upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-15 08:37:48 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24326 commits 38 branches 313 tags 89 MiB
Commit graph

13130 commits

Author SHA1 Message Date
Ondřej Kuzník
8b353df0e2 ITS#9517 Add module args support to slappaswd and relevant docs 2021-04-14 18:17:59 +01:00
Ondřej Kuzník
d0eae40961 Expose slapTool for use elsewhere 2021-04-14 18:17:59 +01:00
Ondřej Kuzník
c29f0315c2 ITS#7786 Allow parsing of invalid entries when schema checking off 2021-04-12 16:28:49 +00:00
Ondřej Kuzník
afa19de2cb ITS#9295 Handle add+delete on a single-value attr 2021-04-12 15:15:02 +00:00
Ondřej Kuzník
932cc56817 ITS#9519 Add namedObject draft and schema 2021-04-09 18:33:48 +00:00
Ondřej Kuzník
dde1bdf48f ITS#9511 Fix terminator comment 2021-04-07 16:07:36 +01:00
Quanah Gibson-Mount
6cdfc85fc5 ITS#9511 - Stop plugin.c from generating an error when running make depend even if slapi is not enabled 2021-04-02 21:12:53 +00:00
Quanah Gibson-Mount
cd7127309e Cleanup on example slapd.conf that's shipped to highlight the ability to temporarily modify a running slapd process even when using a slapd.conf file 2021-04-01 23:28:28 +00:00
Quanah Gibson-Mount
0ad73f8717 ITS#9437 - Fix slapo-otp overlay name 2021-03-31 23:12:00 +00:00
Howard Chu
94fbd96826 ITS#9513 Change all lutil time structs to use nanoseconds 
Instead of microseconds
 2021-03-31 18:53:50 +00:00
Howard Chu
9ac3909ead ITS#9513 Intercept liblber error printer 
And add time and thread ID prefix to all debug output
 2021-03-31 18:53:50 +00:00
Howard Chu
01e5664c7c ITS#9513 Cleanup debug output 
Avoid splitting single lines across multiple Debug invocations
 2021-03-31 18:53:50 +00:00
Ondřej Kuzník
80cfd8117b ITS#7786 Try to synthesize missing attribute types 2021-03-31 16:14:25 +00:00
Ondřej Kuzník
fe7e4697e9 ITS#9437 Implement TOTP drift correction 2021-03-31 14:57:56 +00:00
Ondřej Kuzník
87f3bad8bb ITS#9437 Add otp_2fa overlay 2021-03-31 14:57:56 +00:00
Ondřej Kuzník
e36d1e31c5 ITS#9001 manual changes 2021-03-30 15:46:40 +01:00
Ondřej Kuzník
51c444b065 ITS#8698 Defer policy checker cleanup if it's a pw extop 2021-03-30 02:10:19 +00:00
Ondřej Kuzník
0df931b98b ITS#8698 Only remove our own callback 2021-03-30 02:10:19 +00:00
Quanah Gibson-Mount
adb16cbd64 ITS#9470 - Fix typos 2021-03-26 16:28:39 +00:00
Howard Chu
e6bf5795ac ITS#9498 replace asserts 
Just no-op if trying to close a connection that's already being closed.
 2021-03-26 13:46:56 +00:00
Howard Chu
829263c454 ITS#8847 move lutil_sockaddrstr() to ldap_pvt_sockaddrstr() 2021-03-26 13:45:26 +00:00
Ondřej Kuzník
8382d3c380 ITS#9470 Add homedir overlay 2021-03-26 01:27:09 +00:00
Ondřej Kuzník
61e9b6d37a ITS#9347 Log which policy attribute is invalid 2021-03-25 23:57:07 +00:00
Ondřej Kuzník
109d967ff2 ITS#7788 Hashing should be independent of a useable policy 2021-03-25 19:43:18 +00:00
Howard Chu
c6e521fa98 ITS#8950 move txn setup to frontend 
Backends should just execute when invoked, frontend should
exclusively take care of queueing for txn setup.
 2021-03-23 14:58:09 +00:00
Howard Chu
f9cb918d05 ITS#9504 back-ldap: set default idassert mode as documented 2021-03-22 17:50:32 +00:00
Howard Chu
f1ebb45695 ITS#9251 make max filter depth configurable 2021-03-22 17:31:13 +00:00
Howard Chu
da57548e52 ITS#9498 More connection streamlining 
Since c_mutex is now always inited at startup time, we no longer
need connections_mutex to protect from uninit'd structures
 2021-03-22 17:12:30 +00:00
Howard Chu
5398d44a36 ITS#8967 additional check 2021-03-22 09:18:32 +00:00
Howard Chu
a3935c7249 ITS#8967 back-mdb: fix adminlimit check 2021-03-22 08:36:49 +00:00
Howard Chu
f2740c79b3 ITS#8589 syncrepl: defer on REFRESH_REQUIRED 
Schedule a new retry instead of immediate looping back. This
will also prevent locking up cn=config replication.
 2021-03-21 17:41:19 +00:00
Howard Chu
cc2834c87a ITS#9152 autoca: no-op if DB doesn't exist yet 2021-03-21 17:28:50 +00:00
Howard Chu
7a4e70f3e6 ITS#8577 don't allow setting logDB to current DB 2021-03-21 17:20:05 +00:00
Howard Chu
696d5656fa ITS#9241 all ARG_DN configs must also use ARG_QUOTE 2021-03-21 16:47:43 +00:00
Howard Chu
cbb6441c30 ITS#8726 check newly registered loglevels immediately 
See if they were requested as soon as they are successfully registered.
 2021-03-21 16:36:30 +00:00
Howard Chu
bb6844e296 ITS#7295 don't init TLS threads by default 
Do it explicitly in servers
 2021-03-21 15:26:57 +00:00
Howard Chu
7ff1f42f7e ITS#8246 frontend and config DBs are unique 
Also make sure config_add_internal errmsg is returned to slapadd
 2021-03-21 14:58:22 +00:00
Ondřej Kuzník
cf67fc22f3 ITS#9016 Do not forget to close directory handle 2021-03-19 12:48:09 +00:00
Ondřej Kuzník
3c12993fbe ITS#9016 Check confdir is empty before generating from scratch 2021-03-18 21:07:43 +00:00
Ondřej Kuzník
eafcc405e2 ITS#6830 Enable NO-USER-MODIFICATION on ppolicy attributes 2021-03-18 17:32:30 +00:00
Ondřej Kuzník
4d6b01802a ITS#9051 Check for more success result codes 2021-03-18 16:36:56 +00:00
Ondřej Kuzník
152c12d4d3 ITS#9051 Do not remove callback on intermediate responses 2021-03-18 16:36:56 +00:00
Ondřej Kuzník
0c8afb036a ITS#9444 Manage sr_ref/sr_matched flags accordingly 
send_ldap_response() clears them immediately even if we never attached
the data to be freed, so when we reinstate them, the flags are gone and
the next send_ldap_response() doesn't consider freeing them.
 2021-03-18 15:34:26 +00:00
Ondřej Kuzník
f78887390a ITS#9444 Pass original message when chain-return-error is set 2021-03-18 15:34:26 +00:00
Howard Chu
616e5bf1c3 ITS#9498 connection_next: fix validity check 2021-03-11 09:31:41 +00:00
Quanah Gibson-Mount
c7763538de ITS#9453 - Make pw argon2 official 2021-03-10 23:21:08 +00:00
Howard Chu
28a04795f6 ITS#9479 asyncmeta: fix hanging ops 
Two separate problems
  1) ops that never got sent because of a pending Bind
  2) errors that never got returned because of an active op
 2021-03-10 00:18:59 +00:00
Quanah Gibson-Mount
180f5b62cb ITS#9482 - Fix possiblity of uninitialized data being returned in slapi plugin 2021-03-09 20:49:42 +00:00
Quanah Gibson-Mount
891fc1e117 ITS#9481 - Fix cases when IPv6 support is disabled 2021-03-08 18:10:41 +00:00
Paul B. Henson
b91491a8ee ITS#9481 - fix proxyp when IPv6 disabled 2021-03-08 18:10:41 +00:00
Konstantin Andreev
f2481c8d88 ITS#9446 - Correctly parse gecos field 2021-03-04 19:05:23 +00:00
Howard Chu
17abe7e710 ITS#9491 plug memctx leak - frontend already clears it 2021-03-04 17:03:20 +00:00
Ondřej Kuzník
99efeda06f ITS#9288 Do no change tainted status on failed retry 
It seems refcnt == 0 connections are tainted only if they were just
removed from cache.
 2021-03-02 20:00:55 +00:00
Ondřej Kuzník
6bfdb0342d ITS#8215 Some more slapmodify manpage tweaks 2021-03-02 19:08:50 +00:00
Quanah Gibson-Mount
05b1b4688c ITS#9480 - Update example configurations to include monitor db 2021-03-02 16:12:05 +00:00
Ondřej Kuzník
34b95c520e ITS#9438 Add remoteauth overlay 2021-02-25 22:11:39 +00:00
Ondřej Kuzník
38ea26b35f ITS#7262 Retrieve the policy from the correct backend 2021-02-24 22:15:48 +00:00
Tero Saarni
0eacc4a793 ITS#9197 back-ldap: added task that prunes expired connections 2021-02-24 22:07:48 +00:00
Howard Chu
22fd5a8924 ITS#9477 fix regression from #9339 
Must provide plain IP address for TCP wrapper
 2021-02-24 19:59:51 +00:00
Paul B. Henson
146889f205 ITS#9419 Add support for HAProxy proxy protocol v2 2021-02-24 18:11:09 +00:00
Paul B. Henson
dcca73370b Move slap_sockaddrstr into liblutil 2021-02-24 18:11:09 +00:00
Ondřej Kuzník
5fa0a651f5 revert: libevent 2.0 support 2021-02-24 18:11:09 +00:00
Ondřej Kuzník
a3c49b8709 ITS#9293 Store microseconds in pwdGraceUseTime 2021-02-24 17:03:22 +00:00
Ondřej Kuzník
d1799a5023 ITS#7596 Report correct number of grace authentications left 2021-02-24 17:03:22 +00:00
Ondřej Kuzník
ee564399df ITS#9282 Check all csns 2021-02-18 17:31:32 +00:00
Quanah Gibson-Mount
5b2988ca54 ITS#9327 - Use STRIP_OPTS for lloadd 2021-02-17 19:55:25 +00:00
Quanah Gibson-Mount
ce2c5173bd ITS#9161 - Fix various typos 
Fix a number of different typos across the code base
 2021-02-17 18:42:46 +00:00
Howard Chu
e5bd309fb2 ITS#9458 must alloc new conn->c_sb after freeing old one 2021-02-08 00:46:58 +00:00
Howard Chu
3539fc3321 ITS#9454 fix issuerAndThisUpdateCheck 2021-02-06 20:52:06 +00:00
Howard Chu
c0c1bd319e ITS#9456 fix prev commit 
No need to reschedule the task inside asyncmeta_timeout_loop.
Frontend already does it if task was init'd with a valid interval.
 2021-02-06 15:45:22 +00:00
Howard Chu
7c129c8d62 ITS#9456 fix asyncmeta_timeout_loop() 2021-02-06 13:47:55 +00:00
Howard Chu
e3fd030aef Fixup debug msgs 2021-02-05 23:55:27 +00:00
Ondřej Kuzník
e030e5eadd Do not redefine lload_change everywhere 2021-02-04 18:07:25 +00:00
Quanah Gibson-Mount
6c469f0793 ITS#7790 - Rename config.h 
Rename slapd/config.h to slap-config.h and update accordingly
Rename lloadd/config.h to lload-config.h and update accordingly
 2021-02-02 21:26:39 +00:00
Ondřej Kuzník
1aecfe0b8f ITS#6518 Only remove proxyauthz control if we generated one ourselves 2021-02-01 17:22:35 +00:00
Ondřej Kuzník
4da575d451 ITS#7766 Fix previous commit 2021-02-01 16:51:56 +00:00
Ondřej Kuzník
ac70b01bc4 ITS#6518 When using proxyauthz, replace existing control - (async)meta 2021-02-01 16:43:06 +00:00
Ondřej Kuzník
4a02ae132d ITS#6518 When using proxyauthz, replace existing control 2021-02-01 16:04:52 +00:00
Ondřej Kuzník
20ec128916 ITS#9179 Always use effective identity when proxying 2021-02-01 14:22:45 +00:00
Howard Chu
0da38889e1 ITS#8541 fix data race in syncprov removal 2021-01-31 15:23:22 +00:00
Ondřej Kuzník
84db7cb21f ITS#7766 Include all relevant attributes in diff 2021-01-28 20:59:17 +00:00
David Barchiesi
0799f58533 ITS#9442 Add negregex constraint type for not allowing values based on a regex. 2021-01-28 18:54:03 +00:00
Howard Chu
b979b57dcf ITS#7468 slapd-relay: set real op->o_bd on successful bind 2021-01-21 13:23:34 +00:00
Ondřej Kuzník
58dfef012c ITS#7439 Do not free parts of original filter 2021-01-20 11:39:17 +00:00
Ondřej Kuzník
a99e435200 Return success in glue destroy 2021-01-20 11:37:01 +00:00
Ondřej Kuzník
fc1bcaf9de ITS#5941 manage callbacks to coexist with other overlays 2021-01-18 14:36:16 +00:00
Howard Chu
9d440e3d28 ITS#8307 slapo-accesslog additional check 2021-01-13 16:58:42 +00:00
Howard Chu
85b68aa5e2 ITS#8307 slapo-dds: mark internal searches as do_not_cache 2021-01-13 16:39:24 +00:00
Howard Chu
eefe12366c ITS#8307 fix slapo-accesslog: noop if logDB isn't open yet 
Add be_flag for DB OPEN status
 2021-01-13 16:35:43 +00:00
Quanah Gibson-Mount
efaf9a4a17 Happy New Year! 2021-01-11 19:25:53 +00:00
Howard Chu
dfe1f6494d ITS#9428 fix cancel exop 2020-12-20 21:31:15 +00:00
Howard Chu
27428b96f5 ITS#9427 fix issuerAndThisUpdateCheck 2020-12-16 18:52:42 +00:00
Howard Chu
354e678ce9 ITS#9426 dynlist: don't add unexpanded groups at end of search 
if pagedResults is in use
 2020-12-15 22:55:47 +00:00
Howard Chu
777098aa9d ITS#9424 fix serialNumberAndIssuerSerialCheck 2020-12-14 19:03:27 +00:00
Ondřej Kuzník
d9f20cc09e ITS#9363 Set appropriate defaults where needed 2020-12-08 19:11:22 +00:00
Ondřej Kuzník
0c3b8a3524 ITS#9363 Store defaults in ArgConf 2020-12-08 19:11:22 +00:00
Ondřej Kuzník
356715fd08 ITS#9363 Zero out values on config delete 2020-12-08 19:11:22 +00:00
Ondřej Kuzník
a44ba27410 ITS#9363 Unset readonly on delete 2020-12-08 19:11:22 +00:00
Quanah Gibson-Mount
d28e231a69 ITS#9420 - Fix memory leak in modrdn 
Fix provided by grapvar@gmail.com
 2020-12-08 16:05:35 +00:00
Howard Chu
4e801a9aaf ITS#9416 more componentFilterMatch garbage 2020-12-03 19:30:53 +00:00
Howard Chu
6ae9bf167d ITS#9014 fix component match parsing errors 2020-12-01 21:29:19 +00:00
Howard Chu
e394bcfa76 ITS#9413 fix slap_parse_user 2020-12-01 19:05:06 +00:00
Howard Chu
42d42421a8 ITS#9412 fix AVA_Sort on invalid RDN 2020-12-01 19:04:54 +00:00
Howard Chu
2aef56cd24 ITS#9411 fix thisUpdate check 2020-12-01 19:04:46 +00:00
Howard Chu
0c856f1b64 ITS#9410 remove assert in csnValidate 2020-11-30 16:42:17 +00:00
Howard Chu
b1c1a5eb51 ITS#9409 saslauthz: use slap_sl_free in prev commit 2020-11-30 16:20:18 +00:00
Howard Chu
0e09c857b6 ITS#9409 saslauthz: use ch_free on normalized DN 2020-11-30 11:45:46 +00:00
Howard Chu
a11b719c96 ITS#9408 fix vrfilter double-free 2020-11-28 15:54:17 +00:00
Howard Chu
5c27f9569f ITS#9406 fix debug msg 2020-11-27 14:48:26 +00:00
Howard Chu
fa0f97545c ITS#9406, #9407 remove saslauthz asserts 2020-11-27 14:37:10 +00:00
Howard Chu
12523b0f29 ITS#9400 back-ldap: fix prev commit 2020-11-24 16:08:29 +00:00
Howard Chu
dbe69684a1 ITS#9404 fix serialNumberAndIssuerCheck 
Tighten validity checks
 2020-11-23 17:14:00 +00:00
Howard Chu
1ea12260d5 ITS#9400 back-ldap: fix retry binds 
Regression from fix for ITS#7403
 2020-11-23 05:14:30 +00:00
Ondřej Kuzník
323bb1d9a4 Handle upstream rejecting a StartTLS exop 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
0abf3f5bc9 Flush cache before calling dispose() 
This needs to be confirmed:
Location based atomics do not imply a full fence of the same level. So
to get the code in dispose() read the actual data, it seems we need to
initiate a fence.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
dfbed44b3e Do not accept requests with msgid == 0 
It is used internally to identify pinned operations and should not be
encountered over the wire.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
dfbf25d579 Honour keepalive settings for upstreams 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
25fff30e39 Let the last thread dispose of pending references 
If we're idle, there might be objects pending cleanup for the last two
epochs. Unless another thread comes in and checks into a new epoch or we
shut down, they will linger forever.

If one of the objects was a connection, it wouldn't get closed and be
stuck in CLOSE_WAIT state, potentially refusing another ligitimate
connection if its socket address were to match the one we're yet to
close.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
41a74b4689 Introduce the notion of experimental features 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
1f6d8611a3 Implement read throttling when writes backlog 
Reject operations in such a case with LDAP_BUSY. If read_event feature
is on, just stop reading from the connection. However this could still
result in deadlocks in reasonable situations. Need to figure out better
ways to make it safe and still protect ourselves.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
68b163fca9 Introduce mutex checks 
Switched off unless thread debugging is on, but still useful for static
analysis.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
62a806b243 Thread error checking 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
1328777a85 Fix a SASL channel-binding leak 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
58d66a3946 Fix race between unlinking a client and processing incoming data 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
959ff07911 Make sure read event is not enabled while upstream_bind is scheduled 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
b2e57148fa Shorten to one epoch per PDU 
A full read cycle can take a very long time if the limits are set too
high.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
b49f51879f Implement client pending operation limits 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
f832024e90 Straighten up client pending op tracking 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
dc1961cb15 Epoch based memory reclamation 
Similar to the algorithm presented in
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-579.pdf

Not completely lock-free at the moment. Also the problems with epoch
based memory reclamation are still present - a thread actively observing
an epoch getting stuck will prevent LloadConnections and LloadOperations
being freed, potentially running out of memory.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
aab6af1c4e Switch to LDAP_OTHER when handling a lost upstream. 
LDAP_UNAVAILABLE signals "the server is shutting down or a subsystem
necessary to complete the operation is offline", so intelligent clients
tend to infer the connection will not be usable any more, which is not
the case here.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
81ead4a5f4 Fix races with backend_retry 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
78f25a3c91 A failed cn=config ADD needs to be handled 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
4b3d21146b Introduce SASL support for upstream connections 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
05e0906f8b Fix backend starttls= setting being ignored 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
9444dfc991 Simplify pause handling 
Gets rid of a race where unpause+pause fired in a quick succession would
miss the event_base_loopbreak() call.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
25a4d684fc Permit lloadd to share slapd TLS context 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
63efcd63eb Reuse connection walking in monitor for upstreams too 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
3bd2d7483e Reuse connection_walk for client matters 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
b4f43ed8e1 Refactor backend reset 
Reuse the connection walking facility in timeout management.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
638f8a2cbc Tighten checks on retry management 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
2a813cb06d Clean up backend_retry and its callers. 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
241f65b9e0 Fix a race in managing b_dns_req 2020-11-17 17:58:15 +00:00
Nadezhda Ivanova
f4a2fdd400 Fix a new backend not being operational if added via cn=config 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
00806dd32a libevent 2.0 support 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
f1ea9da3a0 Reorganise listener support in cn=config and module startup 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
bd7a6f67de Introduce lload_open_new_listener 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
757c8beda7 Switch to ldap_parse_url_ext 
This simplifies port parsing in the end. Also pass the url to
ldap_open_listener in anticipation of incremental listener config.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
93d20459f1 Make io-threads modification startup-only 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
db3961f489 Record connect task to allow canceling it 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
6b10c2988e Record pending DNS resolution to be able to cancel 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
b039e7c1b0 Keep a reference around for the bind task 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
0314f95d7f Work around libevent base not waking up on shutdown 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
db939eeb86 Protect operation when abandoning 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
07401e5829 Implement runtime monitor (un)registration 
Unregistration is a hack and we shoould either make the subsystems into
an entry (if monitor allows subentry generation) or implement subsystem
unregistration in back-monitor.
 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
1ea5ee1f01 Do not unlock upstream without referencing its dying ops 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
b1c098ad76 Module shutdown support 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
05d6aae40f Rework lloadd startup 2020-11-17 17:58:15 +00:00
Ondřej Kuzník
362f16479a Deal with no backends being configured 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
4c355deb3d Record the backend name 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
3a6b399580 Reflect backend URI change in cn=monitor 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
bace795984 Enable dynamic configuration 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
70ae4af60a Fix interaction of graceful connection closing and SASL bind support 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
d954216f93 Change log level for unsolicited response 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
edfb3d73d6 Fix operation status tracking. 
An operation is rejected iff it has to be dropped before we can find an
upstream for it (unless we handle it ourselves, that is). At that point
it is failed unless completed successfully.

This makes a difference for multi-stage binds which alternate between
'failed' (we are waiting on a server response) and 'completed' (server
did what we asked them to, waiting on client to continue).
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
cfe9065824 Introduce infra to handle config changes 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
a7f8f58a63 expose task functions for invalidation 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
bf9f99dd88 Split backend destruction from resetting it 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
7f22bac4ac Introduce a new connection status - gentle shutdown 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ca646cd02d Fix operation counts 
Trying to abandon an operation does not automatically make it completed,
it might have failed already but we're just racing to reach the client
to record that.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
bea9bfb33d Move op counting to operation_init 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
0011684760 Cleanup sasl_bind_mech resets 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
9bd90a741c Fix a race on bind response processing. 
During response processing, an upstream connection could be marked ready
after a different bind had already been allocated to it, thus allowing
two binds to be in progress on the same connection.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
485a169758 Implement pause handlers 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
db5966f60d More meaningful connection type reporting 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
22818e8583 Module shutdown 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
dab9054794 Rework monitor startup 
Takes care of dealing with monitor not present/not configured and fix a
monitor startup issue.
 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
678fa100f7 Convert the load balancer into a backend 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
7771606984 Use slapd's config.h 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
2d33032504 Lload cn=monitor initial implementation 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
7a69017f6f Resolve authzid after a successful auth 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c957bb9199 Add SASL documentation on SASL handling 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
205db0bf94 Reset pin on simple bind 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
cbc0ec04c0 Fix pinned operation forwarding 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
2ba833680f Operation abandon related fixes 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
5c1245de06 Manage c_sasl_bind_mech on upstream 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c52328f63d Clear c_auth on every bind request 
For a new bind request, this is obvious, for SASL bind requests, we do
not know the final identity until we have finished handling it, make
sure it stays empty until then.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
72ca711271 Do not compare c_auth when NULL 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ee893ae147 Handle EXTERNAL mechanism 
Will only try to extract the TLS client certificate name if used during
the last handshake.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
003a35c62f SASL bind support 
Introduces pinned operations. When SASL bind finishes, we might still
have to maintain a link between the client an an upstream for future
bind operations if we got a SASL Bind in Progress result code. We zero
out the msgids and remember a server-unique identifer on the client and
the relevant operation that lets us retrieve that link again. This
operation is reclaimed just like anything else when connections drop.

Hopefully, this should work for LDAP TXN and VC Exop support with SASL
later as well since it allows for many-to-many links to exist.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
21a22d1bf1 Refactor request parsing and sending. 
We have to do most of out processing before we send the request over to
the upstream. If we don't, we might be too late and the response might
have arrived already.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ddd1acc327 Passing the client directly will allow clearing it from op 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
1fd7249f8e RFC4511 says Binds do not abandon, send a "reset" bind instead 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
66f06f3fa9 Initial extension to upstream selection 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c91d61cf19 Do not copy files from slapd, just link them 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
37cd5f21d5 Enable compilation of the load balancer as a module 
To compile the balancer as a slapd module, pass --enable-balancer=mod to ./configure
Use --enable-balancer(=yes) to compile as standalone server.
 2020-11-17 17:58:14 +00:00
Nadezhda Ivanova
8bc7650a7c Clean ups and renames to coexist with slapd 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ea83627929 request_abandon RFC4511 conformance 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
5cbd30ded9 Log timed out connections more clearly 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c386d527ca Protect currently impossible branch 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
aecc62c08e Introduce operation timeout machinery 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
8ba44630ef Factor out abandon message preparation 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
1790018488 Record operation activity times 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
a0ec50b33d Upstream queues ordered by c_connid 
In preparation for operation timeout events.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
0cfd4fca4d Make timeouts common and redo connection read timeouts 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
b4d7e8af8d We should just be able to call backend_retry 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
f87127dfa2 Set up TLS context for backends 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
1b46f86627 Client TLS support 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
a0cd41ecd2 Upstream TLS support 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
063981a06d Respond to timeout events properly 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
ccf75c96c4 Update write timeout to timeval 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
5ee4b67673 Move bind handling to bind.c 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
abab7e46ad Move client related functions to client.c 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
f27517af95 Rename bind handlers 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
b801ca17cb Rename macros and symbols to lloadd 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
11f474385a Exop support 
At the moment, no exops are processed internally, all are passed on
unchanged.
 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
7cd531c069 Improve spec conformance, logging 2020-11-17 17:58:14 +00:00
Ondřej Kuzník
c60ef73984 Rework upstream conn setup 2020-11-17 17:58:13 +00:00
Ondřej Kuzník
0b3531066d Refactor operation_send_reject 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
d22db36cea lload_libevent_init can fail and wants to log 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8d93e0baa0 Unify connection locking and I/O 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cfeb4d82a3 Set binding state after we have dropped all ops 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
5fcef01d62 Switch from a global mutex 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
96b7619afc Do not unlock client unless we are destroying it 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
362d550328 Do not crash when closing both client and upstream 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
532fc1bf98 Shorten time operation_mutex is locked 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e03c9e6fb4 Stop processing if we freed the client 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f7cf34e69c Reset connection state on abandon 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6140cdf6f8 Handle a client connection disconnected from op 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
d4225924bc CLOSING is another potential state we could be in 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
0ad91e0546 Do not back off until we get a failure 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cda8411c48 Close up the race 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
31074213f7 TENTATIVE: communicate more for op destroy race 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
622b87d5e8 Make ready only when still alive 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
16010e5e16 More logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7b7f9724c4 Avoid a deadlock with client 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7b413f9ed4 Update docs and defaults 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7046444327 Do not read on the last iteration. 
When the pdu processing limit is hit, we still attempt to read another
PDU. If we succeed, the ber_get_next call in the read callback will
abort since a full PDU is already present.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
65def94380 More logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1740f36bfc Fix emfile handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
30e538e836 Realign logging levels. 
Stats now logs all operations, stats2 additionally intermediate messages
(search entries).
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1dd0e5131a Only one bind at a time 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
33a993553d Unblock the client when we can't find an upstream 
If we can't find an upstream, we keep the client around, so it needs to
be unblocked.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
95df8a1ec8 Adjust backend operation counting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
baf1feab82 Handle asynchronous connect properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
46fe014378 Make sure operation stays alive when we process it 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
0ff462b619 Fix issues in bind response handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
545198c70d Simplify abandon processing 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
88390159a1 On connection shutdown, free op from the correct side 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
37cff37305 Manage connection refcnt better 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
af7ce80c85 Remember and clear bind status correctly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
05f2ac2583 Unify logging output 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
873d6fa3e1 Handle backend unsolicited response properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
961b600a42 Rework proxyauthz handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6ee21f1181 Split bind configuration from backends 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
0e7792e8f3 Borrow liblber code to get abandon processing to work 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7eeb5bb801 Forward controls correctly in the face of proxyauth 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
5b1ad43178 Handle upstream connection shutdown properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
c228bd1160 Be consistent with bind responses on no upstream 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
a8a0fe26b0 Documentation updates 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
495dfa69a2 Split client/upstream PDU size limits 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
3fa8a0cdf2 Rename listener-threads to reflect the option 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1082486874 Only enable verifycredentials if libldap does 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
1dfeca3539 Another attempt at operation/connection destroy interaction. 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
26f721510a Improve logging 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
3f5dee0b79 Keep a list of active clients for shutdown purposes. 
Potentially for timeout detection purposes in the future.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e0b8bd5fc9 Free all pending operations on shutdown 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cf05722b6c Lookup operations by saved connid. 
We reset the connection pointer on a destruction attempt, avoid the
spurious asserts.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f4afc06920 Tweak connection error logging. 
Do not log when receiving the last bytes on a connection. Log failed
writes.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
d020897f5b Initialise listeners after all workers have been 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
37a474b508 Fix error handling wrt. its callers 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
ee288cfc2d Fix refcounting for all code paths 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
53015aa4cb Round robin for backends. 
Several threads calling backend_select might reset current_backend to a
different place, there are two options to deal with that:
- just let the last rotation win (the current approach)
- detect whether first == current_backend and only replace then

Not sure which one is more useful, going with the simpler.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e65cd38787 Round-robin for upstream connections 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
58a880bc7b Convert backend and upstream management to use CIRCLEQ. 
This alone doesn't make the server do a round robin.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
643194e79e Revert connection/operation mutex order. 
There was still a race where the connection could be freed as the
operation was still being used.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9ebe5acb62 Clean up events properly 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8eb7f3fbca Stop the read callback on a dead connection. 
The connection might be ready to read (close) but if we can't destroy it
yet, we don't want the callback to trigger all the time or process new
data.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6899d0123d Do not bother to write to a dying connection 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
77f2c57132 Reset c_*ber after freeing and check c_pendingber race 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
07b5744c2a Retain a reference around for handle_responses 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
c5584fd32a Do not leak responses to abandoned ops 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
7a29fabd09 Destroy the unbind operation when acted upon 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9d66c26be5 Operation reference counting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
ea7e40b8e7 Shutdown handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
837a6068e0 Rework client_read_cb along the lines of upstream 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
028f28690f On a failed bind, stop the callback from firing again 
Not a problem but causes a slew of calls to upstream_bind_cb that will
all fail in the same way.
 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
cddc96322d Do not clear c_pendingber on short write 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
fba4bed6e2 connection reference counting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
c0d254a4ce Do not leak BerElements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
6c8b2acce0 Do not leak addrinfos 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8f5bae921e Pending operation tracking and limiting 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e5fcf17506 Save connection ids on operation for logging purposes 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
54cd3a27f0 Reject operations when binding 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
50f5c4bea7 Report initial bind errors to client 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
2e2c86664a There might be errors before we save the operation in c_ops 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
b6b3f35aac Fix proxyauthz handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
8b1703d2a7 Implement backend retry timeouts 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
463bcdd2c4 Update backend progress tracking 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
dc5e2538ec Configuration part for retry timeouts 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
673513a017 Maintain the configured amount of connections per backend 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
798e215ea6 Add connection number config 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
94ee62a4f4 Switch bindkey to use Backend instead of bindconf 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
59291ba4de Proxyauthz support 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
9309bc9402 Make features global 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
639c5912f5 Client authentication 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
e5f68bcf7c Option for response handling 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
4ad8ecd45e Logging improvements 2020-11-17 17:55:46 +00:00
Ondřej Kuzník
f37e7757b1 Response handling, exploit optional bervals 2020-11-17 17:55:45 +00:00
Ondřej Kuzník
2fbc8ca473 Rename backend mutex 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
3d1ea4693e Authenticate the upstream connection if configured 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
5bdb4e1570 Update maximum number or parameters for backend 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
fd5b9cdb91 This is a proxy now 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
93fe1d2bab Operation parsing 2020-11-17 17:42:44 +00:00
Ondřej Kuzník
b49932d637 Connection write support 2020-11-17 17:42:43 +00:00
Ondřej Kuzník
79f7e79f15 Set up connections in the worker threads 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
bf66b48fe3 Upstream connection setup 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
1a45249054 Update connection init 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
8e0a6119fa Startup adjustment 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
c596b797ed Backend configuration 2020-11-17 17:15:40 +00:00
Ondřej Kuzník
46ddb4039c lloadd ahoy 2020-11-17 17:15:40 +00:00
Howard Chu
a87ae275e1 ITS#9394 syncprov: ignore duplicate sessionlog entries 2020-11-17 00:31:56 +00:00
Quanah Gibson-Mount
6492012e00 Remove various unused variables 2020-11-12 18:05:59 +00:00
Howard Chu
9eb948529b ITS#9391 remove asserts in UUIDNormalize() 2020-11-11 18:25:31 +00:00
Ondřej Kuzník
ee49c83976 Cleanup use of *alloc() in daemon.c 2020-11-09 16:57:21 +00:00
Ondřej Kuzník
727ec3ae14 ITS#9386 State change issues are still ignored, but at least log them 2020-11-09 11:51:20 +00:00
Ondřej Kuzník
123001c89d ITS#9386 Address compiler warnings 2020-11-09 11:50:37 +00:00
Howard Chu
6b0fc9e034 ITS#9121 fix filtered memberOf 
Broken in 2c0499ae4e adding nesting
 2020-11-03 01:18:32 +00:00
Howard Chu
c0eeb2b9b8 ITS#9384 remove assert in obsolete csnNormalize23() 2020-11-02 16:01:14 +00:00
Howard Chu
265d362f27 ITS#9383 remove assert in certificateListValidate 2020-11-02 13:12:10 +00:00
Howard Chu
87158469eb ITS#9121 fix dynlist_filter_dup for substring filter 2020-10-30 23:30:28 +00:00
Quanah Gibson-Mount
2f0883d161 ITS#9380 - Fix return type for connection_write_resume 2020-10-29 19:55:37 +00:00
Howard Chu
db46f88853 ITS#9379 reject listener URLs with non-empty DNs 2020-10-28 16:50:23 +00:00
Ondřej Kuzník
98a0029dae ITS#9366 Check ldap_install_tls return and remove connection if failed 2020-10-23 20:38:21 +00:00
Howard Chu
6abfd60078 ITS#9370 revert previous commit, alternate fix 
Just skip normalization if there's no equality rule. We accept
DNs without equality rules already.
 2020-10-19 14:14:54 +01:00
Howard Chu
a08a2db406 ITS#9370 check for equality rule on old_rdn 
We should probably just check in dnNormalize instead, and catch
this everywhere DNs are received. It might make us reject some
DNs that are already in use, though (e.g. received from other
directory servers that don't do schema checking).
 2020-10-19 14:03:41 +01:00
Howard Chu
c1912fb7af ITS#9121 don't process nested memberOf if memberOf wasn't requested 2020-10-13 22:11:44 +01:00
Howard Chu
fb587d3d58 ITS#9361 prevent CSN from being generated for purge deletes 2020-10-02 13:25:52 +01:00
Howard Chu
56860fc405 ITS#9342 delta-syncL ignore add of already existing entry 
if the entryCSN is older. Previous patch breaks if writes are
received out of order, e.g. during a refresh.
 2020-10-01 14:27:24 +01:00
Ondřej Kuzník
efc23cddc3 ITS#9295 Do not replace 'op' 2020-09-30 18:55:34 +00:00
Ondřej Kuzník
20024d5ba8 ITS#9359 Do not create an empty add 2020-09-30 19:25:56 +01:00
Howard Chu
ed949bf287 ITS#9342 delta-sync: ignore add if entryCSN is too old 
This check is only needed for ops received without a CSN in their cookie.
This only occurs when the ops completed out of order on the provider.
 2020-09-30 15:45:04 +00:00
Howard Chu
80a545b5ed Partially Revert "ITS#8486 use kbtree for sessionlog" 
This mostly reverts commit 1915cb968a.
Too many concurrency issues. Retains the improvement to
syncprov_sessionlog_cmp
 2020-09-30 15:11:31 +00:00
Howard Chu
2bbb51e20b ITS#9358 Fix reqStart normalizer 
Don't truncate trailing zeroes in reqStart/reqEnd timestamps
 2020-09-29 09:43:37 +01:00
Ondřej Kuzník
67d005ee65 ITS#9348 Stop using plain strerror() 2020-09-25 12:47:46 +01:00
Quanah Gibson-Mount
f3e86d3d93 ITS#8636 - Fix DESC for deltaCRL attribute 2020-09-25 04:29:59 +00:00
Quanah Gibson-Mount
fe3636df9d ITS#8341 - Add matching rule to the namingContexts attr 2020-09-25 02:05:55 +00:00
Howard Chu
1915cb968a ITS#8486 use kbtree for sessionlog 
Saves about 20% CPU time and RAM
 2020-09-25 00:07:50 +00:00
Ondřej Kuzník
98d5c5c6ce ITS#8486 Protect tavl_* calls in play_sessionlog 2020-09-25 00:07:50 +00:00
Howard Chu
8f8774c0b1 ITS#8486 Minor play_sessionlog cleanup 
Fix logmsg uuidstr.
Shortcut finding start of playback.
Allow dup CSNs in log, but with different UUIDs. All
non-present deletes in a refresh use the same CSN.
 2020-09-25 00:07:50 +00:00
Ondřej Kuzník
d2036cec90 ITS#8486 Switch sessionlog to use TAVL 2020-09-25 00:07:50 +00:00
Ondřej Kuzník
3f5293e145 ITS#5422 Save errno before passing it to Debug() 2020-09-24 23:34:36 +00:00
Howard Chu
c3131eb5a3 ITS#9348 replace all uses of STRERROR with AC_STRERROR_R 
Avoid using sys_errlist unless there's no other choice
 2020-09-24 23:34:36 +00:00
Ondřej Kuzník
1b8e6b944b ITS#9355 Propagate errors from overlay_entry_get_ov 2020-09-23 11:10:29 +01:00
Howard Chu
62ecd38bc4 ITS#8102 syncrepl: only use trylock on the cn=config DB 2020-09-22 21:27:15 +01:00
Quanah Gibson-Mount
a3f186880c ITS#9351 - Always build back-monitor as a static backend 2020-09-21 16:52:33 +00:00
Howard Chu
dd82fa5393 ITS#9353 fix monitor_back_register_database for empty suffix DB 
Use the correct database entry instead of the frontendDB entry
 2020-09-20 16:29:38 +01:00
Quanah Gibson-Mount
bc021bb244 ITS#6749 - Change configure monitor warning to DEBUG CONFIG instead of DEBUG ANY 2020-09-18 14:56:43 +00:00
Howard Chu
331e587754 ITS#9352 syncrepl: fix syncrepl_op_modify on entry with no entryCSN 2020-09-17 20:18:20 +01:00
Gabriel Buades
984ecd113a ITS#9349 slapd-mdb: optimize index delete 
Performance improvement for indexed attributes removal
 2020-09-17 18:21:53 +01:00
Howard Chu
2b512ea79c ITS#9339 Fix syncrepl_monitor_init for dynamic monitor backend 
Calling from backend.c only works if back-monitor is a static backend
 2020-09-17 15:22:01 +01:00
Howard Chu
3e181b8453 Silence stupid warnings 2020-09-16 23:27:45 +01:00
Quanah Gibson-Mount
947b8ed9d6 Fix code indentation for recent changes 2020-09-16 21:13:28 +00:00
Howard Chu
d63287e2f4 ITS#9345 fix for cmdline cookie 
Previous commit could cause cmdline cookie to be ignored
 2020-09-15 15:00:57 +00:00
Howard Chu
afc970b11d ITS#9015 syncprov: fix for zero-length suffix 
If the "" glue entry exists and lacks a contextCSN, must perform
an additional search to be sure the DB is otherwise empty. If so,
skip creating the contextCSN.
 2020-09-15 12:08:22 +01:00
Howard Chu
9a3e63ba00 ITS#9338 alternate fix 
Don't resume pending ops unless there are no other threads
waiting to write
 2020-09-13 08:05:31 +00:00
Howard Chu
57643b4347 ITS#9345 syncrepl: call check_syncprov on freshly started consumer 2020-09-12 21:44:31 +01:00
Howard Chu
ef2b505b20 ITS#9043 Fix new log msg crashes 
Solaris stdio hates NULL pointers
 2020-09-11 23:36:41 +00:00
Howard Chu
fdf6ee5059 ITS#8054 fix etime calculation 
Was overlooked in a0cc1d9655
 2020-09-11 23:01:16 +00:00
Howard Chu
72bfa9d488 ITS#9339 fix connection address handling 
valgrind didn't like accesses to si->si_connaddr
Also fix an array bounds check in ITS#9282 merge_state
 2020-09-10 17:03:32 +00:00
Howard Chu
490273fb97 ITS#8102, #9330 partially revert 
Fix a regression in delta-sync, was returning error on old
CSNs instead of ignoring them
 2020-09-10 16:17:13 +00:00
Ondřej Kuzník
eb5f138650 ITS#9043 Only print sessionlog entries we think will apply 2020-09-10 11:04:29 +01:00
Ondřej Kuzník
fdbeb69fd8 ITS#9043 Nul-terminate csn string 2020-09-10 11:03:37 +01:00
Howard Chu
1748ec59a6 ITS#9339 Add syncrepl status to cn=monitor 
Shows connection address, refresh/persist state, time of last
connect attempt and received data, and last sent and
received cookies per consumer.
 2020-09-10 02:29:19 +00:00
Howard Chu
d1283f8161 ITS#9339 slapd-monitor: Add schema arc for overlays 
Not directly related to syncrepl, but adds a necessary schema arc.
Also add a convenience function for obtaining an entry with known ndn.
Also fix to ignore outbound connections.
 2020-09-10 02:29:19 +00:00
Howard Chu
bf40306581 ITS#9043 tweak syncprov play_sessionlog logging 
Don't log cookiecsn at top, it was already logged on receipt.
Only log the "control csn" and "too old" message once for each sid.
 2020-09-09 18:02:49 +01:00
Howard Chu
e02b1d94ca ITS#8102 serialize plain syncrepl 
Using cs_pmutex. Reverts the addition of cs_modmutex in ITS#9330,
use cs_pmutex for both delta and plain writes.

Note that plain syncrepl already used cs_pmutex when a cookie CSN
was present in the op. Now it is used for all writes, regardless
of presence of cookie.
 2020-09-09 15:35:59 +00:00
Howard Chu
8bd2d1fee8 ITS#9342 delta-sync: ignore error if deleting an already deleted entry 2020-09-09 00:19:35 +01:00
Howard Chu
95c5a1698b ITS#9338 Make sure connection gets rescheduled after write blockage clears up 2020-09-04 18:22:40 +01:00
Howard Chu
0b20b92ec1 ITS#9338 syncrepl: Don't reuse existing connection on Refresh fallback 2020-09-04 18:22:32 +01:00
Howard Chu
ed356c55d9 ITS#9334 slapo-ppolicy re-fix ITS#9302 
The mutex_lock was being skipped in the lockout case,
but still calling mutex_unlock at the end.
 2020-09-03 21:30:35 +01:00
Howard Chu
b24ca75993 ITS#9201 fix LDAP_THREAD_DEBUG 
Add missing defs to ldap_thr_debug.h.
slap tools must init libldap so internal mutexes get inited.
 2020-09-03 12:37:32 +01:00
Quanah Gibson-Mount
b51faa5cf0 Revert "Tweak prev commit for RE24 style debug" 
This reverts commit d224e576a9.

Revert, wrong branch
 2020-09-02 19:33:03 +00:00
Quanah Gibson-Mount
d224e576a9 Tweak prev commit for RE24 style debug 2020-09-02 19:31:59 +00:00
Howard Chu
4c7787303c ITS#9121 fix for URLs with no filter 2020-09-02 01:34:07 +01:00
Howard Chu
41396248a2 ITS#9282 more for merge_state 
Don't assume si_cookieState is always newer
 2020-08-31 20:09:52 +01:00
Howard Chu
8699e5f32e ITS#9282 fix crash in nonpresent_callback 
In a standard Refresh present phase, the provider sends no cookie
since it is only listing the entries that existed as of the time
in the cookie the consumer sent. In this case the consumer only
needs to check entryCSNs against its last sent cookie.
 2020-08-31 19:36:10 +01:00
Howard Chu
0ce83b26af ITS#9330 Fully serialize delta-sync 
Don't depend on accesslog overlay's serialization
 2020-08-29 01:13:04 +00:00
Howard Chu
edc94862b7 ITS#7639 fix crash in config_delete 
Additional fix to 41352ea34d
The overlay must be deleted from the backend before the
callback can execute. In particular, it must be done before
the threadpool is unpaused.
 2020-08-29 00:13:19 +00:00
Howard Chu
f883a57593 ITS#8427 don't set tls_ctx if TLS wasn't requested 
Also, set any remaining TLS options that weren't carried along
in the TLS ctx.
 2020-08-28 18:44:35 +01:00
Quanah Gibson-Mount
8d31219647 More for ITS#8845, skip cleanup on async op with extended operations 2020-08-26 21:55:39 +00:00
Howard Chu
9900794af1 ITS#9329 Re-fix merge_state 
A bit uglier but more straightforward.
 2020-08-26 21:00:00 +01:00
Quanah Gibson-Mount
c1411b8199 ITS#9323 - Limit to OpenSSL 1.0.2 or later 2020-08-25 21:52:04 +00:00
Howard Chu
9666306d86 ITS#9329 syncrepl: fix regression from ITS#9282 2020-08-25 21:13:22 +00:00
Fabrice Fontaine
8df03b435e ITS#9327 - Fix stripping when cross-compiling 
Probably-Signed-off-by: Dave Bender <bender@benegon.com>
[yann.morin.1998@free.fr: patch was made by Dave, but he
 forgot his SoB line, so I added it]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/openldap/0001-fix_cross_strip.patch]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 2020-08-25 19:54:59 +00:00
Howard Chu
5aa7e0f69b ITS#9324 syncrepl: don't wait forever in Refresh mode 
Just poll for available data, same as Persist mode.
Clarify retry/return states from do_syncrep2
 2020-08-24 15:12:24 +00:00
Howard Chu
88e569d857 ITS#9249 librewrite: fix malloc/free corruption 
If substitution parsing fails, would attempt to free a mapping
that hadn't been allocated yet.

Also, on failure, caller in saslauthz would attempt to free a
rwinfo struct that hadn't been allocated.
 2020-08-23 19:32:51 +00:00
Fredrik Roubert
8a521c17aa ITS#9232 - Implement caseIgnoreListSubstringsMatch. 2020-08-21 21:45:19 +00:00
Quanah Gibson-Mount
aa78299346 ITS#9311 - Correctly mark overlays as singular 2020-08-21 19:34:27 +00:00
Howard Chu
650b1404c2 ITS#9054, #9318 add new TLS options to slapd bindconf 
For use with back-ldap/back-meta/syncrepl/etc
 2020-08-21 20:06:56 +01:00
Howard Chu
12e11c9b84 ITS#9121 slapo-dynlist, -memberof: define memberOf if needed 
Ignore if it's defined already. Make it no-user-mod.
 2020-08-18 23:49:26 +00:00
Howard Chu
9d2f15307d ITS#7926 dynamic changes to olcListenerThreads 
Reallocates sockets from old to new listener threads
 2020-08-18 22:37:50 +01:00
Howard Chu
2f94318f06 ITS#7926 support multiple config cleanup functions per op 
Prep for main changes
 2020-08-18 22:00:58 +01:00
Howard Chu
b0d7308371 ITS#9135 fix index error on collapsed range 2020-08-13 18:18:45 +01:00
Quanah Gibson-Mount
00b14b1e28 ITS#9133 - Fix syncprov to be singular. 2020-08-10 23:41:07 +00:00
Howard Chu
633d40b0ac For ITS#9309 fix check for duplicate overlays 
and pass error message back to frontend
 2020-08-10 16:40:54 +01:00
Howard Chu
c8c39b8468 ITS#9309 don't allow ppolicy to be configured more than once on a backend 2020-08-10 16:07:39 +01:00
Howard Chu
8849d83f75 ITS#9279 fix Netscape password_expired control 2020-08-04 22:04:14 +00:00
Howard Chu
138c492696 ITS#9302 fix pwdFailireTime mutex scope 2020-07-30 17:53:25 +01:00
Arvid Requate
0e675be7ef ITS#9302 ppolicy: avoid pwdFailureTime race condition 2020-07-30 17:32:32 +01:00
Howard Chu
4cf90e84de ITS#9295 use replace on single-valued attrs 
For delta-sync as well as regular sync
 2020-07-29 16:15:42 +01:00
Ondřej Kuzník
917fcc03ee ITS#9279 Send Netscape expired control as a bare string 2020-07-27 14:22:24 +02:00
Ondřej Kuzník
43ebfa8fb4 ITS#6467 Make accesslog a possible sessionlog source 2020-07-22 22:25:10 +01:00
Ondřej Kuzník
66a743f119 ITS#6467 Record minCSN in audit container 2020-07-22 22:25:10 +01:00
Ondřej Kuzník
4b62f3b8d2 ITS#8645 Check for all syncrepl errors 2020-07-22 20:22:50 +00:00
Quanah Gibson-Mount
3716245fec Issue#8511 - Update documentation and configs to correctly use multiprovider 2020-07-22 19:32:49 +00:00
Ondřej Kuzník
a49b553676 ITS#9279 Implement Netscape password policy controls in ppolicy 2020-07-22 18:57:38 +00:00
Ondřej Kuzník
521b8bbe4b ITS#9282 Check entries are covered by new contextCSN before deletion 2020-07-22 18:24:52 +00:00
Ondřej Kuzník
5bbcf38c78 ITS#9282 Build a complete cookie for the search 2020-07-22 18:24:51 +00:00
Howard Chu
2c0499ae4e ITS#9121 support nested groups 2020-07-22 15:11:24 +00:00
Howard Chu
9210ed1618 ITS#9121 add dynamic memberOf support for static groups 2020-07-22 15:11:24 +00:00
Quanah Gibson-Mount
21eef84a49 ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer 2020-07-18 16:27:04 +00:00
Ondřej Kuzník
947bbfbf5a ITS#9280 Add olcPPolicyDisableWrite to the objectclass 2020-07-08 14:47:03 +01:00
Ondřej Kuzník
31423439c5 ITS#9043 Make sure uuidstr is initialised on use 2020-07-08 12:54:08 +01:00
Howard Chu
4fab675560 ITS#9285 don't hide ppolicy control 2020-07-07 21:01:32 +01:00
Ondřej Kuzník
bdc9dbc511 ITS#8701 Implement account usability in ppolicy 2020-07-07 16:43:37 +01:00
Quanah Gibson-Mount
c06ac436e2 ITS#9235 Merge libldap_r into libldap 2020-07-03 17:23:14 -07:00
Ondřej Kuzník
e05c09b919 ITS#8762 Clear pwdFailureTime on unlock 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
376d5d65cb ITS#7084 ACL of 'manage' gives pasword administrator access 
Password administrators can bypass safeModify, password quality checks
and trigger reset if policy instructs the server to.
 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
a030aacc39 ITS#7788 Allow pwdFailureTime tracking be disabled in policy 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
0b6ac3fd76 ITS#7788 Skip lockout processing if no policy applies 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
3ec005a097 ITS#7788 Report if there is a policy that applies 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
3e0447f4a6 ITS#7089 Skip lockout checks/modifications if password attribute missing 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
49504c16d2 Fix whitespace in ppolicy.c 2020-07-03 20:42:14 +00:00
Ondřej Kuzník
e24a6bf5c1 ITS#8768 Do not update main CSN during delete phase 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
182ec30a6b ITS#8768 Accept delcsn from the server 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
d1e874c605 ITS#8768 Introduce delcsn into our syncrepl cookies 2020-06-23 16:06:09 +00:00
Ondřej Kuzník
eae2dfde04 ITS#9280 Add ppolicy_disable_write 2020-06-23 15:29:26 +00:00
Quanah Gibson-Mount
58c978825c Issue#9020 - Use consistent namespaces for overlays 2020-06-22 20:44:12 +00:00
Ondřej Kuzník
3e5490f467 ITS#9043 More descriptive logs for syncrepl traffic and decisions 2020-06-22 18:20:22 +00:00
Ondřej Kuzník
799607231d ITS#7796 Move 'not indexed' messages to loglevel filter 2020-06-22 09:28:26 +01:00
Ondřej Kuzník
71560032f4 ITS#8949 Check eblock exists before freeing 
cn=config changes might cause slapi_plugins_used transition from 0
during the lifetime of operation (cn=config change or syncrepl) or
a connection and we should be able to deal with that.
 2020-06-21 22:53:14 +00:00
Ondřej Kuzník
6b46232ab8 ITS#8473 Implement ordering stable (de)registration 2020-06-21 22:53:14 +00:00
Ondřej Kuzník
e5105e706e ITS#8473 Mark olcPlugin as ordered 2020-06-21 22:53:14 +00:00
Quanah Gibson-Mount
0d0d50724a ITS#8140 - Update bind operations to note bind_ssf vs overall connection ssf 2020-06-21 22:04:46 +00:00
Ondřej Kuzník
57b0ed909c ITS#8434 Allow cleanup at the end of a failed back-config add 2020-06-21 18:55:09 +00:00
Howard Chu
2346dfd2a0 ITS#9262 check referral 2020-06-21 00:45:45 +01:00
Quanah Gibson-Mount
4e8f91304e Issue#9239 - Fix case where e->e_dn may be NULL causing a segfault on some platforms 2020-05-27 19:51:16 +00:00
Quanah Gibson-Mount
f926e66723 ITS#8873 - Delete obsolete configuration options from back-ldap, back-meta, and back-asyncmeta 2020-05-26 19:59:56 +00:00
Howard Chu
c70e2e0869 ITS#9264 more for unique locking 2020-05-25 22:38:30 +01:00
Ondřej Kuzník
f3952d947b ITS#9059 Document why we do FIND_CSN 2020-05-22 16:57:53 +00:00