Branch '389-ds-base-1.2.11' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit b97803f9797138a0d218ea2f2c6891fe798e2fcf
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed May 6 15:08:22 2015 -0400
Ticket 48158 - Remove cleanAllRUV task limit of 4
Bug Description: There is a limit of 4 concurrent tasks, and this is too
low of a limit.
Fix Description: There still needs to be a limit because each task creates
a new thread. Setting limit to 64.
https://fedorahosted.org/389/ticket/48158
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit cd8614a75852f4d05dc76d104867542f18384416)
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 10c0869..6cec248 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -649,7 +649,7 @@ void set_cleaned_rid(ReplicaId rid);
void cleanruv_log(Slapi_Task *task, int rid, char *task_type, char *fmt, ...);
char * replica_cleanallruv_get_local_maxcsn(ReplicaId rid, char *base_dn);
-#define CLEANRIDSIZ 4 /* maximum number for concurrent CLEANALLRUV tasks */
+#define CLEANRIDSIZ 64 /* maximum number for concurrent CLEANALLRUV tasks */
typedef struct _cleanruv_data
{
8 years, 11 months
Branch '389-ds-base-1.3.1' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 0206e01b523417e4c7315bec8b967497f130c2af
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed May 6 15:08:22 2015 -0400
Ticket 48158 - Remove cleanAllRUV task limit of 4
Bug Description: There is a limit of 4 concurrent tasks, and this is too
low of a limit.
Fix Description: There still needs to be a limit because each task creates
a new thread. Setting limit to 64.
https://fedorahosted.org/389/ticket/48158
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit cd8614a75852f4d05dc76d104867542f18384416)
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 0c3abd9..7d85631 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -674,7 +674,7 @@ void set_cleaned_rid(ReplicaId rid);
void cleanruv_log(Slapi_Task *task, int rid, char *task_type, char *fmt, ...);
char * replica_cleanallruv_get_local_maxcsn(ReplicaId rid, char *base_dn);
-#define CLEANRIDSIZ 4 /* maximum number for concurrent CLEANALLRUV tasks */
+#define CLEANRIDSIZ 64 /* maximum number for concurrent CLEANALLRUV tasks */
typedef struct _cleanruv_data
{
8 years, 11 months
Branch '389-ds-base-1.3.2' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 04020a3bda9f814e077740766b87b43b487db7b1
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed May 6 15:08:22 2015 -0400
Ticket 48158 - Remove cleanAllRUV task limit of 4
Bug Description: There is a limit of 4 concurrent tasks, and this is too
low of a limit.
Fix Description: There still needs to be a limit because each task creates
a new thread. Setting limit to 64.
https://fedorahosted.org/389/ticket/48158
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit cd8614a75852f4d05dc76d104867542f18384416)
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 19183c1..be71e93 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -679,7 +679,7 @@ void set_cleaned_rid(ReplicaId rid);
void cleanruv_log(Slapi_Task *task, int rid, char *task_type, char *fmt, ...);
char * replica_cleanallruv_get_local_maxcsn(ReplicaId rid, char *base_dn);
-#define CLEANRIDSIZ 4 /* maximum number for concurrent CLEANALLRUV tasks */
+#define CLEANRIDSIZ 64 /* maximum number for concurrent CLEANALLRUV tasks */
typedef struct _cleanruv_data
{
8 years, 11 months
Branch '389-ds-base-1.3.3' - ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit faa14f582a995cb57afbb602d3f8264794c3568b
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed May 6 15:08:22 2015 -0400
Ticket 48158 - Remove cleanAllRUV task limit of 4
Bug Description: There is a limit of 4 concurrent tasks, and this is too
low of a limit.
Fix Description: There still needs to be a limit because each task creates
a new thread. Setting limit to 64.
https://fedorahosted.org/389/ticket/48158
Reviewed by: rmeggins(Thanks!)
(cherry picked from commit cd8614a75852f4d05dc76d104867542f18384416)
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 7f5d693..8381c97 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -700,7 +700,7 @@ void set_cleaned_rid(ReplicaId rid);
void cleanruv_log(Slapi_Task *task, int rid, char *task_type, char *fmt, ...);
char * replica_cleanallruv_get_local_maxcsn(ReplicaId rid, char *base_dn);
-#define CLEANRIDSIZ 4 /* maximum number for concurrent CLEANALLRUV tasks */
+#define CLEANRIDSIZ 64 /* maximum number for concurrent CLEANALLRUV tasks */
typedef struct _cleanruv_data
{
8 years, 11 months
ldap/servers
by Mark Reynolds
ldap/servers/plugins/replication/repl5.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit cd8614a75852f4d05dc76d104867542f18384416
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Wed May 6 15:08:22 2015 -0400
Ticket 48158 - Remove cleanAllRUV task limit of 4
Bug Description: There is a limit of 4 concurrent tasks, and this is too
low of a limit.
Fix Description: There still needs to be a limit because each task creates
a new thread. Setting limit to 64.
https://fedorahosted.org/389/ticket/48158
Reviewed by: rmeggins(Thanks!)
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 7f5d693..8381c97 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -700,7 +700,7 @@ void set_cleaned_rid(ReplicaId rid);
void cleanruv_log(Slapi_Task *task, int rid, char *task_type, char *fmt, ...);
char * replica_cleanallruv_get_local_maxcsn(ReplicaId rid, char *base_dn);
-#define CLEANRIDSIZ 4 /* maximum number for concurrent CLEANALLRUV tasks */
+#define CLEANRIDSIZ 64 /* maximum number for concurrent CLEANALLRUV tasks */
typedef struct _cleanruv_data
{
8 years, 11 months
Branch '389-ds-base-1.2.11' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/ssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit bd0c50ae464291b4d1484c621957a701acd6ac71
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Tue May 5 14:11:45 2015 -0700
Ticket #48180 - Lowering the log level of "Configured SSL version range" message (1.2.11 only)
Description: The Configured SSL version range message is logged only
if the log level LDAP_DEBUG_CONFIG (0x00040 == 64) is set.
https://fedorahosted.org/389/ticket/48180
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 5451d6e..529dbc6 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -1375,7 +1375,7 @@ int slapd_ssl_init2(PRFileDesc **fd, int startTLS)
slapdNSSVersions.max = NSSVersionMax;
(void) slapi_getSSLVersion_str(slapdNSSVersions.min, mymin, sizeof(mymin));
(void) slapi_getSSLVersion_str(slapdNSSVersions.max, mymax, sizeof(mymax));
- slapi_log_error(SLAPI_LOG_FATAL, "SSL Initialization",
+ slapi_log_error(SLAPI_LOG_CONFIG, "SSL Initialization",
"Configured SSL version range: min: %s, max: %s\n",
mymin, mymax);
sslStatus = SSL_VersionRangeSet(pr_sock, &slapdNSSVersions);
8 years, 11 months
Branch '389-ds-base-1.2.11' - 3 commits - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/opshared.c | 93 ++++++++++++++++++--------------------
ldap/servers/slapd/pagedresults.c | 11 ++++
ldap/servers/slapd/proto-slap.h | 2
ldap/servers/slapd/result.c | 32 ++++++++++++-
4 files changed, 87 insertions(+), 51 deletions(-)
New commits:
commit 82020ad65cf1b1762a8e9eaaf1a9cd7bc7b709f1
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon May 4 14:06:43 2015 -0700
Ticket #48146 - async simple paged results issue
Description: Invalid index could cause Invalid read.
https://fedorahosted.org/389/ticket/48146
(cherry picked from commit 8e21bfbe4fcac79cf39e5c6b579c4bc88e05257e)
(cherry picked from commit 644a116950d34bd11533a4426f6af6953865edf2)
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index a3a5fc4..327da54 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -138,6 +138,13 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
memcpy(ptr, cookie.bv_val, cookie.bv_len);
*(ptr+cookie.bv_len) = '\0';
*index = strtol(ptr, NULL, 10);
+ if (conn->c_pagedresults.prl_maxlen <= *index) {
+ rc = LDAP_PROTOCOL_ERROR;
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
+ "pagedresults_parse_control_value: invalid cookie: %d\n",
+ *index);
+ goto bail;
+ }
slapi_ch_free_string(&ptr);
prp = conn->c_pagedresults.prl_list + *index;
if (!(prp->pr_search_result_set)) { /* freed and reused for the next backend. */
@@ -162,6 +169,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
"pagedresults_parse_control_value: invalid cookie: %d\n",
*index);
}
+bail:
PR_Unlock(conn->c_mutex);
LDAPDebug1Arg(LDAP_DEBUG_TRACE,
commit 38efd1712dc650ccc09942efad80e52f1bc32318
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri May 1 12:01:13 2015 -0700
Ticket #48146 - async simple paged results issue; need to close a small window for a pr index competed among multiple threads.
Description: If multiple async simple paged results requests come in via one
connection simultaneously, the same slot in the paged results array in the
connection could be shared. If one of them has to do paging, the search
request object stashed in the paged result array slot could be freed by the
other request if it has the shorter life cycle.
These 3 reqs use the same paged results array slot.
req0: <--------------><----x
page1 page2
req1: <----->
req2: <------->
frees search result object of req0
(cherry picked from commit 4ae5a81d2e4d0b219cc8c19f0f7ab30c54f08ea3)
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index 3e55729..15b81b6 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -407,6 +407,51 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
*/
operation_set_target_spec (pb->pb_op, basesdn);
+ if (be_name == NULL)
+ {
+ /* no specific backend was requested, use the mapping tree
+ */
+ err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
+ if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
+ || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
+ {
+ send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
+ rc = -1;
+ goto free_and_return;
+ }
+ if (be_list[0] != NULL)
+ {
+ index = 0;
+ if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
+ /* move the index in the be_list which matches pr_be */
+ while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
+ index++;
+ } else {
+ while (be_list[index] && be_list[index+1])
+ index++;
+ }
+ /* "be" is either pr_be or the last backend */
+ be = be_list[index];
+ }
+ else
+ be = pr_be?pr_be:NULL;
+ }
+ else
+ {
+ /* specific backend be_name was requested, use slapi_be_select_by_instance_name
+ */
+ if (pr_be) {
+ be_single = be = pr_be;
+ } else {
+ be_single = be = slapi_be_select_by_instance_name(be_name);
+ }
+ if (be_single)
+ slapi_be_Rlock(be_single);
+ be_list[0] = NULL;
+ referral_list[0] = NULL;
+ referral = NULL;
+ }
+
/* this is time to check if mapping tree specific control
* was used to specify that we want to parse only
* one backend
@@ -471,8 +516,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
if ( slapi_control_present (ctrlp, LDAP_CONTROL_PAGEDRESULTS,
&ctl_value, &iscritical) )
{
- rc = pagedresults_parse_control_value(pb, ctl_value,
- &pagesize, &pr_idx);
+ rc = pagedresults_parse_control_value(pb, ctl_value, &pagesize, &pr_idx, be);
/* Let's set pr_idx even if it fails; in case, pr_idx == -1. */
slapi_pblock_set(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
if ((LDAP_SUCCESS == rc) ||
@@ -513,51 +557,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
}
}
- if (be_name == NULL)
- {
- /* no specific backend was requested, use the mapping tree
- */
- err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
- if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
- || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
- {
- send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
- rc = -1;
- goto free_and_return;
- }
- if (be_list[0] != NULL)
- {
- index = 0;
- if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
- /* move the index in the be_list which matches pr_be */
- while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
- index++;
- } else {
- while (be_list[index] && be_list[index+1])
- index++;
- }
- /* "be" is either pr_be or the last backend */
- be = be_list[index];
- }
- else
- be = pr_be?pr_be:NULL;
- }
- else
- {
- /* specific backend be_name was requested, use slapi_be_select_by_instance_name
- */
- if (pr_be) {
- be_single = be = pr_be;
- } else {
- be_single = be = slapi_be_select_by_instance_name(be_name);
- }
- if (be_single)
- slapi_be_Rlock(be_single);
- be_list[0] = NULL;
- referral_list[0] = NULL;
- referral = NULL;
- }
-
slapi_pblock_set(pb, SLAPI_BACKEND_COUNT, &index);
if (be)
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index e61c000..a3a5fc4 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -58,7 +58,7 @@
int
pagedresults_parse_control_value( Slapi_PBlock *pb,
struct berval *psbvp, ber_int_t *pagesize,
- int *index )
+ int *index, Slapi_Backend *be )
{
int rc = LDAP_SUCCESS;
struct berval cookie = {0};
@@ -119,6 +119,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
} else {
for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
if (!conn->c_pagedresults.prl_list[i].pr_current_be) {
+ conn->c_pagedresults.prl_list[i].pr_current_be = be;
*index = i;
break;
}
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index c497c14..4c3c29d 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -1432,7 +1432,7 @@ int slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt,
* pagedresults.c
*/
int pagedresults_parse_control_value(Slapi_PBlock *pb, struct berval *psbvp,
- ber_int_t *pagesize, int *index);
+ ber_int_t *pagesize, int *index, Slapi_Backend *be);
void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical,
ber_int_t estimate,
int curr_search_count, int index);
commit 0bff700c0a50f26819f203772085e440a1fa8c23
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Apr 29 17:15:45 2015 -0700
Ticket #48146 - async simple paged results issue; log pr index
Description: When the request is a simple paged results search,
log pr index in the access log.
Sample access log for "getent netgroup <name>":
[..] conn=23 op=521 SRCH base="cn=accounts,dc=testrelm,dc=test" scope=2 filter="(&(|(memberOf=ipaUniqueID=3036b6a0-ee18-11e4-b7dd-00215e2032c0,cn=ng,cn=alt,dc=testrelm,dc=test))(objectClass=ipaHost))" attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
[..] conn=23 op=521 RESULT err=0 tag=101 nentries=200 etime=0 notes=P pr_idx=3
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index caf3014..6ed6c55 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -1689,7 +1689,10 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag,
int internal_op;
CSN *operationcsn = NULL;
char csn_str[CSN_STRSIZE + 5];
- char etime[ETIME_BUFSIZ];
+ char etime[ETIME_BUFSIZ];
+ int pr_idx = -1;
+
+ slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
internal_op = operation_is_flag_set( op, OP_FLAG_INTERNAL );
@@ -1784,7 +1787,32 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag,
notes_str, csn_str, dn ? dn : "");
}
slapi_ch_free((void**)&dn);
- } else {
+ } else if (pr_idx > -1) {
+ if ( !internal_op )
+ {
+ slapi_log_access( LDAP_DEBUG_STATS,
+ "conn=%" NSPRIu64 " op=%d RESULT err=%d"
+ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s"
+ " pr_idx=%d\n",
+ op->o_connid,
+ op->o_opid,
+ err, tag, nentries,
+ etime,
+ notes_str, csn_str, pr_idx );
+ }
+ else
+ {
+ slapi_log_access( LDAP_DEBUG_ARGS,
+ "conn=%s op=%d RESULT err=%d"
+ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s"
+ " pr_idx=%d\n",
+ LOG_INTERNAL_OP_CON_ID,
+ LOG_INTERNAL_OP_OP_ID,
+ err, tag, nentries,
+ etime,
+ notes_str, csn_str, pr_idx );
+ }
+ } else {
if ( !internal_op )
{
slapi_log_access( LDAP_DEBUG_STATS,
8 years, 11 months
Branch '389-ds-base-1.3.2' - 3 commits - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/opshared.c | 93 ++++++++++++++++++--------------------
ldap/servers/slapd/pagedresults.c | 11 ++++
ldap/servers/slapd/proto-slap.h | 2
ldap/servers/slapd/result.c | 32 ++++++++++++-
4 files changed, 88 insertions(+), 50 deletions(-)
New commits:
commit 644a116950d34bd11533a4426f6af6953865edf2
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon May 4 14:06:43 2015 -0700
Ticket #48146 - async simple paged results issue
Description: Invalid index could cause Invalid read.
https://fedorahosted.org/389/ticket/48146
(cherry picked from commit 8e21bfbe4fcac79cf39e5c6b579c4bc88e05257e)
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index a3a5fc4..327da54 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -138,6 +138,13 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
memcpy(ptr, cookie.bv_val, cookie.bv_len);
*(ptr+cookie.bv_len) = '\0';
*index = strtol(ptr, NULL, 10);
+ if (conn->c_pagedresults.prl_maxlen <= *index) {
+ rc = LDAP_PROTOCOL_ERROR;
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
+ "pagedresults_parse_control_value: invalid cookie: %d\n",
+ *index);
+ goto bail;
+ }
slapi_ch_free_string(&ptr);
prp = conn->c_pagedresults.prl_list + *index;
if (!(prp->pr_search_result_set)) { /* freed and reused for the next backend. */
@@ -162,6 +169,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
"pagedresults_parse_control_value: invalid cookie: %d\n",
*index);
}
+bail:
PR_Unlock(conn->c_mutex);
LDAPDebug1Arg(LDAP_DEBUG_TRACE,
commit 85d105ebca073056dc83f7b6657d2605a4b6a162
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri May 1 12:01:13 2015 -0700
Ticket #48146 - async simple paged results issue; need to close a small window for a pr index competed among multiple threads.
Description: If multiple async simple paged results requests come in via one
connection simultaneously, the same slot in the paged results array in the
connection could be shared. If one of them has to do paging, the search
request object stashed in the paged result array slot could be freed by the
other request if it has the shorter life cycle.
These 3 reqs use the same paged results array slot.
req0: <--------------><----x
page1 page2
req1: <----->
req2: <------->
frees search result object of req0
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
(cherry picked from commit 3cf85d1ad6cbc0feac5578dee5ce259c0f65055f)
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index b4de124..b82a171 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -408,6 +408,51 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
*/
operation_set_target_spec (pb->pb_op, basesdn);
+ if (be_name == NULL)
+ {
+ /* no specific backend was requested, use the mapping tree
+ */
+ err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
+ if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
+ || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
+ {
+ send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
+ rc = -1;
+ goto free_and_return;
+ }
+ if (be_list[0] != NULL)
+ {
+ index = 0;
+ if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
+ /* move the index in the be_list which matches pr_be */
+ while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
+ index++;
+ } else {
+ while (be_list[index] && be_list[index+1])
+ index++;
+ }
+ /* "be" is either pr_be or the last backend */
+ be = be_list[index];
+ }
+ else
+ be = pr_be?pr_be:NULL;
+ }
+ else
+ {
+ /* specific backend be_name was requested, use slapi_be_select_by_instance_name
+ */
+ if (pr_be) {
+ be_single = be = pr_be;
+ } else {
+ be_single = be = slapi_be_select_by_instance_name(be_name);
+ }
+ if (be_single)
+ slapi_be_Rlock(be_single);
+ be_list[0] = NULL;
+ referral_list[0] = NULL;
+ referral = NULL;
+ }
+
/* this is time to check if mapping tree specific control
* was used to specify that we want to parse only
* one backend
@@ -478,8 +523,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
if ( slapi_control_present (ctrlp, LDAP_CONTROL_PAGEDRESULTS,
&ctl_value, &iscritical) )
{
- rc = pagedresults_parse_control_value(pb, ctl_value,
- &pagesize, &pr_idx);
+ rc = pagedresults_parse_control_value(pb, ctl_value, &pagesize, &pr_idx, be);
/* Let's set pr_idx even if it fails; in case, pr_idx == -1. */
slapi_pblock_set(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
if ((LDAP_SUCCESS == rc) ||
@@ -520,51 +564,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
}
}
- if (be_name == NULL)
- {
- /* no specific backend was requested, use the mapping tree
- */
- err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
- if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
- || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
- {
- send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
- rc = -1;
- goto free_and_return;
- }
- if (be_list[0] != NULL)
- {
- index = 0;
- if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
- /* move the index in the be_list which matches pr_be */
- while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
- index++;
- } else {
- while (be_list[index] && be_list[index+1])
- index++;
- }
- /* "be" is either pr_be or the last backend */
- be = be_list[index];
- }
- else
- be = pr_be?pr_be:NULL;
- }
- else
- {
- /* specific backend be_name was requested, use slapi_be_select_by_instance_name
- */
- if (pr_be) {
- be_single = be = pr_be;
- } else {
- be_single = be = slapi_be_select_by_instance_name(be_name);
- }
- if (be_single)
- slapi_be_Rlock(be_single);
- be_list[0] = NULL;
- referral_list[0] = NULL;
- referral = NULL;
- }
-
slapi_pblock_set(pb, SLAPI_BACKEND_COUNT, &index);
if (be)
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index e61c000..a3a5fc4 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -58,7 +58,7 @@
int
pagedresults_parse_control_value( Slapi_PBlock *pb,
struct berval *psbvp, ber_int_t *pagesize,
- int *index )
+ int *index, Slapi_Backend *be )
{
int rc = LDAP_SUCCESS;
struct berval cookie = {0};
@@ -119,6 +119,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
} else {
for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
if (!conn->c_pagedresults.prl_list[i].pr_current_be) {
+ conn->c_pagedresults.prl_list[i].pr_current_be = be;
*index = i;
break;
}
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index c79a85d..4d460c8 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -1457,7 +1457,7 @@ int slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt,
* pagedresults.c
*/
int pagedresults_parse_control_value(Slapi_PBlock *pb, struct berval *psbvp,
- ber_int_t *pagesize, int *index);
+ ber_int_t *pagesize, int *index, Slapi_Backend *be);
void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical,
ber_int_t estimate,
int curr_search_count, int index);
commit b123fae0fbf2b9125c574abf2d5a635f08716210
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri May 1 10:50:39 2015 -0700
Ticket #48146 - async simple paged results issue; log pr index
Description: When the request is a simple paged results search,
log pr index in the access log.
Sample access log for "getent netgroup <name>":
[..] conn=23 op=521 SRCH base="cn=accounts,dc=testrelm,dc=test" scope=2 filter="(&(|(memberOf=ipaUniqueID=3036b6a0-ee18-11e4-b7dd-00215e2032c0,cn=ng,cn=alt,dc=testrelm,dc=test))(objectClass=ipaHost))" attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
[..] conn=23 op=521 RESULT err=0 tag=101 nentries=200 etime=0 notes=P pr_idx=3
https://fedorahosted.org/389/ticket/48146
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!!)
(cherry picked from commit 9eb20d89755160aa916544c7cfce0ad066e538f7)
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index d2f1199..9c29c67 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -1945,6 +1945,9 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
CSN *operationcsn = NULL;
char csn_str[CSN_STRSIZE + 5];
char etime[ETIME_BUFSIZ];
+ int pr_idx = -1;
+
+ slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
internal_op = operation_is_flag_set( op, OP_FLAG_INTERNAL );
@@ -2038,7 +2041,34 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
}
slapi_ch_free((void**)&dn);
} else {
- if ( !internal_op )
+ if (pr_idx > -1)
+ {
+ if ( !internal_op )
+ {
+ slapi_log_access( LDAP_DEBUG_STATS,
+ "conn=%" NSPRIu64 " op=%d RESULT err=%d"
+ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s"
+ " pr_idx=%d\n",
+ op->o_connid,
+ op->o_opid,
+ err, tag, nentries,
+ etime,
+ notes_str, csn_str, pr_idx );
+ }
+ else
+ {
+ slapi_log_access( LDAP_DEBUG_ARGS,
+ "conn=%s op=%d RESULT err=%d"
+ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s"
+ " pr_idx=%d\n",
+ LOG_INTERNAL_OP_CON_ID,
+ LOG_INTERNAL_OP_OP_ID,
+ err, tag, nentries,
+ etime,
+ notes_str, csn_str, pr_idx );
+ }
+ }
+ else if ( !internal_op )
{
slapi_log_access( LDAP_DEBUG_STATS,
"conn=%" NSPRIu64 " op=%d RESULT err=%d"
8 years, 11 months
Branch '389-ds-base-1.3.3' - 3 commits - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/opshared.c | 93 ++++++++++++++++++--------------------
ldap/servers/slapd/pagedresults.c | 11 ++++
ldap/servers/slapd/proto-slap.h | 2
ldap/servers/slapd/result.c | 32 ++++++++++++-
4 files changed, 88 insertions(+), 50 deletions(-)
New commits:
commit 8e21bfbe4fcac79cf39e5c6b579c4bc88e05257e
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Mon May 4 14:06:43 2015 -0700
Ticket #48146 - async simple paged results issue
Description: Invalid index could cause Invalid read.
https://fedorahosted.org/389/ticket/48146
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index a3a5fc4..327da54 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -138,6 +138,13 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
memcpy(ptr, cookie.bv_val, cookie.bv_len);
*(ptr+cookie.bv_len) = '\0';
*index = strtol(ptr, NULL, 10);
+ if (conn->c_pagedresults.prl_maxlen <= *index) {
+ rc = LDAP_PROTOCOL_ERROR;
+ LDAPDebug1Arg(LDAP_DEBUG_ANY,
+ "pagedresults_parse_control_value: invalid cookie: %d\n",
+ *index);
+ goto bail;
+ }
slapi_ch_free_string(&ptr);
prp = conn->c_pagedresults.prl_list + *index;
if (!(prp->pr_search_result_set)) { /* freed and reused for the next backend. */
@@ -162,6 +169,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
"pagedresults_parse_control_value: invalid cookie: %d\n",
*index);
}
+bail:
PR_Unlock(conn->c_mutex);
LDAPDebug1Arg(LDAP_DEBUG_TRACE,
commit 3cf85d1ad6cbc0feac5578dee5ce259c0f65055f
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri May 1 12:01:13 2015 -0700
Ticket #48146 - async simple paged results issue; need to close a small window for a pr index competed among multiple threads.
Description: If multiple async simple paged results requests come in via one
connection simultaneously, the same slot in the paged results array in the
connection could be shared. If one of them has to do paging, the search
request object stashed in the paged result array slot could be freed by the
other request if it has the shorter life cycle.
These 3 reqs use the same paged results array slot.
req0: <--------------><----x
page1 page2
req1: <----->
req2: <------->
frees search result object of req0
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index 272e550..1d454b7 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -408,6 +408,51 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
*/
operation_set_target_spec (pb->pb_op, basesdn);
+ if (be_name == NULL)
+ {
+ /* no specific backend was requested, use the mapping tree
+ */
+ err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
+ if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
+ || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
+ {
+ send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
+ rc = -1;
+ goto free_and_return;
+ }
+ if (be_list[0] != NULL)
+ {
+ index = 0;
+ if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
+ /* move the index in the be_list which matches pr_be */
+ while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
+ index++;
+ } else {
+ while (be_list[index] && be_list[index+1])
+ index++;
+ }
+ /* "be" is either pr_be or the last backend */
+ be = be_list[index];
+ }
+ else
+ be = pr_be?pr_be:NULL;
+ }
+ else
+ {
+ /* specific backend be_name was requested, use slapi_be_select_by_instance_name
+ */
+ if (pr_be) {
+ be_single = be = pr_be;
+ } else {
+ be_single = be = slapi_be_select_by_instance_name(be_name);
+ }
+ if (be_single)
+ slapi_be_Rlock(be_single);
+ be_list[0] = NULL;
+ referral_list[0] = NULL;
+ referral = NULL;
+ }
+
/* this is time to check if mapping tree specific control
* was used to specify that we want to parse only
* one backend
@@ -478,8 +523,7 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
if ( slapi_control_present (ctrlp, LDAP_CONTROL_PAGEDRESULTS,
&ctl_value, &iscritical) )
{
- rc = pagedresults_parse_control_value(pb, ctl_value,
- &pagesize, &pr_idx);
+ rc = pagedresults_parse_control_value(pb, ctl_value, &pagesize, &pr_idx, be);
/* Let's set pr_idx even if it fails; in case, pr_idx == -1. */
slapi_pblock_set(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
if ((LDAP_SUCCESS == rc) ||
@@ -520,51 +564,6 @@ op_shared_search (Slapi_PBlock *pb, int send_result)
}
}
- if (be_name == NULL)
- {
- /* no specific backend was requested, use the mapping tree
- */
- err_code = slapi_mapping_tree_select_all(pb, be_list, referral_list, errorbuf);
- if (((err_code != LDAP_SUCCESS) && (err_code != LDAP_OPERATIONS_ERROR) && (err_code != LDAP_REFERRAL))
- || ((err_code == LDAP_OPERATIONS_ERROR) && (be_list[0] == NULL)))
- {
- send_ldap_result(pb, err_code, NULL, errorbuf, 0, NULL);
- rc = -1;
- goto free_and_return;
- }
- if (be_list[0] != NULL)
- {
- index = 0;
- if (pr_be) { /* PAGED RESULT: be is found from the previous paging. */
- /* move the index in the be_list which matches pr_be */
- while (be_list[index] && be_list[index+1] && pr_be != be_list[index])
- index++;
- } else {
- while (be_list[index] && be_list[index+1])
- index++;
- }
- /* "be" is either pr_be or the last backend */
- be = be_list[index];
- }
- else
- be = pr_be?pr_be:NULL;
- }
- else
- {
- /* specific backend be_name was requested, use slapi_be_select_by_instance_name
- */
- if (pr_be) {
- be_single = be = pr_be;
- } else {
- be_single = be = slapi_be_select_by_instance_name(be_name);
- }
- if (be_single)
- slapi_be_Rlock(be_single);
- be_list[0] = NULL;
- referral_list[0] = NULL;
- referral = NULL;
- }
-
slapi_pblock_set(pb, SLAPI_BACKEND_COUNT, &index);
if (be)
diff --git a/ldap/servers/slapd/pagedresults.c b/ldap/servers/slapd/pagedresults.c
index e61c000..a3a5fc4 100644
--- a/ldap/servers/slapd/pagedresults.c
+++ b/ldap/servers/slapd/pagedresults.c
@@ -58,7 +58,7 @@
int
pagedresults_parse_control_value( Slapi_PBlock *pb,
struct berval *psbvp, ber_int_t *pagesize,
- int *index )
+ int *index, Slapi_Backend *be )
{
int rc = LDAP_SUCCESS;
struct berval cookie = {0};
@@ -119,6 +119,7 @@ pagedresults_parse_control_value( Slapi_PBlock *pb,
} else {
for (i = 0; i < conn->c_pagedresults.prl_maxlen; i++) {
if (!conn->c_pagedresults.prl_list[i].pr_current_be) {
+ conn->c_pagedresults.prl_list[i].pr_current_be = be;
*index = i;
break;
}
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index bc88221..a4c6b58 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -1476,7 +1476,7 @@ int slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt,
* pagedresults.c
*/
int pagedresults_parse_control_value(Slapi_PBlock *pb, struct berval *psbvp,
- ber_int_t *pagesize, int *index);
+ ber_int_t *pagesize, int *index, Slapi_Backend *be);
void pagedresults_set_response_control(Slapi_PBlock *pb, int iscritical,
ber_int_t estimate,
int curr_search_count, int index);
commit 9eb20d89755160aa916544c7cfce0ad066e538f7
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Fri May 1 10:50:39 2015 -0700
Ticket #48146 - async simple paged results issue; log pr index
Description: When the request is a simple paged results search,
log pr index in the access log.
Sample access log for "getent netgroup <name>":
[..] conn=23 op=521 SRCH base="cn=accounts,dc=testrelm,dc=test" scope=2 filter="(&(|(memberOf=ipaUniqueID=3036b6a0-ee18-11e4-b7dd-00215e2032c0,cn=ng,cn=alt,dc=testrelm,dc=test))(objectClass=ipaHost))" attrs="objectClass cn fqdn serverHostName memberOf ipaSshPubKey ipaUniqueID"
[..] conn=23 op=521 RESULT err=0 tag=101 nentries=200 etime=0 notes=P pr_idx=3
https://fedorahosted.org/389/ticket/48146
Reviewed by rmeggins(a)redhat.com (Thanks, Rich!!)
diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c
index d5984df..6ff70e3 100644
--- a/ldap/servers/slapd/result.c
+++ b/ldap/servers/slapd/result.c
@@ -1961,6 +1961,9 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
CSN *operationcsn = NULL;
char csn_str[CSN_STRSIZE + 5];
char etime[ETIME_BUFSIZ];
+ int pr_idx = -1;
+
+ slapi_pblock_get(pb, SLAPI_PAGED_RESULTS_INDEX, &pr_idx);
internal_op = operation_is_flag_set( op, OP_FLAG_INTERNAL );
@@ -2054,7 +2057,34 @@ log_result( Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentrie
}
slapi_ch_free((void**)&dn);
} else {
- if ( !internal_op )
+ if (pr_idx > -1)
+ {
+ if ( !internal_op )
+ {
+ slapi_log_access( LDAP_DEBUG_STATS,
+ "conn=%" NSPRIu64 " op=%d RESULT err=%d"
+ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s"
+ " pr_idx=%d\n",
+ op->o_connid,
+ op->o_opid,
+ err, tag, nentries,
+ etime,
+ notes_str, csn_str, pr_idx );
+ }
+ else
+ {
+ slapi_log_access( LDAP_DEBUG_ARGS,
+ "conn=%s op=%d RESULT err=%d"
+ " tag=%" BERTAG_T " nentries=%d etime=%s%s%s"
+ " pr_idx=%d\n",
+ LOG_INTERNAL_OP_CON_ID,
+ LOG_INTERNAL_OP_OP_ID,
+ err, tag, nentries,
+ etime,
+ notes_str, csn_str, pr_idx );
+ }
+ }
+ else if ( !internal_op )
{
slapi_log_access( LDAP_DEBUG_STATS,
"conn=%" NSPRIu64 " op=%d RESULT err=%d"
8 years, 11 months
Branch '389-ds-base-1.3.3' - ldap/servers
by Noriko Hosoi
ldap/servers/slapd/plugin_syntax.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
New commits:
commit 650ca9490ab08736bb6c4b1a5d1e931d574f3333
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Sun May 3 22:59:02 2015 -0700
Ticket #48109 - substring index with nssubstrbegin: 1 is not being used with filters like (attr=x*)
Description: In the commit ae69e4aa1dcec1c5f79af502b77d9e19a3d348ee,
when pblock is passed to slapi_attr_assertion2keys_sub_sv_pb from the
caller, the original slapdplugin is overwritten in the function. In
the case, the original slapdplugin has to be backed up and restored.
https://fedorahosted.org/389/ticket/48109
Reviewed by rmeggins(a)redhat.com (Thank you, Rich!!)
(cherry picked from commit 2eba67c469e7946321b0707f51e63ecb3cb74aaa)
diff --git a/ldap/servers/slapd/plugin_syntax.c b/ldap/servers/slapd/plugin_syntax.c
index fa05b0b..06a9514 100644
--- a/ldap/servers/slapd/plugin_syntax.c
+++ b/ldap/servers/slapd/plugin_syntax.c
@@ -924,6 +924,7 @@ slapi_attr_assertion2keys_sub_sv_pb(
int rc;
Slapi_PBlock pipb;
struct slapdplugin *pi = NULL;
+ struct slapdplugin *origpi = NULL;
IFP a2k_fn = NULL;
LDAPDebug( LDAP_DEBUG_FILTER,
@@ -943,8 +944,11 @@ slapi_attr_assertion2keys_sub_sv_pb(
if (NULL == pb) {
pblock_init( &pipb );
pb = &pipb;
+ } else {
+ /* back up the original slapdplugin if any */
+ slapi_pblock_get(pb, SLAPI_PLUGIN, &origpi);
}
- slapi_pblock_set( pb, SLAPI_PLUGIN, pi );
+ slapi_pblock_set(pb, SLAPI_PLUGIN, pi);
rc = -1; /* means no assertion2keys function */
*ivals = NULL;
@@ -952,6 +956,11 @@ slapi_attr_assertion2keys_sub_sv_pb(
rc = (*a2k_fn)( pb, initial, any, final, ivals );
}
+ if (pb != &pipb) {
+ /* restore the original slapdplugin if pb is not local. */
+ slapi_pblock_set(pb, SLAPI_PLUGIN, origpi);
+ }
+
LDAPDebug( LDAP_DEBUG_FILTER,
"<= slapi_attr_assertion2keys_sub_sv %d\n", rc, 0, 0 );
return( rc );
8 years, 11 months