]>
git.sur5r.net Git - openldap/log
Howard Chu [Fri, 13 Oct 2017 17:46:18 +0000 (18:46 +0100)]
Revert "ITS#8752 ppolicy: don't call same cleanup twice"
This reverts commit
1c963f473945e9902c1682d917baa58002a9ab95 .
Revert "ITS#8752 make sure all cleanups are called in overlay_op_walk"
This reverts commit
b0ad788b8aaad7d5e75827dacd4bbba203ae69ff .
Howard Chu [Fri, 13 Oct 2017 16:39:37 +0000 (17:39 +0100)]
ITS#8752 ppolicy: don't call same cleanup twice
fallout from
b0ad788b8aaad7d5e75827dacd4bbba203ae69ff
Howard Chu [Fri, 13 Oct 2017 16:25:29 +0000 (17:25 +0100)]
ITS#8752 fix syncrepl deadlock from updateCookie
Must release cookieState->cs_mutex before invoking backend.
Add a condvar to serialize calls of updateCookie, so we can
release the mutex and still update sequentially.
Also added tid logging, useful in conjunction with
7ab0e1aff0cc48cdfb299ca7dbd27900a9e3d1a8
Howard Chu [Fri, 13 Oct 2017 16:24:19 +0000 (17:24 +0100)]
ITS#8752 additional debug info, thread ID of rmutex lockers
Howard Chu [Fri, 13 Oct 2017 16:22:34 +0000 (17:22 +0100)]
ITS#8752 make sure all cleanups are called in overlay_op_walk
Howard Chu [Fri, 13 Oct 2017 16:16:25 +0000 (17:16 +0100)]
fix syncprov_qtask race, test062 crashes
Keep s_mutex locked until we know we're removed from queue.
Remember qtask cookie so we can retract if ineeded when deleting
the overlay from running slapd.
config_delete is still unsafe, overlay_remove is running with active
threadpool instead of paused pool.
Quanah Gibson-Mount [Thu, 12 Oct 2017 20:42:37 +0000 (13:42 -0700)]
Update script that does random modifications on random masters. Better
reproduces the problem.
Josh Soref [Sun, 26 Feb 2017 07:49:31 +0000 (07:49 +0000)]
ITS#8605 - spelling fixes
* javascript
* kernel
* ldap
* length
* macros
* maintained
* manager
* matching
* maximum
* mechanism
* memory
* method
* mimic
* minimum
* modifiable
* modifiers
* modifying
* multiple
* necessary
* normalized
* objectclass
* occurrence
* occurring
* offered
* operation
* original
* overridden
* parameter
* permanent
* preemptively
* printable
* protocol
* provider
* really
* redistribution
* referenced
* refresh
* regardless
* registered
* request
* reserved
* resource
* response
* sanity
* separated
* setconcurrency
* should
* specially
* specifies
* structure
* structures
* subordinates
* substitution
* succeed
* successful
* successfully
* sudoers
* sufficient
* superiors
* supported
* synchronization
* terminated
* they're
* through
* traffic
* transparent
* unsigned
* unsupported
* version
* absence
* achieves
* adamson
* additional
* address
* against
* appropriate
* architecture
* associated
* async
* attribute
* authentication
* authorized
* auxiliary
* available
* begin
* beginning
* buffered
* canonical
* certificate
* charray
* check
* class
* compatibility
* compilation
* component
* configurable
* configuration
* configure
* conjunction
* constraints
* constructor
* contained
* containing
* continued
* control
* convenience
* correspond
* credentials
* cyrillic
* database
* definitions
* deloldrdn
* dereferencing
* destroy
* distinguish
* documentation
* emmanuel
* enabled
* entry
* enumerated
* everything
* exhaustive
* existence
* existing
* explicitly
* extract
* fallthru
* fashion
* february
* finally
* function
* generically
* groupname
* happened
* implementation
* including
* initialization
* initializes
* insensitive
* instantiated
* instantiation
* integral
* internal
* iterate
Quanah Gibson-Mount [Tue, 12 Sep 2017 17:09:44 +0000 (10:09 -0700)]
ITS#8527 - Add additional debug logging on consumer/provider state when the consumer has a newer cookie than the provider
Zebediah Figura [Sat, 1 Oct 2016 02:26:59 +0000 (21:26 -0500)]
ITS#8508 - Allow ucgendat.c to recognize title-case characters even if they do not have lower-case equivalents
I, Zebediah Figura, hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
Ondřej Kuzník [Wed, 16 Dec 2015 12:47:17 +0000 (13:47 +0100)]
ITS#8291 Reopen cursor after delete
Ondřej Kuzník [Sun, 22 Nov 2015 18:41:28 +0000 (18:41 +0000)]
ITS#8291 Enable slapmodify logging in tests
Emmanuel Lécharny [Sat, 1 Oct 2016 02:26:59 +0000 (21:26 -0500)]
ITS#8153 - olcTimeLimit should be Single Value
Ivan Nejgebauer [Tue, 28 Aug 2012 14:57:54 +0000 (16:57 +0200)]
ITS#8037 - Add support for relax control to delta-syncrepl
ck@test-centos64.cksoft.de [Tue, 8 Oct 2013 21:14:45 +0000 (23:14 +0200)]
ITS#7721 - Allow authTimestamp updates to be forwarded via updateref
Nathaniel McCallum [Wed, 27 Feb 2013 18:44:57 +0000 (13:44 -0500)]
ITS#7532 - Add new function ldap_connect().
This function is used to manually establish a connection after
a call to ldap_initialize(). This is primarily so that a file
descriptor can be obtained before any requests are sent for the
purposes of polling for writability.
Quanah Gibson-Mount [Wed, 11 Oct 2017 21:31:01 +0000 (14:31 -0700)]
ITS#6475 - Man page updates to slapd.conf/slapd-config for the new olcSaslAuxpropsDontUseCopy and olcSaslAuxpropsDontUseCopyIgnore parameters for use with SASL/OTP
Michael Ströder [Wed, 12 Jul 2017 18:18:22 +0000 (20:18 +0200)]
ITS#8692 let back-sock generate increment: line in case of LDAP_MOD_INCREMENT (see RFC 4525, section 3)
Jan Vcelak [Fri, 14 Sep 2012 12:24:29 +0000 (14:24 +0200)]
ITS#7389 - MozNSS: load certificates from certdb, fallback to PEM
If TLS_CACERT pointed to a PEM file and TLS_CACERTDIR was set to NSS
certificate database, the backend assumed that the certificate is always
located in the certificate database. This assumption might be wrong.
This patch makes the library to try to load the certificate from NSS
database and fallback to PEM file if unsuccessfull.
Ian Puleston [Fri, 19 Sep 2014 01:48:50 +0000 (18:48 -0700)]
ITS#8167 Fix non-blocking TLS with referrals
Quanah Gibson-Mount [Fri, 22 Sep 2017 21:25:20 +0000 (14:25 -0700)]
ITS#8687 - EGD is disabled by default in OpenSSL 1.1. We need to comment out this block if it is not detected. Particularly affects cross compilation.
Quanah Gibson-Mount [Wed, 5 Jul 2017 20:14:54 +0000 (13:14 -0700)]
ITS#8583 - Fix C++ LDAP Control structure
sca+openldap@andreasschulze.de [Fri, 1 Sep 2017 23:31:52 +0000 (16:31 -0700)]
ITS#8578 - remove unused-variables in RE24 testing call (2.4.45)
Nadezhda Ivanova [Tue, 12 Sep 2017 14:14:30 +0000 (17:14 +0300)]
ITS#8404 Fix an assertion failure during modify of olcDbRewrite in back-meta
Quanah Gibson-Mount [Sun, 23 Apr 2017 22:30:07 +0000 (15:30 -0700)]
ITS#8121 - Note ldap_sasl_bind and ldap_sasl_bind_s can be used to make simple binds via the LDAP_SASL_SIMPLE mechanism
Ted C. Cheng [Fri, 6 Feb 2015 01:19:39 +0000 (17:19 -0800)]
ITS#7520 - back-ldap omit-unknown-schema changes
Jan Vcelak [Wed, 29 Aug 2012 14:23:52 +0000 (16:23 +0200)]
ITS#7374 - MozNSS: better file name matching for hashed CA certificate directory
CA certificate files in OpenSSL compatible CACERTDIR were loaded if the
file extension was '.0'. However the file name should be 8 letters long
certificate hash of the certificate subject name, followed by a numeric
suffix which is used to differentiate between two certificates with the
same subject name.
Wit this patch, certificate file names are matched correctly (using
regular expressions).
Jan Vcelak [Tue, 28 Aug 2012 14:57:54 +0000 (16:57 +0200)]
ITS#7373 - TLS: do not reuse tls_session if hostname check fails
If multiple servers are specified, the connection to the first one
succeeds, and the hostname verification fails, *tls_session is not
dropped, but reused when connecting to the second server.
This is a problem with Mozilla NSS backend because another handshake
cannot be performed on the same file descriptor. From this reason,
hostname checking was moved into ldap_int_tls_connect() before
connection error handling.
Ondřej Kuzník [Sun, 22 Nov 2015 18:32:43 +0000 (18:32 +0000)]
ITS#7100 Update entryTtl behaviour to match RFC 2589
Ondřej Kuzník [Sun, 22 Nov 2015 18:31:30 +0000 (18:31 +0000)]
ITS#7100 Test for entryTtl reflecting time to live
Quanah Gibson-Mount [Thu, 7 Sep 2017 15:44:28 +0000 (08:44 -0700)]
ITS#5048 - index on entryCSN is mandatory
Howard Chu [Thu, 5 Oct 2017 21:13:39 +0000 (22:13 +0100)]
ITS#8752 fix syncrepl null_callback
Make sure it's last in callback stack
Quanah Gibson-Mount [Thu, 5 Oct 2017 16:23:02 +0000 (09:23 -0700)]
Fix script so it exits
Quanah Gibson-Mount [Thu, 5 Oct 2017 03:42:54 +0000 (20:42 -0700)]
ITS#8444 - Fix description to match the actual issue that was fixed
Quanah Gibson-Mount [Thu, 5 Oct 2017 03:36:25 +0000 (20:36 -0700)]
ITS#8752 - Add regression test
Hallvard Furuseth [Fri, 23 Jun 2017 09:56:49 +0000 (10:56 +0100)]
ITS#8733 Allow a raw integer to be decoded from a berval
Hallvard Furuseth [Fri, 23 Jun 2017 09:55:36 +0000 (10:55 +0100)]
ITS#8733 Allow extraction of the complete ber element
Ondřej Kuzník [Wed, 10 May 2017 14:57:27 +0000 (15:57 +0100)]
ITS#8732 Extend CIRCLEQ macros
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:51:27 +0000 (11:51 -0700)]
LDAP_FEATURE_SUBORDINATE_SCOPE is from expired draft-sermersheim-ldap-subordinate-scope, leave behind LDAP_DEVEL
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:35:50 +0000 (11:35 -0700)]
Move a bunch of featuers back behind LDAP_DEVEL for 2.5
SLAP_AUXPROP_DONTUSECOPY is ok for release
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:30:50 +0000 (11:30 -0700)]
CHECK_CSN is a debug only flag for testing. It should always remain
behind LDAP_DEVEL
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:27:15 +0000 (11:27 -0700)]
ITS#6817 - back-meta work for SLAP_AUTH_DN was never finished according
to the ITS notes. In addition, this would need man page updates for the
feature
Quanah Gibson-Mount [Tue, 26 Sep 2017 18:04:45 +0000 (11:04 -0700)]
The support for unindexed attributes being tracked in back-monitor needs
to remain behind LDAP_DEVEL for now. Right now, the mutex in
back-monitor cannot properly handle the load if the server had a lot
of unindexed attributes that were being accessed in search filters.
Quanah Gibson-Mount [Tue, 26 Sep 2017 17:59:08 +0000 (10:59 -0700)]
ITS#7428 - Non-blocking TLS is not compatible with MOZNSS
Quanah Gibson-Mount [Tue, 26 Sep 2017 17:33:01 +0000 (10:33 -0700)]
Whitespace cleanup
Ondřej Kuzník [Wed, 8 Mar 2017 17:03:18 +0000 (17:03 +0000)]
ITS#8638 Add a recursive mutex to libldap_r for libevent
Most thread implementations suppport a native recursive mutex, use that
where possible (especially when a regular mutex is recursive already).
Also provide a macro for applications to test whether they can use the
lock functions interchangeably.
Ondřej Kuzník [Wed, 24 May 2017 15:12:48 +0000 (16:12 +0100)]
Fix warnings issued by autoconf 2.68+
Quanah Gibson-Mount [Fri, 22 Sep 2017 19:05:18 +0000 (12:05 -0700)]
Fix additional compile for /dev/poll support. /dev/poll is neither tested nor supported.
Quanah Gibson-Mount [Tue, 19 Sep 2017 22:21:56 +0000 (15:21 -0700)]
Merge branch 'master' of ssh://git-master.openldap.org/~git/git/openldap
Quanah Gibson-Mount [Tue, 19 Sep 2017 22:20:56 +0000 (15:20 -0700)]
Fix calls to SLAP_DEVPOLL_SOCK_LX for multi-listener support. Support
for /dev/poll is neither enabled nor tested, so other issues may exist.
Howard Chu [Fri, 8 Sep 2017 20:36:05 +0000 (21:36 +0100)]
ITS#8725 fix
75999a18c3c302bc2a71e9a01dfe63a62be8077c
Not needed since callback uses tmpalloc
Quanah Gibson-Mount [Fri, 8 Sep 2017 19:03:02 +0000 (12:03 -0700)]
Fix typo "errror" -> "error"
Nadezhda Ivanova [Fri, 24 Mar 2017 11:19:00 +0000 (13:19 +0200)]
ITS#8725 Always remove listener descriptors from daemon on shutdown
Howard Chu [Tue, 14 Mar 2017 08:50:17 +0000 (08:50 +0000)]
ITS#8725 add slap_sl_mark / slap_sl_release
For fast cleanup after constructing disposable entries
Howard Chu [Thu, 9 Feb 2017 17:20:28 +0000 (17:20 +0000)]
ITS#8725 Avoid listener thread startup race
Typically only shows up under valgrind, not in regular runs
Howard Chu [Thu, 19 Jan 2017 20:10:38 +0000 (20:10 +0000)]
ITS#8725 connection fixes
Fix op_finish, must resched connection to pick up pending ops.
Fix op completion counter.
Howard Chu [Tue, 17 Jan 2017 09:44:03 +0000 (09:44 +0000)]
ITS#8725 backover fixes for async
Fix some valgrind race conditions - wait for frontend to finish up
Don't set callbacks for abandon or unbind - since they have no response
Use tmpalloc for backover callback
Nadezhda Ivanova [Fri, 27 Jan 2017 09:49:24 +0000 (10:49 +0100)]
ITS#8725 Fix an invalid data access during add operations if backend is asynchronous
Howard Chu [Tue, 17 Jan 2017 11:35:54 +0000 (11:35 +0000)]
ITS#8727 plug ber leaks
Howard Chu [Mon, 16 Jan 2017 21:21:33 +0000 (21:21 +0000)]
ITS#8725 Add SLAPD_ASYNCOP return code
Tell frontend the op will finish asynchronously, leave it alone
Howard Chu [Wed, 6 Sep 2017 20:46:09 +0000 (21:46 +0100)]
ITS#8717 call connection delete callbacks
When TLS fails to start
SATOH Fumiyasu [Thu, 3 Aug 2017 07:59:02 +0000 (16:59 +0900)]
ITS#8709 contrib/slapd-modules/passwd/totp: OpenSSL 1.1.0 compatibility
Howard Chu [Wed, 6 Sep 2017 20:25:16 +0000 (21:25 +0100)]
ITS#8719 add crypt_r() support
Michael Ströder [Tue, 5 Sep 2017 13:52:34 +0000 (15:52 +0200)]
ITS#8714 Send out EXTENDED operation message from back-sock
Howard Chu [Thu, 31 Aug 2017 15:53:45 +0000 (16:53 +0100)]
ITS#8270 use the configured exop timeout for StartTLS
Also, there's no need for a retry loop here. Just wait for
the specified timeout or give up.
Ondřej Kuzník [Fri, 25 Aug 2017 15:25:23 +0000 (16:25 +0100)]
ITS#8444 Do not clear the pending operation when checkpointing
When a checkpoint happens, if we remove the CSN from the pending list,
accesslog won't pass it onto the accesslog DB. But in a delta-mmr
scenario, an accesslog entry without a CSN faces a race where it might
be applied twice - that usually fails and causes a full refresh, other
times it can cause a silent desync - both are undesirable.
Quanah Gibson-Mount [Mon, 21 Aug 2017 16:19:12 +0000 (09:19 -0700)]
ITS#8715 Fix typo with olcTLSCiphersuite
Quanah Gibson-Mount [Wed, 16 Aug 2017 15:50:22 +0000 (08:50 -0700)]
ITS#8713 Delete stub man page for LDBM
Howard Chu [Fri, 4 Aug 2017 19:58:07 +0000 (20:58 +0100)]
ITS#8690 one more time
Howard Chu [Fri, 4 Aug 2017 12:40:34 +0000 (13:40 +0100)]
ITS#8690 fix again
Howard Chu [Fri, 4 Aug 2017 12:34:03 +0000 (13:34 +0100)]
Revert "ITS#8690 refix"
This reverts commit
a5f3a2885c9d1a72ecebf159522a558a1f33d767 .
Howard Chu [Thu, 3 Aug 2017 11:42:21 +0000 (12:42 +0100)]
ITS#8705 fix service pathname
Strip trailing space of last pathname component, if any. Not first.
Howard Chu [Tue, 1 Aug 2017 23:52:13 +0000 (00:52 +0100)]
ITS#8690 refix
Don't double-queue delete ops
Howard Chu [Tue, 1 Aug 2017 21:08:50 +0000 (22:08 +0100)]
ITS#8226 optimization
Don't release read txn unless there has actually been a new write txn
Howard Chu [Tue, 1 Aug 2017 20:57:02 +0000 (21:57 +0100)]
ITS#8690 fix prev commit
Howard Chu [Tue, 1 Aug 2017 20:47:15 +0000 (21:47 +0100)]
Cleanup uninit'd vars
Howard Chu [Fri, 21 Jul 2017 18:04:08 +0000 (19:04 +0100)]
ITS#8690 plug memleak on Delete ops
Quanah Gibson-Mount [Fri, 21 Jul 2017 00:11:01 +0000 (17:11 -0700)]
ITS#8697 - For Windows builds with newer MINGW, remove refptr symbols
mappings from slapd.def
Quanah Gibson-Mount [Fri, 23 Jun 2017 16:44:46 +0000 (09:44 -0700)]
Fix missing index on reqResult
Howard Chu [Thu, 22 Jun 2017 17:08:40 +0000 (18:08 +0100)]
ITS#8678 temporary hack
Quanah Gibson-Mount [Wed, 7 Jun 2017 00:04:11 +0000 (17:04 -0700)]
ITS#8667 - Add regression test
Howard Chu [Thu, 1 Jun 2017 16:52:15 +0000 (17:52 +0100)]
Merge remote-tracking branch 'origin/mdb.RE/0.9'
Howard Chu [Thu, 1 Jun 2017 16:51:10 +0000 (17:51 +0100)]
Release 0.9.21
Ryan Tandy [Thu, 18 May 2017 03:07:39 +0000 (20:07 -0700)]
ITS#8655 fix double free on paged search with pagesize 0
Fixes a double free when a search includes the Paged Results control
with a page size of 0 and the search base matches the filter.
Ryan Tandy [Fri, 5 May 2017 03:08:07 +0000 (03:08 +0000)]
ITS#8648 init SASL library in global init
Ryan Tandy [Sun, 7 May 2017 20:16:00 +0000 (20:16 +0000)]
ITS#8648 check result of ldap_int_initialize in ldap_{get,set}_option
Ryan Tandy [Sat, 6 May 2017 22:50:13 +0000 (22:50 +0000)]
ITS#8650 retry gnutls_handshake after GNUTLS_E_AGAIN
Quanah Gibson-Mount [Sun, 23 Apr 2017 22:13:23 +0000 (15:13 -0700)]
ITS#8123 - Fix wording to match examples
Kevin Lam [Tue, 21 Feb 2017 04:20:38 +0000 (12:20 +0800)]
ITS#8592 Fix double free in sssvlv overlay
Quanah Gibson-Mount [Tue, 25 Apr 2017 23:09:22 +0000 (16:09 -0700)]
Fix slapo-pcache to use mdb as the example backend
Quanah Gibson-Mount [Tue, 25 Apr 2017 18:47:49 +0000 (11:47 -0700)]
ITS#8205 - Pick up changes that were ignored in the last commit
Quanah Gibson-Mount [Tue, 25 Apr 2017 18:37:48 +0000 (11:37 -0700)]
ITS#8205 - Fix typos, use man page from Howard for TOTP
Peter Marschall [Sun, 26 Jul 2015 13:04:26 +0000 (15:04 +0200)]
ITS#8205 - contrib/smbk5pwd: add man page, install it too
Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
install the new manual page.
ITS#8205 - contrib/lastbind: install man page
Update lastbind's Makefile to install the manual page too.
ITS#8205 - contrib/passwd/sha2: add man page, install it too
Add a manual page slapd-pw-sha2.5 and update passwd/sha2's Makefile to
install the new manual page.
ITS#8205 - contrib/adremap: install man page
Update adremap's Makefile to install the manual page too.
ITS#8205 - contrib/allop: install man page
Update allop's Makefile to install the manual page too.
ITS#8205 - contrib/cloak: install man page
Update cloak's Makefile to install the manual page too.
ITS#8205 - contrib/lastmod: install man page
Update lastmod's Makefile to install the manual page too.
ITS#8205 - contrib/nops: install man page
Update nops's Makefile to install the manual page too.
ITS#8205 - contrib/nssov: install man page
Update nssov's Makefile to install the manual page too.
ITS#8205 - contrib/passwd: add man page slapd-pw-sha2.5, install it too
Add a manual page slapd-pw-radius.5 and update passwd's Makefile to
install the new manual page.
ITS#8205 - contrib/passwd/totp: add man page, install it too
Add a manual page slapo-totp.5 and update passwd/totp's Makefile to
install the new manual page.
ITS#8205 - contrib/passwd/pbkdf2: add man page, install it too
Add a manual page slapd-pw-pbkdf2.5 and update passwd/pbkdf2's Makefile to
install the new manual page.
Ryan Tandy [Tue, 25 Apr 2017 01:53:56 +0000 (01:53 +0000)]
ITS#8644 fix previous commit: initialize KILLPIDS
Ryan Tandy [Tue, 25 Apr 2017 01:28:25 +0000 (01:28 +0000)]
ITS#8644 wait for slapd to start in test064
Quanah Gibson-Mount [Mon, 24 Apr 2017 20:15:56 +0000 (13:15 -0700)]
ITS#8635 - Note that non-zero serverID's are required for MMR, and that serverID 0 is specific to single master replication only
Quanah Gibson-Mount [Sun, 23 Apr 2017 19:23:56 +0000 (12:23 -0700)]
ITS#8613 - Note that slapo-memberOf should not be used in a replicated environment
Jephte CLAIN [Thu, 31 Dec 2015 08:03:56 +0000 (12:03 +0400)]
ITS#8344 - accesslog database should not be replicated
Howard Chu [Fri, 21 Apr 2017 13:39:17 +0000 (14:39 +0100)]
Fix pool_retract signature
Omitted from
e12ca8b6fed6b8a2526c5c8ee820bf5aa942b59d
Quanah Gibson-Mount [Wed, 19 Apr 2017 19:49:24 +0000 (12:49 -0700)]
Regenerate for autoca, asyncmeta, and wiredtiger