaces the "unhashed#user#password" attribute with no values. While this doesn't cause any harm inside DS itself, it is not the correct behavior. We should only add a LDAPMod for the unhashed password if we actually have an unhashed value available. https://fedorahosted.org/389/ticket/47752 Reviewed by mreynold(a)redhat.com diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index 34fc326..fb0fdde 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -975,10 +975,10 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw) } else { /* add pseudo password attribute */ valuearray_init_bervalarray_unhashed_only(pw_mod->mod_bvalues, &va); - if(va){ + if(va && va[0]){ slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va); - valuearray_free(&va); } + valuearray_free(&va); } /* Init new value array for hashed value */

1 0

dirsrvtests/tickets
by Noriko Hosoi 05 Jun '14

05 Jun '14

dirsrvtests/tickets/ticket47313_test.py | 220 ++++++++++++++++++++++++++++++++ 1 file changed, 220 insertions(+) New commits: commit 3939aafc137fb7c8cd086febca7f17dc478b101c Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Wed Jun 4 16:16:58 2014 -0700 Ticket 47313 - CI test: add test case for ticket 47313 Bug Description: Indexed search with filter containing '&' and "!" with attribute subtypes gives wrong result Test Description: The test case is to - add 2 entries entry_1 cn: <val_1> cn;en: <en_val> cn;fr: <fr_val> entry_2 cn: <val_2> cn;en: <en_val> - search with filters 1. (&(sn=sn_val)(!(cn=<fr_val>))) expect result: entry_2 2. (&(sn=sn_val)(!(cn;fr=<fr_val>))) expect result: entry_2 3. (&(sn=sn_val)(!(cn;en=<en_val>))) expect result: none - delete the 2 entries https://fedorahosted.org/389/ticket/47313 diff --git a/dirsrvtests/tickets/ticket47313_test.py b/dirsrvtests/tickets/ticket47313_test.py new file mode 100644 index 0000000..f010de9 --- /dev/null +++ b/dirsrvtests/tickets/ticket47313_test.py @@ -0,0 +1,220 @@ +import os +import sys +import time +import ldap +import logging +import socket +import time +import logging +import pytest +from lib389 import DirSrv, Entry, tools +from lib389.tools import DirSrvTools +from lib389._constants import * +from lib389.properties import * +from constants import * + +log = logging.getLogger(__name__) + +installation_prefix = None + +ENTRY_NAME = 'test_entry' + + +class TopologyStandalone(object): + def __init__(self, standalone): + standalone.open() + self.standalone = standalone + + +(a)pytest.fixture(scope="module") +def topology(request): + ''' + This fixture is used to standalone topology for the 'module'. + At the beginning, It may exists a standalone instance. + It may also exists a backup for the standalone instance. + + Principle: + If standalone instance exists: + restart it + If backup of standalone exists: + create/rebind to standalone + + restore standalone instance from backup + else: + Cleanup everything + remove instance + remove backup + Create instance + Create backup + ''' + global installation_prefix + + if installation_prefix: + args_instance[SER_DEPLOYED_DIR] = installation_prefix + + standalone = DirSrv(verbose=False) + + # Args for the standalone instance + args_instance[SER_HOST] = HOST_STANDALONE + args_instance[SER_PORT] = PORT_STANDALONE + args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE + args_standalone = args_instance.copy() + standalone.allocate(args_standalone) + + # Get the status of the backups + backup_standalone = standalone.checkBackupFS() + + # Get the status of the instance and restart it if it exists + instance_standalone = standalone.exists() + if instance_standalone: + # assuming the instance is already stopped, just wait 5 sec max + standalone.stop(timeout=5) + standalone.start(timeout=10) + + if backup_standalone: + # The backup exist, assuming it is correct + # we just re-init the instance with it + if not instance_standalone: + standalone.create() + # Used to retrieve configuration information (dbdir, confdir...) + standalone.open() + + # restore standalone instance from backup + standalone.stop(timeout=10) + standalone.restoreFS(backup_standalone) + standalone.start(timeout=10) + + else: + # We should be here only in two conditions + # - This is the first time a test involve standalone instance + # - Something weird happened (instance/backup destroyed) + # so we discard everything and recreate all + + # Remove the backup. So even if we have a specific backup file + # (e.g backup_standalone) we clear backup that an instance may have created + if backup_standalone: + standalone.clearBackupFS() + + # Remove the instance + if instance_standalone: + standalone.delete() + + # Create the instance + standalone.create() + + # Used to retrieve configuration information (dbdir, confdir...) + standalone.open() + + # Time to create the backups + standalone.stop(timeout=10) + standalone.backupfile = standalone.backupFS() + standalone.start(timeout=10) + + # + # Here we have standalone instance up and running + # Either coming from a backup recovery + # or from a fresh (re)init + # Time to return the topology + return TopologyStandalone(standalone) + + +def test_ticket47313_run(topology): + """ + It adds 2 test entries + Search with filters including subtype and ! + It deletes the added entries + """ + + # bind as directory manager + topology.standalone.log.info("Bind as %s" % DN_DM) + topology.standalone.simple_bind_s(DN_DM, PASSWORD) + + # enable filter error logging + mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '32')] + topology.standalone.modify_s(DN_CONFIG, mod) + + topology.standalone.log.info("\n\n######################### ADD ######################\n") + + # Prepare the entry with cn;fr & cn;en + entry_name_fr = '%s fr' % (ENTRY_NAME) + entry_name_en = '%s en' % (ENTRY_NAME) + entry_name_both = '%s both' % (ENTRY_NAME) + entry_dn_both = 'cn=%s, %s' % (entry_name_both, SUFFIX) + entry_both = Entry(entry_dn_both) + entry_both.setValues('objectclass', 'top', 'person') + entry_both.setValues('sn', entry_name_both) + entry_both.setValues('cn', entry_name_both) + entry_both.setValues('cn;fr', entry_name_fr) + entry_both.setValues('cn;en', entry_name_en) + + # Prepare the entry with one member + entry_name_en_only = '%s en only' % (ENTRY_NAME) + entry_dn_en_only = 'cn=%s, %s' % (entry_name_en_only, SUFFIX) + entry_en_only = Entry(entry_dn_en_only) + entry_en_only.setValues('objectclass', 'top', 'person') + entry_en_only.setValues('sn', entry_name_en_only) + entry_en_only.setValues('cn', entry_name_en_only) + entry_en_only.setValues('cn;en', entry_name_en) + + topology.standalone.log.info("Try to add Add %s: %r" % (entry_dn_both, entry_both)) + topology.standalone.add_s(entry_both) + + topology.standalone.log.info("Try to add Add %s: %r" % (entry_dn_en_only, entry_en_only)) + topology.standalone.add_s(entry_en_only) + + topology.standalone.log.info("\n\n######################### SEARCH ######################\n") + + # filter: (&(cn=test_entry en only)(!(cn=test_entry fr))) + myfilter = '(&(sn=%s)(!(cn=%s)))' % (entry_name_en_only, entry_name_fr) + topology.standalone.log.info("Try to search with filter %s" % myfilter) + ents = topology.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) + assert len(ents) == 1 + assert ents[0].sn == entry_name_en_only + topology.standalone.log.info("Found %s" % ents[0].dn) + + # filter: (&(cn=test_entry en only)(!(cn;fr=test_entry fr))) + myfilter = '(&(sn=%s)(!(cn;fr=%s)))' % (entry_name_en_only, entry_name_fr) + topology.standalone.log.info("Try to search with filter %s" % myfilter) + ents = topology.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) + assert len(ents) == 1 + assert ents[0].sn == entry_name_en_only + topology.standalone.log.info("Found %s" % ents[0].dn) + + # filter: (&(cn=test_entry en only)(!(cn;en=test_entry en))) + myfilter = '(&(sn=%s)(!(cn;en=%s)))' % (entry_name_en_only, entry_name_en) + topology.standalone.log.info("Try to search with filter %s" % myfilter) + ents = topology.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) + assert len(ents) == 0 + topology.standalone.log.info("Found none") + + topology.standalone.log.info("\n\n######################### DELETE ######################\n") + + topology.standalone.log.info("Try to delete %s " % entry_dn_both) + topology.standalone.delete_s(entry_dn_both) + + topology.standalone.log.info("Try to delete %s " % entry_dn_en_only) + topology.standalone.delete_s(entry_dn_en_only) + +def test_ticket47313_final(topology): + topology.standalone.stop(timeout=10) + +def run_isolated(): + ''' + run_isolated is used to run these test cases independently of a test scheduler (xunit, py.test..) + To run isolated without py.test, you need to + - edit this file and comment '@pytest.fixture' line before 'topology' function. + - set the installation prefix + - run this program + ''' + global installation_prefix + installation_prefix = None + + topo = topology(True) + test_ticket47313_run(topo) + + test_ticket47313_final(topo) + + +if __name__ == '__main__': + run_isolated() +

1 0

Branch '389-ds-base-1.3.1' - ldap/servers
by Noriko Hosoi 05 Jun '14

05 Jun '14

ldap/servers/slapd/add.c | 6 ++---- ldap/servers/slapd/back-ldbm/ldbm_add.c | 4 +++- 2 files changed, 5 insertions(+), 5 deletions(-) New commits: commit c6b5630cd094e7a25d3f9c9ca347c4a652417756 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Thu Jun 5 12:10:37 2014 -0700 Ticket #47808 - If be_txn plugin fails in ldbm_back_add, adding entry is double freed. Bug description: Backend add ldbm_back_add frees the entry to be added, if the add fails in the be_txn plugins. But the frontend releases the entry when an error is returned from the backend. Fix desxription: When the entry is freed in the backend, set NULL to the pblock SLAPI_ADD_ENTRY to tell the frontend not to free the entry. https://fedorahosted.org/389/ticket/47808 Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!) (cherry picked from commit d50f99476386b6c464884d2d16a688ecafc7fafc) (cherry picked from commit 1f3510ad05e07667e0ec16c82baa2d4909675889) diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c index fadc56b..875ad22 100644 --- a/ldap/servers/slapd/add.c +++ b/ldap/servers/slapd/add.c @@ -767,10 +767,8 @@ static void op_shared_add (Slapi_PBlock *pb) } else { - /* restore e so we can free it below */ - if (save_e) { - e = save_e; - } + /* PR_ASSERT(!save_e); save_e is supposed to be freed in the backend. */ + e = save_e; if (rc == SLAPI_FAIL_DISKFULL) { operation_out_of_disk_space(); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c index 0a4557b..2b79be3 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_add.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c @@ -851,7 +851,7 @@ ldbm_back_add( Slapi_PBlock *pb ) slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, ldap_result_code ? &ldap_result_code : &retval); } slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); - LDAPDebug1Arg(LDAP_DEBUG_ANY, "SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN plugin failed: %d", + LDAPDebug1Arg(LDAP_DEBUG_ANY, "SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN plugin failed: %d\n", ldap_result_code ? ldap_result_code : retval); goto error_return; } @@ -1160,6 +1160,8 @@ error_return: { if (inst) { CACHE_REMOVE(&inst->inst_cache, addingentry); + /* tell frontend not to free this entry */ + slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL); } } else

1 0

Branch '389-ds-base-1.3.2' - ldap/servers
by Noriko Hosoi 05 Jun '14

05 Jun '14

ldap/servers/slapd/add.c | 6 ++---- ldap/servers/slapd/back-ldbm/ldbm_add.c | 4 +++- 2 files changed, 5 insertions(+), 5 deletions(-) New commits: commit 1f3510ad05e07667e0ec16c82baa2d4909675889 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Thu Jun 5 12:10:37 2014 -0700 Ticket #47808 - If be_txn plugin fails in ldbm_back_add, adding entry is double freed. Bug description: Backend add ldbm_back_add frees the entry to be added, if the add fails in the be_txn plugins. But the frontend releases the entry when an error is returned from the backend. Fix desxription: When the entry is freed in the backend, set NULL to the pblock SLAPI_ADD_ENTRY to tell the frontend not to free the entry. https://fedorahosted.org/389/ticket/47808 Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!) (cherry picked from commit d50f99476386b6c464884d2d16a688ecafc7fafc) diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c index fadc56b..875ad22 100644 --- a/ldap/servers/slapd/add.c +++ b/ldap/servers/slapd/add.c @@ -767,10 +767,8 @@ static void op_shared_add (Slapi_PBlock *pb) } else { - /* restore e so we can free it below */ - if (save_e) { - e = save_e; - } + /* PR_ASSERT(!save_e); save_e is supposed to be freed in the backend. */ + e = save_e; if (rc == SLAPI_FAIL_DISKFULL) { operation_out_of_disk_space(); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c index 0a39f71..c99db8d 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_add.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c @@ -851,7 +851,7 @@ ldbm_back_add( Slapi_PBlock *pb ) slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, ldap_result_code ? &ldap_result_code : &retval); } slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); - LDAPDebug1Arg(LDAP_DEBUG_ANY, "SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN plugin failed: %d", + LDAPDebug1Arg(LDAP_DEBUG_ANY, "SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN plugin failed: %d\n", ldap_result_code ? ldap_result_code : retval); goto error_return; } @@ -1160,6 +1160,8 @@ error_return: { if (inst) { CACHE_REMOVE(&inst->inst_cache, addingentry); + /* tell frontend not to free this entry */ + slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL); } } else

1 0

ldap/servers
by Noriko Hosoi 05 Jun '14

05 Jun '14

ldap/servers/slapd/add.c | 6 ++---- ldap/servers/slapd/back-ldbm/ldbm_add.c | 4 +++- 2 files changed, 5 insertions(+), 5 deletions(-) New commits: commit d50f99476386b6c464884d2d16a688ecafc7fafc Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Thu Jun 5 12:10:37 2014 -0700 Ticket #47808 - If be_txn plugin fails in ldbm_back_add, adding entry is double freed. Bug description: Backend add ldbm_back_add frees the entry to be added, if the add fails in the be_txn plugins. But the frontend releases the entry when an error is returned from the backend. Fix desxription: When the entry is freed in the backend, set NULL to the pblock SLAPI_ADD_ENTRY to tell the frontend not to free the entry. https://fedorahosted.org/389/ticket/47808 Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!) diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c index fadc56b..875ad22 100644 --- a/ldap/servers/slapd/add.c +++ b/ldap/servers/slapd/add.c @@ -767,10 +767,8 @@ static void op_shared_add (Slapi_PBlock *pb) } else { - /* restore e so we can free it below */ - if (save_e) { - e = save_e; - } + /* PR_ASSERT(!save_e); save_e is supposed to be freed in the backend. */ + e = save_e; if (rc == SLAPI_FAIL_DISKFULL) { operation_out_of_disk_space(); diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c index 582e06a..5be1cd8 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_add.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c @@ -853,7 +853,7 @@ ldbm_back_add( Slapi_PBlock *pb ) slapi_pblock_set(pb, SLAPI_PLUGIN_OPRETURN, ldap_result_code ? &ldap_result_code : &retval); } slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message); - LDAPDebug1Arg(LDAP_DEBUG_ANY, "SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN plugin failed: %d", + LDAPDebug1Arg(LDAP_DEBUG_ANY, "SLAPI_PLUGIN_BE_TXN_PRE_ADD_FN plugin failed: %d\n", ldap_result_code ? ldap_result_code : retval); goto error_return; } @@ -1162,6 +1162,8 @@ error_return: { if (inst) { CACHE_REMOVE(&inst->inst_cache, addingentry); + /* tell frontend not to free this entry */ + slapi_pblock_set(pb, SLAPI_ADD_ENTRY, NULL); } } else

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits June 2014