[Pkg-fedora-ds-maintainers] 389-ds-base: Changes to 'upstream'

Timo Aaltonen tjaalton at moszumanska.debian.org
Thu Oct 27 22:43:25 UTC 2016


 Makefile.am                                                   |   12 
 Makefile.in                                                   |   21 
 VERSION.sh                                                    |   16 
 configure                                                     |    5 
 configure.ac                                                  |    4 
 dirsrvtests/tests/stress/replication/mmr_01_4m-2h-4c_test.py  |    2 
 dirsrvtests/tests/stress/replication/mmr_01_4m_test.py        |    2 
 dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py |  338 ++++++
 dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py    |  224 ++++
 dirsrvtests/tests/suites/password/pwdPolicy_test.py           |  224 ----
 dirsrvtests/tests/suites/password/pwdPolicy_warning_test.py   |  559 ++++++++++
 dirsrvtests/tests/suites/password/pwd_change_policytest.py    |  240 ----
 dirsrvtests/tests/suites/password/pwp_history_test.py         |    6 
 dirsrvtests/tests/suites/replication/cleanallruv_test.py      |    4 
 dirsrvtests/tests/tickets/ticket1347760_test.py               |   12 
 dirsrvtests/tests/tickets/ticket47536_test.py                 |    1 
 dirsrvtests/tests/tickets/ticket47819_test.py                 |    8 
 dirsrvtests/tests/tickets/ticket47823_test.py                 |    1 
 dirsrvtests/tests/tickets/ticket47838_test.py                 |   23 
 dirsrvtests/tests/tickets/ticket48194_test.py                 |   33 
 dirsrvtests/tests/tickets/ticket48369_test.py                 |  124 --
 dirsrvtests/tests/tickets/ticket48755_test.py                 |   18 
 dirsrvtests/tests/tickets/ticket48784_test.py                 |   14 
 dirsrvtests/tests/tickets/ticket48798_test.py                 |   15 
 dirsrvtests/tests/tickets/ticket48956_test.py                 |  167 ++
 ldap/admin/src/base-initconfig.in                             |   73 -
 ldap/admin/src/defaults.inf.in                                |   50 
 ldap/admin/src/scripts/DSCreate.pm.in                         |    4 
 ldap/admin/src/scripts/DSUtil.pm.in                           |   34 
 ldap/admin/src/scripts/repl-monitor.pl.in                     |    2 
 ldap/ldif/template-dse.ldif.in                                |    1 
 ldap/ldif/template-suffix-db.ldif.in                          |    1 
 ldap/servers/plugins/collation/collate.c                      |   14 
 ldap/servers/plugins/collation/orfilter.c                     |   55 
 ldap/servers/plugins/replication/cl5_api.c                    |  162 +-
 ldap/servers/plugins/replication/cl5_api.h                    |    2 
 ldap/servers/plugins/replication/cl5_clcache.c                |   52 
 ldap/servers/plugins/replication/repl5.h                      |   15 
 ldap/servers/plugins/replication/repl5_agmt.c                 |   26 
 ldap/servers/plugins/replication/repl5_inc_protocol.c         |   70 -
 ldap/servers/plugins/replication/repl5_protocol_util.c        |   65 +
 ldap/servers/plugins/replication/repl5_replica.c              |   58 -
 ldap/servers/plugins/replication/repl5_replica_config.c       |    6 
 ldap/servers/plugins/replication/repl5_total.c                |    5 
 ldap/servers/slapd/add.c                                      |   15 
 ldap/servers/slapd/auditlog.c                                 |   22 
 ldap/servers/slapd/back-ldbm/archive.c                        |    9 
 ldap/servers/slapd/back-ldbm/dblayer.c                        |  164 ++
 ldap/servers/slapd/back-ldbm/import-threads.c                 |    5 
 ldap/servers/slapd/back-ldbm/import.c                         |   15 
 ldap/servers/slapd/back-ldbm/instance.c                       |   12 
 ldap/servers/slapd/back-ldbm/ldif2ldbm.c                      |   18 
 ldap/servers/slapd/back-ldbm/proto-back-ldbm.h                |    9 
 ldap/servers/slapd/back-ldbm/sort.c                           |   12 
 ldap/servers/slapd/bulk_import.c                              |    3 
 ldap/servers/slapd/entrywsi.c                                 |   34 
 ldap/servers/slapd/libglobs.c                                 |   14 
 ldap/servers/slapd/log.c                                      |   71 -
 ldap/servers/slapd/modify.c                                   |    8 
 ldap/servers/slapd/proto-slap.h                               |    7 
 ldap/servers/slapd/pw.c                                       |   87 -
 ldap/servers/slapd/pw_mgmt.c                                  |    9 
 ldap/servers/slapd/schema.c                                   |   19 
 ldap/servers/slapd/slapi-plugin.h                             |    2 
 man/man8/ns-accountstatus.pl.8                                |    6 
 rpm.mk                                                        |   33 
 rpm/389-ds-base.spec.in                                       |    2 
 rpm/rpmverrel.sh                                              |    2 
 68 files changed, 2281 insertions(+), 1065 deletions(-)

New commits:
commit 70c7d2a6bc7fd666bb8851d4128581ee878849bb
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Thu Oct 13 10:18:52 2016 -0400

    Bump version to 1.3.5-14

diff --git a/VERSION.sh b/VERSION.sh
index f83c1ec..9f5604a 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -10,7 +10,7 @@ vendor="389 Project"
 # PACKAGE_VERSION is constructed from these
 VERSION_MAJOR=1
 VERSION_MINOR=3
-VERSION_MAINT=5.13
+VERSION_MAINT=5.14
 # NOTE: VERSION_PREREL is automatically set for builds made out of a git tree
 VERSION_PREREL=
 VERSION_DATE=$(date -u +%Y%m%d)

commit e2bc8fd60bf232cd4c1bc9a6860b7bd570a9dff1
Author: Thierry Bordaz <tbordaz at redhat.com>
Date:   Thu Sep 22 20:48:13 2016 +0200

    Ticket 48992: Total init may fail if the pushed schema is rejected
    
    Bug Description:
        In the early phase of total update (or incremental update), the supplier may send its schema.
        A supplier will send its schema to the consumer at the condition its nsSchemaCSN is greater than
        the consumer nsSchemaCSN.
        If it is the case, a 1.2.11 supplier will systematically send its schema, while a 1.3 supplier will
        check that its schema is a superset of the consumer schema before sending it.
        If a 1.2.11 supplier sends its schema and that schema is a subset of consumer one, then
        the >1.3 consumer will detect it is a subset and reject the update.
        In that case the >1.3 consumer rejects a replicated update.
    
        On the consumer side, with the fix https://fedorahosted.org/389/ticket/47788, if a
        replication operation fails, it may trigger the closure of the replication connection.
        The fix decides, based on the type of failure, if the failure can be ignored (leave the connection
        opened) or is fatal (close the connection).
        This is detected, on the consumer side, in multimaster_postop_*->process_postop->ignore_error_and_keep_going.
    
        In the current version, if a replicated update of the schema fails it return LDAP_UNWILLING_TO_PERFORM.
        This is a fatal error regarding ignore_error_and_keep_going that then close the connection
        and interrupt the total/incremental update.
    
        Note this bug can be transient as, the schema learning mechanism (on consumer) may learn from
        the received schema (even if it is rejected) and update its local schema that increase
        nsSchemaCSN. If this occur, a later replication session finding a greater nsSchemaCSN on the
        consumer side will not push the schema
    
    Fix Description:
        When the update of the schema is rejected make it not fatal, switching the returned
        code from LDAP_UNWILLING_TO_PERFORM to LDAP_CONSTRAINT_VIOLATION
    
    https://fedorahosted.org/389/ticket/48992
    
    Reviewed by: Noriko Hosoi, Ludwig Krispenz (thanks to you !)
    
    Platforms tested: 7.3
    
    Flag Day: no
    
    Doc impact: no

diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
index 7689aa9..4b8910d 100644
--- a/ldap/servers/slapd/schema.c
+++ b/ldap/servers/slapd/schema.c
@@ -2120,7 +2120,24 @@ modify_schema_dse (Slapi_PBlock *pb, Slapi_Entry *entryBefore, Slapi_Entry *entr
                   slapi_log_error(SLAPI_LOG_FATAL, "schema",
 			                  "[C] Local %s must not be overwritten (set replication log for additional info)\n",
 			                  attr_name);
-                  *returncode = LDAP_UNWILLING_TO_PERFORM;
+                  /*
+                   * If the update (replicated) of the schema is rejected then
+                   * process_postop->ignore_error_and_keep_going will decide if
+                   * this failure is fatal or can be ignored.
+                   * LDAP_UNWILLING_TO_PERFORM is considered as fatal error --> close the connection
+                   * 
+                   * A 6.x supplier may send a subset schema and trigger this error, that
+                   * will break the replication session.
+                   * 
+                   * With new "learning" mechanism this is not that important if the
+                   * update of the schema is successful or not. Just be permissive
+                   * ignoring that failure to let the full replication session going on
+                   * So return LDAP_CONSTRAINT_VIOLATION (in place of LDAP_UNWILLING_TO_PERFORM)
+                   * is pick up as best choice of non fatal returncode.
+                   * (others better choices UNWILLING_TO_PERFORM, OPERATION_ERROR or ldap_error
+                   * are unfortunately all fatal). 
+                   */
+                  *returncode = LDAP_CONSTRAINT_VIOLATION;
                   return (SLAPI_DSE_CALLBACK_ERROR);
           }
   }

commit 89b33813b44bc8ebbbbfd6fc2b10a4ae21d4af5f
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Mon Sep 19 09:25:32 2016 -0400

    Ticket 48832 - Fix CI test suite for password min age
    
    Description:  Need to add sleeps to test case
    
    Reviewed by: mreynolds (one line commit rule)
    
    (cherry picked from commit 2b45d58dac74e35f779a5df6256301cca4c80204)

diff --git a/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
index d3be7e2..023f508 100644
--- a/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
+++ b/dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
@@ -1,12 +1,10 @@
 import os
-import sys
 import time
 import subprocess
 import ldap
 import logging
 import pytest
-from lib389 import DirSrv, Entry, tools, tasks
-from lib389.tools import DirSrvTools
+from lib389 import DirSrv, Entry
 from lib389._constants import *
 from lib389.properties import *
 from lib389.tasks import *
@@ -72,7 +70,6 @@ def topology(request):
 
     request.addfinalizer(fin)
 
-
     return TopologyStandalone(standalone)
 
 
@@ -208,6 +205,7 @@ def test_change_pwd(topology, test_user, password_policy,
                   'policy for {}: error {}'.format(PW_POLICY_CONT_USER,
                                                    e.message['desc']))
         raise e
+    time.sleep(1)
 
     try:
         log.info('Bind as user and modify userPassword')
@@ -291,6 +289,7 @@ def test_pwd_min_age(topology, test_user, password_policy):
                   'policy for {}: error {}'.format(DN_CONFIG,
                                                    e.message['desc']))
         raise e
+    time.sleep(1)
 
     try:
         log.info('Bind as user and modify userPassword')
@@ -302,7 +301,7 @@ def test_pwd_min_age(topology, test_user, password_policy):
         log.error('Failed to change userpassword for {}: error {}'.format(
             TEST_USER_DN, e.message['info']))
         raise e
-
+    time.sleep(1)
 
     log.info('Bind as user and modify userPassword straight away after previous change')
     topology.standalone.simple_bind_s(TEST_USER_DN, 'new_pass')

commit 966946453cf4d018dee6b4d5b6bcbdf394a24b49
Author: William Brown <firstyear at redhat.com>
Date:   Mon Sep 19 11:34:17 2016 +1000

    Ticket 48983 - Configure and Makefile.in from new default paths work.
    
    Bug Description:   At configure time, this is the only time we know all the
    resolved paths of a ds installation. However, external tools such as lib389
    need to be able to discover and use these paths.
    
    Fix Description:  This updates defaults.inf with some extra paths that were
    found to be needed as part of the lib389 tests.
    
    https://fedorahosted.org/389/ticket/48983
    
    Author: wibrown
    
    Review by: tbordaz, mreynolds (Thanks!)

diff --git a/ldap/admin/src/defaults.inf.in b/ldap/admin/src/defaults.inf.in
index 9b02542..2bd94fe 100644
--- a/ldap/admin/src/defaults.inf.in
+++ b/ldap/admin/src/defaults.inf.in
@@ -14,26 +14,33 @@
 ; All format strings should be in python syntax IE {key}
 
 [slapd]
+; These values should NOT be altered in an installation.
+; This is because the server itself depends on these locations and values
+; being known, and are set at compilation time.
 product = @capbrand@ Directory Server
 version = @PACKAGE_VERSION@
-user = dirsrv
-group = dirsrv
-root_dn = cn=Directory Manager
+asan_enabled = @enable_asan@
 prefix = @prefixdir@
 bin_dir = @bindir@
 sbin_dir = @sbindir@
 lib_dir = @libdir@
 data_dir = @datadir@
 tmp_dir = /tmp
-
 sysconf_dir = @sysconfdir@
-initconfigdir = @initconfigdir@
+initconfig_dir = @initconfigdir@
 config_dir = @instconfigdir@/slapd-{instance_name}
+local_state_dir = @localstatedir@
+run_dir = @localstatedir@/run/dirsrv
+plugin_dir = @serverplugindir@
+
+; These values can be altered in an installation of ds
+user = dirsrv
+group = dirsrv
+root_dn = cn=Directory Manager
+
 schema_dir = @instconfigdir@/slapd-{instance_name}/schema
 cert_dir = @instconfigdir@/slapd-{instance_name}
 
-local_state_dir = @localstatedir@
-run_dir = @localstatedir@/run/dirsrv
 lock_dir = @localstatedir@/lock/dirsrv/slapd-{instance_name}
 log_dir = @localstatedir@/log/dirsrv/slapd-{instance_name}
 inst_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}

commit 52605fde6ea9e5af13ffb34c24fd84b21805588c
Author: William Brown <firstyear at redhat.com>
Date:   Wed Sep 14 13:02:03 2016 +1000

    Ticket 48983 - Configure and Makefile.in from new default paths work.
    
    Bug Description:   At configure time, this is the only time we know all the
    resolved paths of a ds installation. However, external tools such as lib389
    need to be able to discover and use these paths.
    
    Fix Description:  This updates the configure and makefile based on the changes
    to create the defaults.inf.
    
    https://fedorahosted.org/389/ticket/48983
    
    Author: wibrown
    
    Review by: tbordaz, mreynolds (Thanks!)

diff --git a/Makefile.in b/Makefile.in
index 17b8d73..cd07f40 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1392,10 +1392,6 @@ build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
 capbrand = @capbrand@
-
-#------------------------
-# Install Paths
-#------------------------
 configdir = $(sysconfdir)@configdir@
 datadir = @datadir@
 datarootdir = @datarootdir@
@@ -1473,6 +1469,11 @@ perldir = $(libdir)@perldir@
 perlexec = @perlexec@
 plainldif_opts = @plainldif_opts@
 prefix = @prefix@
+
+#------------------------
+# Install Paths
+#------------------------
+prefixdir = @prefixdir@
 program_transform_name = @program_transform_name@
 propertydir = $(datadir)@propertydir@
 psdir = @psdir@
@@ -2142,7 +2143,8 @@ task_SCRIPTS = ldap/admin/src/scripts/template-bak2db \
 inf_DATA = ldap/admin/src/slapd.inf \
 	ldap/admin/src/scripts/dscreate.map \
 	ldap/admin/src/scripts/dsupdate.map \
-	ldap/admin/src/scripts/dsorgentries.map
+	ldap/admin/src/scripts/dsorgentries.map \
+	ldap/admin/src/defaults.inf
 
 mib_DATA = ldap/servers/snmp/redhat-directory.mib
 pkgconfig_DATA = $(PACKAGE_NAME).pc
@@ -3157,7 +3159,8 @@ rsearch_bin_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(LIBS
 @BUNDLE_FALSE@	-e 's, at ldaplib_defs\@,$(ldaplib_defs),g' \
 @BUNDLE_FALSE@	-e 's, at systemdsystemunitdir\@,$(systemdsystemunitdir),g' \
 @BUNDLE_FALSE@	-e 's, at systemdsystemconfdir\@,$(systemdsystemconfdir),g' \
- at BUNDLE_FALSE@	-e 's, at systemdgroupname\@,$(systemdgroupname),g'
+ at BUNDLE_FALSE@	-e 's, at systemdgroupname\@,$(systemdgroupname),g' \
+ at BUNDLE_FALSE@	-e 's, at prefixdir\@,$(prefixdir),g'
 
 
 # these are for the config files and scripts that we need to generate and replace
@@ -3236,7 +3239,8 @@ rsearch_bin_LDADD = $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(LIBS
 @BUNDLE_TRUE@	-e 's, at ldaplib_defs\@,$(ldaplib_defs),g' \
 @BUNDLE_TRUE@	-e 's, at systemdsystemunitdir\@,$(systemdsystemunitdir),g' \
 @BUNDLE_TRUE@	-e 's, at systemdsystemconfdir\@,$(systemdsystemconfdir),g' \
- at BUNDLE_TRUE@	-e 's, at systemdgroupname\@,$(systemdgroupname),g'
+ at BUNDLE_TRUE@	-e 's, at systemdgroupname\@,$(systemdgroupname),g' \
+ at BUNDLE_TRUE@	-e 's, at prefixdir\@,$(prefixdir),g'
 
 all: $(BUILT_SOURCES) config.h
 	$(MAKE) $(AM_MAKEFLAGS) all-am
diff --git a/configure b/configure
index c2a4af6..734cbcb 100755
--- a/configure
+++ b/configure
@@ -745,6 +745,7 @@ schemadir
 propertydir
 sampledatadir
 configdir
+prefixdir
 with_tmpfiles_d
 with_fhs_opt
 enable_nunc_stans_FALSE
@@ -18145,6 +18146,7 @@ localrundir='/run'
 if test "$with_fhs_opt" = "yes"; then
   # Override sysconfdir and localstatedir if FHS optional
   # package was requested.
+  prefixdir=$prefix
   sysconfdir='/etc/opt'
   localstatedir='/var/opt'
   localrundir='/var/opt/run'
@@ -18179,6 +18181,7 @@ else
         localstatedir='/var'
     localrundir='/run'
   fi
+  prefixdir=$prefix
   # relative to datadir
   sampledatadir=/$PACKAGE_NAME/data
   # relative to datadir
@@ -18302,6 +18305,7 @@ fi
 
 
 
+
 # check for --with-instconfigdir
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-instconfigdir" >&5
 $as_echo_n "checking for --with-instconfigdir... " >&6; }

commit 8f6cce138b2ea23ff5b3f403944e338ae6542898
Author: William Brown <firstyear at redhat.com>
Date:   Mon Sep 12 11:30:55 2016 +1000

    Ticket 48983 -  generate install path info from autotools scripts
    
    Bug Description:  At configure time, this is the only time we know all the
    resolved paths of a ds installation. However, external tools such as lib389
    need to be able to discover and use these paths.
    
    Fix Description:  Add a new file to share in a well-known location that well
    provide all the paths of ds instance and install. This will allow discovery
    of what settings should be used on the associated platform or installation.
    
    https://fedorahosted.org/389/ticket/48983
    
    Author: wibrown
    
    Review by: ???

diff --git a/Makefile.am b/Makefile.am
index a2f834e..7458ab7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -175,6 +175,7 @@ selinux-built/dirsrv.fc: selinux-built
 #------------------------
 # Install Paths
 #------------------------
+prefixdir = @prefixdir@
 configdir = $(sysconfdir)@configdir@
 sampledatadir = $(datadir)@sampledatadir@
 propertydir = $(datadir)@propertydir@
@@ -724,7 +725,8 @@ endif
 inf_DATA = ldap/admin/src/slapd.inf \
 	ldap/admin/src/scripts/dscreate.map \
 	ldap/admin/src/scripts/dsupdate.map \
-	ldap/admin/src/scripts/dsorgentries.map
+	ldap/admin/src/scripts/dsorgentries.map \
+	ldap/admin/src/defaults.inf
 
 mib_DATA = ldap/servers/snmp/redhat-directory.mib
 
@@ -1837,7 +1839,8 @@ fixupcmd = sed \
 	-e 's, at ldaplib_defs\@,$(ldaplib_defs),g' \
 	-e 's, at systemdsystemunitdir\@,$(systemdsystemunitdir),g' \
 	-e 's, at systemdsystemconfdir\@,$(systemdsystemconfdir),g' \
-	-e 's, at systemdgroupname\@,$(systemdgroupname),g'
+	-e 's, at systemdgroupname\@,$(systemdgroupname),g' \
+	-e 's, at prefixdir\@,$(prefixdir),g'
 else
 fixupcmd = sed \
 	-e 's, at bindir\@,$(bindir),g' \
@@ -1906,7 +1909,8 @@ fixupcmd = sed \
 	-e 's, at ldaplib_defs\@,$(ldaplib_defs),g' \
 	-e 's, at systemdsystemunitdir\@,$(systemdsystemunitdir),g' \
 	-e 's, at systemdsystemconfdir\@,$(systemdsystemconfdir),g' \
-	-e 's, at systemdgroupname\@,$(systemdgroupname),g'
+	-e 's, at systemdgroupname\@,$(systemdgroupname),g' \
+	-e 's, at prefixdir\@,$(prefixdir),g'
 endif
 
 %: %.in
diff --git a/configure.ac b/configure.ac
index c18d2d9..3e0f8aa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -285,6 +285,7 @@ localrundir='/run'
 if test "$with_fhs_opt" = "yes"; then
   # Override sysconfdir and localstatedir if FHS optional
   # package was requested.
+  prefixdir=$prefix
   sysconfdir='/etc/opt'
   localstatedir='/var/opt'
   localrundir='/var/opt/run'
@@ -321,6 +322,7 @@ else
     localstatedir='/var'
     localrundir='/run'
   fi
+  prefixdir=$prefix
   # relative to datadir
   sampledatadir=/$PACKAGE_NAME/data
   # relative to datadir
@@ -414,6 +416,7 @@ else
   with_pythonexec=/usr/bin/python2
 fi
 
+AC_SUBST(prefixdir)
 AC_SUBST(configdir)
 AC_SUBST(sampledatadir)
 AC_SUBST(propertydir)
diff --git a/ldap/admin/src/defaults.inf.in b/ldap/admin/src/defaults.inf.in
new file mode 100644
index 0000000..9b02542
--- /dev/null
+++ b/ldap/admin/src/defaults.inf.in
@@ -0,0 +1,43 @@
+; --- BEGIN COPYRIGHT BLOCK ---
+; Copyright (C) 2016 Red Hat, Inc.
+; All rights reserved.
+;
+; License: GPL (version 3 or any later version).
+; See LICENSE for details.
+; --- END COPYRIGHT BLOCK ---
+
+; Author: firstyear at redhat.com
+
+; This is a set of default paths that tools consuming DS should search
+; for paths. This is the foundation of the version 2 ds setup inf
+;
+; All format strings should be in python syntax IE {key}
+
+[slapd]
+product = @capbrand@ Directory Server
+version = @PACKAGE_VERSION@
+user = dirsrv
+group = dirsrv
+root_dn = cn=Directory Manager
+prefix = @prefixdir@
+bin_dir = @bindir@
+sbin_dir = @sbindir@
+lib_dir = @libdir@
+data_dir = @datadir@
+tmp_dir = /tmp
+
+sysconf_dir = @sysconfdir@
+initconfigdir = @initconfigdir@
+config_dir = @instconfigdir@/slapd-{instance_name}
+schema_dir = @instconfigdir@/slapd-{instance_name}/schema
+cert_dir = @instconfigdir@/slapd-{instance_name}
+
+local_state_dir = @localstatedir@
+run_dir = @localstatedir@/run/dirsrv
+lock_dir = @localstatedir@/lock/dirsrv/slapd-{instance_name}
+log_dir = @localstatedir@/log/dirsrv/slapd-{instance_name}
+inst_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}
+db_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/db
+backup_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/bak
+ldif_dir = @localstatedir@/lib/dirsrv/slapd-{instance_name}/ldif
+

commit 21f1b615239217d97afe133cb122f1e2cc3f3664
Author: Ludwig Krispenz <lkrispen at redhat.com>
Date:   Tue Aug 2 15:01:48 2016 +0200

    Ticket 48944 - on a read only replica invalid state info can accumulate
    
    Bug Description: if internal mods are generated on a consumer (eg by Account Policy)
    		 and changes for these attributes are als received via replication
    		 the state information on the consumer can accumulate
    
    Fix Description: Make sure replace operations are only applied if they
    		 are newer than an existing attribute deletion csn.
    
    https://fedorahosted.org/389/ticket/48944
    
    Reviewed by: Noriko, thanks

diff --git a/ldap/servers/slapd/entrywsi.c b/ldap/servers/slapd/entrywsi.c
index a8f8455..7445d98 100644
--- a/ldap/servers/slapd/entrywsi.c
+++ b/ldap/servers/slapd/entrywsi.c
@@ -432,6 +432,14 @@ entry_add_present_values_wsi_single_valued(Slapi_Entry *e, const char *type, str
 		Slapi_Attr *a= NULL;
 		long a_flags_orig;
 		int attr_state= entry_attr_find_wsi(e, type, &a);
+		const CSN *adcsn = attr_get_deletion_csn(a);
+		if (csn_compare(csn, adcsn)<0) {
+			/* the attribute was deleted with an adcsn
+			 * newer than the current csn.
+			 * Nothing to do.
+			 */
+			goto done;
+		}
 
 		a_flags_orig = a->a_flags;
 		a->a_flags |= flags;
@@ -499,6 +507,7 @@ entry_add_present_values_wsi_single_valued(Slapi_Entry *e, const char *type, str
 		}
 		a->a_flags = a_flags_orig;
 	}
+done:
 	valuearray_free(&valuestoadd);
 
 	return(retVal);
@@ -517,6 +526,14 @@ entry_add_present_values_wsi_multi_valued(Slapi_Entry *e, const char *type, stru
 		long a_flags_orig;
 		int attr_state = entry_attr_find_wsi(e, type, &a);
 
+		const CSN *adcsn = attr_get_deletion_csn(a);
+		if (csn_compare(csn, adcsn)<0) {
+			/* the attribute was deleted with an adcsn
+			 * newer than the current csn.
+			 * Nothing to do.
+			 */
+			goto done;
+		}
 		a_flags_orig = a->a_flags;
 		a->a_flags |= flags;
 		/* Check if the type of the to-be-added values has DN syntax or not. */
@@ -594,6 +611,7 @@ entry_add_present_values_wsi_multi_valued(Slapi_Entry *e, const char *type, stru
 		}
 		a->a_flags = a_flags_orig;
 	}
+done:
 	valuearray_free(&valuestoadd);
 
 	return(retVal);
@@ -677,6 +695,14 @@ entry_delete_present_values_wsi_single_valued(Slapi_Entry *e, const char *type,
 	{
 		/* delete the entire attribute */
 		LDAPDebug( LDAP_DEBUG_ARGS, "removing entire attribute %s\n", type, 0, 0 );
+		const CSN *adcsn = attr_get_deletion_csn(a);
+		if (csn_compare(csn, adcsn)<0) {
+			/* the attribute was deleted with an adcsn
+			 * newer than the current csn.
+			 * Nothing to do.
+			 */
+			return LDAP_SUCCESS;
+		}
 		attr_set_deletion_csn(a,csn);
 		if(urp)
 		{
@@ -767,6 +793,14 @@ entry_delete_present_values_wsi_multi_valued(Slapi_Entry *e, const char *type, s
 		{
 			/* delete the entire attribute */
 			LDAPDebug( LDAP_DEBUG_ARGS, "removing entire attribute %s\n", type, 0, 0 );
+			const CSN *adcsn = attr_get_deletion_csn(a);
+			if (csn_compare(csn, adcsn)<0) {
+				/* the attribute was deleted with an adcsn
+				 * newer than the current csn.
+				 * Nothing to do.
+				 */
+				return LDAP_SUCCESS;
+			}
 			attr_set_deletion_csn(a,csn);
 			if(urp)
 			{

commit f4301f6be6bbff3c7bb0180a38f6dfd7e31b8558
Author: Thierry Bordaz <tbordaz at redhat.com>
Date:   Thu Sep 8 11:38:15 2016 +0200

    use a consumer maxcsn only as anchor if supplier is more advanced

diff --git a/ldap/servers/plugins/replication/cl5_clcache.c b/ldap/servers/plugins/replication/cl5_clcache.c
index 74f0fec..ca8b841 100644
--- a/ldap/servers/plugins/replication/cl5_clcache.c
+++ b/ldap/servers/plugins/replication/cl5_clcache.c
@@ -717,24 +717,22 @@ clcache_adjust_anchorcsn ( CLC_Buffer *buf, int *flag )
 								curr, conmaxcsn);
 			}
 
-			if (csn_compare (cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 ||
-			    csn_compare (cscb->prev_local_maxcsn, buf->buf_current_csn) > 0 ) {
-				if (csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
+			if (csn_compare(cscb->local_maxcsn, cscb->consumer_maxcsn) > 0) {
+				/* We have something to send for this RID */
+
+				if (csn_compare(cscb->local_maxcsn, cscb->prev_local_maxcsn) == 0 ||
+					csn_compare(cscb->prev_local_maxcsn, buf->buf_current_csn) > 0) {
+					/* No new changes or it remains, in the buffer, updates to send  */
 					rid_anchor = buf->buf_current_csn;
-				}
-			} else {
-				/* prev local max csn < csnBuffer AND different from local maxcsn */
-				if (cscb->prev_local_maxcsn == NULL) {
+				} else {
+					/* prev local max csn < csnBuffer AND different from local maxcsn */
 					if (cscb->consumer_maxcsn == NULL) {
 						/* the consumer hasn't seen changes for this RID */
 						rid_anchor = cscb->local_mincsn;
 						rid_flag = DB_SET;
-					} else if ( csn_compare (cscb->local_maxcsn, cscb->consumer_maxcsn) > 0 ) {
+					} else {
 						rid_anchor = cscb->consumer_maxcsn;
 					}
-				} else {
-					/* csnPrevMaxSup > 0 */
-					rid_anchor = cscb->consumer_maxcsn;
 				}
 			}
 

commit 6e6e6d780431fb4b9f2647e2bddbf2f0cbae6a02
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Fri Sep 9 10:18:52 2016 -0400

    Ticket 48921 - CI Replication stress tests have limits set too low
    
    Description:  The number of users to add and delete was incorrectly
                  set low for debugging purposes, but it was not raised back up
                  to the correct value when it was committed to the source tree.
    
    https://fedorahosted.org/389/ticket/48921
    
    Reviewed by: mreynolds (one line commit rule)
    
    (cherry picked from commit 480d79d00ba6467aeaedcd3db67c24c79709b225)

diff --git a/dirsrvtests/tests/stress/replication/mmr_01_4m-2h-4c_test.py b/dirsrvtests/tests/stress/replication/mmr_01_4m-2h-4c_test.py
index 95c0b71..2ac4723 100644
--- a/dirsrvtests/tests/stress/replication/mmr_01_4m-2h-4c_test.py
+++ b/dirsrvtests/tests/stress/replication/mmr_01_4m-2h-4c_test.py
@@ -16,7 +16,7 @@ logging.getLogger(__name__).setLevel(logging.INFO)
 log = logging.getLogger(__name__)
 
 DEBUGGING = False
-ADD_DEL_COUNT = 500
+ADD_DEL_COUNT = 5000
 MAX_LOOPS = 5
 TEST_CONVERGE_LATENCY = True
 CONVERGENCE_TIMEOUT = '60'
diff --git a/dirsrvtests/tests/stress/replication/mmr_01_4m_test.py b/dirsrvtests/tests/stress/replication/mmr_01_4m_test.py
index c48a070..b7d677e 100644
--- a/dirsrvtests/tests/stress/replication/mmr_01_4m_test.py
+++ b/dirsrvtests/tests/stress/replication/mmr_01_4m_test.py
@@ -16,7 +16,7 @@ logging.getLogger(__name__).setLevel(logging.DEBUG)
 log = logging.getLogger(__name__)
 
 DEBUGGING = False
-ADD_DEL_COUNT = 500
+ADD_DEL_COUNT = 5000
 MAX_LOOPS = 5
 TEST_CONVERGE_LATENCY = True
 CONVERGENCE_TIMEOUT = '60'

commit fc1310e352e124d66d58d0a3e86d45c5573cbfb2
Author: Noriko Hosoi <nhosoi at redhat.com>
Date:   Thu Sep 1 11:34:53 2016 -0700

    Ticket #48969 - nsslapd-auditfaillog always has an explicit path
    
    Description: commit ef2c3c4cc6f966935dbe367dd0d882ae81de3cc4
    introduced a RESOURCE_LEAK.
        auditlog.c:180: leaked_storage: Variable "audit_config" going
                        out of scope leaks the storage it points to.
    
    Reviewed by nhosoi (one line commit rule)
    
    (cherry picked from commit 95d820901e7264490bae02b8ca943d09a344d7ac)
    (cherry picked from commit b0fc82233a5ea929c5fad835f9e825a8f0b97968)

diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
index 85d136c..74d1b46 100644
--- a/ldap/servers/slapd/auditlog.c
+++ b/ldap/servers/slapd/auditlog.c
@@ -177,6 +177,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
         write_audit_file(SLAPD_AUDITFAIL_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
     }
     slapi_ch_free_string(&auditfail_config);
+    slapi_ch_free_string(&audit_config);
 }
 
 

commit cf5683ae112528597af70a4e06cfb51e8e0c3c74
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Thu Sep 1 12:54:08 2016 -0400

    Ticket 48957 - Update repl-monitor to handle new status messages
    
    Bug Description:  The replication agreement status messages have changed,
                      and the repl-monitor script was not updated to reflect
                      these changes.  This lead to the html report incorrectly
                      color coding a successfull status.
    
    Fix Description:  Update the script to ignore "Error (0)"
    
    https://fedorahosted.org/389/ticket/48957
    
    Reviewed by: mreynolds (one line commit rule)
    
    (cherry picked from commit 32ee33b2222a9bbc0657ceb912ca3fa74ee27dcc)

diff --git a/ldap/admin/src/scripts/repl-monitor.pl.in b/ldap/admin/src/scripts/repl-monitor.pl.in
index aa7ab1e..a3efa8e 100755
--- a/ldap/admin/src/scripts/repl-monitor.pl.in
+++ b/ldap/admin/src/scripts/repl-monitor.pl.in
@@ -877,7 +877,7 @@ sub print_consumers
 			}   
 			my $redfontstart = "";
 			my $redfontend = "";
-			if ($status =~ /error/i) {
+			if ($status !~ /Error \(0\)/i) {
 			  $redfontstart = "<font color='red'>";
 			  $redfontend = "</font>";
 			}

commit 4d60ed2789d2e624581ab4f4068c4fa7927e9be3
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Wed Aug 31 12:19:15 2016 -0400

    Ticket 48832 - Fix CI tests
    
    Description:  More timing issues with some CI tests.  Need to add
                  short sleeps in between certain operations.
    
    https://fedorahosted.org/389/ticket/48832
    
    Reviewed by: spichugi(Thanks!)

diff --git a/dirsrvtests/tests/tickets/ticket48784_test.py b/dirsrvtests/tests/tickets/ticket48784_test.py
index 2898807..3559a48 100644
--- a/dirsrvtests/tests/tickets/ticket48784_test.py
+++ b/dirsrvtests/tests/tickets/ticket48784_test.py
@@ -180,6 +180,7 @@ def enable_ssl(server, ldapsport, mycert):
                                  'nsSSLPersonalitySSL': mycert,
                                  'nsSSLToken': 'internal (software)',
                                  'nsSSLActivation': 'on'})))
+    time.sleep(1)
 
 
 def doAndPrintIt(cmdline, filename):
@@ -229,6 +230,7 @@ def create_keys_certs(topology):
     pwdfd = open(pwdfile, "w")
     pwdfd.write(passwd)
     pwdfd.close()
+    time.sleep(1)
 
     log.info("##### create the pin file")
     m1pinfile = '%s/pin.txt' % (m1confdir)
@@ -297,6 +299,7 @@ def create_keys_certs(topology):
     cmd = 'pk12util -o %s -n "%s" -d %s -w %s -k %s' % (m2pk12file, M2SERVERCERT, m1confdir, pwdfile, pwdfile)
     log.info("##### Extract PK12 file for master2: %s" % cmd)
     os.system(cmd)
+    time.sleep(1)
 
     log.info("##### Check PK12 files")
     if os.path.isfile(m2pk12file):
@@ -323,6 +326,7 @@ def create_keys_certs(topology):
     log.info('copy %s to %s' % (m1pinfile, m2pinfile))
     os.system('cp %s %s' % (m1pinfile, m2pinfile))
     os.system('chmod 400 %s' % m2pinfile)
+    time.sleep(1)
 
     log.info("##### start master2")
     topology.master2.start(timeout=10)
@@ -331,10 +335,10 @@ def create_keys_certs(topology):
     enable_ssl(topology.master2, M2LDAPSPORT, M2SERVERCERT)
 
     log.info("##### restart master2")
-    topology.master2.restart(timeout=10)
+    topology.master2.restart(timeout=30)
 
     log.info("##### restart master1")
-    topology.master1.restart(timeout=10)
+    topology.master1.restart(timeout=30)
 
     log.info("\n######################### Creating SSL Keys and Certs Done ######################\n")
 
@@ -418,7 +422,7 @@ def test_ticket48784(topology):
     log.info("##### replication from master_2 to master_1 should fail.")
     add_entry(topology.master2, 'master2', 'uid=m2user', 10, 1)
 
-    time.sleep(2)
+    time.sleep(10)
 
     log.info('##### Searching for entries on master1...')
     entries = topology.master1.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(uid=*)')
diff --git a/dirsrvtests/tests/tickets/ticket48798_test.py b/dirsrvtests/tests/tickets/ticket48798_test.py
index f6f3911..297e2ef 100644
--- a/dirsrvtests/tests/tickets/ticket48798_test.py
+++ b/dirsrvtests/tests/tickets/ticket48798_test.py
@@ -84,24 +84,39 @@ def test_ticket48798(topology):
 
     # Check if the db exists. Should be false.
     assert(topology.standalone.nss_ssl._db_exists() is False)
+    time.sleep(0.5)
+
     # Create it. Should work.
     assert(topology.standalone.nss_ssl.reinit() is True)
+    time.sleep(0.5)
+
     # Check if the db exists. Should be true
     assert(topology.standalone.nss_ssl._db_exists() is True)
+    time.sleep(0.5)
 
     # Check if ca exists. Should be false.
     assert(topology.standalone.nss_ssl._rsa_ca_exists() is False)
+    time.sleep(0.5)
+
     # Create it. Should work.
     assert(topology.standalone.nss_ssl.create_rsa_ca() is True)
+    time.sleep(0.5)
+
     # Check if ca exists. Should be true
     assert(topology.standalone.nss_ssl._rsa_ca_exists() is True)
+    time.sleep(0.5)
 
     # Check if we have a server cert / key. Should be false.
     assert(topology.standalone.nss_ssl._rsa_key_and_cert_exists() is False)
+    time.sleep(0.5)
+
     # Create it. Should work.
     assert(topology.standalone.nss_ssl.create_rsa_key_and_cert() is True)
+    time.sleep(0.5)
+
     # Check if server cert and key exist. Should be true.
     assert(topology.standalone.nss_ssl._rsa_key_and_cert_exists() is True)
+    time.sleep(0.5)
 
     topology.standalone.config.enable_ssl(secport=DEFAULT_SECURE_PORT, secargs={'nsSSL3Ciphers': '+all'} )
 

commit 52230585a1191bf1e747780b592f291d652e26dd
Author: Mark Reynolds <mreynolds at redhat.com>
Date:   Tue Aug 30 14:25:15 2016 -0400

    Ticket 48975- Disabling CLEAR password storage scheme will
     crash server when setting a password
    
    Bug Description:  If the CLEAR password storage scheme plugin is disabled, and a
                      userpassword is set, the server crashes.  This is because we
                      expect this plugin to be enabled when working with the unhashed
                      password.
    
    Fix Description:  Always check if the password scheme, returned by pw_val2scheme(),
                      is NULL before dereferencing it.  If it is NULL treat it as a
                      clear text password.
    
    Valgrind: Passed
    
    https://fedorahosted.org/389/ticket/48975
    
    Reviewed by: nhosoi(Thanks!)

diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c
index 4a5faa0..72f2db4 100644
--- a/ldap/servers/slapd/modify.c
+++ b/ldap/servers/slapd/modify.c
@@ -827,7 +827,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 				for ( i = 0; pw_mod->mod_bvalues != NULL && pw_mod->mod_bvalues[i] != NULL; i++ ) {
 					password = slapi_ch_strdup(pw_mod->mod_bvalues[i]->bv_val);
 					pwsp = pw_val2scheme( password, &valpwd, 1 );
-					if(strcmp(pwsp->pws_name, "CLEAR") == 0){
+					if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
 						/*
 						 *  CLEAR password
 						 *
@@ -851,7 +851,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 								const char *userpwd = slapi_value_get_string(present_values[ii]);
 
 								pass_scheme = pw_val2scheme( (char *)userpwd, &pval, 1 );
-								if(strcmp(pass_scheme->pws_name,"CLEAR")){
+								if(pass_scheme && strcmp(pass_scheme->pws_name,"CLEAR")){
 									/* its encoded, so compare it */
 									if((*(pass_scheme->pws_cmp))( valpwd, pval ) == 0 ){
 									    /*
@@ -912,7 +912,7 @@ static void op_shared_modify (Slapi_PBlock *pb, int pw_change, char *old_pw)
 								 *  provided by the client.
 								 */
 								unhashed_pwsp = pw_val2scheme( (char *)unhashed_pwd, NULL, 1 );
-								if(strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
+								if(unhashed_pwsp == NULL || strcmp(unhashed_pwsp->pws_name, "CLEAR") == 0){
 									if((*(pwsp->pws_cmp))((char *)unhashed_pwd , valpwd) == 0 ){
 										/* match, add the delete mod for this particular unhashed userpassword */
 										if (SLAPD_UNHASHED_PW_OFF != config_get_unhashed_pw_switch()) {
@@ -1156,7 +1156,7 @@ valuearray_init_bervalarray_unhashed_only(struct berval **bvals, Slapi_Value ***
 		*cvals = (Slapi_Value **) slapi_ch_malloc((n + 1) * sizeof(Slapi_Value *));
 		for(i=0,p=0;i<n;i++){
 			pwsp = pw_val2scheme( bvals[i]->bv_val, NULL, 1 );
-			if(strcmp(pwsp->pws_name, "CLEAR") == 0){
+			if(pwsp == NULL || strcmp(pwsp->pws_name, "CLEAR") == 0){
 				(*cvals)[p++] = slapi_value_new_berval(bvals[i]);
 			}
 			free_pw_scheme( pwsp );
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 3f2cdb0..6f02f90 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -234,8 +234,8 @@ void free_pw_scheme(struct pw_scheme *pwsp)
 {
 	if ( pwsp != NULL )
 	{
-		slapi_ch_free( (void**)&pwsp->pws_name );
-		slapi_ch_free( (void**)&pwsp );
+		slapi_ch_free_string(&pwsp->pws_name);
+		slapi_ch_free((void**)&pwsp);
 	}
 }
 

commit 4cbde48a73db91a49ccacf95a6ffcd5134c57cbe
Author: Simon Pichugin <spichugi at redhat.com>
Date:   Tue Aug 30 10:13:50 2016 +0200

    Ticket 48369 - Add CI test suite
    
    Description: Add test suite to the Password test suite and remove old
    test case from the Tickets dir.
    



More information about the Pkg-fedora-ds-maintainers mailing list