[PATCH] More for ITS#6872
by cmikk@qwest.net
[Note: The previous patch did not fix the problem when
the consumer's access was restricted to the replicated
subtree. This patch fixes that.]
Perform the internal FIND_CSN search based at the backend's suffix with the
privileges of the backend's root DN.
---
servers/slapd/overlays/syncprov.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index 0c148f9..a058e19 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -661,6 +661,8 @@ again:
if ( BER_BVISEMPTY( &cf.f_av_value )) {
cf.f_av_value = *csn;
}
+ fop.o_dn = op->o_bd->be_rootdn;
+ fop.o_ndn = op->o_bd->be_rootndn;
fop.o_req_dn = op->o_bd->be_suffix[0];
fop.o_req_ndn = op->o_bd->be_nsuffix[0];
/* Look for exact match the first time */
--
1.7.1.1
12 years, 6 months
(ITS#6886) slapo-dds: Wrong tag in Refresh Response
by michael@stroeder.com
Full_Name: Michael Ströder
Version: HEAD
OS:
URL:
Submission from: (NULL) (195.145.144.134)
The Refresh Response sent back by slapo-dds contains tag [0] instead of [1] as
described in section 4.2 of RFC 2589:
The response field will contain as a value the DER-encoding of the
following ASN.1 data type:
SEQUENCE {
responseTtl [1] INTEGER
}
If I assume [0] in my client when decoding it works...
12 years, 6 months
Re: (ITS#6878) ppcache segfault with tavl_delete
by tjgates@castlebranch.com
Just crashed:
Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb07f3b70 (LWP 24359)]
0xb77a7430 in __kernel_vsyscall ()
(gdb)
(gdb) bt
#0 0xb77a7430 in __kernel_vsyscall ()
#1 0xb727a651 in *__GI_raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0xb727da82 in *__GI_abort () at abort.c:92
#3 0xb72b149d in __libc_message (do_abort=2, fmt=0xb7385f98 "*** glibc
detected *** %s: %s: 0x%s ***\n") at
../sysdeps/unix/sysv/linux/libc_fatal.c:189
#4 0xb72bb591 in malloc_printerr (action=<value optimized out>, str=0x6
<Address 0x6 out of bounds>, ptr=0xb8d93a40) at malloc.c:6266
#5 0xb72bcde8 in _int_free (av=<value optimized out>, p=<value
optimized out>) at malloc.c:4794
#6 0xb72bfecd in *__GI___libc_free (mem=0xb8d93a40) at malloc.c:3738
#7 0xb7750c20 in ber_memfree_x () from /usr/lib/liblber-2.4.so.2
#8 0xb7750caf in ber_bvarray_free_x () from /usr/lib/liblber-2.4.so.2
#9 0xb7750cf5 in ber_bvarray_free () from /usr/lib/liblber-2.4.so.2
#10 0xb7808f3d in attr_clean (a=0xb688ff64) at
/tmp/buildd/openldap-2.4.24/servers/slapd/attr.c:146
#11 0xb7808fdb in attrs_free (a=0xb688ff64) at
/tmp/buildd/openldap-2.4.24/servers/slapd/attr.c:196
#12 0xb6e2db0f in hdb_cache_modify (bdb=0xb8c104b0, e=0xb8c57b5c,
newAttrs=0xb688ed64, txn=0xb8d93ea8, lock=0xb07f11f0) at cache.c:1226
#13 0xb6e1901c in hdb_modify (op=0xb07f152c, rs=0xb07f1368) at modify.c:669
#14 0xb6e47258 in merge_entry (op=<value optimized out>, e=0xb8c58264,
dup=0, query_uuid=0xb8c9b130)
at /tmp/buildd/openldap-2.4.24/servers/slapd/overlays/pcache.c:874
#15 0xb6e4effc in cache_entries (op=<value optimized out>,
query_uuid=<value optimized out>)
at /tmp/buildd/openldap-2.4.24/servers/slapd/overlays/pcache.c:2291
#16 0xb6e4f3ed in pcache_op_cleanup (op=0xb8c829d8, rs=0xb07f2ffc) at
/tmp/buildd/openldap-2.4.24/servers/slapd/overlays/pcache.c:2396
#17 0xb78102ee in slap_cleanup_play (op=<value optimized out>, rs=<value
optimized out>) at /tmp/buildd/openldap-2.4.24/servers/slapd/result.c:539
#18 0xb7810fa9 in send_ldap_response (op=0xb8c829d8, rs=0xb07f2ffc) at
/tmp/buildd/openldap-2.4.24/servers/slapd/result.c:724
#19 0xb781209c in slap_send_ldap_result (op=0xb8c829d8, rs=0xb07f2ffc)
at /tmp/buildd/openldap-2.4.24/servers/slapd/result.c:851
#20 0xb6e6a987 in ldap_back_search (op=0xb8c829d8, rs=0xb07f2ffc) at
/tmp/buildd/openldap-2.4.24/servers/slapd/back-ldap/search.c:574
#21 0xb787802b in overlay_op_walk (op=0xb8c829d8, rs=0xb07f2ffc,
which=op_search, oi=0xb8c10fe0, on=0xb8c10260)
at /tmp/buildd/openldap-2.4.24/servers/slapd/backover.c:669
#22 0xb7878d58 in over_op_func (op=<value optimized out>, rs=<value
optimized out>, which=op_search)
at /tmp/buildd/openldap-2.4.24/servers/slapd/backover.c:721
#23 0xb7800b54 in fe_op_search (op=0xb8c829d8, rs=0xb07f2ffc) at
/tmp/buildd/openldap-2.4.24/servers/slapd/search.c:372
#24 0xb78014e7 in do_search (op=0xb8c829d8, rs=0xb07f2ffc) at
/tmp/buildd/openldap-2.4.24/servers/slapd/search.c:217
#25 0xb77fd994 in connection_operation (ctx=0xb07f31dc,
arg_v=0xb8c829d8) at
/tmp/buildd/openldap-2.4.24/servers/slapd/connection.c:1113
#26 0xb77fe492 in connection_read_thread (ctx=0xb07f31dc, argv=0x28) at
/tmp/buildd/openldap-2.4.24/servers/slapd/connection.c:1249
#27 0xb77634f4 in ?? () from /usr/lib/libldap_r-2.4.so.2
#28 0xb73af96e in start_thread (arg=0xb07f3b70) at pthread_create.c:300
#29 0xb731da4e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
(gdb)
she gdb shell is still open, let me know if I can provide any further
information.
On 03/24/2011 01:34 PM, Quanah Gibson-Mount wrote:
> --On Thursday, March 24, 2011 4:28 PM +0000 tjgates(a)castlebranch.com
> wrote:
>
>> Full_Name: Tyler Gates
>> Version: 2.4.21
>> OS: Ubuntu 10.04.2 LTS/CentOS 5.4
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (24.106.216.17)
>>
>>
>> I have a caching proxy server (2.4.21) in front of two multi-masters.
>> After about 1 to 3 days it will segfault only when caching is enabled.
>> Log files are normally pretty useless but are normally in the operation
>> of removing stale queries:
>
> Bug reports with 2.4.21 are not being pursued. Please use a current
> release (2.4.24) and verify whether or not the issue still exists there.
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration
--
Tyler Gates
Systems Administrator
Castle Branch Inc.
910-815-3880 ext 7230
tjgates(a)castlebranch.com
This e-mail message, including any attachments, may contain private,
confidential, and privileged information for the restricted use of the
intended recipient(s). If you are not the intended recipient(s), you
may NOT use, disclose, copy, or disseminate this information. Please
notify the sender by return e-mail of this misdirected correspondence
and destroy all copies of the original message including all attachments.
Your cooperation is appreciated.
12 years, 6 months
Re: (ITS#6884) contrib: password syntax checking overlay
by Kurt@OpenLDAP.org
On Mar 29, 2011, at 2:11 PM, mathieu.baeumler(a)gmail.com wrote:
> Full_Name: Mathieu Baeumler
> Version: 2.4.24
> OS: Debian GNU/Linux
> URL: ftp://ftp.openldap.org/incoming/mathieu-baeumler-110329.tgz
> Submission from: (NULL) (94.252.66.219)
>
>
> Hello,
>
> Please find a new overlay that enforces syntactic constraints on passwords. This
> overlay can also be used in conjunction with the ppolicy overlay, as it
> implements the check_password function.
>
> See the man page (slapo-pwdconstraint.5) for details on how to use it.
>
> Regards,
>
> Mathieu Baeumler
>
> /*
> * Copyright 2011 Mathieu Baeumler, Dimension Data. All rights reserved.
> *
> * OIDs under 1.3.6.1.4.1.10076 courtesy of European Commission.
This doesn't seem like text appropriately placed in a copyright notice.
> *
> * Redistribution and use in source and binary forms, with or without
> * modification, are permitted only as authorized by the OpenLDAP
> * Public License.
> *
> * A copy of this license is available in the file LICENSE in the
> * top-level directory of the distribution or, alternatively, at
> * <http://www.OpenLDAP.org/license.html>.
> */
Your submission lacks a notice of origin. Please review http://www.openldap.org/devel/contributing.html
Please also note that git-format-patch(1) format submissions are now preferred.
-- Kurt
12 years, 6 months
[PATCH] ITS#6872
by cmikk@qwest.net
---
servers/slapd/overlays/syncprov.c | 19 +++++++------------
1 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/servers/slapd/overlays/syncprov.c b/servers/slapd/overlays/syncprov.c
index 3c64763..0c148f9 100644
--- a/servers/slapd/overlays/syncprov.c
+++ b/servers/slapd/overlays/syncprov.c
@@ -586,7 +586,7 @@ findpres_cb( Operation *op, SlapReply *rs )
}
static int
-syncprov_findcsn( Operation *op, find_csn_t mode )
+syncprov_findcsn( Operation *op, find_csn_t mode, struct berval *csn )
{
slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
syncprov_info_t *si = on->on_bi.bi_private;
@@ -659,15 +659,10 @@ again:
break;
case FIND_CSN:
if ( BER_BVISEMPTY( &cf.f_av_value )) {
- cf.f_av_value = srs->sr_state.ctxcsn[0];
- /* If there are multiple CSNs, use the smallest */
- for ( i=1; i<srs->sr_state.numcsns; i++ ) {
- if ( ber_bvcmp( &cf.f_av_value, &srs->sr_state.ctxcsn[i] )
- > 0 ) {
- cf.f_av_value = srs->sr_state.ctxcsn[i];
- }
- }
+ cf.f_av_value = *csn;
}
+ fop.o_req_dn = op->o_bd->be_suffix[0];
+ fop.o_req_ndn = op->o_bd->be_nsuffix[0];
/* Look for exact match the first time */
if ( findcsn_retry ) {
cf.f_choice = LDAP_FILTER_EQUALITY;
@@ -2624,7 +2619,7 @@ no_change: if ( !(op->o_sync_mode & SLAP_SYNC_PERSIST) ) {
}
}
/* Is the CSN still present in the database? */
- if ( syncprov_findcsn( op, FIND_CSN ) != LDAP_SUCCESS ) {
+ if ( syncprov_findcsn( op, FIND_CSN, &mincsn ) != LDAP_SUCCESS ) {
/* No, so a reload is required */
/* the 2.2 consumer doesn't send this hint */
if ( si->si_usehint && srs->sr_rhint == 0 ) {
@@ -2648,7 +2643,7 @@ no_change: if ( !(op->o_sync_mode & SLAP_SYNC_PERSIST) ) {
} else {
gotstate = 1;
/* If changed and doing Present lookup, send Present UUIDs */
- if ( do_present && syncprov_findcsn( op, FIND_PRESENT ) !=
+ if ( do_present && syncprov_findcsn( op, FIND_PRESENT, 0 ) !=
LDAP_SUCCESS ) {
if ( ctxcsn )
ber_bvarray_free_x( ctxcsn, op->o_tmpmemctx );
@@ -2976,7 +2971,7 @@ syncprov_db_otask(
void *ptr
)
{
- syncprov_findcsn( ptr, FIND_MAXCSN );
+ syncprov_findcsn( ptr, FIND_MAXCSN, 0 );
return NULL;
}
--
1.7.1.1
12 years, 6 months
(ITS#6884) contrib: password syntax checking overlay
by mathieu.baeumler@gmail.com
Full_Name: Mathieu Baeumler
Version: 2.4.24
OS: Debian GNU/Linux
URL: ftp://ftp.openldap.org/incoming/mathieu-baeumler-110329.tgz
Submission from: (NULL) (94.252.66.219)
Hello,
Please find a new overlay that enforces syntactic constraints on passwords. This
overlay can also be used in conjunction with the ppolicy overlay, as it
implements the check_password function.
See the man page (slapo-pwdconstraint.5) for details on how to use it.
Regards,
Mathieu Baeumler
/*
* Copyright 2011 Mathieu Baeumler, Dimension Data. All rights reserved.
*
* OIDs under 1.3.6.1.4.1.10076 courtesy of European Commission.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
12 years, 6 months
Re: (ITS#6883) Improved Makefiles for contrib modules
by quanah@zimbra.com
--On Tuesday, March 29, 2011 3:25 PM +0000 bgmilne(a)staff.telkomsa.net wrote:
> Full_Name: Buchan Milne
> Version: 2.4.25
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (196.25.124.16)
>
>
> While the code in contrib is not supported, some overlays provide make
> files, some don't, and there were variations in a lot of the make files
> (e.g. use of DESTDIR or not).
>
> In order to add make files for overlays that don't have them, improve the
> consistency of the make files between overlays that had them, and to
> provide some basic sanity testing in a 'test' target, I have created the
> patch at:
> http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/openldap/curre
> nt/SOURCES/openldap-2.4.25-contrib-makefiles-with-tests.patch?revision=64
> 8744&view=markup
>
> The patch is against 2.4.25, but should apply to master (except that
> there two additional overlays are present in master). Where feasible I
> have retained the majority of an existing make file, in other cases,
> where modifications would exceed the original content, I have replaced
> existing make files wholesale.
>
> The attached patch file is derived from OpenLDAP Software. All of the
> modifications to OpenLDAP Software represented in the following patch(es)
> were developed by Buchan Milne (bgmilne(a)staff.telkomsa.net). I have not
> assigned rights and/or interest in this work to any party.
Hi Buchan,
Can you make the patch available via git-format-patch?
Thanks,
Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
12 years, 6 months
Re: Another fix for (ITS#6872)
by quanah@zimbra.com
--On Tuesday, March 29, 2011 5:46 PM +0000 cmikk(a)qwest.net wrote:
> I've corrected the above patch (si->si_contextdn was only
> coincidentally the correct value to use there), combined
> it with the previous patch, and posted the result at:
>
> http://mikk.net/~chris/syncprov/patch-syncprov.c
Hi Chris,
We just finished our migration to git. As git is now available, patches
via git-format-patch are now preferred.
Thanks!
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
12 years, 6 months