ldap/admin/src/logconv.pl | 2 ldap/servers/slapd/backend.c | 27 +++- ldap/servers/slapd/slapi-plugin.h | 2 lib/libaccess/oneeval.cpp | 249 ++++++++++++++++++-------------------- 4 files changed, 147 insertions(+), 133 deletions(-)
New commits: commit 13dd9625b01d820526d7187e524669ee83edfe62 Author: Rich Megginson rmeggins@redhat.com Date: Tue Oct 8 13:59:59 2013 -0600
ticket #47550 wip (cherry picked from commit 82377636267787be5182457d619d5a0b662d2658) (cherry picked from commit 181fde98aee96868189bc5557c5f33fefa026952)
diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl index 8b423ca..e7d7507 100755 --- a/ldap/admin/src/logconv.pl +++ b/ldap/admin/src/logconv.pl @@ -1911,7 +1911,7 @@ sub parseLineNormal elsif (m/- U1/){ $hashes->{rsrc}->{"U1"}++; } else { $hashes->{rsrc}->{"other"}++; } } - if ($usage =~ /g/ || $usage =~ /c/ || $usage =~ /i/ || $verb eq "yes"){ + if ($usage =~ /g/ || $usage =~ /c/ || $usage =~ /i/ || $usage =~ /f/ || $verb eq "yes"){ $exc = "no"; if ($_ =~ /connection from *([0-9A-fa-f.:]+)/i ) { for (my $xxx = 0; $xxx < $#excludeIP; $xxx++){
commit 21dccd37e7883ff3b9ace01350e3123dc42b3b82 Author: Mark Reynolds mreynolds@redhat.com Date: Tue Jun 25 10:38:26 2013 -0400
Coverity Fixes
13177 - Unreachable code (backend.c) 13175 - Resource leak (repl5_ruv.c)
Did code cleanup in libaccess/oneval.cpp before I do the fix for 13176(resource leak). This is will be a separate commit.
https://bugzilla.redhat.com/show_bug.cgi?id=970221
Reviewed by: richm(Thanks!) (cherry picked from commit 6e07f4df6c1963f40368d0ae17e0775aa33362af) removed the repl5_ruv.c changes because they do not apply to 1.3.1
diff --git a/ldap/servers/slapd/backend.c b/ldap/servers/slapd/backend.c index ead251e..8a72b13 100644 --- a/ldap/servers/slapd/backend.c +++ b/ldap/servers/slapd/backend.c @@ -669,7 +669,6 @@ slapi_back_transaction_commit(Slapi_PBlock *pb) } else { return txn_commit(pb); } - return txn_commit(pb); }
/* API to expose DB transaction abort */ diff --git a/lib/libaccess/oneeval.cpp b/lib/libaccess/oneeval.cpp index fbaa6d8..8077969 100644 --- a/lib/libaccess/oneeval.cpp +++ b/lib/libaccess/oneeval.cpp @@ -358,8 +358,8 @@ ACLEvalBuildContext( /* Allocate the cache context and link it into the ACLListHandle */ cache = (ACLListCache_t *)PERM_CALLOC(sizeof(ACLListCache_t)); if (cache == NULL) { - nserrGenerate(errp, ACLERRNOMEM, ACLERR4010, ACL_Program, 0); - goto error; + nserrGenerate(errp, ACLERRNOMEM, ACLERR4010, ACL_Program, 0); + goto error; }
/* Allocate the access rights hash table */ @@ -371,9 +371,9 @@ ACLEvalBuildContext( NULL);
if (cache->Table == NULL) { - nserrGenerate(errp, ACLERRNOMEM, ACLERR4000, ACL_Program, 1, - XP_GetAdminStr(DBT_EvalBuildContextUnableToCreateHash)); - goto error; + nserrGenerate(errp, ACLERRNOMEM, ACLERR4000, ACL_Program, 1, + XP_GetAdminStr(DBT_EvalBuildContextUnableToCreateHash)); + goto error; }
wrapper = acleval->acllist->acl_list_head; @@ -395,162 +395,159 @@ ACLEvalBuildContext( XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAceEntry)); goto error; } - new_ace->acep = ace; + new_ace->acep = ace; ace_cnt++;
if (cache->acelist == NULL) - cache->acelist = acelast = new_ace; + cache->acelist = acelast = new_ace; else { if(acelast) - acelast->next = new_ace; - acelast = new_ace; - new_ace->acep = ace; + acelast->next = new_ace; + acelast = new_ace; + new_ace->acep = ace; } - new_ace->next = NULL; + new_ace->next = NULL;
- argp = ace->expr_argv; + argp = ace->expr_argv;
- switch (ace->expr_type) - { - case ACL_EXPR_TYPE_ALLOW: - case ACL_EXPR_TYPE_DENY: - - /* Add this ACE to the appropriate entries in the access rights - * hash table - */ - while (*argp) - { - entry = - (ACLAceNumEntry_t *)PERM_CALLOC(sizeof(ACLAceNumEntry_t)); - if (entry == (ACLAceNumEntry_t *)NULL) { - nserrGenerate(errp, ACLERRNOMEM, ACLERR4030, ACL_Program, 1, - XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAceEntry)); - goto error; - } - if (cache->chain_head == NULL) - cache->chain_head = cache->chain_tail = entry; - else { - cache->chain_tail->chain = entry; - cache->chain_tail = entry; + switch (ace->expr_type) + { + case ACL_EXPR_TYPE_ALLOW: + case ACL_EXPR_TYPE_DENY: + + /* Add this ACE to the appropriate entries in the access rights + * hash table + */ + while (*argp) + { + entry = (ACLAceNumEntry_t *)PERM_CALLOC(sizeof(ACLAceNumEntry_t)); + if (entry == (ACLAceNumEntry_t *)NULL) { + nserrGenerate(errp, ACLERRNOMEM, ACLERR4030, ACL_Program, 1, + XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAceEntry)); + goto error; + } + if (cache->chain_head == NULL) + cache->chain_head = cache->chain_tail = entry; + else { + cache->chain_tail->chain = entry; + cache->chain_tail = entry; + } + entry->acenum = ace_cnt; + + /* + * OK to call PL_HasTableLookup() even though it mods + * the Table as this routine is called in critical section. + */ + temp_entry = (ACLAceNumEntry_t *)PL_HashTableLookup(cache->Table, *argp); + /* the first ACE for this right? */ + if (temp_entry) { + /* Link it in at the end */ + while (temp_entry->next) { + temp_entry = temp_entry->next; + } + temp_entry->next = entry; + } else /* just link it in */ + PR_HashTableAdd(cache->Table, *argp, entry); + argp++; } - entry->acenum = ace_cnt; - - /* - * OK to call PL_HasTableLookup() even though it mods - * the Table as this routine is called in critical section. - */ - temp_entry = (ACLAceNumEntry_t *)PL_HashTableLookup(cache->Table, *argp); - /* the first ACE for this right? */ - if (temp_entry) { - /* Link it in at the end */ - while (temp_entry->next) { - temp_entry = temp_entry->next; - } - temp_entry->next = entry; - } else /* just link it in */ - PR_HashTableAdd(cache->Table, *argp, entry); - - argp++;
- } - - /* See if any of the clauses require authentication. */ - if (curauthplist) { - for (i = 0; i < ace->expr_term_index; i++) { - expr = &ace->expr_arry[i]; - rv = PListFindValue(curauthplist, expr->attr_name, - NULL, &authplist); - if (rv > 0) { - /* First one for this ACE? */ - if (!new_ace->autharray) { - new_ace->autharray = (PList_t *)PERM_CALLOC(sizeof(PList_t) * ace->expr_term_index); + /* See if any of the clauses require authentication. */ + if (curauthplist) { + for (i = 0; i < ace->expr_term_index; i++) { + expr = &ace->expr_arry[i]; + rv = PListFindValue(curauthplist, expr->attr_name, + NULL, &authplist); + if (rv > 0) { + /* First one for this ACE? */ if (!new_ace->autharray) { - nserrGenerate(errp, ACLERRNOMEM, ACLERR4040, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPointerArray)); - goto error; - } - } - new_ace->autharray[i] = authplist; - } - } - } - break; - - case ACL_EXPR_TYPE_AUTH: + new_ace->autharray = (PList_t *)PERM_CALLOC(sizeof(PList_t) * ace->expr_term_index); + if (!new_ace->autharray) { + nserrGenerate(errp, ACLERRNOMEM, ACLERR4040, ACL_Program, 1, + XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPointerArray)); + goto error; + } + } + new_ace->autharray[i] = authplist; + } + } + } + break;
- /* Allocate the running auth tables if none yet */ - if (!curauthplist) { - curauthplist = PListNew(NULL); - if (!curauthplist) { - nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist)); - goto error; - } - absauthplist = PListNew(NULL); - if (!absauthplist) { - nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist)); - goto error; - } - } else { /* duplicate the existing auth table */ - curauthplist = PListDuplicate(curauthplist, NULL, 0); - if (!curauthplist) { - nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1, XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist)); - goto error; - } - } + case ACL_EXPR_TYPE_AUTH: + + /* Allocate the running auth tables if none yet */ + if (!curauthplist) { + curauthplist = PListNew(NULL); + if (!curauthplist) { + nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1, + XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist)); + goto error; + } + absauthplist = PListNew(NULL); + if (!absauthplist) { + nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1, + XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist)); + goto error; + } + } else { /* duplicate the existing auth table */ + curauthplist = PListDuplicate(curauthplist, NULL, 0); + if (!curauthplist) { + nserrGenerate(errp, ACLERRNOMEM, ACLERR4050, ACL_Program, 1, + XP_GetAdminStr(DBT_EvalBuildContextUnableToAllocAuthPlist)); + goto error; + } + }
- /* For each listed attribute */ - while (*argp) - { - /* skip any attributes that were absoluted */ - if (PListFindValue(absauthplist, *argp, NULL, NULL) < 0) - { - /* Save pointer to the property list */ - PListInitProp(curauthplist, 0, *argp, ace->expr_auth, - ace->expr_auth); - if (IS_ABSOLUTE(ace->expr_flags)) - PListInitProp(absauthplist, 0, *argp, NULL, - NULL); - } + /* For each listed attribute */ + while (*argp) { + /* skip any attributes that were absoluted */ + if (PListFindValue(absauthplist, *argp, NULL, NULL) < 0){ + /* Save pointer to the property list */ + PListInitProp(curauthplist, 0, *argp, ace->expr_auth, ace->expr_auth); + if (IS_ABSOLUTE(ace->expr_flags)) + PListInitProp(absauthplist, 0, *argp, NULL, NULL); + } + argp++; + }
- argp++; - } + break;
- break; + case ACL_EXPR_TYPE_RESPONSE: + (void) ACL_ExprGetDenyWith(NULL, ace, &cache->deny_type, + &cache->deny_response); + break;
- case ACL_EXPR_TYPE_RESPONSE: - (void) ACL_ExprGetDenyWith(NULL, ace, &cache->deny_type, - &cache->deny_response); - break; + default: + PR_ASSERT(0);
- default: - PR_ASSERT(0); - - } /* switch expr_type */ + } /* switch expr_type */
- new_ace->global_auth = curauthplist; - ace = ace->expr_next; - } + new_ace->global_auth = curauthplist; + ace = ace->expr_next; + } /* while (ace) */
- /* Next ACL please */ + /* Next ACL please */ wrapper = wrapper->wrap_next; }
if (absauthplist) - PListDestroy(absauthplist); + PListDestroy(absauthplist);
/* This must be done last to avoid a race in initialization */ - acleval->acllist->cache = (void *)cache; + acleval->acllist->cache = (void *)cache;
return 0;
error: if (curauthplist) - PListDestroy(curauthplist); + PListDestroy(curauthplist); if (absauthplist) - PListDestroy(absauthplist); + PListDestroy(absauthplist); if (cache) { ACL_EvalDestroyContext(cache); } acleval->acllist->cache = NULL; + return ACL_RES_ERROR; }
commit badcb1ac60bfb4c54fe264088a3c730b2ce2ac11 Author: Mark Reynolds mreynolds@redhat.com Date: Fri Jun 21 10:47:09 2013 -0400
Ticket 47329 - Improve slapi_back_transaction_begin() return code when transactions are not available
Bug Description: The slapi_back_transaction_begin() function needs it's return codes to be changed to be more friendly for plug-in writers when transactions are not available.
Fix Description: Added new error code SLAPI_BACK_TRANSACTION_NOT_SUPPORTED, and updated the slapi_plugin.h
https://fedorahosted.org/389/ticket/47329
Reviewed by: Noriko, Ludwig, and Rich(Thanks!!!) (cherry picked from commit 8879ed2efa48e96f2b920a3ab83036b07e3b3ae4)
diff --git a/ldap/servers/slapd/backend.c b/ldap/servers/slapd/backend.c index ad253f1..ead251e 100644 --- a/ldap/servers/slapd/backend.c +++ b/ldap/servers/slapd/backend.c @@ -648,8 +648,13 @@ int slapi_back_transaction_begin(Slapi_PBlock *pb) { IFP txn_begin; - slapi_pblock_get(pb, SLAPI_PLUGIN_DB_BEGIN_FN, (void*)&txn_begin); - return txn_begin(pb); + if(slapi_pblock_get(pb, SLAPI_PLUGIN_DB_BEGIN_FN, (void*)&txn_begin) || + !txn_begin) + { + return SLAPI_BACK_TRANSACTION_NOT_SUPPORTED; + } else { + return txn_begin(pb); + } }
/* API to expose DB transaction commit */ @@ -657,7 +662,13 @@ int slapi_back_transaction_commit(Slapi_PBlock *pb) { IFP txn_commit; - slapi_pblock_get(pb, SLAPI_PLUGIN_DB_COMMIT_FN, (void*)&txn_commit); + if(slapi_pblock_get(pb, SLAPI_PLUGIN_DB_COMMIT_FN, (void*)&txn_commit) || + !txn_commit) + { + return SLAPI_BACK_TRANSACTION_NOT_SUPPORTED; + } else { + return txn_commit(pb); + } return txn_commit(pb); }
@@ -666,6 +677,11 @@ int slapi_back_transaction_abort(Slapi_PBlock *pb) { IFP txn_abort; - slapi_pblock_get(pb, SLAPI_PLUGIN_DB_ABORT_FN, (void*)&txn_abort); - return txn_abort(pb); + if(slapi_pblock_get(pb, SLAPI_PLUGIN_DB_ABORT_FN, (void*)&txn_abort) || + !txn_abort) + { + return SLAPI_BACK_TRANSACTION_NOT_SUPPORTED; + } else { + return txn_abort(pb); + } } diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index 26a3a44..0b2fab8 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -6123,6 +6123,7 @@ const char * slapi_be_gettype(Slapi_Backend *be); * * \param pb Pblock which is supposed to set (Slapi_Backend *) to SLAPI_BACKEND * \return 0 if successful + * \return SLAPI_BACK_TRANSACTION_NOT_SUPPORTED if transaction support is not available for this backend * \return Non-zero if an error occurred * * \see slapi_back_transaction_commit @@ -6960,6 +6961,7 @@ typedef struct slapi_plugindesc { #define SLAPI_PARENT_TXN 190 #define SLAPI_TXN 191 #define SLAPI_TXN_RUV_MODS_FN 1901 +#define SLAPI_BACK_TRANSACTION_NOT_SUPPORTED 1902
/* * The following are used to pass information back and forth
389-commits@lists.fedoraproject.org