[389-commits] Branch 'Directory_Server_8_2_Branch' - 14 commits - ldap/admin ldap/servers
Noriko Hosoi
nhosoi at fedoraproject.org
Tue Feb 9 21:28:54 UTC 2010
ldap/admin/src/scripts/DSUpdate.pm.in | 2
ldap/servers/plugins/replication/repl5_protocol.c | 1
ldap/servers/slapd/back-ldbm/back-ldbm.h | 4 +
ldap/servers/slapd/back-ldbm/dblayer.c | 73 ++++++++++++----------
ldap/servers/slapd/back-ldbm/idl_new.c | 19 +----
ldap/servers/slapd/back-ldbm/index.c | 4 +
ldap/servers/slapd/back-ldbm/ldbm_add.c | 38 ++++++++++-
ldap/servers/slapd/back-ldbm/ldbm_attr.c | 1
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 21 +++++-
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 19 ++++-
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 29 ++++++--
ldap/servers/slapd/backend.c | 1
ldap/servers/slapd/entrywsi.c | 2
ldap/servers/slapd/libglobs.c | 37 ++++++++++-
ldap/servers/slapd/log.c | 2
ldap/servers/slapd/modrdn.c | 37 +++++++----
ldap/servers/slapd/plugin_syntax.c | 70 +++++++++++++++++++++
ldap/servers/slapd/sasl_map.c | 2
ldap/servers/slapd/slap.h | 1
ldap/servers/slapd/slapi-plugin.h | 19 +++++
20 files changed, 304 insertions(+), 78 deletions(-)
New commits:
commit 0fc8628c2216235e812f16093c396b66b8bd1739
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 17:24:27 2010 -0800
Fixing a memory leak in sasl_map.c
If not matched, Slapi_Regex was not freed.
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/sasl_map.c b/ldap/servers/slapd/sasl_map.c
index 08a6497..d6a84a7 100644
--- a/ldap/servers/slapd/sasl_map.c
+++ b/ldap/servers/slapd/sasl_map.c
@@ -543,8 +543,8 @@ sasl_map_check(sasl_map_data *dp, char *sasl_user_and_realm, char **ldap_search_
"regex: %s, subject: %s (%d)\n",
dp->regular_expression, sasl_user_and_realm, matched);
}
- slapi_re_free(re);
}
+ slapi_re_free(re);
LDAPDebug( LDAP_DEBUG_TRACE, "<- sasl_map_check\n", 0, 0, 0 );
return ret;
}
commit 122d5b7329797dbb53df88dc9a8e9a628f874965
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 17:22:22 2010 -0800
Check DN syntax in backend add, delete, modify and modrdn
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_add.c b/ldap/servers/slapd/back-ldbm/ldbm_add.c
index fa53e05..95a93cc 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_add.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_add.c
@@ -73,7 +73,7 @@ ldbm_back_add( Slapi_PBlock *pb )
struct ldbminfo *li;
ldbm_instance *inst;
char *dn = NULL;
- Slapi_Entry *e;
+ Slapi_Entry *e = NULL;
struct backentry *tombstoneentry = NULL;
struct backentry *addingentry = NULL;
struct backentry *parententry = NULL;
@@ -189,6 +189,17 @@ ldbm_back_add( Slapi_PBlock *pb )
if(slapi_isbitset_int(rc,SLAPI_RTN_BIT_FETCH_EXISTING_DN_ENTRY))
{
slapi_pblock_get( pb, SLAPI_ADD_TARGET, &dn );
+ if (NULL == dn)
+ {
+ goto error_return;
+ }
+ ldap_result_code = slapi_dn_syntax_check(pb, dn, 1);
+ if (ldap_result_code)
+ {
+ ldap_result_code = LDAP_INVALID_DN_SYNTAX;
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
+ goto error_return;
+ }
slapi_sdn_set_dn_byref(&sdn, dn);
slapi_sdn_get_backend_parent(&sdn,&parentsdn,pb->pb_backend);
/* Check if an entry with the intended DN already exists. */
@@ -196,6 +207,11 @@ ldbm_back_add( Slapi_PBlock *pb )
addr.dn = dn;
addr.uniqueid = NULL;
ldap_result_code= get_copy_of_entry(pb, &addr, &txn, SLAPI_ADD_EXISTING_DN_ENTRY, !is_replicated_operation);
+ if(ldap_result_code==LDAP_OPERATIONS_ERROR ||
+ ldap_result_code==LDAP_INVALID_DN_SYNTAX)
+ {
+ goto error_return;
+ }
}
/* if we can find the parent by dn or uniqueid, and the operation has requested the parent
then get it */
@@ -622,6 +638,8 @@ ldbm_back_add( Slapi_PBlock *pb )
goto diskfull_return;
}
ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retry_count = RETRY_TIMES; /* otherwise, the transaction may not
+ be aborted */
goto error_return;
}
if(is_resurect_operation)
@@ -641,6 +659,8 @@ ldbm_back_add( Slapi_PBlock *pb )
goto diskfull_return;
}
ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retry_count = RETRY_TIMES; /* otherwise, the transaction may not
+ be aborted */
goto error_return;
}
retval = index_addordel_string(be,SLAPI_ATTR_UNIQUEID,slapi_entry_get_uniqueid(addingentry->ep_entry),addingentry->ep_id,BE_INDEX_DEL,&txn);
@@ -658,6 +678,8 @@ ldbm_back_add( Slapi_PBlock *pb )
goto diskfull_return;
}
ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retry_count = RETRY_TIMES; /* otherwise, the transaction may not
+ be aborted */
goto error_return;
}
retval = index_addordel_string(be,SLAPI_ATTR_NSCP_ENTRYDN,slapi_sdn_get_ndn(&sdn),addingentry->ep_id,BE_INDEX_DEL,&txn);
@@ -675,6 +697,8 @@ ldbm_back_add( Slapi_PBlock *pb )
goto diskfull_return;
}
ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retry_count = RETRY_TIMES; /* otherwise, the transaction may not
+ be aborted */
goto error_return;
}
}
@@ -701,6 +725,8 @@ ldbm_back_add( Slapi_PBlock *pb )
goto diskfull_return;
}
ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retry_count = RETRY_TIMES; /* otherwise, the transaction may not
+ be aborted */
goto error_return;
}
if (parent_found) {
@@ -721,6 +747,8 @@ ldbm_back_add( Slapi_PBlock *pb )
goto diskfull_return;
}
ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retry_count = RETRY_TIMES; /* otherwise, the transaction may not
+ be aborted */
goto error_return;
}
}
@@ -746,6 +774,8 @@ ldbm_back_add( Slapi_PBlock *pb )
goto diskfull_return;
}
ldap_result_code= LDAP_OPERATIONS_ERROR;
+ retry_count = RETRY_TIMES; /* otherwise, the transaction may not
+ be aborted */
goto error_return;
}
}
@@ -833,8 +863,10 @@ error_return:
disk_full = 1;
}
- /* It is specifically OK to make this call even when no transaction was in progress */
- dblayer_txn_abort(li,&txn); /* abort crashes in case disk full */
+ /* It is safer not to abort when the transaction is not started. */
+ if (retry_count > 0) {
+ dblayer_txn_abort(li,&txn); /* abort crashes in case disk full */
+ }
diskfull_return:
if (disk_full)
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
index 74d8de8..fdccc0f 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
@@ -49,7 +49,7 @@ int
ldbm_back_delete( Slapi_PBlock *pb )
{
backend *be;
- ldbm_instance *inst;
+ ldbm_instance *inst = NULL;
struct ldbminfo *li = NULL;
struct backentry *e = NULL;
struct backentry *tombstone = NULL;
@@ -63,7 +63,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
int disk_full = 0;
int parent_found = 0;
modify_context parent_modify_c = {0};
- int rc;
+ int rc = 0;
int ldap_result_code= LDAP_SUCCESS;
char *ldap_result_message= NULL;
Slapi_DN sdn;
@@ -99,6 +99,18 @@ ldbm_back_delete( Slapi_PBlock *pb )
slapi_log_error (SLAPI_LOG_TRACE, "ldbm_back_delete", "enter conn=%" NSPRIu64 " op=%d\n", pb->pb_conn->c_connid, operation->o_opid);
}
+ if (NULL == addr)
+ {
+ goto error_return;
+ }
+ ldap_result_code = slapi_dn_syntax_check(pb, addr->dn, 1);
+ if (ldap_result_code)
+ {
+ ldap_result_code = LDAP_INVALID_DN_SYNTAX;
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
+ goto error_return;
+ }
+
is_fixup_operation = operation_is_flag_set(operation, OP_FLAG_REPL_FIXUP);
is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
delete_tombstone_entry = operation_is_flag_set(operation, OP_FLAG_TOMBSTONE_ENTRY);
@@ -163,6 +175,11 @@ ldbm_back_delete( Slapi_PBlock *pb )
*/
ldap_result_code= get_copy_of_entry(pb, addr, &txn,
SLAPI_DELETE_EXISTING_ENTRY, !is_replicated_operation);
+ if(ldap_result_code==LDAP_OPERATIONS_ERROR ||
+ ldap_result_code==LDAP_INVALID_DN_SYNTAX)
+ {
+ goto error_return;
+ }
slapi_pblock_set(pb, SLAPI_RESULT_CODE, &ldap_result_code);
if(plugin_call_plugins(pb, SLAPI_PLUGIN_BE_PRE_DELETE_FN)==-1)
{
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
index 6883d09..9324c8d 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modify.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modify.c
@@ -185,7 +185,7 @@ ldbm_back_modify( Slapi_PBlock *pb )
backend *be;
ldbm_instance *inst;
struct ldbminfo *li;
- struct backentry *e, *ec = NULL;
+ struct backentry *e = NULL, *ec = NULL;
Slapi_Entry *postentry = NULL;
LDAPMod **mods;
Slapi_Mods smods = {0};
@@ -219,6 +219,17 @@ ldbm_back_modify( Slapi_PBlock *pb )
is_ruv = operation_is_flag_set(operation, OP_FLAG_REPL_RUV);
inst = (ldbm_instance *) be->be_instance_info;
+ if (NULL == addr)
+ {
+ goto error_return;
+ }
+ ldap_result_code = slapi_dn_syntax_check(pb, addr->dn, 1);
+ if (ldap_result_code)
+ {
+ ldap_result_code = LDAP_INVALID_DN_SYNTAX;
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
+ goto error_return;
+ }
dblayer_txn_init(li,&txn);
/* The dblock serializes writes to the database,
@@ -507,8 +518,10 @@ error_return:
if (disk_full)
rc= return_on_disk_full(li);
else if (ldap_result_code != LDAP_SUCCESS) {
- /* It is specifically OK to make this call even when no transaction was in progress */
- dblayer_txn_abort(li,&txn); /* abort crashes in case disk full */
+ if (retry_count > 0) {
+ /* It is safer not to abort when the transaction is not started. */
+ dblayer_txn_abort(li,&txn); /* abort crashes in case disk full */
+ }
rc= SLAPI_FAIL_GENERAL;
}
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
index ce4c879..1873478 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
@@ -80,11 +80,11 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
IDList *children= NULL;
struct backentry **child_entries= NULL;
struct backentry **child_entry_copies= NULL;
- Slapi_DN dn_olddn;
- Slapi_DN dn_newdn;
- Slapi_DN dn_newrdn;
- Slapi_DN dn_newsuperiordn;
- Slapi_DN dn_parentdn;
+ Slapi_DN dn_olddn = {0};
+ Slapi_DN dn_newdn = {0};
+ Slapi_DN dn_newrdn = {0};
+ Slapi_DN dn_newsuperiordn = {0};
+ Slapi_DN dn_parentdn = {0};
int rc;
int isroot;
LDAPMod **mods;
@@ -202,8 +202,21 @@ ldbm_back_modrdn( Slapi_PBlock *pb )
newdn= moddn_get_newdn(pb,&dn_olddn,&dn_newrdn,&dn_newsuperiordn);
slapi_sdn_set_dn_passin(&dn_newdn,newdn);
new_addr.dn = (char*)slapi_sdn_get_ndn (&dn_newdn);
+ /* check dn syntax on newdn */
+ ldap_result_code = slapi_dn_syntax_check(pb, new_addr.dn, 1);
+ if (ldap_result_code)
+ {
+ ldap_result_code = LDAP_INVALID_DN_SYNTAX;
+ slapi_pblock_get(pb, SLAPI_PB_RESULT_TEXT, &ldap_result_message);
+ goto error_return;
+ }
new_addr.uniqueid = NULL;
ldap_result_code= get_copy_of_entry(pb, &new_addr, &txn, SLAPI_MODRDN_EXISTING_ENTRY, 0);
+ if(ldap_result_code==LDAP_OPERATIONS_ERROR ||
+ ldap_result_code==LDAP_INVALID_DN_SYNTAX)
+ {
+ goto error_return;
+ }
}
if(slapi_isbitset_int(rc,SLAPI_RTN_BIT_FETCH_PARENT_ENTRY))
{
@@ -819,8 +832,10 @@ error_return:
}
else
{
- /* It is specifically OK to make this call even when no transaction was in progress */
- dblayer_txn_abort(li,&txn); /* abort crashes in case disk full */
+ /* It is safer not to abort when the transaction is not started. */
+ if (retry_count > 0) {
+ dblayer_txn_abort(li,&txn); /* abort crashes in case disk full */
+ }
retval= SLAPI_FAIL_GENERAL;
}
commit c078202b6cb0860ecd62d57dc00ce0fc007b24b7
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 17:18:59 2010 -0800
Fixing error logs in modrdn.c
If internal op, connid and opid should be LOG_INTERNAL_OP_CON_ID
and LOG_INTERNAL_OP_OP_ID, respectively.
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/modrdn.c b/ldap/servers/slapd/modrdn.c
index e27b96e..38d1300 100644
--- a/ldap/servers/slapd/modrdn.c
+++ b/ldap/servers/slapd/modrdn.c
@@ -352,7 +352,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
{
if ( !internal_op )
{
- slapi_log_access(LDAP_DEBUG_STATS,
+ slapi_log_access(SLAPI_LOG_ARGS,
"conn=%" NSPRIu64 " op=%d MODRDN dn=\"%s\" newrdn=\"%s\" newsuperior=\"%s\"\n",
pb->pb_conn->c_connid,
pb->pb_op->o_opid,
@@ -362,7 +362,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
}
else
{
- slapi_log_access(LDAP_DEBUG_ARGS,
+ slapi_log_access(SLAPI_LOG_ARGS,
"conn=%s op=%d MODRDN dn=\"%s\" newrdn=\"%s\" newsuperior=\"%s\"\n",
LOG_INTERNAL_OP_CON_ID,
LOG_INTERNAL_OP_OP_ID,
@@ -375,11 +375,19 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
/* check that the rdn is formatted correctly */
if ((rdns = ldap_explode_rdn(newrdn, 0)) == NULL)
{
- slapi_log_error(SLAPI_LOG_FATAL, NULL,
+ if ( !internal_op ) {
+ slapi_log_error(SLAPI_LOG_ARGS, NULL,
"conn=%" NSPRIu64 " op=%d MODRDN invalid new RDN (\"%s\")\n",
pb->pb_conn->c_connid,
pb->pb_op->o_opid,
(NULL == newrdn) ? "(null)" : newrdn);
+ } else {
+ slapi_log_error(SLAPI_LOG_ARGS, NULL,
+ "conn=%" NSPRIu64 " op=%d MODRDN invalid new RDN (\"%s\")\n",
+ LOG_INTERNAL_OP_CON_ID,
+ LOG_INTERNAL_OP_OP_ID,
+ (NULL == newrdn) ? "(null)" : newrdn);
+ }
send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL, "invalid RDN", 0, NULL);
goto free_and_return_nolock;
}
@@ -395,22 +403,27 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
}
/* check that the dn is formatted correctly */
- if ((rdns = ldap_explode_dn(newsuperior, 0)) == NULL)
+ err = slapi_dn_syntax_check(pb, newsuperior, 1);
+ if (err)
{
- LDAPDebug(LDAP_DEBUG_ARGS, "ldap_explode_dn of newSuperior failed\n", 0, 0, 0);
- slapi_log_error(SLAPI_LOG_FATAL, NULL,
+ LDAPDebug0Args(LDAP_DEBUG_ARGS, "Syntax check of newSuperior failed\n");
+ if (!internal_op) {
+ slapi_log_error(SLAPI_LOG_ARGS, NULL,
"conn=%" NSPRIu64 " op=%d MODRDN invalid new superior (\"%s\")",
pb->pb_conn->c_connid,
pb->pb_op->o_opid,
(NULL == newsuperior) ? "(null)" : newsuperiorbuf);
- send_ldap_result(pb, LDAP_PROTOCOL_ERROR, NULL,
+ } else {
+ slapi_log_error(SLAPI_LOG_ARGS, NULL,
+ "conn=%" NSPRIu64 " op=%d MODRDN invalid new superior (\"%s\")",
+ LOG_INTERNAL_OP_CON_ID,
+ LOG_INTERNAL_OP_OP_ID,
+ (NULL == newsuperior) ? "(null)" : newsuperiorbuf);
+ }
+ send_ldap_result(pb, LDAP_INVALID_DN_SYNTAX, NULL,
"newSuperior does not look like a DN", 0, NULL);
goto free_and_return_nolock;
}
- else
- {
- slapi_ldap_value_free(rdns);
- }
if (newsuperior != NULL)
{
@@ -432,7 +445,7 @@ op_shared_rename(Slapi_PBlock *pb, int passin_args)
* if we don't hold it.
*/
if ((err = slapi_mapping_tree_select_and_check(pb, newdn, &be, &referral, errorbuf)) != LDAP_SUCCESS)
- {
+ {
send_ldap_result(pb, err, NULL, errorbuf, 0, NULL);
goto free_and_return_nolock;
}
commit b7ca806275bda9a38ce811575c1faf7a6d3f98ca
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 17:17:07 2010 -0800
Adding DN syntax check API slapi_dn_syntax_check
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/plugin_syntax.c b/ldap/servers/slapd/plugin_syntax.c
index 945271e..e2cc7fb 100644
--- a/ldap/servers/slapd/plugin_syntax.c
+++ b/ldap/servers/slapd/plugin_syntax.c
@@ -261,6 +261,76 @@ plugin_call_syntax_filter_sub_sv(
return( rc );
}
+/* Checks if the DN string is valid according to the Distinguished Name
+ * syntax. Setting override to 1 will force syntax checking to be performed,
+ * even if syntax checking is disabled in the config. Setting override to 0
+ * will obey the config settings.
+ *
+ * Returns 1 if there is a syntax violation and sets the error message
+ * appropriately. Returns 0 if everything checks out fine.
+ */
+int
+slapi_dn_syntax_check(
+ Slapi_PBlock *pb, char *dn, int override
+)
+{
+ int ret = 0;
+ int is_replicated_operation = 0;
+ int syntaxcheck = config_get_syntaxcheck();
+ int syntaxlogging = config_get_syntaxlogging();
+ char errtext[ BUFSIZ ];
+ char *errp = &errtext[0];
+ struct slapdplugin *dn_plugin = NULL;
+ struct berval dn_bval = {0};
+
+ if (pb != NULL) {
+ slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_replicated_operation);
+ }
+
+ /* If syntax checking and logging are off, or if this is a
+ * replicated operation, just return that the syntax is OK. */
+ if (((syntaxcheck == 0) && (syntaxlogging == 0) && (override == 0)) ||
+ is_replicated_operation) {
+ goto exit;
+ }
+
+ /* Locate the dn syntax plugin. */
+ slapi_attr_type2plugin("distinguishedName", (void **)&dn_plugin);
+
+ /* Assume the value is valid if we don't find a dn validate function */
+ if (dn_plugin && dn_plugin->plg_syntax_validate != NULL) {
+ /* Create a berval to pass to the validate function. */
+ if (dn) {
+ dn_bval.bv_val = dn;
+ dn_bval.bv_len = strlen(dn);
+
+ /* Validate the value. */
+ if (dn_plugin->plg_syntax_validate(&dn_bval) != 0) {
+ if (syntaxlogging) {
+ slapi_log_error( SLAPI_LOG_FATAL, "Syntax Check",
+ "DN value (%s) invalid per syntax\n", dn ? dn : "");
+ }
+
+ if (syntaxcheck || override) {
+ if (pb) {
+ errp += PR_snprintf( errp, sizeof(errtext),
+ "DN value invalid per syntax\n" );
+ }
+ ret = 1;
+ }
+ }
+ }
+ }
+
+ /* See if we need to set the error text in the pblock. */
+ if (errp != &errtext[0]) {
+ slapi_pblock_set( pb, SLAPI_PB_RESULT_TEXT, errtext );
+ }
+
+exit:
+ return( ret );
+}
+
/* Checks if the values of all attributes in an entry are valid for the
* syntax specified for the attribute in question. Setting override to
* 1 will force syntax checking to be performed, even if syntax checking
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
index d35c12c..2640ed1 100644
--- a/ldap/servers/slapd/slapi-plugin.h
+++ b/ldap/servers/slapd/slapi-plugin.h
@@ -1337,6 +1337,25 @@ int slapi_entry_schema_check( Slapi_PBlock *pb, Slapi_Entry *e );
int slapi_entry_syntax_check( Slapi_PBlock *pb, Slapi_Entry *e, int override );
/**
+ * Determines if the DN violates the Distinguished Name syntax rules.
+ *
+ * \param pb Parameter block.
+ * \param dn The dn string you want to check.
+ * \param override Flag to override the server configuration and force syntax checking
+ * to be performed.
+ * \return \c 0 if the DN complies with the Distinguished Name syntax rules or if
+ * syntax checking is disabled.
+ * \return \c 1 if the DN violates the Distinguished Name syntax rules. If the \c pb
+ * parameter was passed in, an error message will be set in the
+ * #SLAPI_PB_RESULT_TEXT parameter.
+ * \warning The \c pb parameter can be \c NULL. It is used to store an error
+ * message with details of any syntax violations. The \c pb paramter
+ * is also used to check if the #SLAPI_IS_REPLICATED_OPERATION flag is
+ * set. If that flag is present, no syntax checking is performed.
+ */
+int slapi_dn_syntax_check( Slapi_PBlock *pb, char *dn, int override );
+
+/**
* Determines if any values being added to an entry violate the syntax rules
* imposed by the associated attribute type.
*
commit 7fe2876c3415d8960876c746f3e6f26f67360355
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 17:05:55 2010 -0800
Fixing a wrong comment in log.c
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index ac6bdc7..328002d 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -649,7 +649,7 @@ log_update_auditlogdir(char *pathname, int apply)
loginfo.log_numof_audit_logs = 1;
}
- /* Now open the new errorlog */
+ /* Now open the new auditlog */
if ( audit_log_openf (pathname, 1 /* locked */)) {
rv = LDAP_LOCAL_ERROR; /* error: Unable to use the new dir */
}
commit 483a3950a2f8ccf48c271cc23baa5f32433870ae
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Feb 9 09:30:21 2010 -0800
Adding instancedir getter and setter to libglobs.c
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 3726dfd..8f02d03 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -564,7 +564,8 @@ static struct config_get_and_set {
NULL, 0, NULL, CONFIG_ON_OFF, (ConfigGetFunc)config_get_hash_filters},
/* instance dir; used by admin tasks */
{CONFIG_INSTDIR_ATTRIBUTE, config_set_instancedir,
- NULL, 0, NULL, CONFIG_STRING, NULL},
+ NULL, 0,
+ (void**)&global_slapdFrontendConfig.instancedir, CONFIG_STRING, NULL},
/* parameterizing schema dir */
{CONFIG_SCHEMADIR_ATTRIBUTE, config_set_schemadir,
NULL, 0,
@@ -4860,11 +4861,41 @@ config_set_configdir(const char *attrname, char *value, char *errorbuf, int appl
return retVal;
}
-/* W/o the setter, "config_set: the attribute nsslapd-instancedir is read only" is printed out. */
+char *
+config_get_instancedir()
+{
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+ char *retVal;
+
+ CFG_LOCK_READ(slapdFrontendConfig);
+ retVal = config_copy_strval(slapdFrontendConfig->instancedir);
+ CFG_UNLOCK_READ(slapdFrontendConfig);
+
+ return retVal;
+}
+
int
config_set_instancedir(const char *attrname, char *value, char *errorbuf, int apply)
{
- return LDAP_SUCCESS;
+ int retVal = LDAP_SUCCESS;
+ slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
+
+ if ( config_value_is_null( attrname, value, errorbuf, 0 )) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ if (!apply) {
+ return retVal;
+ }
+
+ CFG_LOCK_WRITE(slapdFrontendConfig);
+ /* We don't want to allow users to modify instance dir.
+ * Set it once when the server starts. */
+ if (NULL == slapdFrontendConfig->instancedir) {
+ slapdFrontendConfig->instancedir = slapi_ch_strdup(value);
+ }
+ CFG_UNLOCK_WRITE(slapdFrontendConfig);
+ return retVal;
}
char *
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 93f8470..e7c0dc6 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -2014,6 +2014,7 @@ typedef struct _slapdFrontendConfig {
char *workingdir; /* full path of directory before detach */
char *configdir; /* full path name of directory containing configuration files */
char *schemadir; /* full path name of directory containing schema files */
+ char *instancedir;/* full path name of instance directory */
char *lockdir; /* full path name of directory containing lock files */
char *tmpdir; /* full path name of directory containing tmp files */
char *certdir; /* full path name of directory containing cert files */
commit d07e40b8608afc718a85013b0b8a0b77387918ff
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 16:52:36 2010 -0800
Fixing a typo in entrywsi.c
Replacing "recieve" with "receive".
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
index 579d044..5fcb30d 100644
--- a/ldap/servers/slapd/entrywsi.c
+++ b/ldap/servers/slapd/entrywsi.c
@@ -754,7 +754,7 @@ entry_apply_mods_wsi(Slapi_Entry *e, Slapi_Mods *smods, const CSN *csn, int urp)
/*
* This code implements a computed attribute called 'nscpEntryWSI'.
- * By specifically asking for this attribute the client will recieve
+ * By specifically asking for this attribute the client will receive
* an LDIF dump of the entry with all its state information.
*
* JCM - Security... Only for the Directory Manager.
commit 095458009c5ceae5ce7f93e4fbb2cb9cf83c78fa
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 16:50:05 2010 -0800
Initializing be_usn_counter in Slapi_Backend
A field be_usn_counter was not initialized.
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/backend.c b/ldap/servers/slapd/backend.c
index c8380c6..1fd198e 100644
--- a/ldap/servers/slapd/backend.c
+++ b/ldap/servers/slapd/backend.c
@@ -94,6 +94,7 @@ be_init( Slapi_Backend *be, const char *type, const char *name, int isprivate, i
be->be_state_lock = PR_NewLock();
be->be_name = slapi_ch_strdup(name);
be->be_mapped = 0;
+ be->be_usn_counter = 0;
}
void
commit d762d35af6ba1ef497cdc7686b59979eafff01fd
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 15:51:26 2010 -0800
Fixing a memory leak in ldbm_attr.c
ai_attrcrypt in attrinfo was not freed in attrinfo_delete.
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attr.c b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
index eccf854..3baadc1 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_attr.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_attr.c
@@ -60,6 +60,7 @@ attrinfo_delete(struct attrinfo **pp)
(*pp)->ai_key_cmp_fn = NULL;
slapi_ch_free((void**)&((*pp)->ai_type));
slapi_ch_free((void**)(*pp)->ai_index_rules);
+ slapi_ch_free((void**)&((*pp)->ai_attrcrypt));
slapi_ch_free((void**)pp);
*pp= NULL;
}
commit a36cd3f304a0273496f7bf6c9b2e07fd580655c8
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 14:57:34 2010 -0800
Fixing a memory leak in dblayer.c
index_range_next_key was leaking key->data.
Back porting a bug fix from the subtree rename
change (b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
index 3125256..abb4b02 100644
--- a/ldap/servers/slapd/back-ldbm/index.c
+++ b/ldap/servers/slapd/back-ldbm/index.c
@@ -1001,6 +1001,10 @@ retry:
goto error;
}
}
+ if (saved_key != key->data) {
+ /* key could be allocated in the above c_get */
+ DBT_FREE_PAYLOAD(*key);
+ }
/* Seek to the next one
* [612498] NODUP is needed for new idl to get the next non-duplicated key
* No effect on old idl since there's no dup there (i.e., DB_NEXT == DB_NEXT_NODUP)
commit 138b0e0d32c48d27ce1b508f20920ea563314078
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 14:46:06 2010 -0800
Fixing a memory leak in idl_new.c
idl_new_delete_key was leaking key->data.
Back porting a bug fix from the subtree rename
change (b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h
index 733bfe3..ac886a3 100644
--- a/ldap/servers/slapd/back-ldbm/back-ldbm.h
+++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h
@@ -119,6 +119,10 @@ typedef unsigned short u_int16_t;
#endif
#include "db.h"
+#ifndef DB_BUFFER_SMALL
+#define DB_BUFFER_SMALL ENOMEM
+#endif
+
#define dptr data
#define dsize size
diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c
index 61bd34e..9bd2cc2 100644
--- a/ldap/servers/slapd/back-ldbm/idl_new.c
+++ b/ldap/servers/slapd/back-ldbm/idl_new.c
@@ -254,7 +254,7 @@ IDList * idl_new_fetch(
if (0 != ret) {
if (DB_NOTFOUND != ret) {
#ifdef DB_USE_BULK_FETCH
- if (ret == ENOMEM) {
+ if (ret == DB_BUFFER_SMALL) {
LDAPDebug(LDAP_DEBUG_ANY, "database index is corrupt; "
"data item for key %s is too large for our buffer "
"(need=%d actual=%d)\n",
@@ -489,25 +489,18 @@ int idl_new_delete_key(
data.ulen = sizeof(id);
data.size = sizeof(id);
data.flags = DB_DBT_USERMEM;
- data.data = &tmpid;
- ret = cursor->c_get(cursor,key,&data,DB_SET);
+ data.data = &id;
+ /* Position cursor at the key, value pair */
+ ret = cursor->c_get(cursor,key,&data,DB_GET_BOTH);
if (0 == ret) {
if (tmpid == ALLID) {
goto error; /* allid: never delete it */
}
- } else if (DB_NOTFOUND != ret) {
- ldbm_nasty(filename,22,ret);
- goto error;
- }
-
- /* Position cursor at the key, value pair */
- data.data = &id;
- ret = cursor->c_get(cursor,key,&data,DB_GET_BOTH);
- if (0 != ret) {
+ } else {
if (DB_NOTFOUND == ret) {
ret = 0; /* Not Found is OK, return immediately */
} else {
- ldbm_nasty(filename,23,ret);
+ ldbm_nasty(filename,22,ret);
}
goto error;
}
commit cd60fca5c10def001fc0c0ea0421756cfc976dc5
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 13:39:39 2010 -0800
Fixing a memory leak in dblayer.c
dblayer_private_env and its lock and dblayer_data_directories
were leaking. Back porting a bug fix from the subtree rename
change (b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/slapd/back-ldbm/dblayer.c b/ldap/servers/slapd/back-ldbm/dblayer.c
index 1a56c96..35626fc 100644
--- a/ldap/servers/slapd/back-ldbm/dblayer.c
+++ b/ldap/servers/slapd/back-ldbm/dblayer.c
@@ -650,10 +650,6 @@ int dblayer_terminate(struct ldbminfo *li)
}
slapi_ch_free_string(&priv->dblayer_log_directory);
- /* no need to release dblayer_home_directory,
- * which is one of dblayer_data_directories */
- charray_free(priv->dblayer_data_directories);
- priv->dblayer_data_directories = NULL;
PR_DestroyCondVar(priv->thread_count_cv);
priv->thread_count_cv = NULL;
PR_DestroyLock(priv->thread_count_lock);
@@ -1191,8 +1187,8 @@ dblayer_make_env(struct dblayer_private_env **env, struct ldbminfo *li)
Object *inst_obj;
ldbm_instance *inst = NULL;
- pEnv =
- (struct dblayer_private_env *) PR_Calloc(1, sizeof(dblayer_private_env));
+ pEnv = (struct dblayer_private_env *)slapi_ch_calloc(1,
+ sizeof(dblayer_private_env));
if ((ret = db_env_create(&pEnv->dblayer_DB_ENV, 0)) != 0) {
LDAPDebug(LDAP_DEBUG_ANY,
@@ -1214,7 +1210,6 @@ dblayer_make_env(struct dblayer_private_env **env, struct ldbminfo *li)
dblayer_dump_config_tracing(priv);
/* set data dir to avoid having absolute paths in the transaction log */
- priv->dblayer_data_directories = NULL;
for (inst_obj = objset_first_obj(li->li_instance_set);
inst_obj;
inst_obj = objset_next_obj(li->li_instance_set, inst_obj))
@@ -1226,7 +1221,7 @@ dblayer_make_env(struct dblayer_private_env **env, struct ldbminfo *li)
inst->inst_parent_dir_name))
{
charray_add(&(priv->dblayer_data_directories),
- inst->inst_parent_dir_name);
+ slapi_ch_strdup(inst->inst_parent_dir_name));
}
}
}
@@ -1260,28 +1255,35 @@ dblayer_make_env(struct dblayer_private_env **env, struct ldbminfo *li)
return ret;
}
+static void
+dblayer_free_env(struct dblayer_private_env **env)
+{
+ if (NULL == env || NULL == *env) {
+ return;
+ }
+ if ((*env)->dblayer_env_lock) {
+ PR_DestroyRWLock((*env)->dblayer_env_lock);
+ (*env)->dblayer_env_lock = NULL;
+ }
+ slapi_ch_free((void **)env);
+ return;
+}
+
/* generate an absolute path if the given instance dir is not. */
char *
dblayer_get_full_inst_dir(struct ldbminfo *li, ldbm_instance *inst,
char *buf, int buflen)
{
- char *parent_dir;
- int mylen;
+ char *parent_dir = NULL;
+ int mylen = 0;
if (!inst)
return NULL;
- if (inst->inst_parent_dir_name)
+ if (inst->inst_parent_dir_name) /* e.g., /var/lib/dirsrv/slapd-ID/db */
{
parent_dir = inst->inst_parent_dir_name;
- if (inst->inst_parent_dir_name)
- {
- mylen = strlen(parent_dir) + strlen(inst->inst_dir_name) + 2;
- }
- else
- {
- mylen = strlen(parent_dir) + 1;
- }
+ mylen = strlen(parent_dir) + 1;
}
else
{
@@ -1295,7 +1297,7 @@ dblayer_get_full_inst_dir(struct ldbminfo *li, ldbm_instance *inst,
}
- if (inst->inst_dir_name)
+ if (inst->inst_dir_name) /* e.g., userRoot */
{
mylen += strlen(inst->inst_dir_name) + 2;
if (!buf || mylen > buflen)
@@ -1443,7 +1445,7 @@ int dblayer_start(struct ldbminfo *li, int dbmode)
LDAPDebug(LDAP_DEBUG_ANY,
"Error: DB directory is not specified.\n", 0, 0, 0);
return -1;
- }
+ }
PR_Lock(li->li_config_mutex);
priv->dblayer_home_directory = li->li_directory; /* nsslapd-directory */
priv->dblayer_cachesize = li->li_dbcachesize;
@@ -1513,6 +1515,7 @@ int dblayer_start(struct ldbminfo *li, int dbmode)
}
}
+ dblayer_free_env(&priv->dblayer_env);
priv->dblayer_env = pEnv;
open_flags = DB_CREATE | DB_INIT_MPOOL | DB_THREAD;
@@ -1583,6 +1586,7 @@ int dblayer_start(struct ldbminfo *li, int dbmode)
"ERROR -- Failed to create DBENV (returned: %d).\n",
return_value, 0, 0);
}
+ dblayer_free_env(&priv->dblayer_env);
priv->dblayer_env = pEnv;
}
@@ -1647,6 +1651,7 @@ int dblayer_start(struct ldbminfo *li, int dbmode)
"mmap in opening database environment (recovery mode) "
"failed trying to allocate %lu bytes. (OS err %d - %s)\n",
li->li_dbcachesize, return_value, dblayer_strerror(return_value));
+ dblayer_free_env(&priv->dblayer_env);
priv->dblayer_env = CATASTROPHIC;
} else {
LDAPDebug(LDAP_DEBUG_ANY, "Database Recovery Process FAILED. "
@@ -1667,6 +1672,7 @@ int dblayer_start(struct ldbminfo *li, int dbmode)
return_value, 0, 0);
return return_value;
}
+ dblayer_free_env(&priv->dblayer_env);
priv->dblayer_env = pEnv;
dblayer_set_data_dir(priv, pEnv, priv->dblayer_data_directories);
}
@@ -1738,6 +1744,7 @@ int dblayer_start(struct ldbminfo *li, int dbmode)
"mmap in opening database environment "
"failed trying to allocate %d bytes. (OS err %lu - %s)\n",
li->li_dbcachesize, return_value, dblayer_strerror(return_value));
+ dblayer_free_env(&priv->dblayer_env);
priv->dblayer_env = CATASTROPHIC;
} else {
LDAPDebug(LDAP_DEBUG_ANY,
@@ -2478,8 +2485,7 @@ int dblayer_instance_close(backend *be)
slapi_ch_free_string(&inst_dirp);
}
PR_DestroyRWLock(inst->import_env->dblayer_env_lock);
- PR_Free((void *)inst->import_env);
- inst->import_env = NULL;
+ slapi_ch_free((void **)&inst->import_env);
} else {
be->be_state = BE_STATE_STOPPED;
}
@@ -2570,14 +2576,11 @@ int dblayer_post_close(struct ldbminfo *li, int dbmode)
perfctrs_terminate(&priv->perf_private, priv->dblayer_env->dblayer_DB_ENV);
}
}
-
+
/* Now release the db environment */
pEnv = priv->dblayer_env;
return_value = pEnv->dblayer_DB_ENV->close(pEnv->dblayer_DB_ENV, 0);
- PR_DestroyRWLock(priv->dblayer_env->dblayer_env_lock);
- PR_Free((void *) priv->dblayer_env);
-
- priv->dblayer_env = NULL; /* pEnv is now garbage */
+ dblayer_free_env(&priv->dblayer_env); /* pEnv is now garbage */
#if 0 /* DBDB do NOT remove the environment: bad, bad idea */
if (return_value == 0) {
@@ -2613,6 +2616,14 @@ int dblayer_post_close(struct ldbminfo *li, int dbmode)
&& !priv->dblayer_bad_stuff_happened) {
commit_good_database(priv);
}
+ if (priv->dblayer_data_directories) {
+ /* dblayer_data_directories are set in dblayer_make_env via
+ * dblayer_start, which is paired with dblayer_close. */
+ /* no need to release dblayer_home_directory,
+ * which is one of dblayer_data_directories */
+ charray_free(priv->dblayer_data_directories);
+ priv->dblayer_data_directories = NULL;
+ }
return return_value;
}
@@ -4037,13 +4048,13 @@ static int commit_good_database(dblayer_private *priv)
int return_value = 0;
int num_bytes;
- PR_snprintf(filename,sizeof(filename), "%s/guardian",priv->dblayer_home_directory);
+ PR_snprintf(filename,sizeof(filename), "%s/guardian", priv->dblayer_home_directory);
prfd = PR_Open(filename, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE,
priv->dblayer_file_mode );
if (NULL == prfd)
{
- LDAPDebug( LDAP_DEBUG_ANY,"Fatal Error---Failed to write guardian file, database corruption possible" SLAPI_COMPONENT_NAME_NSPR " %d (%s)\n",
+ LDAPDebug( LDAP_DEBUG_ANY,"Fatal Error---Failed to write guardian file %s, database corruption possible" SLAPI_COMPONENT_NAME_NSPR " %d (%s)\n",
filename, PR_GetError(), slapd_pr_strerror(PR_GetError()) );
return -1;
}
@@ -5447,7 +5458,7 @@ int dblayer_restore(struct ldbminfo *li, char *src_dir, Slapi_Task *task, char *
PRDir *dirhandle = NULL;
PRDirEntry *direntry = NULL;
PRFileInfo info;
- ldbm_instance *inst;
+ ldbm_instance *inst = NULL;
int seen_logfiles = 0; /* Tells us if we restored any logfiles */
int is_a_logfile = 0;
int dbmode;
commit 544511c6b139641c1e5d222dee1155bbcb3e37b6
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 13:02:02 2010 -0800
Fixing a memory leak in repl5_protocol.c
Memory for the lock in Repl_Protocol was leaking.
Back porting a bug fix from the subtree rename change
(b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/servers/plugins/replication/repl5_protocol.c b/ldap/servers/plugins/replication/repl5_protocol.c
index 8fdf812..9d8cc16 100644
--- a/ldap/servers/plugins/replication/repl5_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_protocol.c
@@ -202,6 +202,7 @@ prot_free(Repl_Protocol **rpp)
}
rp->prp_active_protocol = NULL;
PR_Unlock(rp->lock);
+ PR_DestroyLock(rp->lock);
slapi_ch_free((void **)rpp);
}
commit adee46c4a34b006c4fcf6bf5ed12f32c38275024
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Feb 8 12:52:44 2010 -0800
Fixing config_dir in DSUpdate.pm.in
The path of config_dir for each instance needs to end with the
instance dir. Back porting a bug fix from the subtree rename
change (b5e653a844af60596f9bc6b16349ee902ddb51f5).
diff --git a/ldap/admin/src/scripts/DSUpdate.pm.in b/ldap/admin/src/scripts/DSUpdate.pm.in
index 20bb40d..3792afe 100644
--- a/ldap/admin/src/scripts/DSUpdate.pm.in
+++ b/ldap/admin/src/scripts/DSUpdate.pm.in
@@ -449,7 +449,7 @@ sub initInfFromInst {
$inf->{slapd}->{bak_dir} = $entry->getValue('nsslapd-bakdir');
}
if (!$inf->{slapd}->{config_dir}) {
- $inf->{slapd}->{config_dir} = $configdir;
+ $inf->{slapd}->{config_dir} = $configdir."/".$inst;
}
if (!$inf->{slapd}->{inst_dir}) {
$inf->{slapd}->{inst_dir} = $entry->getValue('nsslapd-instancedir');
More information about the 389-commits
mailing list