[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'upstream'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Thu Apr 2 11:57:03 UTC 2015
Makefile.am | 14
Makefile.in | 104
VERSION.sh | 2
aclocal.m4 | 15
config.guess | 192
config.sub | 40
dirsrvtests/create_test.py | 577 ++
dirsrvtests/data/basic/dse.ldif.broken | 95
dirsrvtests/data/ticket47953/ticket47953.ldif | 27
dirsrvtests/data/ticket47988/schema_ipa3.3.tar.gz |binary
dirsrvtests/data/ticket47988/schema_ipa4.1.tar.gz |binary
dirsrvtests/suites/acct_usability_plugin/acct_usability_test.py | 85
dirsrvtests/suites/acctpolicy_plugin/acctpolicy_test.py | 85
dirsrvtests/suites/acl/acl_test.py | 85
dirsrvtests/suites/attr_encryption/attr_encrypt_test.py | 85
dirsrvtests/suites/attr_uniqueness_plugin/attr_uniqueness_test.py | 237 +
dirsrvtests/suites/automember_plugin/automember_test.py | 85
dirsrvtests/suites/basic/basic_test.py | 695 ++
dirsrvtests/suites/betxns/betxn_test.py | 187
dirsrvtests/suites/chaining_plugin/chaining_test.py | 85
dirsrvtests/suites/clu/clu_test.py | 107
dirsrvtests/suites/clu/db2ldif_test.py | 84
dirsrvtests/suites/collation_plugin/collatation_test.py | 85
dirsrvtests/suites/config/config_test.py | 189
dirsrvtests/suites/cos_plugin/cos_test.py | 85
dirsrvtests/suites/deref_plugin/deref_test.py | 85
dirsrvtests/suites/disk_monitoring/disk_monitor_test.py | 85
dirsrvtests/suites/distrib_plugin/distrib_test.py | 85
dirsrvtests/suites/dna_plugin/dna_test.py | 85
dirsrvtests/suites/ds_logs/ds_logs_test.py | 85
dirsrvtests/suites/dynamic-plugins/constants.py | 33
dirsrvtests/suites/dynamic-plugins/finalizer.py | 57
dirsrvtests/suites/dynamic-plugins/plugin_tests.py | 2318 ++++++++++
dirsrvtests/suites/dynamic-plugins/stress_tests.py | 141
dirsrvtests/suites/dynamic-plugins/test_dynamic_plugins.py | 534 ++
dirsrvtests/suites/filter/filter_test.py | 144
dirsrvtests/suites/get_effective_rights/ger_test.py | 85
dirsrvtests/suites/ldapi/ldapi_test.py | 85
dirsrvtests/suites/linkedattrs_plugin/linked_attrs_test.py | 85
dirsrvtests/suites/mapping_tree/mapping_tree_test.py | 85
dirsrvtests/suites/memberof_plugin/memberof_test.py | 85
dirsrvtests/suites/memory_leaks/range_search_test.py | 145
dirsrvtests/suites/mep_plugin/mep_test.py | 85
dirsrvtests/suites/monitor/monitor_test.py | 85
dirsrvtests/suites/paged_results/paged_results_test.py | 85
dirsrvtests/suites/pam_passthru_plugin/pam_test.py | 85
dirsrvtests/suites/passthru_plugin/passthru_test.py | 85
dirsrvtests/suites/password/password_test.py | 135
dirsrvtests/suites/password/pwdAdmin_test.py | 439 +
dirsrvtests/suites/password/pwdPolicy_test.py | 74
dirsrvtests/suites/posix_winsync_plugin/posix_winsync_test.py | 85
dirsrvtests/suites/psearch/psearch_test.py | 85
dirsrvtests/suites/referint_plugin/referint_test.py | 85
dirsrvtests/suites/replication/cleanallruv_test.py | 1486 ++++++
dirsrvtests/suites/replsync_plugin/repl_sync_test.py | 85
dirsrvtests/suites/resource_limits/res_limits_test.py | 85
dirsrvtests/suites/retrocl_plugin/retrocl_test.py | 85
dirsrvtests/suites/reverpwd_plugin/reverpwd_test.py | 85
dirsrvtests/suites/roles_plugin/roles_test.py | 85
dirsrvtests/suites/rootdn_plugin/rootdn_plugin_test.py | 770 +++
dirsrvtests/suites/sasl/sasl_test.py | 85
dirsrvtests/suites/schema/test_schema.py | 63
dirsrvtests/suites/schema_reload_plugin/schema_reload_test.py | 85
dirsrvtests/suites/snmp/snmp_test.py | 85
dirsrvtests/suites/ssl/ssl_test.py | 85
dirsrvtests/suites/syntax_plugin/syntax_test.py | 85
dirsrvtests/suites/usn_plugin/usn_test.py | 85
dirsrvtests/suites/views_plugin/views_test.py | 85
dirsrvtests/suites/vlv/vlv_test.py | 85
dirsrvtests/suites/whoami_plugin/whoami_test.py | 85
dirsrvtests/tickets/ticket365_test.py | 161
dirsrvtests/tickets/ticket47384_test.py | 159
dirsrvtests/tickets/ticket47431_test.py | 251 +
dirsrvtests/tickets/ticket47462_test.py | 452 +
dirsrvtests/tickets/ticket47553_ger.py | 553 ++
dirsrvtests/tickets/ticket47560_test.py | 2
dirsrvtests/tickets/ticket47828_test.py | 721 +++
dirsrvtests/tickets/ticket47838_test.py | 165
dirsrvtests/tickets/ticket47937_test.py | 237 +
dirsrvtests/tickets/ticket47950_test.py | 273 +
dirsrvtests/tickets/ticket47953_test.py | 120
dirsrvtests/tickets/ticket47963_test.py | 191
dirsrvtests/tickets/ticket47970_test.py | 206
dirsrvtests/tickets/ticket47973_test.py | 235 +
dirsrvtests/tickets/ticket47980_test.py | 710 +++
dirsrvtests/tickets/ticket47981_test.py | 345 +
dirsrvtests/tickets/ticket47988_test.py | 576 ++
dirsrvtests/tickets/ticket48005_test.py | 407 +
dirsrvtests/tickets/ticket48109_test.py | 386 +
ldap/admin/src/logconv.pl | 69
ldap/admin/src/scripts/50AES-pbe-plugin.ldif | 16
ldap/admin/src/scripts/52updateAESplugin.pl | 84
ldap/admin/src/scripts/60upgradeconfigfiles.pl | 2
ldap/ldif/50replication-plugins.ldif | 2
ldap/ldif/template-dse.ldif.in | 16
ldap/schema/01core389.ldif | 7
ldap/schema/10dna-plugin.ldif | 8
ldap/servers/plugins/acctpolicy/acct_config.c | 8
ldap/servers/plugins/acctpolicy/acct_init.c | 99
ldap/servers/plugins/acctpolicy/acct_plugin.c | 178
ldap/servers/plugins/acctpolicy/acct_util.c | 19
ldap/servers/plugins/acctpolicy/acctpolicy.h | 25
ldap/servers/plugins/acl/acl.c | 51
ldap/servers/plugins/acl/acl_ext.c | 52
ldap/servers/plugins/acl/aclanom.c | 68
ldap/servers/plugins/acl/acleffectiverights.c | 67
ldap/servers/plugins/acl/acllas.c | 73
ldap/servers/plugins/acl/aclparse.c | 8
ldap/servers/plugins/acl/aclutil.c | 6
ldap/servers/plugins/automember/automember.c | 82
ldap/servers/plugins/chainingdb/cb_bind.c | 18
ldap/servers/plugins/chainingdb/cb_compare.c | 7
ldap/servers/plugins/chainingdb/cb_conn_stateless.c | 1
ldap/servers/plugins/chainingdb/cb_delete.c | 5
ldap/servers/plugins/chainingdb/cb_modify.c | 4
ldap/servers/plugins/chainingdb/cb_modrdn.c | 5
ldap/servers/plugins/chainingdb/cb_search.c | 4
ldap/servers/plugins/chainingdb/cb_utils.c | 30
ldap/servers/plugins/cos/cos_cache.c | 76
ldap/servers/plugins/deref/deref.c | 2
ldap/servers/plugins/dna/dna.c | 129
ldap/servers/plugins/linkedattrs/fixup_task.c | 44
ldap/servers/plugins/linkedattrs/linked_attrs.c | 2
ldap/servers/plugins/memberof/memberof.c | 121
ldap/servers/plugins/memberof/memberof.h | 5
ldap/servers/plugins/memberof/memberof_config.c | 223
ldap/servers/plugins/pam_passthru/pam_ptpreop.c | 6
ldap/servers/plugins/posix-winsync/posix-group-task.c | 40
ldap/servers/plugins/posix-winsync/posix-winsync-config.c | 1
ldap/servers/plugins/posix-winsync/posix-winsync.c | 12
ldap/servers/plugins/referint/referint.c | 32
ldap/servers/plugins/replication/cl5.h | 4
ldap/servers/plugins/replication/cl5_api.c | 5
ldap/servers/plugins/replication/cl5_api.h | 1
ldap/servers/plugins/replication/cl5_clcache.c | 3
ldap/servers/plugins/replication/cl5_config.c | 103
ldap/servers/plugins/replication/repl5.h | 26
ldap/servers/plugins/replication/repl5_agmt.c | 277 -
ldap/servers/plugins/replication/repl5_agmtlist.c | 42
ldap/servers/plugins/replication/repl5_connection.c | 211
ldap/servers/plugins/replication/repl5_inc_protocol.c | 52
ldap/servers/plugins/replication/repl5_init.c | 2
ldap/servers/plugins/replication/repl5_plugins.c | 67
ldap/servers/plugins/replication/repl5_prot_private.h | 2
ldap/servers/plugins/replication/repl5_protocol.c | 2
ldap/servers/plugins/replication/repl5_replica.c | 28
ldap/servers/plugins/replication/repl5_replica_config.c | 61
ldap/servers/plugins/replication/repl5_ruv.c | 1
ldap/servers/plugins/replication/repl5_tot_protocol.c | 87
ldap/servers/plugins/replication/repl5_total.c | 4
ldap/servers/plugins/replication/repl_bind.c | 2
ldap/servers/plugins/replication/repl_connext.c | 20
ldap/servers/plugins/replication/repl_extop.c | 30
ldap/servers/plugins/replication/repl_globals.c | 3
ldap/servers/plugins/replication/repl_ops.c | 15
ldap/servers/plugins/replication/windows_connection.c | 6
ldap/servers/plugins/replication/windows_inc_protocol.c | 89
ldap/servers/plugins/replication/windows_private.c | 2
ldap/servers/plugins/replication/windows_protocol_util.c | 8
ldap/servers/plugins/replication/windows_tot_protocol.c | 12
ldap/servers/plugins/retrocl/retrocl.c | 67
ldap/servers/plugins/retrocl/retrocl_create.c | 4
ldap/servers/plugins/retrocl/retrocl_po.c | 12
ldap/servers/plugins/rever/des.c | 551 --
ldap/servers/plugins/rever/pbe.c | 621 ++
ldap/servers/plugins/rever/rever.c | 116
ldap/servers/plugins/rever/rever.h | 11
ldap/servers/plugins/roles/roles_cache.c | 22
ldap/servers/plugins/rootdn_access/rootdn_access.c | 159
ldap/servers/plugins/schema_reload/schema_reload.c | 34
ldap/servers/plugins/sync/sync.h | 11
ldap/servers/plugins/sync/sync_persist.c | 20
ldap/servers/plugins/sync/sync_refresh.c | 32
ldap/servers/plugins/sync/sync_util.c | 99
ldap/servers/plugins/syntaxes/validate_task.c | 46
ldap/servers/plugins/uiduniq/7bit.c | 12
ldap/servers/plugins/uiduniq/uid.c | 63
ldap/servers/plugins/usn/usn.c | 20
ldap/servers/plugins/usn/usn.h | 1
ldap/servers/plugins/usn/usn_cleanup.c | 66
ldap/servers/slapd/abandon.c | 8
ldap/servers/slapd/add.c | 8
ldap/servers/slapd/attr.c | 8
ldap/servers/slapd/attrsyntax.c | 282 -
ldap/servers/slapd/auth.c | 91
ldap/servers/slapd/back-ldbm/dblayer.c | 61
ldap/servers/slapd/back-ldbm/dblayer.h | 2
ldap/servers/slapd/back-ldbm/filterindex.c | 7
ldap/servers/slapd/back-ldbm/import-merge.c | 4
ldap/servers/slapd/back-ldbm/import-threads.c | 18
ldap/servers/slapd/back-ldbm/import.c | 11
ldap/servers/slapd/back-ldbm/ldbm_attr.c | 82
ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c | 7
ldap/servers/slapd/back-ldbm/ldbm_bind.c | 2
ldap/servers/slapd/back-ldbm/ldbm_config.c | 7
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 14
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 4
ldap/servers/slapd/back-ldbm/ldbm_search.c | 29
ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 2
ldap/servers/slapd/back-ldbm/matchrule.c | 10
ldap/servers/slapd/back-ldbm/misc.c | 6
ldap/servers/slapd/back-ldbm/monitor.c | 10
ldap/servers/slapd/back-ldif/bind.c | 4
ldap/servers/slapd/backend.c | 29
ldap/servers/slapd/bind.c | 16
ldap/servers/slapd/compare.c | 2
ldap/servers/slapd/configdse.c | 8
ldap/servers/slapd/connection.c | 24
ldap/servers/slapd/conntable.c | 10
ldap/servers/slapd/control.c | 2
ldap/servers/slapd/daemon.c | 248 +
ldap/servers/slapd/defbackend.c | 3
ldap/servers/slapd/delete.c | 2
ldap/servers/slapd/dse.c | 157
ldap/servers/slapd/entry.c | 4
ldap/servers/slapd/entrywsi.c | 13
ldap/servers/slapd/extendop.c | 6
ldap/servers/slapd/fedse.c | 43
ldap/servers/slapd/filter.c | 24
ldap/servers/slapd/libglobs.c | 72
ldap/servers/slapd/log.c | 6
ldap/servers/slapd/main.c | 1
ldap/servers/slapd/mapping_tree.c | 12
ldap/servers/slapd/modify.c | 51
ldap/servers/slapd/modrdn.c | 6
ldap/servers/slapd/monitor.c | 8
ldap/servers/slapd/operation.c | 4
ldap/servers/slapd/opshared.c | 21
ldap/servers/slapd/pblock.c | 4
ldap/servers/slapd/plugin.c | 259 -
ldap/servers/slapd/plugin_syntax.c | 22
ldap/servers/slapd/proto-slap.h | 19
ldap/servers/slapd/psearch.c | 10
ldap/servers/slapd/pw.c | 181
ldap/servers/slapd/pw.h | 2
ldap/servers/slapd/result.c | 33
ldap/servers/slapd/sasl_io.c | 12
ldap/servers/slapd/saslbind.c | 14
ldap/servers/slapd/schema.c | 428 +
ldap/servers/slapd/search.c | 2
ldap/servers/slapd/security_wrappers.c | 6
ldap/servers/slapd/slap.h | 12
ldap/servers/slapd/slapi-plugin.h | 38
ldap/servers/slapd/slapi-private.h | 23
ldap/servers/slapd/slapi2nspr.c | 14
ldap/servers/slapd/snmp_collator.c | 2
ldap/servers/slapd/ssl.c | 513 +-
ldap/servers/slapd/task.c | 72
ldap/servers/slapd/thread_data.c | 29
ldap/servers/slapd/tools/dbscan.c | 2
ldap/servers/slapd/tools/ldclt/ldapfct.c | 31
ldap/servers/slapd/tools/mmldif.c | 12
ldap/servers/slapd/tools/rsearch/nametable.c | 1
ldap/servers/slapd/unbind.c | 6
rpm/389-ds-base.spec.in | 37
wrappers/systemd.template.service.in | 1
256 files changed, 23868 insertions(+), 2659 deletions(-)
New commits:
commit 775997f5079b1c03506e81efc661852b560089b0
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Fri Mar 6 16:46:09 2015 -0800
bump version to 1.3.3.9
diff --git a/VERSION.sh b/VERSION.sh
index 8dd9634..71c5369 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=3
-VERSION_MAINT=3.8
+VERSION_MAINT=3.9
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 74e80db8380a4606e07672dfb5e3f7d403efe150
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Dec 16 16:53:07 2014 -0500
Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all]
Fix for CVE-2014-8105
Description: At server startup check for the Retro Changelog default ACI
on cn=changelog, if present delete it.
Reviewed by: lkrispenz(Thanks!)
(cherry picked from commit 4b812a1af367ed409e21abe73a77e57092e5a5f3)
(cherry picked from commit 29652118e2ae17ca98c1934af5109f1ac87d94ae)
diff --git a/ldap/servers/plugins/retrocl/retrocl.c b/ldap/servers/plugins/retrocl/retrocl.c
index 0d2a6dc..8a0f350 100644
--- a/ldap/servers/plugins/retrocl/retrocl.c
+++ b/ldap/servers/plugins/retrocl/retrocl.c
@@ -308,6 +308,68 @@ char *retrocl_get_config_str(const char *attrt)
return ma;
}
+static void
+retrocl_remove_legacy_default_aci(void)
+{
+ Slapi_PBlock *pb = NULL;
+ Slapi_Entry **entries;
+ char **aci_vals = NULL;
+ char *attrs[] = {"aci", NULL};
+ int rc;
+
+ pb = slapi_pblock_new();
+ slapi_search_internal_set_pb(pb, RETROCL_CHANGELOG_DN, LDAP_SCOPE_BASE, "objectclass=*",
+ attrs, 0, NULL, NULL, g_plg_identity[PLUGIN_RETROCL] , 0);
+ slapi_search_internal_pb(pb);
+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
+ if (rc == LDAP_SUCCESS) {
+ slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
+ if(entries && entries[0]){
+ if((aci_vals = slapi_entry_attr_get_charray(entries[0], "aci"))){
+ if(charray_inlist(aci_vals, RETROCL_ACL)){
+ /*
+ * Okay, we need to remove the aci
+ */
+ LDAPMod mod;
+ LDAPMod *mods[2];
+ char *val[2];
+ Slapi_PBlock *mod_pb = 0;
+
+ mod_pb = slapi_pblock_new();
+ mods[0] = &mod;
+ mods[1] = 0;
+ val[0] = RETROCL_ACL;
+ val[1] = 0;
+ mod.mod_op = LDAP_MOD_DELETE;
+ mod.mod_type = "aci";
+ mod.mod_values = val;
+
+ slapi_modify_internal_set_pb_ext(mod_pb, slapi_entry_get_sdn(entries[0]),
+ mods, 0, 0, g_plg_identity[PLUGIN_RETROCL], 0);
+ slapi_modify_internal_pb(mod_pb);
+ slapi_pblock_get(mod_pb, SLAPI_PLUGIN_INTOP_RESULT, &rc);
+ if(rc == LDAP_SUCCESS){
+ slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
+ "Successfully removed vulnerable legacy default aci \"%s\". "
+ "If the aci removal was not desired please use a different \"acl "
+ "name\" so it is not removed at the next plugin startup.\n",
+ RETROCL_ACL);
+ } else {
+ slapi_log_error( SLAPI_LOG_FATAL, RETROCL_PLUGIN_NAME,
+ "Failed to removed vulnerable legacy default aci (%s) error %d\n",
+ RETROCL_ACL, rc);
+ }
+ slapi_pblock_destroy(mod_pb);
+ }
+ slapi_ch_array_free(aci_vals);
+ }
+ }
+ }
+ slapi_free_search_results_internal(pb);
+ slapi_pblock_destroy(pb);
+}
+
+
/*
* Function: retrocl_start
*
@@ -333,7 +395,10 @@ static int retrocl_start (Slapi_PBlock *pb)
LDAPDebug1Arg(LDAP_DEBUG_TRACE,"Couldnt find backend, not trimming retro changelog (%d).\n",rc);
return rc;
}
-
+
+ /* Remove the old default aci as it exposes passwords changes to anonymous users */
+ retrocl_remove_legacy_default_aci();
+
retrocl_init_trimming();
if (slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e) != 0) {
diff --git a/ldap/servers/plugins/retrocl/retrocl_create.c b/ldap/servers/plugins/retrocl/retrocl_create.c
index 1ffdaae..870421c 100644
--- a/ldap/servers/plugins/retrocl/retrocl_create.c
+++ b/ldap/servers/plugins/retrocl/retrocl_create.c
@@ -344,10 +344,6 @@ void retrocl_create_cle (void)
val.bv_len = strlen(val.bv_val);
slapi_entry_add_values( e, "cn", vals );
- val.bv_val = RETROCL_ACL;
- val.bv_len = strlen(val.bv_val);
- slapi_entry_add_values( e, "aci", vals );
-
pb = slapi_pblock_new ();
slapi_add_entry_internal_set_pb( pb, e, NULL /* controls */,
g_plg_identity[PLUGIN_RETROCL],
commit 8603d6533d84009e13a94ce6327abfba7ae73ef4
Author: Ludwig Krispenz <lkrispen at redhat.com>
Date: Fri Nov 28 14:23:06 2014 +0100
Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all]
Fix for CVE-2014-8112
If the unhashed pw switch is set to off this should only
prevent the generation of the unhashed#user#password
attribute.
But encoding of pw values and detiecetion which values have
to be deleted needs to stay intact.
So the check if the switch is set has to be placed close to
the generation of the attribute in different 'if' branches
Reviewed by Noriko, thanks
(cherry picked from commit e5de803f4ab1b097c637c269fcc8b567e664c00d)
(cherry picked from commit 84b8bfd7d18a0613920dce36f1d3775d75e45a3e)
diff --git a/ldap/servers/plugins/retrocl/retrocl_po.c b/ldap/servers/plugins/retrocl/retrocl_po.c
index bcf53cd..61f99cf 100644
--- a/ldap/servers/plugins/retrocl/retrocl_po.c
+++ b/ldap/servers/plugins/retrocl/retrocl_po.c
@@ -101,6 +101,12 @@ static lenstr *make_changes_string(LDAPMod **ldm, const char **includeattrs)
continue;
}
}
+ if (SLAPD_UNHASHED_PW_NOLOG == slapi_config_get_unhashed_pw_switch()) {
+ if (0 == strcasecmp(ldm[ i ]->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)) {
+ /* If nsslapd-unhashed-pw-switch == nolog, skip writing it to cl. */
+ continue;
+ }
+ }
switch ( ldm[ i ]->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_ADD:
addlenstr( l, "add: " );
diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 9b2f42d..ab12f56 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -836,8 +836,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
* before calling the preop plugins
*/
- if (pw_change && !repl_op &&
- (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch())) {
+ if (pw_change && !repl_op ) {
Slapi_Value **va = NULL;
unhashed_pw_attr = slapi_attr_syntax_normalize(PSEUDO_ATTR_UNHASHEDUSERPASSWORD);
@@ -907,13 +906,15 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
* Finally, delete the unhashed userpassword
* (this will update the password entry extension)
*/
- bval.bv_val = password;
- bval.bv_len = strlen(password);
- bv[0] = &bval;
- bv[1] = NULL;
- valuearray_init_bervalarray(bv, &va);
- slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
- valuearray_free(&va);
+ if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
+ bval.bv_val = password;
+ bval.bv_len = strlen(password);
+ bv[0] = &bval;
+ bv[1] = NULL;
+ valuearray_init_bervalarray(bv, &va);
+ slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
+ valuearray_free(&va);
+ }
} else {
/*
* Password is encoded, try and find a matching unhashed_password to delete
@@ -945,19 +946,23 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){
/* match, add the delete mod for this particular unhashed userpassword */
- valuearray_init_bervalarray(bv, &va);
- slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
- valuearray_free(&va);
- free_pw_scheme( unhashed_pwsp );
+ if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
+ valuearray_init_bervalarray(bv, &va);
+ slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
+ valuearray_free(&va);
+ free_pw_scheme( unhashed_pwsp );
+ }
break;
}
} else {
/*
* We have a hashed unhashed_userpassword! We must delete it.
*/
- valuearray_init_bervalarray(bv, &va);
- slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
- valuearray_free(&va);
+ if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
+ valuearray_init_bervalarray(bv, &va);
+ slapi_mods_add_mod_values(&smods, pw_mod->mod_op, unhashed_pw_attr, va);
+ valuearray_free(&va);
+ }
}
free_pw_scheme( unhashed_pwsp );
}
@@ -972,7 +977,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
if (remove_unhashed_pw && !slapi_entry_attr_find(e, unhashed_pw_attr, &a)){
slapi_mods_add_mod_values(&smods, pw_mod->mod_op,unhashed_pw_attr, va);
}
- } else {
+ } else if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
/* add pseudo password attribute */
valuearray_init_bervalarray_unhashed_only(pw_mod->mod_bvalues, &va);
if(va && va[0]){
commit 1e38fbea783704d021950e03b57df0c54a1f7545
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed Mar 4 15:05:09 2015 -0800
Ticket #47801 - RHDS keeps on logging write_changelog_and_ruv: failed to update RUV for unknown
Description: When no operation is given to write_changelog_and_ruv
(consumer has the chance just to update ruv) and opcsn is NULL,
update_ruv_component immediately returns the default return value
RUV_NOTFOUND, which should not be logged as SLAPI_LOG_FATAL but
just ignored.
https://fedorahosted.org/389/ticket/47801
Reviewed by rmeggins at redhat.com (Thank you, Rich!!)
(cherry picked from commit c170d9541cca17031e2663c24a1a1e97d8b3172a)
diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c
index 495afeb..84e4a07 100644
--- a/ldap/servers/plugins/replication/repl5_plugins.c
+++ b/ldap/servers/plugins/replication/repl5_plugins.c
@@ -1233,17 +1233,17 @@ write_changelog_and_ruv (Slapi_PBlock *pb)
}
rc = update_ruv_component(r, opcsn, pb);
if (RUV_COVERS_CSN == rc) {
- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
"write_changelog_and_ruv: RUV already covers csn for "
"%s (uniqid: %s, optype: %lu) csn %s\n",
dn, uniqueid, optype,
csn_as_string(oppcsn, PR_FALSE, csn_str));
- } else if (rc != RUV_SUCCESS) {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ } else if ((rc != RUV_SUCCESS) && (rc != RUV_NOTFOUND)) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
"write_changelog_and_ruv: failed to update RUV for "
- "%s (uniqid: %s, optype: %lu) to changelog csn %s\n",
+ "%s (uniqid: %s, optype: %lu) to changelog csn %s - rc %d\n",
dn, uniqueid, optype,
- csn_as_string(oppcsn, PR_FALSE, csn_str));
+ csn_as_string(oppcsn, PR_FALSE, csn_str), rc);
}
}
commit 06a5cc4cf8732081489a443db2e782d78b53980f
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed Mar 4 13:05:02 2015 -0800
Ticket #47957 - Make ReplicaWaitForAsyncResults configurable
Description: Introducing a config attr nsDS5ReplicaWaitForAsyncResults
to the agreement entry.
dn: cn=<AGREEMENT>,cn=replica,cn="<SUFFIX>",cn=mapping tree,cn=config
nsDS5ReplicaWaitForAsyncResults: <integer in millisecond>
Prior to this patch, supplier sleeps 1 second if it finds the response
from consumer is not ready. 1 second could be too long if higher
replication throughput is required.
This patch makes the waiting time configurable, and change the default
to 100 millisecond. If the attribute nsDS5ReplicaWaitForAsyncResults
does not exist or the value is 0, the default value is set.
https://fedorahosted.org/389/ticket/47957
Reviewed by rmeggins at redhat.com (Thank you!!)
(cherry picked from commit 2802f362395eac0bbbec99fef86ca27240da0d0f)
diff --git a/ldap/schema/01core389.ldif b/ldap/schema/01core389.ldif
index 9b7ec1d..ffd8710 100644
--- a/ldap/schema/01core389.ldif
+++ b/ldap/schema/01core389.ldif
@@ -306,6 +306,7 @@ attributeTypes: ( 2.16.840.1.113730.3.1.2310 NAME 'nsds5ReplicaFlowControlWindow
attributeTypes: ( 2.16.840.1.113730.3.1.2311 NAME 'nsds5ReplicaFlowControlPause' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
attributeTypes: ( 2.16.840.1.113730.3.1.2313 NAME 'nsslapd-changelogtrim-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
attributeTypes: ( 2.16.840.1.113730.3.1.2314 NAME 'nsslapd-changelogcompactdb-interval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
+attributeTypes: ( 2.16.840.1.113730.3.1.2315 NAME 'nsDS5ReplicaWaitForAsyncResults' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )
#
# objectclasses
#
@@ -317,7 +318,7 @@ objectClasses: ( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape d
objectClasses: ( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top MUST ( CN ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY (cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top MAY ( nstombstonecsn $ nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' )
-objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5ReplicaFlowControlPause ) X-ORIGIN 'Netscape Directory Server' )
+objectClasses: ( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top MUST ( cn ) MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5ReplicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaFlowControlWindow $ nsds5ReplicaFlowControlPause $ nsDS5ReplicaWaitForAsyncResults ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top MAY ( cn ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY ( nsSaslMapPriority ) X-ORIGIN 'Netscape Directory Server' )
objectClasses: ( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' )
diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index 39d25bb..a7da266 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -194,6 +194,9 @@ extern const char *type_winSyncSubtreePair;
/* To Allow Consumer Initialisation when adding an agreement - */
extern const char *type_nsds5BeginReplicaRefresh;
+/* For tuning replica release */
+extern const char *type_nsds5WaitForAsyncResults;
+
/* replica related attributes */
extern const char *attr_replicaId;
extern const char *attr_replicaRoot;
@@ -412,6 +415,7 @@ void add_agmt_maxcsns(Slapi_Entry *e, Replica *r);
void agmt_set_maxcsn(Repl_Agmt *ra);
void agmt_remove_maxcsn(Repl_Agmt *ra);
int agmt_maxcsn_to_smod (Replica *r, Slapi_Mod *smod);
+int agmt_set_WaitForAsyncResults(Repl_Agmt *ra, const Slapi_Entry *e);
/* In repl5_agmtlist.c */
int agmtlist_config_init();
@@ -748,6 +752,9 @@ void repl5_set_debug_timeout(const char *val);
/* temp hack XXX */
ReplicaId agmt_get_consumerRID(Repl_Agmt *ra);
+/* For replica release tuning */
+int agmt_get_WaitForAsyncResults(Repl_Agmt *ra);
+
PRBool ldif_dump_is_running();
void windows_init_agreement_from_entry(Repl_Agmt *ra, Slapi_Entry *e);
diff --git a/ldap/servers/plugins/replication/repl5_agmt.c b/ldap/servers/plugins/replication/repl5_agmt.c
index d27648e..2ccb7ba 100644
--- a/ldap/servers/plugins/replication/repl5_agmt.c
+++ b/ldap/servers/plugins/replication/repl5_agmt.c
@@ -154,6 +154,8 @@ typedef struct repl5agmt {
* This is the duration (in msec) that the RA will pause before sending the next entry
*/
Slapi_RWLock *attr_lock; /* RW lock for all the stripped attrs */
+ int WaitForAsyncResults; /* Pass to DS_Sleep(PR_MillisecondsToInterval(WaitForAsyncResults))
+ * in repl5_inc_waitfor_async_results */
} repl5agmt;
/* Forward declarations */
@@ -315,7 +317,8 @@ agmt_new_from_entry(Slapi_Entry *e)
ra->port = slapi_entry_attr_get_int(e, type_nsds5ReplicaPort);
/* SSL, TLS, or other transport stuff */
ra->transport_flags = 0;
- agmt_set_transportinfo_no_lock(ra, e);
+ (void) agmt_set_transportinfo_no_lock(ra, e);
+ (void) agmt_set_WaitForAsyncResults(ra, e);
/* DN to use when binding. May be empty if certain SASL auth is to be used e.g. EXTERNAL GSSAPI. */
ra->binddn = slapi_entry_attr_get_charptr(e, type_nsds5ReplicaBindDN);
@@ -1727,6 +1730,27 @@ agmt_set_transportinfo_no_lock(Repl_Agmt *ra, const Slapi_Entry *e)
return (rc);
}
+int
+agmt_set_WaitForAsyncResults(Repl_Agmt *ra, const Slapi_Entry *e)
+{
+ int wait = 0;
+ if (e) {
+ wait = slapi_entry_attr_get_int(e, type_nsds5WaitForAsyncResults);
+ }
+ if (wait <= 0) {
+ ra->WaitForAsyncResults = 100; /* 0.1 sec */
+ } else {
+ ra->WaitForAsyncResults = wait;
+ }
+ return 0;
+}
+
+int
+agmt_get_WaitForAsyncResults(Repl_Agmt *ra)
+{
+ return ra->WaitForAsyncResults;
+}
+
int
agmt_set_transportinfo_from_entry(Repl_Agmt *ra, const Slapi_Entry *e)
{
diff --git a/ldap/servers/plugins/replication/repl5_agmtlist.c b/ldap/servers/plugins/replication/repl5_agmtlist.c
index e414e0b..5b419c6 100644
--- a/ldap/servers/plugins/replication/repl5_agmtlist.c
+++ b/ldap/servers/plugins/replication/repl5_agmtlist.c
@@ -548,7 +548,8 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
rc = SLAPI_DSE_CALLBACK_ERROR;
}
}
- else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_replicaProtocolTimeout)){
+ else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_replicaProtocolTimeout))
+ {
if (mods[i]->mod_op & LDAP_MOD_DELETE)
{
agmt_set_protocol_timeout(agmt, 0);
@@ -574,6 +575,14 @@ agmtlist_modify_callback(Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry
agmt_set_protocol_timeout(agmt, ptimeout);
}
}
+ else if (slapi_attr_types_equivalent(mods[i]->mod_type, type_nsds5WaitForAsyncResults))
+ {
+ if (mods[i]->mod_op & LDAP_MOD_DELETE) {
+ (void) agmt_set_WaitForAsyncResults(agmt, NULL);
+ } else {
+ (void) agmt_set_WaitForAsyncResults(agmt, e);
+ }
+ }
else if (0 == windows_handle_modify_agreement(agmt, mods[i]->mod_type, e))
{
slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name, "agmtlist_modify_callback: "
diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
index f18fde5..bd4edeb 100644
--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
@@ -110,6 +110,7 @@ typedef struct result_data
int last_message_id_received;
int flowcontrol_detection;
int result; /* The UPDATE_TRANSIENT_ERROR etc */
+ int WaitForAsyncResults;
} result_data;
/* Various states the incremental protocol can pass through */
@@ -492,18 +493,17 @@ repl5_inc_waitfor_async_results(result_data *rd)
slapi_log_error(SLAPI_LOG_REPL, NULL,
"repl5_inc_waitfor_async_results: %d %d\n",
rd->last_message_id_received, rd->last_message_id_sent);
- if (rd->last_message_id_received >= rd->last_message_id_sent)
- {
+ if (rd->last_message_id_received >= rd->last_message_id_sent) {
/* If so then we're done */
done = 1;
- }
- if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST))
- {
+ } else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST)) {
done = 1; /* no connection == no more results */
}
PR_Unlock(rd->lock);
- /* If not then sleep a bit */
- DS_Sleep(PR_SecondsToInterval(1));
+ if (!done) {
+ /* If not then sleep a bit */
+ DS_Sleep(PR_MillisecondsToInterval(rd->WaitForAsyncResults));
+ }
loops++;
/* If we sleep forever then we can conclude that something bad happened, and bail... */
/* Arbitrary 30 second delay : basically we should only expect to wait as long as it takes to process a few operations, which should be on the order of a second at most */
@@ -1912,6 +1912,7 @@ send_updates(Private_Repl_Protocol *prp, RUV *remote_update_vector, PRUint32 *nu
{
/* We need to ensure that we wait until all the responses have been received from our operations */
if (return_value != UPDATE_CONNECTION_LOST) {
+ rd->WaitForAsyncResults = agmt_get_WaitForAsyncResults(prp->agmt);
/* if connection was lost/closed, there will be nothing to read */
repl5_inc_waitfor_async_results(rd);
}
diff --git a/ldap/servers/plugins/replication/repl_globals.c b/ldap/servers/plugins/replication/repl_globals.c
index e2157fa..7f4fcd2 100644
--- a/ldap/servers/plugins/replication/repl_globals.c
+++ b/ldap/servers/plugins/replication/repl_globals.c
@@ -141,6 +141,7 @@ const char *type_nsds5ReplicaEnabled = "nsds5ReplicaEnabled";
const char *type_nsds5ReplicaStripAttrs = "nsds5ReplicaStripAttrs";
const char* type_nsds5ReplicaFlowControlWindow = "nsds5ReplicaFlowControlWindow";
const char* type_nsds5ReplicaFlowControlPause = "nsds5ReplicaFlowControlPause";
+const char *type_nsds5WaitForAsyncResults = "nsds5ReplicaWaitForAsyncResults";
/* windows sync specific attributes */
const char *type_nsds7WindowsReplicaArea = "nsds7WindowsReplicaSubtree";
commit f298e2bbc2ca55f93a9a5353451318b58a3a7fab
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Mar 3 15:42:58 2015 -0800
Ticket 47431 - CI test: added test cases for ticket 47431
Summary: Duplicate values for the attribute nsslapd-pluginarg are not handled correctly
Test cases:
1) cn=7-bit check,cn=plugins,cn=config
nsslapd-pluginarg0: uid
nsslapd-pluginarg1: mail
nsslapd-pluginarg2: userpassword <== repeat 27 times
nsslapd-pluginarg3: ,
nsslapd-pluginarg4: dc=test,dc=com
==>
The duplicated values are removed by str2entry_dupcheck as follows:
[..] - str2entry_dupcheck: 27 duplicate values for attribute type nsslapd-pluginarg2
detected in entry cn=7-bit check,cn=plugins,cn=config. Extra values ignored.
2) cn=7-bit check,cn=plugins,cn=config
nsslapd-pluginarg0: uid
nsslapd-pluginarg0: mail
nsslapd-pluginarg1: userpassword
nsslapd-pluginarg2: ,
nsslapd-pluginarg3: dc=test,dc=com
==>
nsslapd-pluginarg0: uid
nsslapd-pluginarg1: mail
nsslapd-pluginarg2: userpassword
nsslapd-pluginarg3: ,
nsslapd-pluginarg4: dc=test,dc=com
3) cn=7-bit check,cn=plugins,cn=config
nsslapd-pluginarg1: uid
nsslapd-pluginarg3: mail
nsslapd-pluginarg5: userpassword
nsslapd-pluginarg7: ,
nsslapd-pluginarg9: dc=test,dc=com
==>
nsslapd-pluginarg0: uid
nsslapd-pluginarg1: mail
nsslapd-pluginarg2: userpassword
nsslapd-pluginarg3: ,
nsslapd-pluginarg4: dc=test,dc=com
Note: it does not modify the config params. The syntax errors are
internally translated and processed accordingly.
https://fedorahosted.org/389/ticket/47431
Reviewed by rmeggins at redhat.com (Thank you, Rich!!)
(cherry picked from commit 9576982b676d663139350a5aeb551ff19abedcba)
diff --git a/dirsrvtests/tickets/ticket47431_test.py b/dirsrvtests/tickets/ticket47431_test.py
new file mode 100644
index 0000000..893a303
--- /dev/null
+++ b/dirsrvtests/tickets/ticket47431_test.py
@@ -0,0 +1,251 @@
+import os
+import sys
+import time
+import ldap
+import logging
+import pytest
+from lib389 import DirSrv, Entry, tools, tasks
+from lib389.tools import DirSrvTools
+from lib389._constants import *
+from lib389.properties import *
+from lib389.tasks import *
+from lib389.utils import *
+
+logging.getLogger(__name__).setLevel(logging.DEBUG)
+log = logging.getLogger(__name__)
+
+installation1_prefix = None
+
+DN_7BITPLUGIN="cn=7-bit check,%s" % DN_PLUGIN
+ATTRS = ["uid", "mail", "userpassword", ",", SUFFIX, None]
+
+class TopologyStandalone(object):
+ def __init__(self, standalone):
+ standalone.open()
+ self.standalone = standalone
+
+
+ at pytest.fixture(scope="module")
+def topology(request):
+ global installation1_prefix
+ if installation1_prefix:
+ args_instance[SER_DEPLOYED_DIR] = installation1_prefix
+
+ # Creating standalone instance ...
+ standalone = DirSrv(verbose=False)
+ args_instance[SER_HOST] = HOST_STANDALONE
+ args_instance[SER_PORT] = PORT_STANDALONE
+ args_instance[SER_SERVERID_PROP] = SERVERID_STANDALONE
+ args_instance[SER_CREATION_SUFFIX] = DEFAULT_SUFFIX
+ args_standalone = args_instance.copy()
+ standalone.allocate(args_standalone)
+ instance_standalone = standalone.exists()
+ if instance_standalone:
+ standalone.delete()
+ standalone.create()
+ standalone.open()
+
+ # Clear out the tmp dir
+ standalone.clearTmpDir(__file__)
+
+ return TopologyStandalone(standalone)
+
+
+def test_ticket47431_0(topology):
+ '''
+ Enable 7 bit plugin
+ '''
+ log.info("Ticket 47431 - 0: Enable 7bit plugin...")
+ topology.standalone.plugins.enable(name=PLUGIN_7_BIT_CHECK)
+
+
+def test_ticket47431_1(topology):
+ '''
+ nsslapd-pluginarg0: uid
+ nsslapd-pluginarg1: mail
+ nsslapd-pluginarg2: userpassword <== repeat 27 times
+ nsslapd-pluginarg3: ,
+ nsslapd-pluginarg4: dc=example,dc=com
+
+ The duplicated values are removed by str2entry_dupcheck as follows:
+ [..] - str2entry_dupcheck: 27 duplicate values for attribute type nsslapd-pluginarg2
+ detected in entry cn=7-bit check,cn=plugins,cn=config. Extra values ignored.
+ '''
+
+ log.info("Ticket 47431 - 1: Check 26 duplicate values are treated as one...")
+ expected = "str2entry_dupcheck: .* duplicate values for attribute type nsslapd-pluginarg2 detected in entry cn=7-bit check,cn=plugins,cn=config."
+
+ log.debug('modify_s %s' % DN_7BITPLUGIN)
+ try:
+ topology.standalone.modify_s(DN_7BITPLUGIN,
+ [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', "uid"),
+ (ldap.MOD_REPLACE, 'nsslapd-pluginarg1', "mail"),
+ (ldap.MOD_REPLACE, 'nsslapd-pluginarg2', "userpassword"),
+ (ldap.MOD_REPLACE, 'nsslapd-pluginarg3', ","),
+ (ldap.MOD_REPLACE, 'nsslapd-pluginarg4', SUFFIX)])
+ except ValueError:
+ log.error('modify failed: Some problem occured with a value that was provided')
+ assert False
+
+ arg2 = "nsslapd-pluginarg2: userpassword"
+ topology.standalone.stop(timeout=10)
+ dse_ldif = topology.standalone.confdir + '/dse.ldif'
+ os.system('mv %s %s.47431' % (dse_ldif, dse_ldif))
+ os.system('sed -e "s/\\(%s\\)/\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1\\n\\1/" %s.47431 > %s' % (arg2, dse_ldif, dse_ldif))
+ topology.standalone.start(timeout=10)
+
+ cmdline = 'egrep -i "%s" %s' % (expected, topology.standalone.errlog)
+ p = os.popen(cmdline, "r")
+ line = p.readline()
+ if line == "":
+ log.error('Expected error "%s" not logged in %s' % (expected, topology.standalone.errlog))
+ assert False
+ else:
+ log.debug('line: %s' % line)
+ log.info('Expected error "%s" logged in %s' % (expected, topology.standalone.errlog))
+
+
+ log.info("Ticket 47431 - 1: done")
+
+
+def test_ticket47431_2(topology):
+ '''
+ nsslapd-pluginarg0: uid
+ nsslapd-pluginarg0: mail
+ nsslapd-pluginarg1: userpassword
+ nsslapd-pluginarg2: ,
+ nsslapd-pluginarg3: dc=example,dc=com
+ ==>
+ nsslapd-pluginarg0: uid
+ nsslapd-pluginarg1: mail
+ nsslapd-pluginarg2: userpassword
+ nsslapd-pluginarg3: ,
+ nsslapd-pluginarg4: dc=example,dc=com
+ Should be logged in error log:
+ [..] NS7bitAttr_Init - 0: uid
+ [..] NS7bitAttr_Init - 1: userpassword
+ [..] NS7bitAttr_Init - 2: mail
+ [..] NS7bitAttr_Init - 3: ,
+ [..] NS7bitAttr_Init - 4: dc=example,dc=com
+ '''
+
+ log.info("Ticket 47431 - 2: Check two values belonging to one arg is fixed...")
+
+ try:
+ topology.standalone.modify_s(DN_7BITPLUGIN,
+ [(ldap.MOD_REPLACE, 'nsslapd-pluginarg0', "uid"),
+ (ldap.MOD_ADD, 'nsslapd-pluginarg0', "mail"),
+ (ldap.MOD_REPLACE, 'nsslapd-pluginarg1', "userpassword"),
+ (ldap.MOD_REPLACE, 'nsslapd-pluginarg2', ","),
+ (ldap.MOD_REPLACE, 'nsslapd-pluginarg3', SUFFIX),
+ (ldap.MOD_DELETE, 'nsslapd-pluginarg4', None)])
+ except ValueError:
+ log.error('modify failed: Some problem occured with a value that was provided')
+ assert False
+
+ # PLUGIN LOG LEVEL
+ topology.standalone.modify_s(DN_CONFIG, [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '65536')])
+
+ topology.standalone.restart(timeout=10)
+
+ cmdline = 'egrep -i %s %s' % ("NS7bitAttr_Init", topology.standalone.errlog)
+ p = os.popen(cmdline, "r")
+ i = 0
+ while ATTRS[i]:
+ line = p.readline()
+ log.debug('line - %s' % line)
+ log.debug('ATTRS[%d] %s' % (i, ATTRS[i]))
+ if line == "":
+ break
+ elif line.find(ATTRS[i]) >= 0:
+ log.debug('%s was logged' % ATTRS[i])
+ else:
+ log.error('%s was not logged.' % ATTRS[i])
+ assert False
+ i = i + 1
+
+ log.info("Ticket 47431 - 2: done")
+
+
More information about the Pkg-fedora-ds-maintainers
mailing list