upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-16 17:18:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24326 commits 38 branches 313 tags 89 MiB
Commit graph

13130 commits

Author SHA1 Message Date
Ondřej Kuzník
8ba44630ef Factor out abandon message preparation 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
1790018488 Record operation activity times 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
a0ec50b33d Upstream queues ordered by c_connid 
In preparation for operation timeout events.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
0cfd4fca4d Make timeouts common and redo connection read timeouts 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
b4d7e8af8d We should just be able to call backend_retry 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
f87127dfa2 Set up TLS context for backends 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
1b46f86627 Client TLS support 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
a0cd41ecd2 Upstream TLS support 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
063981a06d Respond to timeout events properly 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ccf75c96c4 Update write timeout to timeval 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
5ee4b67673 Move bind handling to bind.c 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
abab7e46ad Move client related functions to client.c 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
f27517af95 Rename bind handlers 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
b801ca17cb Rename macros and symbols to lloadd 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
11f474385a Exop support 
At the moment, no exops are processed internally, all are passed on
unchanged.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
7cd531c069 Improve spec conformance, logging 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c60ef73984 Rework upstream conn setup 2020-11-17 17:58:13 +00:00
Ondřej Kuzník
0b3531066d Refactor operation_send_reject 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
d22db36cea lload_libevent_init can fail and wants to log 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8d93e0baa0 Unify connection locking and I/O 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cfeb4d82a3 Set binding state after we have dropped all ops 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
5fcef01d62 Switch from a global mutex 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
96b7619afc Do not unlock client unless we are destroying it 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
362d550328 Do not crash when closing both client and upstream 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
532fc1bf98 Shorten time operation_mutex is locked 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e03c9e6fb4 Stop processing if we freed the client 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f7cf34e69c Reset connection state on abandon 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6140cdf6f8 Handle a client connection disconnected from op 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
d4225924bc CLOSING is another potential state we could be in 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
0ad91e0546 Do not back off until we get a failure 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cda8411c48 Close up the race 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
31074213f7 TENTATIVE: communicate more for op destroy race 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
622b87d5e8 Make ready only when still alive 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
16010e5e16 More logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7b7f9724c4 Avoid a deadlock with client 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7b413f9ed4 Update docs and defaults 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7046444327 Do not read on the last iteration. 
When the pdu processing limit is hit, we still attempt to read another
PDU. If we succeed, the ber_get_next call in the read callback will
abort since a full PDU is already present.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
65def94380 More logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1740f36bfc Fix emfile handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
30e538e836 Realign logging levels. 
Stats now logs all operations, stats2 additionally intermediate messages
(search entries).
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1dd0e5131a Only one bind at a time 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
33a993553d Unblock the client when we can't find an upstream 
If we can't find an upstream, we keep the client around, so it needs to
be unblocked.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
95df8a1ec8 Adjust backend operation counting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
baf1feab82 Handle asynchronous connect properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
46fe014378 Make sure operation stays alive when we process it 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
0ff462b619 Fix issues in bind response handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
545198c70d Simplify abandon processing 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
88390159a1 On connection shutdown, free op from the correct side 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
37cff37305 Manage connection refcnt better 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
af7ce80c85 Remember and clear bind status correctly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
05f2ac2583 Unify logging output 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
873d6fa3e1 Handle backend unsolicited response properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
961b600a42 Rework proxyauthz handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6ee21f1181 Split bind configuration from backends 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
0e7792e8f3 Borrow liblber code to get abandon processing to work 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7eeb5bb801 Forward controls correctly in the face of proxyauth 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
5b1ad43178 Handle upstream connection shutdown properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
c228bd1160 Be consistent with bind responses on no upstream 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
a8a0fe26b0 Documentation updates 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
495dfa69a2 Split client/upstream PDU size limits 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
3fa8a0cdf2 Rename listener-threads to reflect the option 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1082486874 Only enable verifycredentials if libldap does 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1dfeca3539 Another attempt at operation/connection destroy interaction. 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
26f721510a Improve logging 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
3f5dee0b79 Keep a list of active clients for shutdown purposes. 
Potentially for timeout detection purposes in the future.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e0b8bd5fc9 Free all pending operations on shutdown 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cf05722b6c Lookup operations by saved connid. 
We reset the connection pointer on a destruction attempt, avoid the
spurious asserts.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f4afc06920 Tweak connection error logging. 
Do not log when receiving the last bytes on a connection. Log failed
writes.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
d020897f5b Initialise listeners after all workers have been 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
37a474b508 Fix error handling wrt. its callers 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
ee288cfc2d Fix refcounting for all code paths 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
53015aa4cb Round robin for backends. 
Several threads calling backend_select might reset current_backend to a
different place, there are two options to deal with that:
- just let the last rotation win (the current approach)
- detect whether first == current_backend and only replace then

Not sure which one is more useful, going with the simpler.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e65cd38787 Round-robin for upstream connections 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
58a880bc7b Convert backend and upstream management to use CIRCLEQ. 
This alone doesn't make the server do a round robin.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
643194e79e Revert connection/operation mutex order. 
There was still a race where the connection could be freed as the
operation was still being used.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9ebe5acb62 Clean up events properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8eb7f3fbca Stop the read callback on a dead connection. 
The connection might be ready to read (close) but if we can't destroy it
yet, we don't want the callback to trigger all the time or process new
data.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6899d0123d Do not bother to write to a dying connection 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
77f2c57132 Reset c_*ber after freeing and check c_pendingber race 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
07b5744c2a Retain a reference around for handle_responses 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
c5584fd32a Do not leak responses to abandoned ops 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7a29fabd09 Destroy the unbind operation when acted upon 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9d66c26be5 Operation reference counting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
ea7e40b8e7 Shutdown handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
837a6068e0 Rework client_read_cb along the lines of upstream 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
028f28690f On a failed bind, stop the callback from firing again 
Not a problem but causes a slew of calls to upstream_bind_cb that will
all fail in the same way.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cddc96322d Do not clear c_pendingber on short write 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
fba4bed6e2 connection reference counting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
c0d254a4ce Do not leak BerElements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6c8b2acce0 Do not leak addrinfos 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8f5bae921e Pending operation tracking and limiting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e5fcf17506 Save connection ids on operation for logging purposes 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
54cd3a27f0 Reject operations when binding 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
50f5c4bea7 Report initial bind errors to client 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
2e2c86664a There might be errors before we save the operation in c_ops 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
b6b3f35aac Fix proxyauthz handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8b1703d2a7 Implement backend retry timeouts 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
463bcdd2c4 Update backend progress tracking 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
dc5e2538ec Configuration part for retry timeouts 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
673513a017 Maintain the configured amount of connections per backend 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
798e215ea6 Add connection number config 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
94ee62a4f4 Switch bindkey to use Backend instead of bindconf 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
59291ba4de Proxyauthz support 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9309bc9402 Make features global 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
639c5912f5 Client authentication 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e5f68bcf7c Option for response handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
4ad8ecd45e Logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f37e7757b1 Response handling, exploit optional bervals 2020-11-17 17:55:45 +00:00
Ondřej Kuzník
2fbc8ca473 Rename backend mutex 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
3d1ea4693e Authenticate the upstream connection if configured 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
5bdb4e1570 Update maximum number or parameters for backend 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
fd5b9cdb91 This is a proxy now 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
93fe1d2bab Operation parsing 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
b49932d637 Connection write support 2020-11-17 17:42:43 +00:00
Ondřej Kuzník
79f7e79f15 Set up connections in the worker threads 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
bf66b48fe3 Upstream connection setup 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
1a45249054 Update connection init 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
8e0a6119fa Startup adjustment 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
c596b797ed Backend configuration 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
46ddb4039c lloadd ahoy 2020-11-17 17:15:40 +00:00
Howard Chu
a87ae275e1 ITS#9394 syncprov: ignore duplicate sessionlog entries 2020-11-17 00:31:56 +00:00
Quanah Gibson-Mount
6492012e00 Remove various unused variables 2020-11-12 18:05:59 +00:00
Howard Chu
9eb948529b ITS#9391 remove asserts in UUIDNormalize() 2020-11-11 18:25:31 +00:00
Ondřej Kuzník
ee49c83976 Cleanup use of *alloc() in daemon.c 2020-11-09 16:57:21 +00:00
Ondřej Kuzník
727ec3ae14 ITS#9386 State change issues are still ignored, but at least log them 2020-11-09 11:51:20 +00:00
Ondřej Kuzník
123001c89d ITS#9386 Address compiler warnings 2020-11-09 11:50:37 +00:00
Howard Chu
6b0fc9e034 ITS#9121 fix filtered memberOf 
Broken in 2c0499ae4e adding nesting
 2020-11-03 01:18:32 +00:00
Howard Chu
c0eeb2b9b8 ITS#9384 remove assert in obsolete csnNormalize23() 2020-11-02 16:01:14 +00:00
Howard Chu
265d362f27 ITS#9383 remove assert in certificateListValidate 2020-11-02 13:12:10 +00:00
Howard Chu
87158469eb ITS#9121 fix dynlist_filter_dup for substring filter 2020-10-30 23:30:28 +00:00
Quanah Gibson-Mount
2f0883d161 ITS#9380 - Fix return type for connection_write_resume 2020-10-29 19:55:37 +00:00
Howard Chu
db46f88853 ITS#9379 reject listener URLs with non-empty DNs 2020-10-28 16:50:23 +00:00
Ondřej Kuzník
98a0029dae ITS#9366 Check ldap_install_tls return and remove connection if failed 2020-10-23 20:38:21 +00:00
Howard Chu
6abfd60078 ITS#9370 revert previous commit, alternate fix 
Just skip normalization if there's no equality rule. We accept
DNs without equality rules already.
 2020-10-19 14:14:54 +01:00
Howard Chu
a08a2db406 ITS#9370 check for equality rule on old_rdn 
We should probably just check in dnNormalize instead, and catch
this everywhere DNs are received. It might make us reject some
DNs that are already in use, though (e.g. received from other
directory servers that don't do schema checking).
 2020-10-19 14:03:41 +01:00
Howard Chu
c1912fb7af ITS#9121 don't process nested memberOf if memberOf wasn't requested 2020-10-13 22:11:44 +01:00
Howard Chu
fb587d3d58 ITS#9361 prevent CSN from being generated for purge deletes 2020-10-02 13:25:52 +01:00
Howard Chu
56860fc405 ITS#9342 delta-syncL ignore add of already existing entry 
if the entryCSN is older. Previous patch breaks if writes are
received out of order, e.g. during a refresh.
 2020-10-01 14:27:24 +01:00
Ondřej Kuzník
efc23cddc3 ITS#9295 Do not replace 'op' 2020-09-30 18:55:34 +00:00
Ondřej Kuzník
20024d5ba8 ITS#9359 Do not create an empty add 2020-09-30 19:25:56 +01:00
Howard Chu
ed949bf287 ITS#9342 delta-sync: ignore add if entryCSN is too old 
This check is only needed for ops received without a CSN in their cookie.
This only occurs when the ops completed out of order on the provider.
 2020-09-30 15:45:04 +00:00
Howard Chu
80a545b5ed Partially Revert "ITS#8486 use kbtree for sessionlog" 
This mostly reverts commit 1915cb968a.
Too many concurrency issues. Retains the improvement to
syncprov_sessionlog_cmp
 2020-09-30 15:11:31 +00:00
Howard Chu
2bbb51e20b ITS#9358 Fix reqStart normalizer 
Don't truncate trailing zeroes in reqStart/reqEnd timestamps
 2020-09-29 09:43:37 +01:00
Ondřej Kuzník
67d005ee65 ITS#9348 Stop using plain strerror() 2020-09-25 12:47:46 +01:00
Quanah Gibson-Mount
f3e86d3d93 ITS#8636 - Fix DESC for deltaCRL attribute 2020-09-25 04:29:59 +00:00
Quanah Gibson-Mount
fe3636df9d ITS#8341 - Add matching rule to the namingContexts attr 2020-09-25 02:05:55 +00:00
Howard Chu
1915cb968a ITS#8486 use kbtree for sessionlog 
Saves about 20% CPU time and RAM
 2020-09-25 00:07:50 +00:00
Ondřej Kuzník
98d5c5c6ce ITS#8486 Protect tavl_* calls in play_sessionlog 2020-09-25 00:07:50 +00:00
Howard Chu
8f8774c0b1 ITS#8486 Minor play_sessionlog cleanup 
Fix logmsg uuidstr.
Shortcut finding start of playback.
Allow dup CSNs in log, but with different UUIDs. All
non-present deletes in a refresh use the same CSN.
 2020-09-25 00:07:50 +00:00
Ondřej Kuzník
d2036cec90 ITS#8486 Switch sessionlog to use TAVL 2020-09-25 00:07:50 +00:00
Ondřej Kuzník
3f5293e145 ITS#5422 Save errno before passing it to Debug() 2020-09-24 23:34:36 +00:00
Howard Chu
c3131eb5a3 ITS#9348 replace all uses of STRERROR with AC_STRERROR_R 
Avoid using sys_errlist unless there's no other choice
 2020-09-24 23:34:36 +00:00
Ondřej Kuzník
1b8e6b944b ITS#9355 Propagate errors from overlay_entry_get_ov 2020-09-23 11:10:29 +01:00
Howard Chu
62ecd38bc4 ITS#8102 syncrepl: only use trylock on the cn=config DB 2020-09-22 21:27:15 +01:00
Quanah Gibson-Mount
a3f186880c ITS#9351 - Always build back-monitor as a static backend 2020-09-21 16:52:33 +00:00
Howard Chu
dd82fa5393 ITS#9353 fix monitor_back_register_database for empty suffix DB 
Use the correct database entry instead of the frontendDB entry
 2020-09-20 16:29:38 +01:00
Quanah Gibson-Mount
bc021bb244 ITS#6749 - Change configure monitor warning to DEBUG CONFIG instead of DEBUG ANY 2020-09-18 14:56:43 +00:00
Howard Chu
331e587754 ITS#9352 syncrepl: fix syncrepl_op_modify on entry with no entryCSN 2020-09-17 20:18:20 +01:00
Gabriel Buades
984ecd113a ITS#9349 slapd-mdb: optimize index delete 
Performance improvement for indexed attributes removal
 2020-09-17 18:21:53 +01:00
Howard Chu
2b512ea79c ITS#9339 Fix syncrepl_monitor_init for dynamic monitor backend 
Calling from backend.c only works if back-monitor is a static backend
 2020-09-17 15:22:01 +01:00
Howard Chu
3e181b8453 Silence stupid warnings 2020-09-16 23:27:45 +01:00
Quanah Gibson-Mount
947b8ed9d6 Fix code indentation for recent changes 2020-09-16 21:13:28 +00:00
Howard Chu
d63287e2f4 ITS#9345 fix for cmdline cookie 
Previous commit could cause cmdline cookie to be ignored
 2020-09-15 15:00:57 +00:00
Howard Chu
afc970b11d ITS#9015 syncprov: fix for zero-length suffix 
If the "" glue entry exists and lacks a contextCSN, must perform
an additional search to be sure the DB is otherwise empty. If so,
skip creating the contextCSN.
 2020-09-15 12:08:22 +01:00
Howard Chu
9a3e63ba00 ITS#9338 alternate fix 
Don't resume pending ops unless there are no other threads
waiting to write
 2020-09-13 08:05:31 +00:00
Howard Chu
57643b4347 ITS#9345 syncrepl: call check_syncprov on freshly started consumer 2020-09-12 21:44:31 +01:00
Howard Chu
ef2b505b20 ITS#9043 Fix new log msg crashes 
Solaris stdio hates NULL pointers
 2020-09-11 23:36:41 +00:00
Howard Chu
fdf6ee5059 ITS#8054 fix etime calculation 
Was overlooked in a0cc1d9655
 2020-09-11 23:01:16 +00:00
Howard Chu
72bfa9d488 ITS#9339 fix connection address handling 
valgrind didn't like accesses to si->si_connaddr
Also fix an array bounds check in ITS#9282 merge_state
 2020-09-10 17:03:32 +00:00
Howard Chu
490273fb97 ITS#8102, #9330 partially revert 
Fix a regression in delta-sync, was returning error on old
CSNs instead of ignoring them
 2020-09-10 16:17:13 +00:00
Ondřej Kuzník
eb5f138650 ITS#9043 Only print sessionlog entries we think will apply 2020-09-10 11:04:29 +01:00
Ondřej Kuzník
fdbeb69fd8 ITS#9043 Nul-terminate csn string 2020-09-10 11:03:37 +01:00
Howard Chu
1748ec59a6 ITS#9339 Add syncrepl status to cn=monitor 
Shows connection address, refresh/persist state, time of last
connect attempt and received data, and last sent and
received cookies per consumer.
 2020-09-10 02:29:19 +00:00
Howard Chu
d1283f8161 ITS#9339 slapd-monitor: Add schema arc for overlays 
Not directly related to syncrepl, but adds a necessary schema arc.
Also add a convenience function for obtaining an entry with known ndn.
Also fix to ignore outbound connections.
 2020-09-10 02:29:19 +00:00
Howard Chu
bf40306581 ITS#9043 tweak syncprov play_sessionlog logging 
Don't log cookiecsn at top, it was already logged on receipt.
Only log the "control csn" and "too old" message once for each sid.
 2020-09-09 18:02:49 +01:00
Howard Chu
e02b1d94ca ITS#8102 serialize plain syncrepl 
Using cs_pmutex. Reverts the addition of cs_modmutex in ITS#9330,
use cs_pmutex for both delta and plain writes.

Note that plain syncrepl already used cs_pmutex when a cookie CSN
was present in the op. Now it is used for all writes, regardless
of presence of cookie.
 2020-09-09 15:35:59 +00:00
Howard Chu
8bd2d1fee8 ITS#9342 delta-sync: ignore error if deleting an already deleted entry 2020-09-09 00:19:35 +01:00
Howard Chu
95c5a1698b ITS#9338 Make sure connection gets rescheduled after write blockage clears up 2020-09-04 18:22:40 +01:00
Howard Chu
0b20b92ec1 ITS#9338 syncrepl: Don't reuse existing connection on Refresh fallback 2020-09-04 18:22:32 +01:00
Howard Chu
ed356c55d9 ITS#9334 slapo-ppolicy re-fix ITS#9302 
The mutex_lock was being skipped in the lockout case,
but still calling mutex_unlock at the end.
 2020-09-03 21:30:35 +01:00
Howard Chu
b24ca75993 ITS#9201 fix LDAP_THREAD_DEBUG 
Add missing defs to ldap_thr_debug.h.
slap tools must init libldap so internal mutexes get inited.
 2020-09-03 12:37:32 +01:00
Quanah Gibson-Mount
b51faa5cf0 Revert "Tweak prev commit for RE24 style debug" 
This reverts commit d224e576a9.

Revert, wrong branch
 2020-09-02 19:33:03 +00:00
Quanah Gibson-Mount
d224e576a9 Tweak prev commit for RE24 style debug 2020-09-02 19:31:59 +00:00
Howard Chu
4c7787303c ITS#9121 fix for URLs with no filter 2020-09-02 01:34:07 +01:00
Howard Chu
41396248a2 ITS#9282 more for merge_state 
Don't assume si_cookieState is always newer
 2020-08-31 20:09:52 +01:00
Howard Chu
8699e5f32e ITS#9282 fix crash in nonpresent_callback 
In a standard Refresh present phase, the provider sends no cookie
since it is only listing the entries that existed as of the time
in the cookie the consumer sent. In this case the consumer only
needs to check entryCSNs against its last sent cookie.
 2020-08-31 19:36:10 +01:00
Howard Chu
0ce83b26af ITS#9330 Fully serialize delta-sync 
Don't depend on accesslog overlay's serialization
 2020-08-29 01:13:04 +00:00
Howard Chu
edc94862b7 ITS#7639 fix crash in config_delete 
Additional fix to 41352ea34d
The overlay must be deleted from the backend before the
callback can execute. In particular, it must be done before
the threadpool is unpaused.
 2020-08-29 00:13:19 +00:00
Howard Chu
f883a57593 ITS#8427 don't set tls_ctx if TLS wasn't requested 
Also, set any remaining TLS options that weren't carried along
in the TLS ctx.
 2020-08-28 18:44:35 +01:00
Quanah Gibson-Mount
8d31219647 More for ITS#8845, skip cleanup on async op with extended operations 2020-08-26 21:55:39 +00:00
Howard Chu
9900794af1 ITS#9329 Re-fix merge_state 
A bit uglier but more straightforward.
 2020-08-26 21:00:00 +01:00
Quanah Gibson-Mount
c1411b8199 ITS#9323 - Limit to OpenSSL 1.0.2 or later 2020-08-25 21:52:04 +00:00
Howard Chu
9666306d86 ITS#9329 syncrepl: fix regression from ITS#9282 2020-08-25 21:13:22 +00:00
Fabrice Fontaine
8df03b435e ITS#9327 - Fix stripping when cross-compiling 
Probably-Signed-off-by: Dave Bender <bender@benegon.com>
[yann.morin.1998@free.fr: patch was made by Dave, but he
 forgot his SoB line, so I added it]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/openldap/0001-fix_cross_strip.patch]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2020-08-25 19:54:59 +00:00
Howard Chu
5aa7e0f69b ITS#9324 syncrepl: don't wait forever in Refresh mode 
Just poll for available data, same as Persist mode.
Clarify retry/return states from do_syncrep2
 2020-08-24 15:12:24 +00:00
Howard Chu
88e569d857 ITS#9249 librewrite: fix malloc/free corruption 
If substitution parsing fails, would attempt to free a mapping
that hadn't been allocated yet.

Also, on failure, caller in saslauthz would attempt to free a
rwinfo struct that hadn't been allocated.
 2020-08-23 19:32:51 +00:00
Fredrik Roubert
8a521c17aa ITS#9232 - Implement caseIgnoreListSubstringsMatch. 2020-08-21 21:45:19 +00:00
Quanah Gibson-Mount
aa78299346 ITS#9311 - Correctly mark overlays as singular 2020-08-21 19:34:27 +00:00
Howard Chu
650b1404c2 ITS#9054, #9318 add new TLS options to slapd bindconf 
For use with back-ldap/back-meta/syncrepl/etc
 2020-08-21 20:06:56 +01:00
Howard Chu
12e11c9b84 ITS#9121 slapo-dynlist, -memberof: define memberOf if needed 
Ignore if it's defined already. Make it no-user-mod.
 2020-08-18 23:49:26 +00:00
Howard Chu
9d2f15307d ITS#7926 dynamic changes to olcListenerThreads 
Reallocates sockets from old to new listener threads
 2020-08-18 22:37:50 +01:00
Howard Chu
2f94318f06 ITS#7926 support multiple config cleanup functions per op 
Prep for main changes
 2020-08-18 22:00:58 +01:00
Howard Chu
b0d7308371 ITS#9135 fix index error on collapsed range 2020-08-13 18:18:45 +01:00
Quanah Gibson-Mount
00b14b1e28 ITS#9133 - Fix syncprov to be singular. 2020-08-10 23:41:07 +00:00
Howard Chu
633d40b0ac For ITS#9309 fix check for duplicate overlays 
and pass error message back to frontend
 2020-08-10 16:40:54 +01:00
Howard Chu
c8c39b8468 ITS#9309 don't allow ppolicy to be configured more than once on a backend 2020-08-10 16:07:39 +01:00
Howard Chu
8849d83f75 ITS#9279 fix Netscape password_expired control 2020-08-04 22:04:14 +00:00
Howard Chu
138c492696 ITS#9302 fix pwdFailireTime mutex scope 2020-07-30 17:53:25 +01:00
Arvid Requate
0e675be7ef ITS#9302 ppolicy: avoid pwdFailureTime race condition 2020-07-30 17:32:32 +01:00
Howard Chu
4cf90e84de ITS#9295 use replace on single-valued attrs 
For delta-sync as well as regular sync
 2020-07-29 16:15:42 +01:00
Ondřej Kuzník
917fcc03ee ITS#9279 Send Netscape expired control as a bare string 2020-07-27 14:22:24 +02:00
Ondřej Kuzník
43ebfa8fb4 ITS#6467 Make accesslog a possible sessionlog source 2020-07-22 22:25:10 +01:00
Ondřej Kuzník
66a743f119 ITS#6467 Record minCSN in audit container 2020-07-22 22:25:10 +01:00
Ondřej Kuzník
4b62f3b8d2 ITS#8645 Check for all syncrepl errors 2020-07-22 20:22:50 +00:00
Quanah Gibson-Mount
3716245fec Issue#8511 - Update documentation and configs to correctly use multiprovider 2020-07-22 19:32:49 +00:00
Ondřej Kuzník
a49b553676 ITS#9279 Implement Netscape password policy controls in ppolicy 2020-07-22 18:57:38 +00:00
Ondřej Kuzník
521b8bbe4b ITS#9282 Check entries are covered by new contextCSN before deletion 2020-07-22 18:24:52 +00:00
Ondřej Kuzník
5bbcf38c78 ITS#9282 Build a complete cookie for the search 2020-07-22 18:24:51 +00:00
Howard Chu
2c0499ae4e ITS#9121 support nested groups 2020-07-22 15:11:24 +00:00
Howard Chu
9210ed1618 ITS#9121 add dynamic memberOf support for static groups 2020-07-22 15:11:24 +00:00
Quanah Gibson-Mount
21eef84a49 ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer 2020-07-18 16:27:04 +00:00
Ondřej Kuzník
947bbfbf5a ITS#9280 Add olcPPolicyDisableWrite to the objectclass 2020-07-08 14:47:03 +01:00
Ondřej Kuzník
31423439c5 ITS#9043 Make sure uuidstr is initialised on use 2020-07-08 12:54:08 +01:00
Howard Chu
4fab675560 ITS#9285 don't hide ppolicy control 2020-07-07 21:01:32 +01:00
Ondřej Kuzník
bdc9dbc511 ITS#8701 Implement account usability in ppolicy 2020-07-07 16:43:37 +01:00
Quanah Gibson-Mount
c06ac436e2 ITS#9235 Merge libldap_r into libldap 2020-07-03 17:23:14 -07:00
Ondřej Kuzník
e05c09b919 ITS#8762 Clear pwdFailureTime on unlock 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
376d5d65cb ITS#7084 ACL of 'manage' gives pasword administrator access 
Password administrators can bypass safeModify, password quality checks
and trigger reset if policy instructs the server to.
 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
a030aacc39 ITS#7788 Allow pwdFailureTime tracking be disabled in policy 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
0b6ac3fd76 ITS#7788 Skip lockout processing if no policy applies 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
3ec005a097 ITS#7788 Report if there is a policy that applies 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
3e0447f4a6 ITS#7089 Skip lockout checks/modifications if password attribute missing 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
49504c16d2 Fix whitespace in ppolicy.c 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
e24a6bf5c1 ITS#8768 Do not update main CSN during delete phase 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
182ec30a6b ITS#8768 Accept delcsn from the server 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
d1e874c605 ITS#8768 Introduce delcsn into our syncrepl cookies 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
eae2dfde04 ITS#9280 Add ppolicy_disable_write 2020-06-23 15:29:26 +00:00
Quanah Gibson-Mount
58c978825c Issue#9020 - Use consistent namespaces for overlays 2020-06-22 20:44:12 +00:00
Ondřej Kuzník
3e5490f467 ITS#9043 More descriptive logs for syncrepl traffic and decisions 2020-06-22 18:20:22 +00:00
Ondřej Kuzník
799607231d ITS#7796 Move 'not indexed' messages to loglevel filter 2020-06-22 09:28:26 +01:00
Ondřej Kuzník
71560032f4 ITS#8949 Check eblock exists before freeing 
cn=config changes might cause slapi_plugins_used transition from 0
during the lifetime of operation (cn=config change or syncrepl) or
a connection and we should be able to deal with that.
 2020-06-21 22:53:14 +00:00
Ondřej Kuzník
6b46232ab8 ITS#8473 Implement ordering stable (de)registration 2020-06-21 22:53:14 +00:00
Ondřej Kuzník
e5105e706e ITS#8473 Mark olcPlugin as ordered 2020-06-21 22:53:14 +00:00
Quanah Gibson-Mount
0d0d50724a ITS#8140 - Update bind operations to note bind_ssf vs overall connection ssf 2020-06-21 22:04:46 +00:00
Ondřej Kuzník
57b0ed909c ITS#8434 Allow cleanup at the end of a failed back-config add 2020-06-21 18:55:09 +00:00
Howard Chu
2346dfd2a0 ITS#9262 check referral 2020-06-21 00:45:45 +01:00
Quanah Gibson-Mount
4e8f91304e Issue#9239 - Fix case where e->e_dn may be NULL causing a segfault on some platforms 2020-05-27 19:51:16 +00:00
Quanah Gibson-Mount
f926e66723 ITS#8873 - Delete obsolete configuration options from back-ldap, back-meta, and back-asyncmeta 2020-05-26 19:59:56 +00:00
Howard Chu
c70e2e0869 ITS#9264 more for unique locking 2020-05-25 22:38:30 +01:00
Ondřej Kuzník
f3952d947b ITS#9059 Document why we do FIND_CSN 2020-05-22 16:57:53 +00:00
Ondřej Kuzník
709d805f84 ITS#9059 Skip mincsn check if sessionlog replay was successful 2020-05-22 16:57:53 +00:00
Howard Chu
9183abe62c ITS#9264 add an optional lock to slapo-unique 2020-05-22 15:08:20 +01:00
Quanah Gibson-Mount
c91bbe6eea ITS#8614 - slapd must be built threaded 2020-05-14 16:30:17 +00:00
Ryan Tandy
fc8a7b25b8 ITS#9258 More for ITS#6937, don't free user/group 2020-05-10 08:47:54 -07:00
Howard Chu
f5ff1dad7e ITS#9227 fix attr / opattr detection in prev commit 2020-05-08 18:50:58 +01:00
Howard Chu
5462fc26b5 ITS#9227 syncrepl: don't delete non-replicated attrs 2020-05-08 16:23:44 +01:00
Howard Chu
d38d48fc8f ITS#9202 limit depth of nested filters 
Using a hardcoded limit for now; no reasonable apps
should ever run into it.
 2020-04-28 13:58:15 +00:00
Ryan Tandy
8f174209e1 ITS#7573 Fix back-perl dynamic config with threaded slapd 2020-04-27 16:21:12 +00:00
Isaac Boukris
3cd50fa8b3 ITS#9189 rework sasl-cbinding support 
Add LDAP_OPT_X_SASL_CBINDING option to define the binding type to use,
defaults to "none".

Add "tls-endpoint" binding type implementing "tls-server-end-point" from
RCF 5929, which is compatible with Windows.

Fix "tls-unique" to include the prefix in the bindings as per RFC 5056.
 2020-04-23 21:00:39 +02:00
Quanah Gibson-Mount
96fedda628 ITS#5573 - Expose contextCSN, entryCSN in subschema entry 2020-04-22 18:59:38 +00:00
Quanah Gibson-Mount
bc9a92866a ITS#6740 - Always enable rewrite 2020-04-22 14:49:10 +00:00
Howard Chu
bcb0af6262 ITS#6745 slapd daemon: use separate emfile mutex 2020-04-17 02:46:10 +01:00
Ondřej Kuzník
550476b5ad ITS#9112 Silence warnings 2020-04-16 16:41:35 +00:00
Ondřej Kuzník
8f01fdec36 ITS#8731 Remove unused arguments 2020-04-16 16:41:35 +00:00
Ondřej Kuzník
65d0936811 ITS#8245 Silence warning 2020-04-16 16:41:35 +00:00
Quanah Gibson-Mount
a97eed06f0 ITS#6937 - Remove unused proctitle bits 2020-04-15 19:32:28 +00:00
grapvar
a5e17673a6 ITS#9214 slapd-mdb: plug cursor leak in dnSuperiorMatch filter 2020-04-15 00:14:37 +01:00
Ryan Tandy
38f9dd2fb8 ITS#7878 Replace uint32_t with unsigned in back-mdb 
init.c: align mi_dbenv_flags and flags with mdb_dbi_open, which declares
flags as unsigned int.

search.c: align mi_rtxn_size with ARG_UINT; adjust ww_ctx.nentries to
silence a warning about signed/unsigned comparison.

config.c: parse checkpoint config more carefully. Reject negative or
unreasonably large values for kbytes and minutes. Ensure both values are
parsed successfully before making any changes.

Fixes a compilation failure under MinGW, where stdint.h types are not
implicitly pulled in by other headers.
 2020-04-14 10:04:33 -07:00
Ondřej Kuzník
f6d9fdc4f1 ITS#9043 Improve replication loggging 2020-04-14 09:58:03 +01:00
Ryan Tandy
bbe20cbf4c ITS#8731 cleanup unused logbuf 2020-04-13 18:57:50 +00:00
Ryan Tandy
e18764465f ITS#9212 Restore snprintf to caller-provided buffer 
76df74dbea removed some snprintfs to
buffers that are actually returned to the client. Restore these.
 2020-04-13 18:57:50 +00:00
Howard Chu
5bfd8d8888 ITS#9121 Fix MatchingRuleAssertion init 2020-04-07 16:26:35 +01:00
Ondřej Kuzník
6d6a330057 ITS#8245 Use Relax control to avoid uniqueness checks 
Still needs to retrieve the entry for ACL resolution until we can
restrict controls with ACLs.
 2020-04-06 20:44:09 +00:00
Howard Chu
0debad5830 ITS#9121 memberOf shortcut 
Don't try to generate it if it wasn't requested
 2020-04-04 03:48:14 +01:00
Howard Chu
15a922a5a3 ITS#9121 memberof fix 
Fix for groupURI with no filter
 2020-04-03 21:38:41 +01:00
Howard Chu
8180326ffe ITS#9121 typos 2020-04-03 21:29:25 +01:00
Howard Chu
5d82ba4905 ITS#9121 fix typo 2020-04-03 21:27:48 +01:00
Howard Chu
906cab755d ITS#9121 fix memberOf filtering 
Replace (memberOf=<groupDN>) filter with expansion of group's URI
 2020-04-03 21:25:58 +01:00
Howard Chu
015eae8fde ITS#9121 optimize dyngroup membership checking 
parse dyngroup URLs in advance, don't use the ACL engine's
evaluator any more
 2020-04-03 21:25:43 +01:00
Howard Chu
c9ff501e6d ITS#9121 memberof counting 
Keep track of number of uses of memberOf in config, to
allow bypassing code if not in use.
 2020-04-03 21:25:34 +01:00
Ryan Tandy
1d562a7a52 ITS#6035 olcAuthIDRewrite insert/delete support 2020-04-02 09:10:51 -07:00
Ryan Tandy
c4db906107 ITS#6035 olcAuthzRegexp insert/delete support 2020-04-02 09:10:51 -07:00
Ryan Tandy
822ed8c11d ITS#6035 saslauthz cleanups (no functional change) 
- give authid-rewrite's argument a name
- tidy saslauthz.c whitespace (mixed spaces/tabs)
- always declare slap_sasl_regexp_destroy: fixes an implicit declaration
  warning when configured without librewrite
- delete dead code: ENABLE_REWRITE implies SLAP_AUTH_REWRITE, so this
  code is never compiled
- make slap_sasl_regexp_rewrite_config static
- omit sasl_regexp unused fields when built with librewrite
 2020-04-02 09:10:51 -07:00
Emily Backes
f4bfb5e0a5 ITS#7074 - change olcDatabaseDummy initialization for windows 2020-03-20 19:08:22 +00:00
Howard Chu
2d87a1c7b5 ITS#9182 pcache: fix private DB init 2020-03-11 19:17:10 +00:00
Howard Chu
1c05dce379 ITS#9121 fix filter error message 
Filters use parentheses, not brackets.
 2020-03-06 17:29:44 +00:00
Howard Chu
2c6fccb49b ITS#9121 plug entry leak 2020-02-25 18:06:15 +00:00
Ondřej Kuzník
a2a859fd0b Correct cyrus-sasl version verison check 2020-02-21 10:44:59 +00:00
Ondřej Kuzník
140b676bc1 ITS#9171 Insert callback in the right place 2020-02-21 10:44:59 +00:00
Howard Chu
299fb490a2 ITS#9121 fix prev commit 
Only flush entry if dynlist_prepare_entry altered it
 2020-02-14 22:32:03 +00:00
Ondřej Kuzník
47e0e3fdb5 ITS#9160 OOM handling in back-asyncmeta 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
7336827769 ITS#9160 OOM handling in back-meta 2020-02-07 09:46:52 +00:00
Ondřej Kuzník
816d94b221 ITS#9160 OOM handling in slapd 2020-02-07 09:46:52 +00:00
Howard Chu
02eb0b6fe8 ITS#9121 fix filtering of dyngroups with memberof 2020-02-04 16:36:42 +00:00
Quanah Gibson-Mount
165c632249 Move CONFIG_DELETE out from behind LDAP_DEVEL 2020-02-03 16:55:34 +00:00
Quanah Gibson-Mount
7244a7b6d8 ITS#8040 - Move LAZY_COMMIT to be active outside of LDAP_DEVEL 2020-02-02 19:02:18 +00:00
Quanah Gibson-Mount
0dbbe8c012 ITS#8040 - Fix missing ifdefs for LAZY_COMMIT 2020-02-02 19:00:34 +00:00
Quanah Gibson-Mount
707d2a9211 ITS#8966 - Remove DO_DSEE ifdef Remove ifdef for DO_DSEE as it's required to be defined for syncrepl.c to compile 2020-02-02 19:00:31 +00:00
Quanah Gibson-Mount
4d2fa65969 Remove LDAP_FEATURE_X_CANCHAINOPS from behind LDAP_DEVEL 2020-01-30 18:54:36 +00:00
Ondřej Kuzník
76c43165ea Remove LDAP_X_TXN and rename accordingly 2020-01-28 12:09:09 +00:00
Ondřej Kuzník
0cf2b12154 ITS#9156 Fix leftover typo 2020-01-27 14:11:59 +00:00
Ondřej Kuzník
16793977ff ITS#9156 Add pwdCheckModuleArg to ppolicy 2020-01-23 23:47:04 +00:00
Ondřej Kuzník
419b9ad202 ITS#9156 Implement pwdMaxIdle 2020-01-23 23:46:58 +00:00
Ondřej Kuzník
8c10b0481a ITS#9156 Implement pwdMinDelay and pwdMaxDelay 2020-01-23 23:46:54 +00:00
Ondřej Kuzník
c0ae078afd ITS#9156 Implement pwdStartTime and pwdEndTime 2020-01-23 23:46:50 +00:00
Ondřej Kuzník
9ce2d2f9d2 ITS#9156 Implement pwdMaxLength 2020-01-23 23:46:43 +00:00
Ondřej Kuzník
f60e41bc14 ITS#9156 Implement pwdGraceExpiry 2020-01-23 23:46:38 +00:00
Ondřej Kuzník
79728709e9 ITS#9156 Keep module info around for longer 2020-01-23 23:46:28 +00:00
Ondřej Kuzník
4bc54d104a ITS#9156 Update ppolicy schema to the latest draft 2020-01-23 23:46:16 +00:00
Ondřej Kuzník
44191183be ITS#9156 Move ppolicy schema into the module 2020-01-23 23:45:41 +00:00
Ondřej Kuzník
254b62b803 ITS#9126 Add a missed normalised copy of pwdChangedTime 2020-01-23 23:15:09 +00:00
Howard Chu
f860fff714 ITS#9121 more memberof tweaks 2020-01-21 23:36:56 +00:00
Howard Chu
8e2291275a ITS#9121 dynlist: fix not filters 2020-01-21 11:27:21 +00:00
Howard Chu
c06807ec45 ITS#9120 fix tm2time compat breakage 
Add lutil_tm2gtime for Proleptic Gregorian calendar,
revert lutil_tm2time to previous behavior using Unix epoch
 2020-01-19 19:05:04 +00:00
Howard Chu
e7538fa462 ITS#9154 back-mdb add number of entries to cn=monitor 2020-01-18 12:53:07 +00:00
Howard Chu
cb42a6e91a ITS#9121 fix memberOf eval 
Must disable ACL group caching when checking membership
 2020-01-17 14:49:58 +00:00
Howard Chu
9a8d7f305b ITS#9150 fix nosync FALSE config 2020-01-11 04:24:54 +00:00
Quanah Gibson-Mount
f6ad222e41 Happy New Year! 2020-01-09 16:50:21 +00:00
Howard Chu
57dbe995b8 ITS#9146 syncprov: fix sessionlog init 2020-01-08 22:22:14 +00:00
Ondřej Kuzník
8550e91fcc ITS#9124 BerElement sits on the stack 2020-01-03 11:49:17 +00:00
Howard Chu
14d4215bc1 ITS#9121 more for dynamic memmber/memberOf 2019-12-18 20:37:58 +00:00
Howard Chu
62ec3d99c0 ITS#9121 schema update for prev commit 2019-12-18 20:34:50 +00:00
Howard Chu
c458744e32 ITS#9121 cleanup 
Delete unused code, add comments
 2019-12-16 18:42:57 +00:00
Howard Chu
90b0abd894 ITS#9121 dynlist enhancements 
1) allow filtering on dynamic attribute values
2) populate an optionally configured memberOf attribute

test044 script still needs to be extended to test these
enhancements. We need to define an interim attributeType
for testing memberOf functionality.
 2019-12-16 18:31:12 +00:00
Arvid Requate
44a7b4632e ITS#9128 fix bus error in strchrlen 2019-12-04 20:50:44 +00:00
Ondřej Kuzník
b71235ac45 ITS#8629 Make sure pwcons is around for slapauth 
Long term, overlay callbacks should not be running in tool mode at all.
 2019-12-02 13:28:10 +00:00
Howard Chu
1a0ab3d269 ITS#9125 check HAVE_TLS 2019-12-01 19:04:27 +00:00
Ondřej Kuzník
1dbf0e9441 ITS#9124 Check we have data to process in Cancel Exop 2019-11-29 10:04:08 +00:00
Howard Chu
63922b076c ITS#9119 fix global operation counter reporting 2019-11-15 16:26:14 +00:00
Howard Chu
4d7be1c161 ITS#9112 cleaner error handling during connection setup 
And additional debug code for tracking errant close()s
 2019-10-28 23:01:08 +00:00
Howard Chu
230b469669 ITS#9100 relax domainScope check for absent value 2019-10-28 19:01:36 +00:00
Howard Chu
379f138098 ITS#9091 drop attr mappings added in an aborted txn 
If a txn is aborted in id2entry_put, attribute index mappings
added during that txn must also be dropped from memory.
 2019-10-14 18:34:07 +01:00
Howard Chu
4bc333c5e7 ITS#9095 insert missing commit at end of slapindex processing 2019-10-11 20:48:51 +01:00
Ondřej Kuzník
81025cc8bf ITS#9077 Let the loop finish 2019-09-23 16:37:38 +01:00
Ondřej Kuzník
dc3e450104 ITS#8731 Remove extra args 2019-09-10 19:00:24 +01:00
Ondřej Kuzník
a14fb731ac ITS#9076 Set oldctrls correctly 2019-09-10 19:00:24 +01:00
Julia Bremer
8514f2a771 ITS#9067 fix syntax evaluation of preferredDeliveryMethod 2019-08-26 17:14:25 +01:00
Howard Chu
92b03e82e0 ITS#7657 honor unchecked limit 2019-07-17 10:17:43 +01:00
Howard Chu
e90e8c7d3c ITS#7657 back-mdb improve alias deref 
Don't search for scopes of entries with no children
 2019-07-15 16:47:18 +01:00
Ondřej Kuzník
230b853488 ITS#8427 Take late TLS configuration into account 2019-07-15 17:01:08 +02:00
Howard Chu
5fec7b777f ITS#8977 don't use any stack allocated IDLs 
Trying again, fixed previous attempt
 2019-07-11 15:47:03 +01:00
Howard Chu
0fa0f8ff07 ITS#9052 zero out sasl_ssf in connection_init 2019-07-10 21:29:39 +01:00
Howard Chu
f6766f1a1f Revert "ITS#8977 don't use any stack allocated IDLs" 
This reverts commit bfe9152c4c.
 2019-07-03 17:20:34 +01:00
Howard Chu
bfe9152c4c ITS#8977 don't use any stack allocated IDLs 2019-07-03 16:59:53 +01:00
Howard Chu
ec411582d6 ITS#8977 make sure olcBackend entry is created 2019-06-27 15:33:09 +01:00
Ondřej Kuzník
c06dc95cf9 ITS#8799 Let the common backend be configured through cn=config 2019-06-20 17:03:27 +02:00
Ondřej Kuzník
747679256c Resolve conflict between ITS#7492 and ITS#7520 2019-06-20 17:03:27 +02:00
Ondřej Kuzník
75e0eba1f7 ITS#9000 memberof: noop a noop rename 2019-06-20 16:55:13 +02:00
Howard Chu
fbe5611e60 ITS#9038 restrict rootDN proxyauthz to its own DBs. 
Treat as normal user for any other DB.
 2019-06-19 12:40:19 +01:00
Quanah Gibson-Mount
bc61773904 ITS#8286 - Add missing matching rules 
Add missing matching rules for the cn=config schema elements for:

slapd-null
slapd-relay
slapo-chain
 2019-06-18 17:31:55 +00:00
Quanah Gibson-Mount
85ccf7bbac ITS#8997 - Fix segfault by setting return code value 
Fix case with back-ldap where an entry was returned but didn't match the filter being applied by setting the return code value before dropping to cleanup.
 2019-06-17 17:15:00 +00:00
Ondřej Kuzník
be55ce8087 ITS#8637 Reject multiple chain URIs just like slapd.conf 2019-06-17 16:05:44 +00:00
HAMANO Tsukasa
77119a1f6f ITS#8349 - Fix ppolicy behavior when pwdInHistory is changed 2019-06-17 15:55:15 +00:00
Ondřej Kuzník
d40b357f5d ITS#8964 Do not free original filter 2019-06-17 12:49:25 +02:00
Ondřej Kuzník
02df0b485a ITS#8427 Only do StartTLS if configured 2019-06-13 12:12:54 +02:00
Ondřej Kuzník
1273a38eda ITS#8427 Set up TLS settings on each reconnection 2019-06-12 16:40:04 +02:00
Quanah Gibson-Mount
ec2cb12e68 ITS#9010 - Delete back-bdb/back-hdb 
This commits deletes all references and code for back-bdb and back-hdb.
There is some follow up work still necessary to flush out the admin
guide for back-mdb.
 2019-05-13 17:20:28 +00:00
Ondřej Kuzník
5957cbb660 ITS#8743 Initialise the metafilter we allocate 2019-05-13 13:07:11 +01:00
Ondřej Kuzník
7ca538ff87 ITS#9015 Treat an empty cookie from a FALLBACK search as a success 2019-05-08 15:42:12 +01:00
Ondřej Kuzník
abcf0e8f23 ITS#9015 Don't generate contextCSN on empty DB 2019-05-08 15:42:12 +01:00
Ondřej Kuzník
1df2b85c32 ITS#9015 Generate contextCSN unless we're a pure replica. 
Essentially reverts part of cd8ff37629 to
make sure there is always a contextCSN if the server is in charge of its
own serverID.
 2019-05-08 15:42:12 +01:00
Howard Chu
c42c996966 ITS#9012 one more Win64 fix 
Was omitted from dda779d83e
 2019-04-21 22:10:03 +01:00
Ondřej Kuzník
3bda24173d Do not leak memory in slappasswd 2019-03-27 10:54:42 +00:00
Howard Chu
8b7f21c7aa ITS#8999 more for prev commit 2019-03-26 13:12:26 +00:00
Howard Chu
d8c90a2fee ITS#8999 fix telephoneNumberNormalize, cert DN validation 2019-03-26 11:18:55 +00:00
Howard Chu
47102fcced Add persist support 2019-03-20 08:47:48 -07:00
Howard Chu
4534528fe1 ITS#8990 pickup SLAP_MOD_SOFT modops 2019-03-11 18:52:26 +00:00
Howard Chu
c825edf67e ITS#8989 fix bitshift integer overflow 2019-03-10 14:26:08 +00:00
Quanah Gibson-Mount
a32cab8b72 write waiter handling cleanup 
Follow on to commit 88d22a1ca3

Remove dead code
 2019-03-07 23:31:44 +00:00
Nadezhda Ivanova
ea1eb19303 Use LDAP_OPT_KEEPCONN to prevent the target connection from being freed 
On error, the ldap connection was freed and under some circumstances the fd was being reused,
which caused an assertion error in connection_init.
 2019-02-28 17:28:04 +00:00
Nadezhda Ivanova
e9fa4af4d8 Move initialization of Connection mutexes to connections_init 2019-02-28 17:27:45 +00:00
Nadezhda Ivanova
bb7e14d201 ITS#8734 Fixes for many back-asyncmeta issues 
Includes all the changes necessary to fix back-asyncmeta issues
discovered during on-site testing since the start of 2016.
These include:
Issues with stability - crashes and assetion failures
Incorrect behavior during unstable network conditions, such as inability to reset connections
or process responses, or "hanging" to wait for a response that would never be received.
Memory leaks and memory management fixes - major redesign of the way back-asyncmeta
works with memory contexts.
Rewrite was replaced with suffix-massage in configuration, and the network-timeout value was changed to milliseconds.
Incorrect behavior when SASL is used to bind to a target.
Many problems caused by race conditions
Fixes for compiler warnings, and tests.
Cleanup of unused code.
 2019-02-28 16:22:11 +00:00
Ondřej Kuzník
117dcbc54d Silence compiler warnings 2019-02-19 10:28:08 +00:00
Ondřej Kuzník
f4a68297a0 Actually check for mi->bi_extra 2019-02-19 10:28:08 +00:00
Ondřej Kuzník
cd914149a6 Make prototypes available where needed 2019-02-19 10:26:39 +00:00
Ondřej Kuzník
7a98f7de5d ITS#8731 Remove more unused buffers 2019-02-19 10:24:43 +00:00
Howard Chu
d26b1049de ITS#8977 missed a commit 2019-02-16 13:51:56 +00:00
Ondřej Kuzník
cf9fea9379 ITS#8731 Manual adjustment post doc/devel/variadic_debug/07-shortcut.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
76df74dbea ITS#8731 Apply doc/devel/variadic_debug/07-shortcut.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
abbabbb3d7 ITS#8731 Manual work not picked up by coccinelle 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
97a310b312 ITS#8731 Apply doc/devel/variadic_debug/04-variadic.cocci 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
e1e643ea41 ITS#8731 Manual adjustments 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
254d2adab0 ITS#8731 Rework logging 2019-02-15 16:51:53 +00:00
Ondřej Kuzník
129dcfbd86 ITS#8731 General Debug() related fixes 2019-02-15 16:51:53 +00:00
Howard Chu
a70b887e6c ITS#8977 fix prev commit 2019-02-15 16:12:41 +00:00
Howard Chu
c8b806b676 ITS#8977 make IDL size configurable 2019-02-15 14:37:51 +00:00
Nadezhda Ivanova
17f1e32b65 ITS#8841 Fix an assertion error in back-meta when network interface is unavailable 
Because an API error code was assigned to sr_err, on network error back-meta would cause
an assert error at result.c: 830

assert( !LDAP_API_ERROR( rs->sr_err ) );
 2019-02-14 14:41:42 +00:00
Howard Chu
6e2bac6465 ITS#7770 schema fixup 2019-02-04 02:50:17 +00:00
Howard Chu
e19c683c41 ITS#7770 add mdb_stat info to cn=monitor 2019-02-03 11:08:24 +00:00
Howard Chu
299a6ca0f4 ITS#8971 tweak prev commit 
Check for BVISNULL, maybe rootDSE is a valid reqDN
 2019-02-02 22:48:53 +00:00
Howard Chu
f052e94593 ITS#8971 most exops have no reqDN 2019-02-02 21:45:04 +00:00
Howard Chu
765dfaf0e4 ITS#8963 use BIND timeout for start_tls 
Since we only support it in conjunction with Bind anyway, not
as a standalone op
 2019-01-31 23:37:03 +00:00
Howard Chu
86b486e20a Schema cleanup 2019-01-30 14:06:09 +00:00
Howard Chu
e8c62bf8b4 ITS#8966 add changelog support to syncrepl consumer 
Tested against DSEE7. The DSEE binaries must be in your path to run the test script.
 2019-01-29 18:51:43 -08:00
Howard Chu
7b587018ec ITS#8472 only do index cleanup if DB is running 2019-01-25 18:11:58 +00:00
Howard Chu
e33d1c5461 ITS#6300 fix kqueue initialization 2019-01-15 21:39:46 +00:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Ondřej Kuzník
518e857c03 ITS#8663 Fix memberof SLAP_CONFIG_EMIT 2019-01-14 11:44:35 +00:00
Howard Chu
054c91335b ITS#8952 use msec for epoll / devpoll event wait 2019-01-02 21:51:48 +00:00
Howard Chu
dd760f2abc More for NULL modrdn modlist 2018-12-22 12:58:08 -08:00
Howard Chu
43d5d99494 More for NULL modrdn modlist 2018-12-22 10:40:59 -08:00
Howard Chu
ff6a671e64 MSAD dirsync fixes 
Don't hijack whenCreated attribute for createTimestamp
Don't add RDN to entry on modrdn
free cookie on cleanup
 2018-12-22 09:08:10 -08:00
Howard Chu
48461cbf7f Allow NULL modlist in modrdn 
For compat with MSAD which doesn't add the naming attribute to
the entry during a rename
 2018-12-22 09:00:34 -08:00
Howard Chu
6e6e6083b0 cleanup attr.c 
rename attr_list to attrs_list to avoid confusion with at.c in gdb
 2018-12-22 08:59:20 -08:00
Howard Chu
b4364baca7 Dirsync delete/modrdn fixes 
Delete could try to queue a NULL syncCSN (dirsync has none)
Modrdn could try to delete a nonexistent oldRDN (leftover from #7144)
 2018-12-22 05:21:56 -08:00
Thorsten Glaser
e0a7049ee5 ITS#8890 fix benign typos 
No functional impact
 2018-12-18 22:56:18 +00:00
Howard Chu
d8f8a60be8 More for privateKey tweak 
Leave olcTLSCertificateKey as its own attr, not a subtype
 2018-12-18 21:59:59 +00:00
Howard Chu
0e8c2d5a54 Tweak privateKey schema 
We're using PKCS#8 syntax, drop the OpenLDAP syntax OID.
Rename attribute accordingly.
Tweak validator to accept encrypted keys.
 2018-12-18 21:27:24 +00:00
Quanah Gibson-Mount
4e23cfc4a9 ITS#8286 - Additional fixes 
Fix incorrect matching rules for olcTLSCertificateKey and olcDbCryptKey
Fix SYNTAX for olcRootPW to be octetString
 2018-12-18 21:05:09 +00:00
Quanah Gibson-Mount
71a5d7cc0f Fix integerMatch to booleanMatch 2018-12-18 19:26:37 +00:00
Quanah Gibson-Mount
3add82a3bb ITS#8286 -- Add matching rules for attributes 
Add matching rules for all cases where it was missing.  Cleanup
incorrect types for a few attributes as well.  Fix network-timeout
handling in back-ldap/meta/asyncmeta.
 2018-12-18 19:14:06 +00:00
Ondřej Kuzník
c29542c418 ITS#8845 sc_extendedops is read-only 2018-12-18 18:34:23 +01:00
Howard Chu
190fccbcdc Missed a schema conflict 2018-12-17 16:21:03 -08:00
Howard Chu
9cc97ea9e1 MS AD DirSync support 
Requires "attribute_option range=" in config.
No test script provided yet, since testing requires an actual AD server.
 2018-12-17 16:11:25 -08:00
Howard Chu
2731ff0c23 ITS#5927 additional fix 
Fix 2ee43073e9 to recognize range tags
 2018-12-17 13:44:25 -08:00
Howard Chu
12dbcc0eb3 More for revert batched writes 2018-12-14 12:39:07 -08:00
Howard Chu
79ced664b8 Revert batched writes experimental code 
Reverts
bea2c5d438
535cf92ff4
5a3a54333c
afa9a9c3e0
due to backend deadlocks
 2018-12-13 06:34:54 -08:00
Howard Chu
6081a0307c ITS#8752 cleanup prev commit 2018-12-06 10:26:33 -08:00
Howard Chu
34823321c3 ITS#8752 more for accesslog deadlock 
Restructure response/cleanup invocation to avoid cleanup happening before response
 2018-12-06 10:03:27 -08:00
Howard Chu
a4fddc7b11 ITS#8932 check rdnNormalize success 2018-11-09 21:16:10 +00:00
Ondřej Kuzník
04a52cef40 ITS#8927 ppolicy: accept replicated changes even in MMR 2018-10-31 09:51:22 +00:00
Ondřej Kuzník
c351616ccd ITS#8866 Fix use-after free 2018-10-26 15:16:41 +01:00
Quanah Gibson-Mount
cd82de56c8 ITS#8866 (cont) slapo-unique 
use correct memory allocation/free functions
 2018-10-26 01:58:35 +00:00
Michael Ströder
7359a5413a ITS#8866 slapo-unique to return filter used in diagnostic message 2018-10-26 01:54:39 +00:00
Ondřej Kuzník
a2d93d69f0 ITS#8772 Remove reliance on the local rmutex implementation 2018-10-19 13:08:10 +01:00
Nadezhda Ivanova
33876e22d6 ITS#8859 Allow backends which do not need a database to work 2018-10-19 13:08:09 +01:00
Nadezhda Ivanova
d10fc664f7 ITS#8859 Enable backend configuration 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
1f2caff7b9 ITS#8859 Record the correct RDN 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
7127d5db11 ITS#8850 Wait until backends are closed before freeing connection_pool 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
f4e824c8da ITS#8849 Introduce (un)pause callbacks to backends 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
0f4d656a57 ITS#8849 Use server pause facility during config changes 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
fa2ba35ae8 ITS#8849 Introduce slap_(un)pause_server 2018-10-19 13:08:09 +01:00
Ondřej Kuzník
df83989f0f Skip ITS#6545 transition markers when we change mod op 2018-10-18 10:41:43 +01:00
Howard Chu
1e30640037 ITS#8923 fix dyngroup NO_SUCH_OBJECT error handling 2018-10-03 21:58:32 +01:00
Howard Chu
38f95b9ab8 ITS#8918 fix typo 2018-09-24 13:47:09 +01:00
Howard Chu
78229b3a5b ITS#8912 omit hidden DBs from rootDse 2018-09-05 11:42:05 +01:00
Howard Chu
a29391d495 More for multival 
fix index record detection
 2018-09-01 13:07:58 +01:00
Howard Chu
ba80b97505 Fix index delete 
Deleting all indices should also reset default mask
 2018-08-31 14:33:22 +01:00
Howard Chu
83acffd83c More for multival 
Fix clashes with index records
 2018-08-31 14:27:23 +01:00
Howard Chu
8ec9a3bcca More for multival 
Tweak config validity check
 2018-08-30 15:47:16 +01:00
Howard Chu
111329a2dc More for back-mdb multival 
Allow configuring thresholds for specific attributes
 2018-08-30 11:24:25 +01:00
Howard Chu
6c221e7730 ITS#8909 additional tweak 
Set error code on failure
 2018-08-29 02:02:13 +01:00
Howard Chu
36e4dd2828 ITS#8909 fix "authz-policy all" condition 
Broken since original commit 113727ba
 2018-08-29 01:14:19 +01:00
Ondřej Kuzník
0f320b3442 Fail if we can't change to a directory 2018-07-25 16:19:54 +01:00
Howard Chu
776de6d796 More for back-mdb multival 
Make sure a->a_numvals matches id2v counts
 2018-07-18 17:58:10 +01:00
Ondřej Kuzník
b06f5b0493 ITS#8663 Improve memberof cn=config handling 2018-07-02 16:19:54 +01:00
Ondřej Kuzník
dac02c7ef1 ITS#8667 Do not finish glue initialisation in tool mode unless requested 2018-07-02 16:19:48 +01:00
Ondřej Kuzník
242ab9c6ef ITS#8845 Recognise control-exop compatibility 2018-07-02 16:18:26 +01:00
Howard Chu
8568716376 ITS#8868 don't convert IDL to range needlessly 
in idl_intersection. It may lose precision in a subsequent union.
 2018-06-22 00:31:04 +01:00
Ondřej Kuzník
8a259e3df1 ITS#8573 allow all libldap options in tools -o option 2018-06-14 16:19:10 +01:00
Howard Chu
5292fb3a3b Fix ldif-wrap errmsg typo 2018-06-13 16:19:04 +01:00
Howard Chu
9069cbe543 ITS#8616 don't check for existing value when deleting values 2018-05-24 17:53:10 +01:00
Ondřej Kuzník
77e87690c0 Make syntax highlighting/folding happier 2018-05-10 11:58:21 +01:00
Howard Chu
0ba50a1d06 ITS#8843 check for NULL modlist 2018-05-02 16:51:49 +01:00
Quanah Gibson-Mount
f32384ef44 ITS#8840 Fix domainScope control to ensure the control value is absent as per Microsoft specification (https://msdn.microsoft.com/en-us/library/aa366979%28v=vs.85%29.aspx). 2018-04-30 17:33:22 +00:00
Quanah Gibson-Mount
59e9ff6243 Happy New Year 2018-03-22 15:35:24 +00:00
Howard Chu
8300eee017 back-mdb Multival fixes 
Fix multival logic on Replace
Fix return codes from modify_internal, id2entry_put
 2018-02-28 22:37:38 +00:00
Howard Chu
08851a8200 ITS#8789 revert previous patch 
And try another approach. Always write contextCSN updates, but
don't set dont_replicate for updates we want propagated.
 2018-02-28 22:19:57 +00:00
Howard Chu
e0cc94a0b7 ITS#8789 avoid unnecessary writes of context entry 
If syncprov is present, only write contextCSN attribute on
actual state changes, not on per-entry modifications.
Continue to update in-memory cookieState. Saves overhead,
syncprov will eventually checkpoint it into the DB anyway.
 2018-02-21 19:51:59 +00:00
Howard Chu
434c306cbe Add debug msg if adding entry to logDB fails 2018-02-21 19:50:45 +00:00
Howard Chu
9fc6b894ec ITS#8752 accesslog: partially revert 3bb8b737ed 2018-02-21 19:48:02 +00:00
Howard Chu
dc3b3be429 ITS#8486 Don't keep sl_mutex locked when playing the sessionlog 2018-02-11 16:47:47 +00:00
Howard Chu
0c1ebd178c ITS#8801 Fix CSN queue processing 2018-02-08 00:18:00 +00:00
Howard Chu
4d1077ffa4 ITS#8800 remove originator check in syncprov_search_response 
Let the entryCSN check do all the work. Reloading a server from an old
backup needs this to go thru.
 2018-02-08 00:17:07 +00:00
Howard Chu
0eb577632f ITS#8607 Don't record checkpoints 2018-02-08 00:16:50 +00:00
Howard Chu
ca7f697e14 ITS#8100 fixes for delta-syncrepl with empty accesslog 
Update syncprov contextCSNs when context entry is added.
Fix accesslog to properly tag Add op when adding context entry.
 2018-01-30 21:40:05 +00:00
Ondřej Kuzník
52f7daab01 ITS#8796 Fix SSF reset 
Maintain the SSF across SASL binds.
 2018-01-15 16:58:58 +00:00
Hallvard Furuseth
57253688b3 ITS#8778 Fix telephoneNumberNormalize("-" or " ") 2017-11-26 21:22:23 +01:00
Quanah Gibson-Mount
c5b73dd85b ITS#6300 -- Update for multi-listener support 2017-10-19 14:55:01 -07:00
Bryan Duncan
a25046535c ITS #6300: Added support for using kqueue in slapd (for systems that support kqueue(2). 
Patch obtained from:
        http://public.me.com/bryan.duncan/bryan-duncan.kqueue.090922.patch

 # This patch file is derived from OpenLDAP Software. All of the
 # modifications to OpenLDAP Software represented in the following
 # patch(es) were developed by Apple.  I, Bryan Duncan, am authorized by
 # Apple, my employer, to release this work under the following terms.
 #
 # Copyright 2009 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted only as authorized by the OpenLDAP
 # Public License.
 #
 # A copy of this license is available in file LICENSE in the
 # top-level directory of the distribution or, alternatively, at
 # http://www.OpenLDAP.org/license.html.
 #
 2017-10-19 14:54:50 -07:00
Howard Chu
3bb8b737ed ITS#8752 accesslog: cleanup should only be called on failures 2017-10-14 11:22:53 +01:00
Howard Chu
03ee55d725 Revert "ITS#8752 ppolicy: don't call same cleanup twice" 
This reverts commit 1c963f4739.

Revert "ITS#8752 make sure all cleanups are called in overlay_op_walk"

This reverts commit b0ad788b8a.
 2017-10-13 18:47:25 +01:00
Howard Chu
1c963f4739 ITS#8752 ppolicy: don't call same cleanup twice 
fallout from b0ad788b8a
 2017-10-13 17:39:37 +01:00
Howard Chu
0d7489b908 ITS#8752 fix syncrepl deadlock from updateCookie 
Must release cookieState->cs_mutex before invoking backend.
Add a condvar to serialize calls of updateCookie, so we can
release the mutex and still update sequentially.

Also added tid logging, useful in conjunction with
7ab0e1aff0cc48cdfb299ca7dbd27900a9e3d1a8
 2017-10-13 17:28:57 +01:00
Howard Chu
4a574324fd ITS#8752 additional debug info, thread ID of rmutex lockers 2017-10-13 17:28:46 +01:00
Howard Chu
b0ad788b8a ITS#8752 make sure all cleanups are called in overlay_op_walk 2017-10-13 17:28:38 +01:00
Howard Chu
065b315f0d fix syncprov_qtask race, test062 crashes 
Keep s_mutex locked until we know we're removed from queue.
Remember qtask cookie so we can retract if ineeded when deleting
the overlay from running slapd.

config_delete is still unsafe, overlay_remove is running with active
threadpool instead of paused pool.
 2017-10-13 17:28:28 +01:00
Josh Soref
10566c8be3 ITS#8605 - spelling fixes 
* javascript
* kernel
* ldap
* length
* macros
* maintained
* manager
* matching
* maximum
* mechanism
* memory
* method
* mimic
* minimum
* modifiable
* modifiers
* modifying
* multiple
* necessary
* normalized
* objectclass
* occurrence
* occurring
* offered
* operation
* original
* overridden
* parameter
* permanent
* preemptively
* printable
* protocol
* provider
* really
* redistribution
* referenced
* refresh
* regardless
* registered
* request
* reserved
* resource
* response
* sanity
* separated
* setconcurrency
* should
* specially
* specifies
* structure
* structures
* subordinates
* substitution
* succeed
* successful
* successfully
* sudoers
* sufficient
* superiors
* supported
* synchronization
* terminated
* they're
* through
* traffic
* transparent
* unsigned
* unsupported
* version
* absence
* achieves
* adamson
* additional
* address
* against
* appropriate
* architecture
* associated
* async
* attribute
* authentication
* authorized
* auxiliary
* available
* begin
* beginning
* buffered
* canonical
* certificate
* charray
* check
* class
* compatibility
* compilation
* component
* configurable
* configuration
* configure
* conjunction
* constraints
* constructor
* contained
* containing
* continued
* control
* convenience
* correspond
* credentials
* cyrillic
* database
* definitions
* deloldrdn
* dereferencing
* destroy
* distinguish
* documentation
* emmanuel
* enabled
* entry
* enumerated
* everything
* exhaustive
* existence
* existing
* explicitly
* extract
* fallthru
* fashion
* february
* finally
* function
* generically
* groupname
* happened
* implementation
* including
* initialization
* initializes
* insensitive
* instantiated
* instantiation
* integral
* internal
* iterate
 2017-10-11 14:39:38 -07:00
Quanah Gibson-Mount
fd5ad3ef39 ITS#8527 - Add additional debug logging on consumer/provider state when the consumer has a newer cookie than the provider 2017-10-11 14:32:25 -07:00
Ondřej Kuzník
3258bf40eb ITS#8291 Reopen cursor after delete 2017-10-11 14:32:08 -07:00
Emmanuel Lécharny
77408ac781 ITS#8153 - olcTimeLimit should be Single Value 2017-10-11 14:31:51 -07:00
Ivan Nejgebauer
cb9a4d01bc ITS#8037 - Add support for relax control to delta-syncrepl 2017-10-11 14:31:45 -07:00
Michael Ströder
636b63b5fd ITS#8692 let back-sock generate increment: line in case of LDAP_MOD_INCREMENT (see RFC 4525, section 3) 2017-10-11 13:04:38 -07:00
sca+openldap@andreasschulze.de
90835da72f ITS#8578 - remove unused-variables in RE24 testing call (2.4.45) 2017-10-06 10:45:08 -07:00
Nadezhda Ivanova
da170cbe3b ITS#8404 Fix an assertion failure during modify of olcDbRewrite in back-meta 2017-10-06 10:44:54 -07:00
Ted C. Cheng
e20ac6b539 ITS#7520 - back-ldap omit-unknown-schema changes 2017-10-06 10:44:31 -07:00
Ondřej Kuzník
08492987a0 ITS#7100 Update entryTtl behaviour to match RFC 2589 2017-10-06 10:43:48 -07:00
Howard Chu
70e54d2527 ITS#8752 fix syncrepl null_callback 
Make sure it's last in callback stack
 2017-10-05 22:13:39 +01:00
Quanah Gibson-Mount
0d4cd89786 LDAP_FEATURE_SUBORDINATE_SCOPE is from expired draft-sermersheim-ldap-subordinate-scope, leave behind LDAP_DEVEL 2017-09-26 11:51:27 -07:00
Quanah Gibson-Mount
30e2a904dc Move a bunch of featuers back behind LDAP_DEVEL for 2.5 
SLAP_AUXPROP_DONTUSECOPY is ok for release
 2017-09-26 11:35:50 -07:00
Quanah Gibson-Mount
86105092bd CHECK_CSN is a debug only flag for testing. It should always remain 
behind LDAP_DEVEL
 2017-09-26 11:30:50 -07:00
Quanah Gibson-Mount
a9ff0e97fc ITS#6817 - back-meta work for SLAP_AUTH_DN was never finished according 
to the ITS notes.  In addition, this would need man page updates for the
feature
 2017-09-26 11:27:15 -07:00
Quanah Gibson-Mount
41a9010773 The support for unindexed attributes being tracked in back-monitor needs 
to remain behind LDAP_DEVEL for now.  Right now, the mutex in
back-monitor cannot properly handle the load if the server had a lot
of unindexed attributes that were being accessed in search filters.
 2017-09-26 11:04:45 -07:00
Quanah Gibson-Mount
7246da8a66 Whitespace cleanup 2017-09-26 10:33:01 -07:00
Quanah Gibson-Mount
04cfd144d9 Fix additional compile for /dev/poll support. /dev/poll is neither tested nor supported. 2017-09-22 12:05:18 -07:00
Quanah Gibson-Mount
2085def079 Merge branch 'master' of ssh://git-master.openldap.org/~git/git/openldap 2017-09-19 15:21:56 -07:00
Quanah Gibson-Mount
09bec057e5 Fix calls to SLAP_DEVPOLL_SOCK_LX for multi-listener support. Support 
for /dev/poll is neither enabled nor tested, so other issues may exist.
 2017-09-19 15:20:56 -07:00
Howard Chu
20e46d8494 ITS#8725 fix 75999a18c3 
Not needed since callback uses tmpalloc
 2017-09-08 21:36:05 +01:00
Nadezhda Ivanova
82737719c8 ITS#8725 Always remove listener descriptors from daemon on shutdown 2017-09-08 19:43:59 +01:00
Howard Chu
db3909d27d ITS#8725 add slap_sl_mark / slap_sl_release 
For fast cleanup after constructing disposable entries
 2017-09-08 17:39:22 +01:00
Howard Chu
68e064ca84 ITS#8725 Avoid listener thread startup race 
Typically only shows up under valgrind, not in regular runs
 2017-09-08 17:39:22 +01:00
Howard Chu
8b1fb962fc ITS#8725 connection fixes 
Fix op_finish, must resched connection to pick up pending ops.
Fix op completion counter.
 2017-09-08 17:39:14 +01:00
Howard Chu
63308ef6bb ITS#8725 backover fixes for async 
Fix some valgrind race conditions - wait for frontend to finish up
Don't set callbacks for abandon or unbind - since they have no response
Use tmpalloc for backover callback
 2017-09-08 17:25:55 +01:00
Nadezhda Ivanova
c6e00c7b0f ITS#8725 Fix an invalid data access during add operations if backend is asynchronous 2017-09-08 16:51:27 +01:00
Howard Chu
75999a18c3 ITS#8725 Add SLAPD_ASYNCOP return code 
Tell frontend the op will finish asynchronously, leave it alone
 2017-09-07 18:07:39 +01:00
Howard Chu
afa861bf22 ITS#8719 add crypt_r() support 2017-09-06 21:25:16 +01:00
Michael Ströder
b65e0b5731 ITS#8714 Send out EXTENDED operation message from back-sock 2017-09-06 15:32:28 +01:00
Howard Chu
bb62d9cb73 ITS#8270 use the configured exop timeout for StartTLS 
Also, there's no need for a retry loop here. Just wait for
the specified timeout or give up.
 2017-08-31 16:53:45 +01:00
Ondřej Kuzník
9e156bf914 ITS#8444 Do not clear the pending operation when checkpointing 
When a checkpoint happens, if we remove the CSN from the pending list,
accesslog won't pass it onto the accesslog DB. But in a delta-mmr
scenario, an accesslog entry without a CSN faces a race where it might
be applied twice - that usually fails and causes a full refresh, other
times it can cause a silent desync - both are undesirable.
 2017-08-25 16:52:13 +01:00
Howard Chu
a9f462d615 ITS#8690 one more time 2017-08-04 20:58:07 +01:00
Howard Chu
c9e56b80f3 ITS#8690 fix again 2017-08-04 13:40:34 +01:00
Howard Chu
bcc6601091 Revert "ITS#8690 refix" 
This reverts commit a5f3a2885c.
 2017-08-04 13:34:03 +01:00
Howard Chu
a5f3a2885c ITS#8690 refix 
Don't double-queue delete ops
 2017-08-02 00:52:13 +01:00
Howard Chu
221dd43399 ITS#8226 optimization 
Don't release read txn unless there has actually been a new write txn
 2017-08-01 22:08:50 +01:00
Howard Chu
9827569ff0 ITS#8690 fix prev commit 2017-08-01 21:57:02 +01:00
Howard Chu
5bd89a1f1f Cleanup uninit'd vars 2017-08-01 21:47:15 +01:00
Howard Chu
1fbc0dff88 ITS#8690 plug memleak on Delete ops 2017-07-21 19:04:08 +01:00
Quanah Gibson-Mount
50d1588b2e ITS#8697 - For Windows builds with newer MINGW, remove refptr symbols 
mappings from slapd.def
 2017-07-20 17:11:01 -07:00
Howard Chu
375db33d13 ITS#8678 temporary hack 2017-06-22 18:09:48 +01:00
Ryan Tandy
0cee1ffb60 ITS#8655 fix double free on paged search with pagesize 0 
Fixes a double free when a search includes the Paged Results control
with a page size of 0 and the search base matches the filter.
 2017-05-20 18:28:54 +00:00
Kevin Lam
11bf6bc10a ITS#8592 Fix double free in sssvlv overlay 2017-04-26 11:05:00 -07:00
Howard Chu
2975a1d6f1 Tweaks for OpenSSL 1.1 API deprecations 2017-04-19 20:19:09 +01:00
Howard Chu
c0ff8e8a21 Delete extraneous #define 
Was only for convenience during testing
 2017-04-19 19:27:02 +01:00
Quanah Gibson-Mount
87f3477626 Fix autoca build with OpenSSL 1.1.0 2017-04-18 13:40:05 -07:00
Ondřej Kuzník
1b14198ad9 ITS#8631 Initialize sal 2017-04-10 14:24:56 +01:00
Howard Chu
29833786ad Cleanup unused vars 2017-04-10 00:54:21 +01:00
Howard Chu
d089b3c0d1 Tweak privateKeyValidate 
Only accept PKCS#8 private keys
 2017-04-10 00:51:09 +01:00
Howard Chu
25dc9e99ea Cleanup warnings, unused vars, etc. 2017-04-09 23:42:22 +01:00
Howard Chu
cff264c6e1 Fix autoca schema init 
Wait for core.schema to get loaded
 2017-04-09 22:45:36 +01:00
Howard Chu
268f71cb27 autoca fixups 
Move install of CA cert to a pool thread, otherwise cn=config deadlocks
on dynamically loaded overlay.

Dup/release entry before attempting to modify it, to avoid deadlocks
in back-bdb/hdb.

Always use PKCS#8 format when storing private keys.
 2017-04-09 20:31:11 +01:00
Howard Chu
f33c7d1ee6 Fixup for ;binary config attrs 
Use the plain attributeDescription when searching config tables
 2017-04-09 20:29:47 +01:00
Howard Chu
0f9ec8322f Add localDN config 
If a cert is generated for this DN, configure it as the local
TLS cert/key
 2017-04-09 16:44:14 +01:00
Howard Chu
b939bb519e Set the CA cert in cn=config if none was already set 2017-04-09 15:42:17 +01:00
Howard Chu
c9ccdf8554 Fixup pause handling, silence warnings 
Don't try to resume the pool if pausing failed.
 2017-04-09 15:41:16 +01:00
Howard Chu
7b41feed83 Support setting cacert/cert/key directly in cn=config entry 2017-04-09 14:51:25 +01:00
Howard Chu
2860fd4c6c Move privateKey schema into slapd 2017-04-09 14:16:56 +01:00
Howard Chu
2012795d3b Add config support for binary values 
Use base64 for .conf files, straight binary for back-config
 2017-04-09 02:26:41 +01:00
Howard Chu
2b920ecaec Add autoca overlay 
Automated certificate authority
 2017-04-08 02:51:08 +01:00
Ondřej Kuzník
ec5af7b5e7 ITS#6545 Update accesslog format and syncrepl consumer 
Make two successive modifications of the same attribute separate. This
lets the consumer interpret the log entry the same way as the server
that produced it.

Still depends on the log entry attributes being read in the same order
as they were written.
 2017-04-07 14:39:07 -07:00
Ondřej Kuzník
46c85a32ae ITS#8266 Allow empty mods 2017-03-30 15:27:45 -07:00
Quanah Gibson-Mount
2c84446240 ITS#8587 - Fix typos 2017-03-29 10:44:55 -07:00
Ondřej Kuzník
e56a849e5d ITS#8625 Separate Avlnode and TAvlnode types 
Switch AVL_CHILD/AVL_THREAD values and set Avlnode bits to AVL_CHILD for
better compatibility between avl and tavl as suggested by Howard.
 2017-03-29 14:52:44 +01:00
Howard Chu
a0cc1d9655 ITS#8054 add queue time to log 
Show time spent in conn+threadpool queues before an op actually executes.
Also clean up timestamp handling
 2017-03-16 14:21:31 +00:00
Howard Chu
e12ca8b6fe Fixes for multiple threadpool queues 
Remove poolq_hash, it wasn't distributing work evenly to the queues.
Just walk through all queues and use the one with smallest
active+pending count. Since pool_retract also relied on the hash,
a different means of locating the thread to retract was needed.
Add pool_submit2 which returns the threadpool task structure,
and record which poolq this task lives on.
 2017-03-15 11:13:09 +00:00
Ondřej Kuzník
53c6c9d16b ITS#8574 - Deal with rDN correctly 
This fixes issues with values that need escaping in the rDN when an
incorrect value would be passed to the handler and back-ldif.
 2017-03-08 15:32:17 -08:00
Howard Chu
451a9623f3 ITS#8576 Revert "LDAP_TAILQ fix" 
This reverts commit 8ee8248328.
 2017-02-01 11:58:54 +00:00
Howard Chu
2e9f95cbac More for large multival attrs 
Fix 2335285502
Use custom dupsort function, pass attributeDescription in so
it can use the actual matching rule for sorting.
 2017-01-26 10:58:55 +00:00
Quanah Gibson-Mount
cf8dc030c0 ITS#8568 2017-01-15 15:11:53 -08:00
Quanah Gibson-Mount
1df85d3427 Happy New Year! 2017-01-03 12:36:47 -08:00
Howard Chu
e3c8beb8d0 Fix its6794 test 
Must NULL out indexing cursors when closing tool txn
 2016-12-21 14:39:47 +00:00
Quanah Gibson-Mount
131203ec5d More for multival attrs 
check for enumerated delete that deletes all values
 2016-11-03 15:50:26 -07:00
Howard Chu
589331ea75 More for ITS#8460 
accesslog can alter the timestamp on contextCSN updates
 2016-08-11 17:27:35 +01:00
Howard Chu
f6510ec83b ITS#8460 fix slap_op_time 
broken in 2d5996ac60
Was allowing tv_usec to exceed 999999
 2016-07-28 23:40:57 +01:00
Howard Chu
5e6aadd779 More for multival attrs 
Fix id2entry_delete when deleting last multival entry in DB
 2016-07-22 10:30:57 +01:00
Howard Chu
3d5601e0ba Fix a4c7943d39 
Modify/replace was broken if attr didn't already exist
 2016-07-21 00:36:32 +01:00
Hallvard Furuseth
3e2f62ed0b ITS#8442 Fix uninitialized rs->sr_text in back-meta 2016-06-12 10:18:50 +02:00
Hallvard Furuseth
4a961ed6ed Catch slapmodify entry setup errors 2016-06-12 08:35:25 +02:00
Hallvard Furuseth
1899118e91 ITS#8435 Move sc_writewait to end of slap_callback 
So any initializers in code predating sc_writewait
will find sc_private in the expected position.
 2016-06-12 08:31:18 +02:00
Hallvard Furuseth
23c5d6bbdd ITS#8435 Fix uninited slap_callback.sc_writewait 2016-06-12 08:30:58 +02:00
Howard Chu
92724fd39e ITS#8432 fix infinite looping mods in delta-mmr 2016-06-09 22:37:54 +01:00
Howard Chu
2e60bf5ed0 ITS#8428 init sc_writewait 2016-05-18 12:30:31 +01:00
Howard Chu
b7c1a5d6b8 ITS#8423 check for pause in accesslog_purge 2016-05-15 00:51:14 +01:00
Howard Chu
3efde72cbe ITS#8413 fix prev commit 
Filter needs AttributeAssertions
 2016-04-28 10:54:47 +01:00
Howard Chu
b61d02d942 ITS#8413 don't use str2filter on precomputable filters 
and more importantly, avoid escaping requirements that str2filter has
 2016-04-28 03:04:16 +01:00
Howard Chu
2335285502 More for large multival attrs 
We can't persist the sorted flag since the sort order between
DB and attr schema don't necessarily agree
 2016-04-01 18:49:59 +01:00
Nadezhda Ivanova
500398180e ITS#8303 Track pending ops per a_metasingleconn_t 
so that unused target connections can be properly reset.
 2016-02-29 17:09:00 +00:00
Nadezhda Ivanova
26f88817f6 ITS#8303 Fixed an assertion error during test022 
The error was introduced with
commit 6cafdfa8d8
 2016-02-29 17:08:51 +00:00
Howard Chu
76d9be0196 More for large multival attrs 
Fix a4c7943d39 entry delete
Ignore when id2v table is empty
 2016-02-05 21:59:43 +00:00
Howard Chu
d6f3440d94 ITS#8365 partially revert ITS#8281 
Must setup psearch before snapshotting ctxcsn
 2016-02-02 19:41:13 +00:00
Nadezhda Ivanova
6cafdfa8d8 ITS#8303 Asynchronous meta back-end for OpenLDAP 2016-02-01 14:35:47 +00:00
Howard Chu
a4c7943d39 Large multivalued attr support 
Store attrs with a large number of values separately from the
main entry blob. Note - we need support for large DUPSORT values
for this to be generally usable.
 2016-01-31 15:35:11 +00:00
Quanah Gibson-Mount
6c4d6c880b Happy New Year! 2016-01-29 13:32:05 -06:00
Quanah Gibson-Mount
606d633290 Minor fix BDB -> MDB 2016-01-29 13:21:55 -06:00
Howard Chu
4a9f4439be ITS#8360 tweak for LDAP_TXNs too 2016-01-26 13:39:53 +00:00
Howard Chu
4001eb054f ITS#8360 fix ad info after failed txn 
If an add or modify op referenced a previously unused attrtype,
the mi_ads/mi_numads would be incremented to include it. If the
op fails to commit, these additions must also be reverted.
 2016-01-26 13:33:24 +00:00
Howard Chu
a9df031d0d ITS#8354 move abandon check 2016-01-23 16:06:32 +00:00
Howard Chu
6d2eb36ccb ITS#8354 tweak prev commit 
Delay mutex init to avoid leaking the mutex
 2016-01-22 20:46:23 +00:00
Howard Chu
4773850d42 ITS#8354 fix syncprov abandon 
Check for abandon just before recording psearch
 2016-01-22 20:41:48 +00:00
Howard Chu
eaee3b39ba ITS#8351 fix accesslog callback init 2016-01-15 10:37:56 +00:00
Howard Chu
901fe3318f ITS#8337 fix missing olcDbChecksum config attr 2015-12-12 16:14:45 +00:00
Howard Chu
af0c7ae038 ITS#8329 finish prev commit 2015-12-03 19:25:32 +00:00
Paul Terry
33ed03a64b ITS#8329 Add the id_query config item. 2015-12-03 19:21:46 +00:00
Howard Chu
3a305253a0 ITS#8327 fix ppolicy_get_default 
pwdMaxRecordedFailure must never be zero
 2015-12-03 00:58:33 +00:00
Howard Chu
2d5996ac60 ITS#8054 Cleanup duration patch 
Don't need op->o_hr_time, just use o_tincr, that's what it
was intended for anyway. Use "etime=" like other products do.
Simplify ifdefs. Use gettimeofday, it's always available now.
 2015-10-31 11:57:06 +00:00
Emily Backes
5324d283d9 ITS#8054 operation duration logging 2015-10-31 11:55:23 +00:00
Howard Chu
291b6a1a22 ITS#8215 fix cd9980c48b 
Wrong function signature
 2015-10-27 11:46:08 +00:00
Howard Chu
0d9b8ebe4b ITS#8289 fix mod Increment with inherited attr type 2015-10-27 03:41:17 +00:00
HAMANO Tsukasa
c05c9619a6 ITS#8114 LDAP MODIFY handling 2015-10-25 09:13:27 +00:00
HAMANO Tsukasa
30f80a005d ITS#8114 suppress warn message 2015-10-25 09:12:02 +00:00
Ondřej Kuzník
cd9980c48b ITS#8215 Add config tool delete support 2015-10-25 09:04:40 +00:00
Ondřej Kuzník
085eb2e8df ITS#8215 Add mdb tool delete support 2015-10-25 09:04:21 +00:00
Ondřej Kuzník
f3e8aa5849 ITS#8215 Add bdb tool delete support 2015-10-25 09:04:00 +00:00
Ondřej Kuzník
8b8890bddc ITS#8215 Change BI_tool_entry_delete signature 2015-10-25 09:02:59 +00:00
Ondřej Kuzník
6f1544c51e ITS#8215 Make editing of invalid entries possible 
If the database does not conform to any known schema, make it possible
to edit such a database using slapmodify when schema-checking is
disabled.
 2015-10-25 09:02:39 +00:00
Ondřej Kuzník
5a6a93035d ITS#8215 Do not crash on an empty entry 2015-10-25 09:02:06 +00:00
Ondřej Kuzník
b47f32f6f2 ITS#8215 Remove a memory leak 2015-10-25 09:01:46 +00:00
Ondřej Kuzník
f1cd76db75 ITS#8215 Use the correct transaction 2015-10-25 09:01:22 +00:00
Howard Chu
a39e3a0712 ITS#8284 olcRelay needs quotes 2015-10-25 08:19:03 +00:00
Howard Chu
e635a53ff0 Cleanup 
Log the same pointer in queue_csn as graduate_
 2015-10-24 06:48:41 +01:00
Howard Chu
71c907fb88 ITS#8281 more for prev commit 2015-10-24 06:34:24 +01:00
Howard Chu
cd8ff37629 ITS#8281 fix delta-mmr with interrupted refresh 
Prevent spurious contextCSN generation
and ignore consumers when we have no contextCSN yet.
But make sure to propagate valid contextCSN updates to
accesslog/syncprov for delta consumers.
 2015-10-24 06:06:49 +01:00
Howard Chu
ad93b9e652 ITS#8277 simpler check for syncrepl on config DB 
Windows mutexes are recursive so the trylock test will succeed
even though the mutex is already locked. Just compare be pointers.
 2015-10-20 21:30:00 +01:00
Howard Chu
756a6b8683 ITS#8261 change sl_mem_detach to sl_mem_setctx 2015-10-01 23:55:10 +01:00
Howard Chu
32f9754bf1 ITS#8233 (#8251) 
Schema parsing ignores some slapd.conf rules
 2015-09-22 21:43:02 +01:00
Howard Chu
91ab49c37d ITS#8249 add option to return search entry 2015-09-17 20:43:37 +01:00
Howard Chu
05b32b4992 ITS#8244 skip client controls in ldap_back_entry_get() 2015-09-14 05:43:35 +01:00
Ryan Tandy
f5100665e3 ITS#7964 avoid double-unescaping rewrite rules 
config_fp_parse_line processes backslash escapes. When existing rewrite
rules were reloaded while inserting a new rule, this caused backslashes
to be lost from every rule except the most recently inserted one.
config_parse_ldif performs similar splitting, but leaves backslashes
alone.
 2015-09-06 21:34:03 -07:00
Ryan Tandy
e27108e7cb ITS#7889 add olcDropUnrequested to olcRwmConfig 2015-09-05 17:59:38 -07:00
Ryan Tandy
1b7a5871c2 ITS#8234 revert to default policy on failure 2015-09-01 19:19:57 -07:00
Ryan Tandy
572ad2b037 ITS#7537 release entry on failure 2015-09-01 18:56:19 -07:00
Howard Chu
62813f55af ITS#8233 reject lines with unbalanced quotes 2015-09-01 01:09:46 +01:00
Howard Chu
86ae4e0126 ITS#8226 leave nested ops alone 2015-08-31 14:55:35 +01:00
Howard Chu
bea2c5d438 More for batched writes 
Only usable if backend supports txns
 2015-08-30 05:46:01 +01:00
Howard Chu
535cf92ff4 More for batched writes 2015-08-30 05:34:42 +01:00
Howard Chu
5a3a54333c More for batched write 2015-08-30 05:14:17 +01:00
Howard Chu
35f17e023d ITS#8226 revert unintended commit 2015-08-30 05:01:59 +01:00
Howard Chu
21bf33b0e8 ITS#8226 limit size of read txns in searches 2015-08-30 04:54:22 +01:00
Howard Chu
2160427f89 ITS#8232 avoid redundant abandon processing 2015-08-29 19:44:33 +01:00
Howard Chu
2eaf8eb213 ITS#8231 fix ITS#8042 regression 2015-08-29 18:29:32 +01:00
Howard Chu
79157d314f ITS#8220 fix prev commit 
Dynamic startup was failing
 2015-08-21 11:40:02 +01:00
HAMANO Tsukasa
61c95e7669 ITS#8114 OpenLDAP WiredTiger Backend 2015-08-19 18:13:27 +01:00
Howard Chu
f385fd5ad1 ITS#8082 plug benign memleak 2015-08-19 17:44:08 +01:00
Howard Chu
a96fc51ebb ITS#8218 zero filter after freeing 
This appears to be cruft leftover from rev e8c58b4e7f
 2015-08-19 15:35:45 +01:00
Howard Chu
7fb9bb93bf ITS#8220 restore refint performance 2015-08-19 14:04:15 +01:00
Howard Chu
150cf51c34 ITS#8185 fix OID collision 2015-08-15 01:42:12 +01:00
Howard Chu
e5b9bdd8c5 ITS#8185 missing schema reference 2015-08-15 00:56:50 +01:00
Howard Chu
cb28f28354 Strip down even more 
syslogd always overrides the timestamp, so just omit it
Don't use *printf if we don't need to.
 2015-08-14 17:48:59 +01:00
Howard Chu
afa9a9c3e0 Use batched write txns in refresh 
Experimental - write 500 updates per txn instead of 1:1
 2015-08-14 17:43:03 +01:00
Ryan Tandy
1c49424134 ITS#8133 avoid mods during dds_db_open 
If dds is present early in the overlay stack, the modify ops from
dds_expire can trigger other overlays before they have initialized.
Avoid that by delaying the first expiry until startup has finished.
 2015-08-14 08:46:56 -07:00
Howard Chu
b0950f4d44 Fix copy/paste error in prev commit 2015-08-14 15:33:32 +01:00
Howard Chu
af27b7032e ITS#8185 add pwdMaxRecordedFailure 
Limit the number of pwdFailureTime stamps to record, regardless
of lockout settings.
 2015-08-14 15:19:46 +01:00
Ryan Tandy
7380354270 ITS#8213 fix deleting rewrite rules 
From ITS#5940. Add path has the same code.
 2015-08-08 07:49:15 +00:00
Howard Chu
fa705a1814 ITS#8203 plug leak in prev commit 2015-07-24 19:32:19 +01:00
Howard Chu
3033f89eef ITS#8203 more fixes for #8036/#7904. 2015-07-24 18:35:28 +01:00
Ryan Tandy
b48d0169d0 ITS#8199 fix NULL ptr dereference in at_next 
Deleting all values of olcAttributeTypes and then adding a value with
index > 0 triggers a NULL dereference when config_generic tries to
append to a list that doesn't exist yet.

Already fixed for olcObjectClasses in ITS#5388.
 2015-07-17 16:09:46 -07:00
Howard Chu
e5c778fa43 ITS#8173 fix SEGV after failed retry 2015-07-16 03:29:06 +01:00
Howard Chu
624c1fac8b ITS#8184 avoid redundant mod ops 
If multiple ppolicy overlays are present on a glued tree, they all
attempt to update the policy operational attributes in response to
password-related activities. The redundant mod ops will cause the
entire op to fail. Check for these ops before inserting new ones.
 2015-07-10 14:04:29 +01:00
Howard Chu
eb25ece469 Revert unintended commit 2015-07-08 14:25:52 +01:00
Howard Chu
b7a291a488 Experimental syslog() replacement 
2-3x faster than libc. Add it to the Makefile yourself if you want to test it.
 2015-07-08 14:22:29 +01:00
Howard Chu
66ab6bafa8 ITS#8142 cleanup prev commit 
Only drop connection if user originally bound to this backend,
and rebind-as-user was set. Sessions from other backends would
use idassert-bind so loss of creds doesn't affect them.
 2015-05-21 01:20:16 +01:00
Howard Chu
5f70fd13d2 ITS#8129 fix typo from ITS#6613 2015-05-20 23:46:51 +01:00
Ryan Tandy
3b90232022 ITS#8150 let check_name_index handle frontend 
The fix for ITS#7016 only adjusted the frontend entry's DN, but not the
naming attribute in the entry. check_name_index knows how to do both.
 2015-05-20 23:36:42 +01:00
Howard Chu
3f119767f7 ITS#8146 fix off-by-1 in prev commit 2015-05-19 21:21:54 +01:00
Howard Chu
117edd79ce ITS#8142 drop client connection on remote failure 
also cleanup of return-code handling
 2015-05-19 15:37:24 +01:00
Howard Chu
4f05e3d966 ITS#8146 tweak prev commit 
Test less likely condition first
 2015-05-18 18:06:58 +01:00
Howard Chu
1e768c1cda ITS#8146 fix mdb_filter_candidates for unindexed attr 
Change result of MDB_IDL_ALL() to use the last entryID in the DB
instead of NOID.
 2015-05-18 17:55:04 +01:00
Howard Chu
fc05c63b63 ITS#8127 fix ftello for Win32 2015-05-07 10:48:42 +01:00
Emmanuel Lécharny
9f9bf53d61 ITS#8131 fix typo in prev commit 2015-05-06 16:50:41 +01:00
Howard Chu
930decf5ff ITS#8131 improve back-meta logs 2015-05-06 16:40:14 +01:00
Hallvard Furuseth
a59f336a61 ITS#8092 fix previous fix. 
slap_auxprop_lookup() returns void with old sasl versions.
 2015-05-04 21:05:57 +02:00