From d373bc0181868601e1efe24efb481a8437394025 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Thu, 12 Jan 2023 12:22:46 +0000 Subject: [PATCH 01/16] ITS#10436 Manpage fixes --- doc/man/man1/ldapsearch.1 | 1 + doc/man/man3/ldap_parse_reference.3 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man/man1/ldapsearch.1 b/doc/man/man1/ldapsearch.1 index 70e297d0ee..f526bb1d89 100644 --- a/doc/man/man1/ldapsearch.1 +++ b/doc/man/man1/ldapsearch.1 @@ -317,6 +317,7 @@ Search extensions: rp[/][/] (LDAP Sync refreshAndPersist) [!]vlv=/(//|:) (virtual list view) [!]deref=derefAttr:attr[,attr[...]][;derefAttr:attr[,attr[...]]] + [!]accountUsability (Netscape Password policy) [!][=:|::] .fi .TP diff --git a/doc/man/man3/ldap_parse_reference.3 b/doc/man/man3/ldap_parse_reference.3 index d3fb0a21b6..81863dca1e 100644 --- a/doc/man/man3/ldap_parse_reference.3 +++ b/doc/man/man3/ldap_parse_reference.3 @@ -32,7 +32,7 @@ or The \fIreferralsp\fP parameter will be filled in with an allocated array of character strings. The strings are copies of the referrals contained in the parsed message. The array should be freed by calling -.BR ldap_value_free (3) . +.BR ldap_memvfree (3) . If \fIreferralsp\fP is NULL, no referrals are returned. If no referrals were returned, \fI*referralsp\fP is set to NULL. .LP From f656b683098bb6fad176434f10d55040d6cff8e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Thu, 12 Jan 2023 12:24:39 +0000 Subject: [PATCH 02/16] ITS#10436 Do not ignore errors from ldap_abandoned() --- libraries/libldap/result.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c index d0191bbc72..bcfbfb366f 100644 --- a/libraries/libldap/result.c +++ b/libraries/libldap/result.c @@ -175,7 +175,7 @@ chkResponseList( nextlm = lm->lm_next; ++cnt; - if ( ldap_abandoned( ld, lm->lm_msgid ) ) { + if ( ldap_abandoned( ld, lm->lm_msgid ) > 0 ) { Debug2( LDAP_DEBUG_ANY, "response list msg abandoned, " "msgid %d message type %s\n", @@ -610,7 +610,7 @@ fail: /* if it's been abandoned, toss it */ if ( id > 0 ) { - if ( ldap_abandoned( ld, id ) ) { + if ( ldap_abandoned( ld, id ) > 0 ) { /* the message type */ tag = ber_peek_tag( ber, &len ); switch ( tag ) { @@ -1433,8 +1433,8 @@ ldap_msgdelete( LDAP *ld, int msgid ) /* * ldap_abandoned * - * return the location of the message id in the array of abandoned - * message ids, or -1 + * return 1 if message id is in the array of abandoned message ids, + * 0 if not, -1 on error. */ static int ldap_abandoned( LDAP *ld, ber_int_t msgid ) From 6eb2b1c4e3aa3e36136778aec726ec13932e8faa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Thu, 12 Jan 2023 12:26:39 +0000 Subject: [PATCH 03/16] ITS#10436 Config handling Stuff that can crash slap* tools and similar nits --- servers/slapd/bconfig.c | 10 +++++++--- servers/slapd/logging.c | 3 ++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index dbb9ff6c1e..18f23c6944 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -1580,7 +1580,7 @@ config_generic(ConfigArgs *c) { break; case CFG_LASTBIND_PRECISION: - c->be->be_lastbind_precision = 0; + c->be->be_lastbind_precision = c->ca_desc->arg_default.v_uint; break; case CFG_LASTBIND_ASSERT: @@ -2011,7 +2011,9 @@ config_generic(ConfigArgs *c) { mask |= 1; } new_daemon_threads = mask+1; - config_push_cleanup( c, config_resize_lthreads ); + if ( CONFIG_ONLINE_ADD( c ) ) { + config_push_cleanup( c, config_resize_lthreads ); + } } break; @@ -5689,7 +5691,9 @@ done: schema_destroy_one( ca, colst, nocs, last ); } else if ( ca->num_cleanups ) { ca->reply.err = rc; - config_run_cleanup( ca ); + if ( slapMode & SLAP_SERVER_MODE ) { + config_run_cleanup( ca ); + } } } done_noop: diff --git a/servers/slapd/logging.c b/servers/slapd/logging.c index 04e0ffcc17..8f0b4b5e68 100644 --- a/servers/slapd/logging.c +++ b/servers/slapd/logging.c @@ -743,8 +743,9 @@ config_logging(ConfigArgs *c) { } else if ( c->op == LDAP_MOD_DELETE ) { switch(c->type) { case CFG_LOGLEVEL: + /* If missing, the default is stored in ldap_syslog? */ if ( !c->line ) { - config_syslog = 0; + config_syslog = LDAP_DEBUG_NONE; } else { i = verb_to_mask( c->line, loglevel_ops ); config_syslog &= ~loglevel_ops[i].mask; From 957d23df00984d1a30bca618085c76514249d7cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Thu, 12 Jan 2023 12:28:22 +0000 Subject: [PATCH 04/16] ITS#10436 Check we understand the requested password hash early --- servers/slapd/slappasswd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/servers/slapd/slappasswd.c b/servers/slapd/slappasswd.c index 09892e3f0b..d664d347b6 100644 --- a/servers/slapd/slappasswd.c +++ b/servers/slapd/slappasswd.c @@ -241,6 +241,12 @@ slappasswd( int argc, char *argv[] ) } #endif + if ( !lutil_passwd_scheme( scheme ) ) { + fprintf( stderr, "Password scheme not recognised\n" ); + rc = EXIT_FAILURE; + goto destroy; + } + if( pwfile != NULL ) { if( lutil_get_filed_password( pwfile, &passwd )) { rc = EXIT_FAILURE; From 1528f88794d150f457daef7ae33a5834a1ed57cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Thu, 12 Jan 2023 12:32:03 +0000 Subject: [PATCH 05/16] ITS#10436 Make sure to stop servers if test fails --- tests/scripts/test068-sasl-tls-external | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/test068-sasl-tls-external b/tests/scripts/test068-sasl-tls-external index a28ef383ed..edd3323292 100755 --- a/tests/scripts/test068-sasl-tls-external +++ b/tests/scripts/test068-sasl-tls-external @@ -75,6 +75,7 @@ $LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls_reqce RC=$? if test $RC != 0 ; then echo "ldapwhoami (startTLS) failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $PID exit $RC else echo "success" From b9379f6e4e7be6d4bb8b03e727d71a3fd3518ed5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Tue, 9 Jan 2024 18:37:49 +0000 Subject: [PATCH 06/16] ITS#10436 This profile builds full lloadd, not standalone --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 42b2d8fa08..f3bb8fb67c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -74,7 +74,7 @@ build-gnutls-mit-standalone-lloadd: - obj/servers/ - obj/libraries/ -build-mbedtls-mit-standalone-lloadd: +build-mbedtls-mit-lloadd: image: "debian:testing" stage: build script: From 8dad313e806bfcf93640ce157377f3ec1463e851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Wed, 17 Dec 2025 11:17:44 +0000 Subject: [PATCH 07/16] ITS#10436 Silence useless warnings --- build/mkversion | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/build/mkversion b/build/mkversion index 8d3e97758c..7a1a20811a 100755 --- a/build/mkversion +++ b/build/mkversion @@ -72,11 +72,13 @@ cat << __EOF__ * . */ -static const char copyright[] = +#include + +static const char copyright[] LDAP_GCCATTR((unused)) = "Copyright 1998-2026 The OpenLDAP Foundation. All rights reserved.\n" "COPYING RESTRICTIONS APPLY\n"; -$static $const char $SYMBOL[] = +$static $const char $SYMBOL[] LDAP_GCCATTR((unused)) = "@(#) \$$PACKAGE: $APPLICATION $VERSION (" __DATE__ " " __TIME__ ") \$\n" "\t$WHOWHERE\n"; From 0ef0bf4d8c1f47729946955809028be5183a5a60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Wed, 17 Dec 2025 11:18:04 +0000 Subject: [PATCH 08/16] ITS#10436 Unintended fallthrough --- clients/tools/ldapsearch.c | 1 + 1 file changed, 1 insertion(+) diff --git a/clients/tools/ldapsearch.c b/clients/tools/ldapsearch.c index ed394ec7fa..697d18b402 100644 --- a/clients/tools/ldapsearch.c +++ b/clients/tools/ldapsearch.c @@ -2279,6 +2279,7 @@ static void print_syncinfo( } break; case LBER_DEFAULT: printf(_("empty SyncInfoValue\n")); + break; default: printf(_("SyncInfoValue unknown\n")); break; From 3d36ac523db391e503bdfc64c8633f551cce4055 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Wed, 17 Dec 2025 11:19:33 +0000 Subject: [PATCH 09/16] =?UTF-8?q?ITS#9513=20If=20lucky=20enough=20to=20lan?= =?UTF-8?q?d=20in=20the=20same=20=C2=B5s,=20increment=20counter=20even=20i?= =?UTF-8?q?f=20we=20count=20in=20ns?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- libraries/libldap/util-int.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libraries/libldap/util-int.c b/libraries/libldap/util-int.c index a7f7eb7501..b72125b1f8 100644 --- a/libraries/libldap/util-int.c +++ b/libraries/libldap/util-int.c @@ -311,12 +311,14 @@ ldap_pvt_gettime( struct lutil_tm *ltm ) time_t t; #ifdef HAVE_CLOCK_GETTIME #define FRAC tv_nsec +#define USECS(x) x / 1000 #define NSECS(x) x struct timespec tv; clock_gettime( CLOCK_REALTIME, &tv ); #else #define FRAC tv_usec +#define USECS(x) x #define NSECS(x) x * 1000 struct timeval tv; @@ -327,7 +329,7 @@ ldap_pvt_gettime( struct lutil_tm *ltm ) LDAP_MUTEX_LOCK( &ldap_int_gettime_mutex ); if ( tv.tv_sec < _ldap_pvt_gt_prevTv.tv_sec || ( tv.tv_sec == _ldap_pvt_gt_prevTv.tv_sec - && tv.FRAC <= _ldap_pvt_gt_prevTv.FRAC )) { + && USECS(tv.FRAC) <= USECS(_ldap_pvt_gt_prevTv.FRAC) )) { _ldap_pvt_gt_subs++; } else { _ldap_pvt_gt_subs = 0; From 210b5999444bc8c5bbbf6ee0be18f1530c0c6b71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Wed, 17 Dec 2025 11:20:14 +0000 Subject: [PATCH 10/16] ITS#10436 Log current file in defacl message --- servers/slapd/bconfig.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index 18f23c6944..2006ba3b76 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -7595,6 +7595,8 @@ config_back_db_open( BackendDB *be, ConfigReply *cr ) c.lineno = 0; c.argc = 6; c.argv = (char **)defacl; + snprintf( c.log, sizeof(c.log), "%s", c.fname ); + parse_acl( &c, 0 ); defacl_parsed = be->bd_self->be_acl; if ( save_access ) { From c10be389bc30de4328f8dfe38c38f29ad7b7b69b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Wed, 17 Dec 2025 11:21:07 +0000 Subject: [PATCH 11/16] ITS#10437 Let systemd know we're mid-pause --- servers/slapd/daemon.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c index d1f3926943..e8c44512ae 100644 --- a/servers/slapd/daemon.c +++ b/servers/slapd/daemon.c @@ -3492,6 +3492,10 @@ slap_pause_server( void ) BackendInfo *bi; int rc = LDAP_SUCCESS; +#ifdef HAVE_SYSTEMD + sd_notify( 1, "RELOADING=1" ); +#endif /* HAVE_SYSTEMD */ + rc = ldap_pvt_thread_pool_pause( &connection_pool ); LDAP_STAILQ_FOREACH(bi, &backendInfo, bi_next) { @@ -3528,6 +3532,11 @@ slap_unpause_server( void ) } rc = ldap_pvt_thread_pool_resume( &connection_pool ); + +#ifdef HAVE_SYSTEMD + sd_notify( 1, "READY=1" ); +#endif /* HAVE_SYSTEMD */ + return rc; } From b7573f5d2fa4660740d070c15aa76536dae53aa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Wed, 17 Dec 2025 11:21:37 +0000 Subject: [PATCH 12/16] ITS#10436 Typo --- servers/slapd/overlays/accesslog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/servers/slapd/overlays/accesslog.c b/servers/slapd/overlays/accesslog.c index 5c83e6bcd9..26dc610954 100644 --- a/servers/slapd/overlays/accesslog.c +++ b/servers/slapd/overlays/accesslog.c @@ -141,7 +141,7 @@ static ConfigTable log_cfats[] = { "DESC 'Log old values of these attributes even if unmodified' " "EQUALITY caseIgnoreMatch " "SYNTAX OMsDirectoryString )", NULL, NULL }, - { "logbase", "op|writes|reads|session|all< Date: Wed, 17 Dec 2025 11:22:40 +0000 Subject: [PATCH 13/16] ITS#10436 Make gdb happy and keep unique names for static variables --- servers/slapd/slap.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index b30aa98a89..0a12627f2d 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -3385,13 +3385,13 @@ struct zone_heap { #endif #define SLAP_BACKEND_INIT_MODULE(b) \ - static BackendInfo bi; \ + static BackendInfo b ## _bi; \ int \ init_module( int argc, char *argv[] ) \ { \ - bi.bi_type = #b ; \ - bi.bi_init = b ## _back_initialize; \ - backend_add( &bi ); \ + b ## _bi.bi_type = #b ; \ + b ## _bi.bi_init = b ## _back_initialize; \ + backend_add( &b ## _bi ); \ return 0; \ } From 3fff1e7256783c6024fe23075d66dffc5dbfda1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Fri, 30 Jan 2026 12:41:28 +0000 Subject: [PATCH 14/16] ITS#10191 Make sure pausepoll is always initialized --- servers/slapd/back-mdb/search.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c index 5ae5ca747f..cab352d0e7 100644 --- a/servers/slapd/back-mdb/search.c +++ b/servers/slapd/back-mdb/search.c @@ -435,7 +435,7 @@ mdb_search( Operation *op, SlapReply *rs ) int manageDSAit; int tentries = 0; int admincheck = 0; - int pausepoll; + int pausepoll = 0; IdScopes isc; MDB_cursor *mci, *mcd; ww_ctx wwctx; @@ -809,7 +809,6 @@ adminlimit: id = mdb_idl_first( candidates, &cursor ); } - pausepoll = 0; while (id != NOID) { int scopeok; From 7e10a4a62f93cf71df643adfcdc6d2e7d70cc149 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Fri, 30 Jan 2026 12:41:59 +0000 Subject: [PATCH 15/16] ITS#10436 Fix sometimes uninitialised variables --- servers/slapd/back-meta/search.c | 2 +- servers/slapd/saslauthz.c | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 6a5a481157..80f6ffab02 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -2016,7 +2016,7 @@ meta_send_entry( Entry ent = { 0 }; BerElement ber = *ldap_get_message_ber( e ); Attribute *attr, **attrp; - LDAPControl **res_ctrls; + LDAPControl **res_ctrls = NULL; struct berval bdn, dn = BER_BVNULL; const char *text; diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 07e1c0d2e3..28c99b101b 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -1504,7 +1504,6 @@ out: int slap_sasl_regexp_config( const char *match, const char *replace, int valx ) { int i, rc; - SaslRegexp_t sr; struct rewrite_info *rw = NULL; if ( valx < 0 || valx > nSaslRegexp ) @@ -1529,7 +1528,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx ) SaslRegexp[i] = SaslRegexp[i - 1]; } - SaslRegexp[i] = sr; SaslRegexp[i].sr_match = ch_strdup( match ); SaslRegexp[i].sr_replace = ch_strdup( replace ); From 732649eca6f989a50ecb3a888e532a3cd4c4215c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Wed, 17 Dec 2025 11:49:44 +0000 Subject: [PATCH 16/16] ITS#10160 Make the == precedence explicit, helps with readability too --- servers/slapd/overlays/constraint.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/servers/slapd/overlays/constraint.c b/servers/slapd/overlays/constraint.c index 13af13a2f3..7ab70f04b5 100644 --- a/servers/slapd/overlays/constraint.c +++ b/servers/slapd/overlays/constraint.c @@ -752,7 +752,7 @@ constraint_violation( constraint *c, struct berval *bv, Operation *op ) return rc; /* unexpected error */ } - if (found ^ c->type == CONSTRAINT_URI) + if (found ^ (c->type == CONSTRAINT_URI) ) return LDAP_CONSTRAINT_VIOLATION; /* constraint violation */ break; }