[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'upstream'

Timo Aaltonen tjaalton at moszumanska.debian.org
Mon Feb 22 06:04:22 UTC 2016


 VERSION.sh                                            |    2 
 dirsrvtests/create_test.py                            |  343 +++++++++++-------
 dirsrvtests/tickets/ticket48312_test.py               |  168 ++++++++
 dirsrvtests/tickets/ticket48362_test.py               |  278 ++++++++++++++
 dirsrvtests/tickets/ticket48369_test.py               |  124 ++++++
 dirsrvtests/tickets/ticket48370_test.py               |  236 ++++++++++++
 ldap/admin/src/scripts/DSCreate.pm.in                 |   25 -
 ldap/admin/src/scripts/start-dirsrv.in                |    2 
 ldap/admin/src/scripts/template-bak2db.in             |    3 
 ldap/admin/src/scripts/template-db2bak.in             |    5 
 ldap/admin/src/scripts/template-db2index.in           |    5 
 ldap/admin/src/scripts/template-db2ldif.in            |    3 
 ldap/admin/src/scripts/template-dbverify.in           |    5 
 ldap/admin/src/scripts/template-dn2rdn.in             |    5 
 ldap/admin/src/scripts/template-ldif2db.in            |    3 
 ldap/admin/src/scripts/template-ldif2ldap.in          |    5 
 ldap/admin/src/scripts/template-monitor.in            |    5 
 ldap/admin/src/scripts/template-restoreconfig.in      |    5 
 ldap/admin/src/scripts/template-saveconfig.in         |    5 
 ldap/admin/src/scripts/template-suffix2instance.in    |    5 
 ldap/admin/src/scripts/template-upgradedb.in          |    3 
 ldap/admin/src/scripts/template-upgradednformat.in    |    5 
 ldap/admin/src/scripts/template-vlvindex.in           |    3 
 ldap/schema/02common.ldif                             |    1 
 ldap/servers/plugins/acl/acl.c                        |   14 
 ldap/servers/plugins/cos/cos_cache.c                  |   17 
 ldap/servers/plugins/dna/dna.c                        |    7 
 ldap/servers/plugins/mep/mep.c                        |   18 
 ldap/servers/plugins/replication/repl5.h              |    1 
 ldap/servers/plugins/replication/repl5_connection.c   |   19 
 ldap/servers/plugins/replication/repl5_inc_protocol.c |  182 +++++----
 ldap/servers/plugins/replication/repl5_plugins.c      |   61 ++-
 ldap/servers/plugins/replication/repl5_replica.c      |    1 
 ldap/servers/plugins/replication/urp.c                |    2 
 ldap/servers/slapd/abandon.c                          |    4 
 ldap/servers/slapd/attrsyntax.c                       |    3 
 ldap/servers/slapd/back-ldbm/index.c                  |   29 -
 ldap/servers/slapd/bind.c                             |    4 
 ldap/servers/slapd/connection.c                       |  110 +++--
 ldap/servers/slapd/conntable.c                        |   19 
 ldap/servers/slapd/daemon.c                           |   25 -
 ldap/servers/slapd/extendop.c                         |   10 
 ldap/servers/slapd/libglobs.c                         |   28 +
 ldap/servers/slapd/main.c                             |   27 -
 ldap/servers/slapd/modrdn.c                           |   24 -
 ldap/servers/slapd/operation.c                        |   18 
 ldap/servers/slapd/opshared.c                         |   35 +
 ldap/servers/slapd/pagedresults.c                     |  100 ++---
 ldap/servers/slapd/pblock.c                           |   74 +--
 ldap/servers/slapd/plugin.c                           |   85 +++-
 ldap/servers/slapd/proto-slap.h                       |   10 
 ldap/servers/slapd/psearch.c                          |   10 
 ldap/servers/slapd/pw_mgmt.c                          |    5 
 ldap/servers/slapd/saslbind.c                         |   26 -
 ldap/servers/slapd/schema.c                           |   16 
 ldap/servers/slapd/slap.h                             |    4 
 ldap/servers/slapd/start_tls_extop.c                  |   10 
 ldap/servers/slapd/tools/ldclt/ldclt.c                |    5 
 ldap/servers/slapd/unbind.c                           |    4 
 ldap/servers/slapd/utf8compare.c                      |   34 -
 60 files changed, 1734 insertions(+), 551 deletions(-)

New commits:
commit d2a9c99e94749de4d150a6e9302ac844e6de2037
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Fri Feb 12 13:31:44 2016 -0800

    bump version to 1.3.4.8

diff --git a/VERSION.sh b/VERSION.sh
index ba78622..ca1c3ed 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
 # PACKAGE_VERSION is constructed from these
 VERSION_MAJOR=1
 VERSION_MINOR=3
-VERSION_MAINT=4.7
+VERSION_MAINT=4.8
 # if this is a PRERELEASE, set VERSION_PREREL
 # otherwise, comment it out
 # be sure to include the dot prefix in the prerel

commit 02af085c2a9c23536c8d276ee35794ec6efc81f5
Author: Thierry Bordaz <tbordaz at redhat.com>
Date:   Wed Feb 10 15:17:02 2016 +0100

    Ticket 48445: keep alive entries can break replication
    
    Bug Description:
    	On the consumer side, at the end of a total update the replica is enabled and the changelog recreated.
    	When the replica is enabled the keep alive entry (for that replica) is created .
    	There is a race condition (that look quite systematic in our tests) if the creation of the entry is added to the changelog
    	before the changelog is recreated.
    	In that case the ADD is erased from the CL and will never be replicated.
    
    	The keep alive entry is created (if it does not already exist) :
    		- during a total update (as supplier)
    		- when the keep alive is updated
    		- when the replica is enabled
    
    Fix Description:
    	It is not strictly necessary to create the keep alive when the replica is enabled.
    	So we can skip the creation during that step.
    
    https://fedorahosted.org/389/ticket/48445
    
    Reviewed by: Mark Reynolds (thank you Mark)
    
    Platforms tested: F23
    
    Flag Day: no
    
    Doc impact: no
    
    (cherry picked from commit 71a891f0dcfd1aafeb3913279d42e33ed2355312)

diff --git a/ldap/servers/plugins/replication/repl5_replica.c b/ldap/servers/plugins/replication/repl5_replica.c
index 8b53f3c..31c5f0f 100644
--- a/ldap/servers/plugins/replication/repl5_replica.c
+++ b/ldap/servers/plugins/replication/repl5_replica.c
@@ -3972,7 +3972,6 @@ replica_enable_replication (Replica *r)
         /* What to do ? */
     }
 
-    replica_subentry_check(r->repl_root, replica_get_rid(r));
     /* Replica came back online, Check if the total update was terminated.
        If flag is still set, it was not terminated, therefore the data is
        very likely to be incorrect, and we should not restart Replication threads...

commit bd254a2eea380ade90700b22567e1d9063890f02
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Thu Feb 11 16:18:00 2016 -0500

    Ticket 47788 - Only check postop result if its a replication operation
    
    Bug Description:  With IPA tests, without using replication, an error is
                      being triggered that is stoipping nomral updates from
                      going through.
    
    Fix Description:  Move the error checking up into the code block above
                      which only executes for replicated operations.
    
    https://fedorahosted.org/389/ticket/47788
    
    Reviewed by: nhosoi & tbordaz(Thanks!!)
    
    (cherry picked from commit d7b598da2eff95070936bf7c3e01bcd11c44ed60)

diff --git a/ldap/servers/plugins/replication/repl5_plugins.c b/ldap/servers/plugins/replication/repl5_plugins.c
index c2fa214..bb43b9b 100644
--- a/ldap/servers/plugins/replication/repl5_plugins.c
+++ b/ldap/servers/plugins/replication/repl5_plugins.c
@@ -1306,54 +1306,55 @@ process_postop (Slapi_PBlock *pb)
 			slapi_pblock_get( pb, SLAPI_OPERATION_PARAMETERS, &op_params );
 			slapi_ch_free((void **) &op_params->p.p_modrdn.modrdn_newsuperior_address.uniqueid);
 		}
-	}
-	if (!ignore_error_and_keep_going(retval)){
-		/*
-		 * We have an error we can't ignore.  Release the replica and close
-		 * the connection to stop the replication session.
-		 */
-		consumer_connection_extension *connext = NULL;
-		Slapi_Connection *conn = NULL;
-		char csn_str[CSN_STRSIZE] = {'\0'};
-		PRUint64 connid = 0;
-		int opid = 0;
 
-		slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
-		slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
-		slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
-		if (conn)
-		{
-			slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
-				"process_postop: Failed to apply update (%s) error (%d).  "
-				"Aborting replication session(conn=%" NSPRIu64 " op=%d)\n",
-				csn_as_string(opcsn, PR_FALSE, csn_str), retval,
-				connid, opid);
+		if (!ignore_error_and_keep_going(retval)){
 			/*
-			 * Release this replica so new sessions can begin
+			 * We have an error we can't ignore.  Release the replica and close
+			 * the connection to stop the replication session.
 			 */
-			connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid);
-			if (connext && connext->replica_acquired)
+			consumer_connection_extension *connext = NULL;
+			Slapi_Connection *conn = NULL;
+			char csn_str[CSN_STRSIZE] = {'\0'};
+			PRUint64 connid = 0;
+			int opid = 0;
+
+			slapi_pblock_get(pb, SLAPI_CONNECTION, &conn);
+			slapi_pblock_get(pb, SLAPI_OPERATION_ID, &opid);
+			slapi_pblock_get(pb, SLAPI_CONN_ID, &connid);
+			if (conn)
 			{
-				int zero = 0;
-				Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired);
-
-				replica_relinquish_exclusive_access(r, connid, opid);
-				object_release ((Object*)connext->replica_acquired);
-				connext->replica_acquired = NULL;
-				connext->isreplicationsession = 0;
-				slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero );
-			}
-			if (connext){
-				consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE);
-			}
+				slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+					"process_postop: Failed to apply update (%s) error (%d).  "
+					"Aborting replication session(conn=%" NSPRIu64 " op=%d)\n",
+					csn_as_string(opcsn, PR_FALSE, csn_str), retval,
+					connid, opid);
+				/*
+				 * Release this replica so new sessions can begin
+				 */
+				connext = consumer_connection_extension_acquire_exclusive_access(conn, connid, opid);
+				if (connext && connext->replica_acquired)
+				{
+					int zero = 0;
+					Replica *r = (Replica*)object_get_data ((Object*)connext->replica_acquired);
+
+					replica_relinquish_exclusive_access(r, connid, opid);
+					object_release ((Object*)connext->replica_acquired);
+					connext->replica_acquired = NULL;
+					connext->isreplicationsession = 0;
+					slapi_pblock_set( pb, SLAPI_CONN_IS_REPLICATION_SESSION, &zero );
+				}
+				if (connext){
+					consumer_connection_extension_relinquish_exclusive_access(conn, connid, opid, PR_FALSE);
+				}
 
-			/*
-			 * Close the connection to end the current session with the
-			 * supplier.  This prevents new updates from coming in and
-			 * updating the consumer RUV - which would cause this failed
-			 * update to be never be replayed.
-			 */
-			slapi_disconnect_server(conn);
+				/*
+				 * Close the connection to end the current session with the
+				 * supplier.  This prevents new updates from coming in and
+				 * updating the consumer RUV - which would cause this failed
+				 * update to be never be replayed.
+				 */
+				slapi_disconnect_server(conn);
+			}
 		}
 	}
 	if (NULL == opcsn)

commit 7fb593fe56dbbce06f707bd9807bf14748273ea2
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Wed Feb 10 13:45:50 2016 -0800

    Ticket #48536 - Crash in slapi_get_object_extension
    
    Description: commit 091a5f5daf3fa378f029e293c5358ae9be9f548e introduced
    a compier warning: format '%x' expects argument of type 'unsigned int',
    but argument 4 has type 'Slapi_PBlock * {aka struct slapi_pblock *}
    
    Replacing '%x' with '%p'.
    
    (cherry picked from commit b31749f2a0bed838712719b2e6533bed0a4144e0)

diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index d56bed6..7b7fea1 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -319,7 +319,7 @@ acl_access_allowed(
 
 	if (pb != aclpb->aclpb_pblock) {
 		slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
-		                "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
+		                "acl_access_allowed: Resetting aclpb_pblock %p to pblock addr %p\n",
 		                aclpb->aclpb_pblock, pb);
 		aclpb->aclpb_pblock = pb;
 	}
@@ -942,7 +942,7 @@ acl_read_access_allowed_on_entry (
 	 
 	if (pb != aclpb->aclpb_pblock) {
 		slapi_log_error(SLAPI_LOG_ACL, plugin_name,
-		                "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
+		                "acl_read_access_allowed_on_entry: Resetting aclpb_pblock %p to pblock addr %p\n",
 		                aclpb->aclpb_pblock, pb);
 		aclpb->aclpb_pblock = pb;
 	}

commit 8a83a93977f13db36e42798a5eed041c1b3868a9
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Tue Feb 9 16:12:07 2016 -0800

    Ticket #48536 - Crash in slapi_get_object_extension
    
    Description: The crashed was caused by the combination of psearch and
    updating one of these group values: groupOfNames, groupOfUniqueNames,
    groupOfCertificates, groupOfURL.
    
    In the psearch, it creates aclpb in the acl plug-in and sets the original
    pblock address in the aclpb. Then, psearch creates a copy of the pblock and
    sets it in the psearch structure.  Now, the pblock address in aclpb and the
    pblock address in the psearch structure do not match. The original pblock
    itself is freed and the pblock area which address is stored in aclpb is not
    guaranteed what is in it.
    
    If nothing occurs, the freed pblock in aclpb is not accessed. But once one
    of the group values is updated, the acl plug-in signature is updated and it
    triggers to get aclpb from the pblock.
    
    The acl_get_aclpb call accesses the freed pblock (e.g., NULL op) and it
    crashes the server.
    
    This patch checks the current pblock address and the pblock address in aclpb.
    If they don't match, the address in aclpb is reassigned to the current pblock
    address.
    
    https://fedorahosted.org/389/ticket/48536
    
    Reviewed by mreynolds at redhat.com (Thank you, Mark!!)
    
    (cherry picked from commit 091a5f5daf3fa378f029e293c5358ae9be9f548e)

diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 678a999..d56bed6 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -317,6 +317,13 @@ acl_access_allowed(
 		goto cleanup_and_ret;
 	}
 
+	if (pb != aclpb->aclpb_pblock) {
+		slapi_log_error(SLAPI_LOG_FATAL, plugin_name,
+		                "acl_access_allowed: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
+		                aclpb->aclpb_pblock, pb);
+		aclpb->aclpb_pblock = pb;
+	}
+
 	if ( !aclpb->aclpb_curr_entry_sdn ) {
 		slapi_log_error	( SLAPI_LOG_FATAL, plugin_name,	 "NULL aclpb_curr_entry_sdn \n" );
 		ret_val	= LDAP_OPERATIONS_ERROR;
@@ -932,6 +939,13 @@ acl_read_access_allowed_on_entry (
 							tnf_string,end,"aclpb error");
 		return LDAP_OPERATIONS_ERROR;
 	}
+	 
+	if (pb != aclpb->aclpb_pblock) {
+		slapi_log_error(SLAPI_LOG_ACL, plugin_name,
+		                "acl_read_access_allowed_on_entry: Resetting aclpb_pblock 0x%x to pblock addr 0x%x\n",
+		                aclpb->aclpb_pblock, pb);
+		aclpb->aclpb_pblock = pb;
+	}
 
 	/*
 	 * Am I	a anonymous dude ? then	we can use our anonympous profile

commit 9bd53c297683e691fef174bf1aed6842f475fb9f
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Wed Feb 10 11:36:32 2016 -0800

    Ticket #48492 - heap corruption at schema replication.
    
    Description: 389-ds-base-1.3.2 and newer uses openldap schema parser,
    which is more strict with the definition.  For instance, the older
    389-ds-base could have a schema such as SINTAX OID in single quotes,
    which is not acceptable on the newer version.  There was a bug to
    handle the error case that caused a crash.
    
    This patch adds
    1) the null reference check to attr_syntax_free (attrsyntax.c),
    2) a null init to the output arg in parse_at_str and parse_oc_str
       (schema.c) and
    3) an error logging to schema_berval_to_atlist & schema_berval_to_oclist
       (schema.c) for troubleshooting.
    
    https://fedorahosted.org/389/ticket/48492
    
    Reviewed by wibrown at redhat.com and mreynolds at redhat.com (Thank you, William and Mark!)
    
    (cherry picked from commit b5bfa2a0386e168ce2196a077169382ae53a94b4)

diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
index 4cdcf86..8b2a77a 100644
--- a/ldap/servers/slapd/attrsyntax.c
+++ b/ldap/servers/slapd/attrsyntax.c
@@ -189,6 +189,9 @@ attr_syntax_check_oids()
 void
 attr_syntax_free( struct asyntaxinfo *a )
 {
+	if (!a) {
+		return;
+	}
 	cool_charray_free( a->asi_aliases );
 	slapi_ch_free_string(&a->asi_name );
 	slapi_ch_free_string(&a->asi_desc );
diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
index 65cbad5..dd56599 100644
--- a/ldap/servers/slapd/schema.c
+++ b/ldap/servers/slapd/schema.c
@@ -263,6 +263,9 @@ static PRCallOnceType schema_dse_mandatory_init_callonce = { 0, 0, 0 };
 static int parse_at_str(const char *input, struct asyntaxinfo **asipp, char *errorbuf, size_t errorbufsize,
         PRUint32 schema_flags, int is_user_defined, int schema_ds4x_compat, int is_remote)
 {
+    if (asipp) {
+        *asipp = NULL;
+    }
 #ifdef USE_OPENLDAP
     return parse_attr_str(input, asipp, errorbuf, errorbufsize, schema_flags, is_user_defined,schema_ds4x_compat,is_remote);
 #else
@@ -274,6 +277,9 @@ static int parse_oc_str(const char *input, struct objclass **oc, char *errorbuf,
 		size_t errorbufsize, PRUint32 schema_flags, int is_user_defined,
 		int schema_ds4x_compat, struct objclass* private_schema )
 {
+    if (oc) {
+        *oc = NULL;
+    }
 #ifdef USE_OPENLDAP
     return parse_objclass_str (input, oc, errorbuf, errorbufsize, schema_flags, is_user_defined, schema_ds4x_compat, private_schema );
 #else
@@ -7146,11 +7152,15 @@ schema_berval_to_oclist(struct berval **oc_berval)
         oc_list = NULL;
         oc_tail = NULL;
         if (oc_berval != NULL) {
+                errorbuf[0] = '\0';
                 for (i = 0; oc_berval[i] != NULL; i++) {
                         /* parse the objectclass value */
                         if (LDAP_SUCCESS != (rc = parse_oc_str(oc_berval[i]->bv_val, &oc,
                                 errorbuf, sizeof (errorbuf), DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0,
                                 schema_ds4x_compat, oc_list))) {
+                                slapi_log_error(SLAPI_LOG_FATAL, "schema",
+                                                "parse_oc_str returned error: %s\n",
+                                                errorbuf[0]?errorbuf:"unknown");
                                 oc_free(&oc);
                                 rc = 1;
                                 break;
@@ -7184,11 +7194,15 @@ schema_berval_to_atlist(struct berval **at_berval)
     schema_ds4x_compat = config_get_ds4_compatible_schema();
 
     if (at_berval != NULL) {
+        errorbuf[0] = '\0';
         for (i = 0; at_berval[i] != NULL; i++) {
             /* parse the objectclass value */
             rc = parse_at_str(at_berval[i]->bv_val, &at, errorbuf, sizeof (errorbuf),
                     DSE_SCHEMA_NO_CHECK | DSE_SCHEMA_USE_PRIV_SCHEMA, 0, schema_ds4x_compat, 0);
-            if(rc){
+            if (rc) {
+                slapi_log_error(SLAPI_LOG_FATAL, "schema",
+                                "parse_oc_str returned error: %s\n",
+                                errorbuf[0]?errorbuf:"unknown");
                 attr_syntax_free(at);
                 break;
             }

commit 099883cd270d574d16b458ee144069d3c82dec7b
Author: William Brown <firstyear at redhat.com>
Date:   Sun Jan 31 14:27:13 2016 +1000

    Ticket 48448 - dirsrv start-stop fail in certain shell environments.
    
    Bug Description:  Dirsrv fails to start and stop with certain shell environments
    . This is due to the usage of the pattern
    
      cd $SERVERBIN_DIR
      ./ns-slapd ...
    
    Fix Description:  Change all invocations of commands to use explicit paths:
    
      $SERVERBIN_DIR/ns-slapd
    
    https://fedorahosted.org/389/ticket/48448
    
    Author: wibrown
    
    Review by: nhosoi (Thanks!)

diff --git a/ldap/admin/src/scripts/start-dirsrv.in b/ldap/admin/src/scripts/start-dirsrv.in
index 458f0e8..513addb 100755
--- a/ldap/admin/src/scripts/start-dirsrv.in
+++ b/ldap/admin/src/scripts/start-dirsrv.in
@@ -70,7 +70,7 @@ start_instance() {
             return 1
         fi
     else
-        cd $SERVERBIN_DIR; ./ns-slapd -D $CONFIG_DIR -i $PIDFILE -w $STARTPIDFILE "$@"
+        $SERVERBIN_DIR/ns-slapd -D $CONFIG_DIR -i $PIDFILE -w $STARTPIDFILE "$@"
         if [ $? -ne 0 ]; then
             return 1
         fi
diff --git a/ldap/admin/src/scripts/template-bak2db.in b/ldap/admin/src/scripts/template-bak2db.in
index 1725aba..01a12fa 100755
--- a/ldap/admin/src/scripts/template-bak2db.in
+++ b/ldap/admin/src/scripts/template-bak2db.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./bak2db "$@" -Z {{SERV-ID}}
+{{SERVERBIN-DIR}}/bak2db "$@" -Z {{SERV-ID}}
 exit $?
diff --git a/ldap/admin/src/scripts/template-db2bak.in b/ldap/admin/src/scripts/template-db2bak.in
index 50fd5ed..70a4a2b 100755
--- a/ldap/admin/src/scripts/template-db2bak.in
+++ b/ldap/admin/src/scripts/template-db2bak.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./db2bak "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/db2bak "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-db2index.in b/ldap/admin/src/scripts/template-db2index.in
index a7a633d..9c7c5ec 100755
--- a/ldap/admin/src/scripts/template-db2index.in
+++ b/ldap/admin/src/scripts/template-db2index.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./db2index "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/db2index "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-db2ldif.in b/ldap/admin/src/scripts/template-db2ldif.in
index b85ffdc..3881911 100755
--- a/ldap/admin/src/scripts/template-db2ldif.in
+++ b/ldap/admin/src/scripts/template-db2ldif.in
@@ -1,6 +1,5 @@
 #!/bin/sh
 
 cwd=`pwd`
-cd {{SERVERBIN-DIR}}
-./db2ldif "$@" -Z {{SERV-ID}} -c $cwd
+{{SERVERBIN-DIR}}/db2ldif "$@" -Z {{SERV-ID}} -c $cwd
 exit $?
diff --git a/ldap/admin/src/scripts/template-dbverify.in b/ldap/admin/src/scripts/template-dbverify.in
index 71e3e4e..abcc58e 100755
--- a/ldap/admin/src/scripts/template-dbverify.in
+++ b/ldap/admin/src/scripts/template-dbverify.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./dbverify "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/dbverify "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-dn2rdn.in b/ldap/admin/src/scripts/template-dn2rdn.in
index b3d8e82..9ecae08 100755
--- a/ldap/admin/src/scripts/template-dn2rdn.in
+++ b/ldap/admin/src/scripts/template-dn2rdn.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./dn2rdn "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/dn2rdn "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-ldif2db.in b/ldap/admin/src/scripts/template-ldif2db.in
index f3fa58e..f38fce3 100755
--- a/ldap/admin/src/scripts/template-ldif2db.in
+++ b/ldap/admin/src/scripts/template-ldif2db.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./ldif2db "$@" -Z {{SERV-ID}}
+{{SERVERBIN-DIR}}/ldif2db "$@" -Z {{SERV-ID}}
 exit $?
diff --git a/ldap/admin/src/scripts/template-ldif2ldap.in b/ldap/admin/src/scripts/template-ldif2ldap.in
index 806ddcc..c785742 100755
--- a/ldap/admin/src/scripts/template-ldif2ldap.in
+++ b/ldap/admin/src/scripts/template-ldif2ldap.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./ldif2ldap "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/ldif2ldap "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-monitor.in b/ldap/admin/src/scripts/template-monitor.in
index 2f93337..c89bb8a 100755
--- a/ldap/admin/src/scripts/template-monitor.in
+++ b/ldap/admin/src/scripts/template-monitor.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./monitor "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/monitor "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-restoreconfig.in b/ldap/admin/src/scripts/template-restoreconfig.in
index f4b2d06..5109561 100755
--- a/ldap/admin/src/scripts/template-restoreconfig.in
+++ b/ldap/admin/src/scripts/template-restoreconfig.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./restoreconfig "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/restoreconfig "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-saveconfig.in b/ldap/admin/src/scripts/template-saveconfig.in
index c77cce1..7784e83 100755
--- a/ldap/admin/src/scripts/template-saveconfig.in
+++ b/ldap/admin/src/scripts/template-saveconfig.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./saveconfig "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/saveconfig "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-suffix2instance.in b/ldap/admin/src/scripts/template-suffix2instance.in
index 03bcba8..e29408d 100755
--- a/ldap/admin/src/scripts/template-suffix2instance.in
+++ b/ldap/admin/src/scripts/template-suffix2instance.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./suffix2instance "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/suffix2instance "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-upgradedb.in b/ldap/admin/src/scripts/template-upgradedb.in
index ce879bb..ae28ac2 100755
--- a/ldap/admin/src/scripts/template-upgradedb.in
+++ b/ldap/admin/src/scripts/template-upgradedb.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./upgradedb "$@" -Z {{SERV-ID}}
+{{SERVERBIN-DIR}}/upgradedb "$@" -Z {{SERV-ID}}
 exit $?
diff --git a/ldap/admin/src/scripts/template-upgradednformat.in b/ldap/admin/src/scripts/template-upgradednformat.in
index 5fd8ef9..74c18e8 100755
--- a/ldap/admin/src/scripts/template-upgradednformat.in
+++ b/ldap/admin/src/scripts/template-upgradednformat.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./upgradednformat "$@" -Z {{SERV-ID}}
-exit $?
\ No newline at end of file
+{{SERVERBIN-DIR}}/upgradednformat "$@" -Z {{SERV-ID}}
+exit $?
diff --git a/ldap/admin/src/scripts/template-vlvindex.in b/ldap/admin/src/scripts/template-vlvindex.in
index 0249696..a7ffb40 100755
--- a/ldap/admin/src/scripts/template-vlvindex.in
+++ b/ldap/admin/src/scripts/template-vlvindex.in
@@ -1,5 +1,4 @@
 #!/bin/sh
 
-cd {{SERVERBIN-DIR}}
-./vlvindex "$@" -Z {{SERV-ID}}
+{{SERVERBIN-DIR}}/vlvindex "$@" -Z {{SERV-ID}}
 exit $?

commit 5453bfea3ead42a2907d5cbdf0213ca0564e51cd
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Mon Jan 25 12:31:48 2016 -0800

    bump version to 1.3.4.7

diff --git a/VERSION.sh b/VERSION.sh
index 5f6110e..ba78622 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
 # PACKAGE_VERSION is constructed from these
 VERSION_MAJOR=1
 VERSION_MINOR=3
-VERSION_MAINT=4.6
+VERSION_MAINT=4.7
 # if this is a PRERELEASE, set VERSION_PREREL
 # otherwise, comment it out
 # be sure to include the dot prefix in the prerel

commit cd45d032421b0ecf76d8cbb9b1c3aeef7680d9a2
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Fri Jan 15 11:35:16 2016 -0500

    Ticket 48412 - worker threads do not detect abnormally closed
     connections
    
    Bug Description:  If a connection is abnormally closed there can still be
                      data in the connection buffer(bytes vs offset).  This prevents
                      the connection from being removed from the connection table.
                      The worker thread then goes into a loop trying to read this data
                      on an already closed connection.  If there are enough abnormally
                      closed conenction eventually all the worker threads are stuck,
                      and new connections are not accepted.
    
    Fix Description:  When looking if there is more data in the buffer check if the
                      connection was closed, and return 0 (no more data).
    
                      Also did a little code cleanup.
    
    https://fedorahosted.org/389/ticket/48412
    
    Reviewed by: rmeggins(Thanks!)
    
    (cherry picked from commit 30c4852a3d9ca527b78c0f89df5909bc9a268392)

diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
index a3d123e..3e435a7 100644
--- a/ldap/servers/slapd/connection.c
+++ b/ldap/servers/slapd/connection.c
@@ -1102,9 +1102,16 @@ connection_read_ldap_data(Connection *conn, PRInt32 *err)
 }
 
 static size_t
-conn_buffered_data_avail_nolock(Connection *conn)
+conn_buffered_data_avail_nolock(Connection *conn, int *conn_closed)
 {
-	return conn->c_private->c_buffer_bytes - conn->c_private->c_buffer_offset;
+	if ( (conn->c_sd == SLAPD_INVALID_SOCKET) || (conn->c_flags & CONN_FLAG_CLOSING) ) {
+		/* connection is closed - ignore the buffer */
+		*conn_closed = 1;
+		return 0;
+	} else {
+		*conn_closed = 0;
+		return conn->c_private->c_buffer_bytes - conn->c_private->c_buffer_offset;
+	}
 }
 
 /* Upon returning from this function, we have either: 
@@ -1127,6 +1134,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
 	PRErrorCode err = 0;
 	PRInt32 syserr = 0;
 	size_t buffer_data_avail;
+	int conn_closed = 0;
 
 	PR_EnterMonitor(conn->c_mutex);
 	/*
@@ -1142,7 +1150,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
 	
 	*tag = LBER_DEFAULT;
 	/* First check to see if we have buffered data from "before" */
-	if ((buffer_data_avail = conn_buffered_data_avail_nolock(conn))) {
+	if ((buffer_data_avail = conn_buffered_data_avail_nolock(conn, &conn_closed))) {
 		/* If so, use that data first */
 		if ( 0 != get_next_from_buffer( buffer
 				+ conn->c_private->c_buffer_offset,
@@ -1157,7 +1165,7 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
 	while (*tag == LBER_DEFAULT) {
 		int ioblocktimeout_waits = config_get_ioblocktimeout() / CONN_TURBO_TIMEOUT_INTERVAL;
 		/* We should never get here with data remaining in the buffer */
-		PR_ASSERT( !new_operation || 0 == conn_buffered_data_avail_nolock(conn) );
+		PR_ASSERT( !new_operation || !conn_buffered_data_avail_nolock(conn, &conn_closed));
 		/* We make a non-blocking read call */
 		if (CONNECTION_BUFFER_OFF != conn->c_private->use_buffer) {
 			ret = connection_read_ldap_data(conn,&err);
@@ -1269,8 +1277,12 @@ int connection_read_operation(Connection *conn, Operation *op, ber_tag_t *tag, i
 		}
 	}
 	/* If there is remaining buffered data, set the flag to tell the caller */
-	if (conn_buffered_data_avail_nolock(conn)) {
+	if (conn_buffered_data_avail_nolock(conn, &conn_closed)) {
 		*remaining_data = 1;
+	} else if (conn_closed){
+		/* connection closed */
+		ret = CONN_DONE;
+		goto done;
 	}
 
 	if ( *tag != LDAP_TAG_MESSAGE ) {
@@ -1521,7 +1533,7 @@ connection_threadmain()
 					continue;
 				case CONN_SHUTDOWN:
 					LDAPDebug( LDAP_DEBUG_TRACE, 
-					"op_thread received shutdown signal\n", 					0,  0, 0 );
+					"op_thread received shutdown signal\n", 0, 0, 0 );
 					g_decr_active_threadcnt();
 					return;
 				case CONN_FOUND_WORK_TO_DO:
@@ -1542,8 +1554,9 @@ connection_threadmain()
 							Slapi_DN *anon_sdn = slapi_sdn_new_normdn_byref( anon_dn );
 							reslimit_update_from_dn( pb->pb_conn, anon_sdn );
 							slapi_sdn_free( &anon_sdn );
-							if (slapi_reslimit_get_integer_limit(pb->pb_conn, pb->pb_conn->c_idletimeout_handle,
-									&idletimeout)
+							if (slapi_reslimit_get_integer_limit(pb->pb_conn,
+							                                     pb->pb_conn->c_idletimeout_handle,
+							                                     &idletimeout)
 								== SLAPI_RESLIMIT_STATUS_SUCCESS)
 							{
 								pb->pb_conn->c_idletimeout = idletimeout;
@@ -1581,7 +1594,7 @@ connection_threadmain()
 		op = pb->pb_op;
 		maxthreads = config_get_maxthreadsperconn();
 		more_data = 0;
-		ret = connection_read_operation(conn,op,&tag,&more_data);
+		ret = connection_read_operation(conn, op, &tag, &more_data);
 		if ((ret == CONN_DONE) || (ret == CONN_TIMEDOUT)) {
 			slapi_log_error(SLAPI_LOG_CONNS, "connection_threadmain",
 					"conn %" NSPRIu64 " read not ready due to %d - thread_turbo_flag %d more_data %d "
@@ -1614,7 +1627,8 @@ connection_threadmain()
 		/* turn off turbo mode immediately if any pb waiting in global queue */
 		if (thread_turbo_flag && !WORK_Q_EMPTY) {
 			thread_turbo_flag = 0;
-			LDAPDebug2Args(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode - pb_q is not empty %d\n",conn->c_connid,work_q_size);
+			LDAPDebug2Args(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode - pb_q is not empty %d\n",
+			               conn->c_connid,work_q_size);
 		}
 #endif
 		
@@ -1639,7 +1653,8 @@ connection_threadmain()
 				 * should call connection_make_readable after the op is removed
 				 * connection_make_readable(conn);
 				 */
-				LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode due to %d\n",conn->c_connid,ret,0);
+				LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " leaving turbo mode due to %d\n",
+				          conn->c_connid,ret,0);
 				goto done;
 			case CONN_SHUTDOWN:
 				LDAPDebug( LDAP_DEBUG_TRACE, 
@@ -1695,7 +1710,8 @@ connection_threadmain()
 					 */
 					conn->c_idlesince = curtime;
 					connection_activity(conn, maxthreads);
-					LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " queued because more_data\n",conn->c_connid,0,0);
+					LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " queued because more_data\n",
+					          conn->c_connid,0,0);
 				} else {
 					/* keep count of how many times maxthreads has blocked an operation */
 					conn->c_maxthreadsblocked++;
@@ -1770,13 +1786,15 @@ done:
 			    memset(pb, 0, sizeof(*pb));
 		} else {
 			/* delete from connection operation queue & decr refcnt */
+			int conn_closed = 0;
 			PR_EnterMonitor(conn->c_mutex);
 			connection_remove_operation_ext( pb, conn, op );
 
 			/* If we're in turbo mode, we keep our reference to the connection alive */
 			/* can't use the more_data var because connection could have changed in another thread */
-			more_data = conn_buffered_data_avail_nolock(conn) ? 1 : 0;
-			LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " check more_data %d thread_turbo_flag %d\n",conn->c_connid,more_data,thread_turbo_flag);
+			more_data = conn_buffered_data_avail_nolock(conn, &conn_closed) ? 1 : 0;
+			LDAPDebug(LDAP_DEBUG_CONNS,"conn %" NSPRIu64 " check more_data %d thread_turbo_flag %d\n",
+			          conn->c_connid,more_data,thread_turbo_flag);
 			if (!more_data) {
 				if (!thread_turbo_flag) {
 					/*

commit 407c545f07c06520f8378649fc0ac8fe20748dc7
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Sun Jan 17 18:25:43 2016 -0500

    Ticket 47788 - Supplier can skip a failing update, although
     it should retry
    
    Bug Description:  If a replicated update fails on the consumer,
                      the update is never tried.  This is due to the
                      replication async result thread missing the failure
                      before another update is replicated and it succeeds.
    
                      This second update that succeeds updates the consumer
                      RUV.  This makes it appear that the consumer is caught
                      up, and the supplier never resends that original
                      failed update.
    
    Fix Description:  When a replicated update fails, and its an error we can
                      not ignore, the connection is closed.  Which stops the
                      replication session, and prevents any further updates
                      coming in and updating the consumer RUV.  This allows
                      the supplier to correctly retry the operation that
                      failed on the next replication session.
    
    https://fedorahosted.org/389/ticket/47788
    
    Reviewed by: nhosoi, wibrown, and rmeggins (Thanks!!!)
    
    (cherry picked from commit ab6501a963c94b2b6b5fa8d1924519ef1c26b0bd)

diff --git a/ldap/servers/plugins/replication/repl5.h b/ldap/servers/plugins/replication/repl5.h
index df92ca0..307da82 100644
--- a/ldap/servers/plugins/replication/repl5.h
+++ b/ldap/servers/plugins/replication/repl5.h
@@ -608,6 +608,7 @@ void replica_incr_agmt_count(Replica *r);
 void replica_decr_agmt_count(Replica *r);
 PRUint64 replica_get_precise_purging(Replica *r);
 void replica_set_precise_purging(Replica *r, PRUint64 on_off);
+PRBool ignore_error_and_keep_going(int error);
 
 /* The functions below handles the state flag */
 /* Current internal state flags */
diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
index 1515ca1..d193938 100644
--- a/ldap/servers/plugins/replication/repl5_connection.c
+++ b/ldap/servers/plugins/replication/repl5_connection.c
@@ -480,17 +480,17 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda
 					conn->last_ldap_error = rc;
 					close_connection_internal(conn); /* we already have the lock */
 					return_value = CONN_NOT_CONNECTED;
+					goto done;
 				}
 				else if (IS_DISCONNECT_ERROR(err))
 				{
 					conn->last_ldap_error = err;
 					close_connection_internal(conn); /* we already have the lock */
 					return_value = CONN_NOT_CONNECTED;
+					goto done;
 				}
 				/* Got a result */
-				if ((rc == LDAP_SUCCESS) && (err == LDAP_BUSY))
-				    	return_value = CONN_BUSY;
-				else if (retoidp)
+				if (retoidp /* total update */)
 				{
 					if (!((rc == LDAP_SUCCESS) && (err == LDAP_BUSY)))
 					{
@@ -519,16 +519,11 @@ conn_read_result_ex(Repl_Connection *conn, char **retoidp, struct berval **retda
 					}
 					return_value = LDAP_SUCCESS == conn->last_ldap_error ? CONN_OPERATION_SUCCESS : CONN_OPERATION_FAILED;
 				}
-				/*
-				 * XXXggood do I need to free matched, referrals,
-				 * anything else? Or can I pass NULL for the args
-				 * I'm not interested in?
-				 */
-				/* Good question! Meanwhile, as RTM aproaches, let's free them... */
-				slapi_ch_free((void **) &errmsg);
-				slapi_ch_free((void **) &matched);
-				charray_free(referrals);
 				conn->status = STATUS_CONNECTED;
+done:
+				slapi_ch_free_string(&errmsg);
+				slapi_ch_free_string(&matched);
+				charray_free(referrals);
 			}
 			if (res) ldap_msgfree(res);
 			PR_Unlock(conn->lock); /* release the conn lock */
diff --git a/ldap/servers/plugins/replication/repl5_inc_protocol.c b/ldap/servers/plugins/replication/repl5_inc_protocol.c
index 244bbb2..927f835 100644
--- a/ldap/servers/plugins/replication/repl5_inc_protocol.c
+++ b/ldap/servers/plugins/replication/repl5_inc_protocol.c
@@ -146,7 +146,6 @@ static void protocol_sleep(Private_Repl_Protocol *prp, PRIntervalTime duration);
 static int send_updates(Private_Repl_Protocol *prp, RUV *ruv, PRUint32 *num_changes_sent);
 static void repl5_inc_backoff_expired(time_t timer_fire_time, void *arg);
 static int examine_update_vector(Private_Repl_Protocol *prp, RUV *ruv);
-static PRBool ignore_error_and_keep_going(int error);
 static const char* state2name (int state);
 static const char* event2name (int event);
 static const char* op2string (int op);
@@ -450,11 +449,13 @@ repl5_inc_flow_control_results(Repl_Agmt *agmt, result_data *rd)
     PR_Unlock(rd->lock);
 }
 
-static void
+static int
 repl5_inc_waitfor_async_results(result_data *rd)
 {
 	int done = 0;
 	int loops = 0;
+	int rc = UPDATE_NO_MORE_UPDATES;
+
 	/* Keep pulling results off the LDAP connection until we catch up to the last message id stored in the rd */
 	while (!done && !slapi_is_shutting_down())
 	{
@@ -470,6 +471,10 @@ repl5_inc_waitfor_async_results(result_data *rd)
 		} else if (rd->abort && (rd->result == UPDATE_CONNECTION_LOST)) {
 			done = 1; /* no connection == no more results */
 		}
+		/*
+		 * Return the last operation result
+		 */
+		rc = rd->result;
 		PR_Unlock(rd->lock);
 		if (!done) {
 			/* If not then sleep a bit */
@@ -487,6 +492,7 @@ repl5_inc_waitfor_async_results(result_data *rd)
 			done = 1;
 		}
 	}
+	return rc;
 }
 
 /*
@@ -1467,78 +1473,84 @@ static int
 repl5_inc_update_from_op_result(Private_Repl_Protocol *prp, ConnResult replay_crc, int connection_error, char *csn_str, char *uniqueid, ReplicaId replica_id, int* finished, PRUint32 *num_changes_sent)



More information about the Pkg-fedora-ds-maintainers mailing list