[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'upstream-unstable'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Thu Aug 29 21:53:49 UTC 2013
VERSION.sh | 2 -
ldap/admin/src/logconv.pl | 30 +++++++--------
ldap/admin/src/scripts/DSUtil.pm.in | 9 +++-
ldap/servers/plugins/replication/windows_protocol_util.c | 10 ++++-
ldap/servers/slapd/modify.c | 4 --
5 files changed, 31 insertions(+), 24 deletions(-)
New commits:
commit 60cfb7370ca457b36fdfaa2820bf05fbe3f26859
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed Aug 28 14:53:36 2013 -0700
bump version to 1.3.1.7
diff --git a/VERSION.sh b/VERSION.sh
index 6bd724d..3a45057 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=3
-VERSION_MAINT=1.6
+VERSION_MAINT=1.7
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit abdf69842a2525b6a670aafd2a940a0c67b656ec
Author: Rich Megginson <rmeggins at redhat.com>
Date: Fri Aug 23 14:16:29 2013 -0600
Bug 999634 - ns-slapd crash due to bogus DN
https://bugzilla.redhat.com/show_bug.cgi?id=999634
Reviewed by: ???
Branch: 389-ds-base-1.3.1
Fix Description: When the target DN is not a valid DN, the code will bypass
the initialization of unhashed_pw_smod, and attempt to call slapi_smods_done.
Depending on what memory is in the unhashed_pw_smod, if both mods and
free_mods are true, an attempt will be made to free mods or *mods and the
server will crash. It is tricky to find the right sequence of operations
that will write the stack in such a way that both unhashed_pw_smod.mods
and unhashed_pw_smod.free_mods are set.
The fix is to just get rid of unhashed_pw_smod which is not used.
I also check this code and other operation code for similar cases, but the
rest of the code is clean.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit a3d65ac00df871675896f587b0da2c24eab961bb)
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 2677b92..957f36e 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -653,7 +653,6 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
int passin_sdn = 0;
LDAPMod **mods, *pw_mod, **tmpmods = NULL;
Slapi_Mods smods;
- Slapi_Mods unhashed_pw_smod;
int repl_op, internal_op, lastmod, skip_modified_attrs;
char *unhashed_pw_attr = NULL;
Slapi_Operation *operation;
@@ -692,8 +691,6 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
slapi_mods_init_passin (&smods, mods);
- slapi_mods_init(&unhashed_pw_smod, 0);
-
/* target spec is used to decide which plugins are applicable for the operation */
operation_set_target_spec (pb->pb_op, sdn);
@@ -1138,7 +1135,6 @@ free_and_return:
if (be)
slapi_be_Unlock(be);
- slapi_mods_done(&unhashed_pw_smod); /* can finalize now */
if (unhashed_pw_attr)
slapi_ch_free ((void**)&unhashed_pw_attr);
commit 529a544a2fe9961d9286e191346fb5faca27d38b
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Aug 20 14:09:26 2013 -0700
Ticket #47488 - Users from AD sub OU does not sync to IPA
Bug description: When processing a DN from AD, the DN is passed to
a helper function is_subject_of_agreement_remote (windows_protocol_
util.c) to check if the DN is a subject of the sync service or not.
The helper function was checking if the AD DN is just one-level
child of the agreement subtree top (nsds7WindowsReplicaSubtree) but
not the subtree-level descendents. Note: the DN is an original one
in AD, which has not be flattened yet. Therefore, the AD entry was
determined not to be synchronized.
Fix description: This bug was fixed in the master tree with the
ticket #521 - modrdn + NSMMReplicationPlugin - Consumer failed to
replay change.
3) is_subject_of_agreement_remote (windows_protocol_util.c):
When checking if the entry was in the subtree defined in the
agreement or not, it returned true only if the entry is a
direct child of the agreement subtree top. This patch returns
true if the entry is the further descendent of the subtree.
The fix is back ported to 389-ds-base-1.3.1 branch.
Reviewed by Rich (Thank you!!)
https://fedorahosted.org/389/ticket/47488
diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c
index 964566a..730d9a6 100644
--- a/ldap/servers/plugins/replication/windows_protocol_util.c
+++ b/ldap/servers/plugins/replication/windows_protocol_util.c
@@ -3950,7 +3950,12 @@ error:
return retval;
}
-/* Tests if the entry is subject to our agreement (i.e. is it in the sync'ed subtree in AD and either a user or a group ?) */
+/*
+ * Tests if the entry is subject to our agreement
+ * (i.e. is it in the sync'ed subtree in AD and either a user or a group ?)
+ * return value: 1 -- it is subject to the agreement
+ * 0 -- out of scope
+ */
static int
is_subject_of_agreement_remote(Slapi_Entry *e, const Repl_Agmt *ra)
{
@@ -3981,7 +3986,8 @@ is_subject_of_agreement_remote(Slapi_Entry *e, const Repl_Agmt *ra)
* 'e' as out of scope.
*/
slapi_sdn_get_parent(sdn, &psdn);
- if (0 == slapi_sdn_compare(&psdn, agreement_subtree)) {
+ if (slapi_sdn_issuffix(&psdn, agreement_subtree)) {
+ /* parent is in agreement_subtree. */
retval = 1;
} else {
/* If parent entry is not local, the entry is out of scope */
commit 3e7ee7ca886feb56b3b26df97882c40d81bfff55
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Wed Aug 14 15:32:36 2013 -0400
Ticket 47461 - logconv.pl - Use of comma-less variable list is deprecated
Description: In newer versions of perl commas are needed to separate variables
when "formatting" output. Also fixed a typo.
https://fedorahosted.org/389/ticket/47461
Reviewed by: nhosoi(Thanks!)
(cherry picked from commit 7e9cae5fa2292168e88e87eee2f9249171a1e9d8)
diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
index efc5970..77088ff 100755
--- a/ldap/admin/src/logconv.pl
+++ b/ldap/admin/src/logconv.pl
@@ -594,7 +594,7 @@ print "Restarts: $serverRestartCount\n";
print "Total Connections: $connectionCount\n";
print " - StartTLS Connections: $startTLSCount\n";
print " - LDAPS Connections: $sslCount\n";
-print " - LDAPI Conections: $ldapiCount\n";
+print " - LDAPI Connections: $ldapiCount\n";
print "Peak Concurrent Connections: $maxsimConnection\n";
print "Total Operations: $allOps\n";
print "Total Results: $allResults\n";
@@ -614,20 +614,20 @@ $compareStat = sprintf "(%.2f/sec) (%.2f/min)\n",$cmpCount/$totalTimeInSecs, $c
$bindCountStat = sprintf "(%.2f/sec) (%.2f/min)\n",$bindCount/$totalTimeInSecs, $bindCount/($totalTimeInSecs/60);
format STDOUT =
-Searches: @<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<
- $srchCount, $searchStat
-Modifications: @<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<
- $modCount, $modStat
-Adds: @<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<
- $addCount, $addStat
-Deletes: @<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<
- $delCount, $deleteStat
-Mod RDNs: @<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<
- $modrdnCount, $modrdnStat
-Compares: @<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<
- $cmpCount, $compareStat
-Binds: @<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<
- $bindCount $bindCountStat
+Searches: @<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+ $srchCount, $searchStat,
+Modifications: @<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+ $modCount, $modStat,
+Adds: @<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+ $addCount, $addStat,
+Deletes: @<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+ $delCount, $deleteStat,
+Mod RDNs: @<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+ $modrdnCount, $modrdnStat,
+Compares: @<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+ $cmpCount, $compareStat,
+Binds: @<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+ $bindCount, $bindCountStat,
.
write STDOUT;
commit a7bdcc535b213455b785be004153c51b71ccc3be
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Aug 13 16:39:57 2013 -0400
Ticket 47473 - setup-ds.pl doesn't lookup the "root" group correctly
Bug Description: Silent install will fail, if you set the "SuiteSpotUserID"
to root, but do not set "SuiteSpotGroup".
Fix Description: The root gid is zero, and this incorrectly triggered an
error that cancelled the install. Fix is to check if the
user info is set, instead of checking the group id value;
https://fedorahosted.org/389/ticket/47473
Reviewed by: richm(Thanks!)
(cherry picked from commit 8aa9e8c38186c8447e6825839ef2f784f3ad9815)
diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
index b971dac..eaf5e4b 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -160,8 +160,13 @@ sub getLogin {
# Look up the primary group name for the supplied user
sub getGroup {
my $user = shift;
- my $gid = (getpwnam($user))[3] || confess "Error: could not determine the current group ID: $!";
- return (getgrgid($gid))[0] || confess "Error: could not determine the current group name: $!";
+ my @userinfo = getpwnam($user);
+
+ if(!@userinfo){
+ confess "Error: could not find user ID ($user): $!";
+ }
+
+ return (getgrgid($userinfo[3]))[0] || confess "Error: could not determine the current group name from gid ($userinfo[3]): $!";
}
sub isValidUser {
More information about the Pkg-fedora-ds-maintainers
mailing list