From HEAD

+       Fixed slapd abandon/cancel pending bug (ITS#3160)
+       Fixed slapd sl_malloc memory leak (ITS#3155)
+       Fixed pcache erroneous reply (ITS#3153)
+       Fixed pcache remove_query_data bug (ITS#3170)
+       Fixed liblutil passwd seed len bug (ITS#3169)

diff --git a/CHANGES b/CHANGES
index 3afd71dd89d19d51734b18553d6431fcd4059182..0886b5d4a0ae86c84cb4764b4e1a2f0a23b95ec1 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -11,11 +11,16 @@ OpenLDAP 2.2.12 Engineering
        Fixed slapd entry2mods normalization bug (ITS#3144,3152)
        Fixed slapd extended match memory leak (ITS#3146)
        Fixed slapd syncrepl persist interval issue (ITS#3064)
+       Fixed slapd abandon/cancel pending bug (ITS#3160)
+       Fixed slapd sl_malloc memory leak (ITS#3155)
        Fixed back-ldap normalization bug 
        Fixed pcache cache_entries init bug (ITS#3150)
        Fixed pcache consistency_check bug (ITS#3151)
+       Fixed pcache erroneous reply (ITS#3153)
+       Fixed pcache remove_query_data bug (ITS#3170)
        Fixed libldap SASL mutex init bug (ITS#3123)
        Fixed libldap SASL buffering bug (ITS#3139)
+       Fixed liblutil passwd seed len bug (ITS#3169)
        Build Environment
                Fixed liblber memory debug portability bug (ITS#3116)
                Fixed back-perl perl portability bug (ITS#2554,2946)

diff --git a/libraries/liblutil/passwd.c b/libraries/liblutil/passwd.c
index 7f133a8367a2d3e63057124f3663e2bb328f92a1..f16b49a2bc3f9d79f9b8717f175e3b8646458728 100644 (file)
--- a/libraries/liblutil/passwd.c
+++ b/libraries/liblutil/passwd.c
@@ -459,9 +459,8 @@ static int chk_ssha1(
        int rc;
        unsigned char *orig_pass = NULL;
 
-       /* safety check */
-       if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
-               sizeof(SHA1digest)+SALT_SIZE) {
+       /* safety check -- must have some salt */
+       if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(SHA1digest)) {
                return LUTIL_PASSWD_ERR;
        }
 
@@ -473,7 +472,8 @@ static int chk_ssha1(
 
        rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
 
-       if (rc < (int)(sizeof(SHA1digest)+SALT_SIZE)) {
+       /* safety check -- must have some salt */
+       if (rc <= (int)(sizeof(SHA1digest))) {
                ber_memfree(orig_pass);
                return LUTIL_PASSWD_ERR;
        }
@@ -547,8 +547,7 @@ static int chk_smd5(
        unsigned char *orig_pass = NULL;
 
        /* safety check */
-       if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <
-               sizeof(MD5digest)+SALT_SIZE) {
+       if (LUTIL_BASE64_DECODE_LEN(passwd->bv_len) <= sizeof(MD5digest)) {
                return LUTIL_PASSWD_ERR;
        }
 
@@ -560,7 +559,7 @@ static int chk_smd5(
 
        rc = lutil_b64_pton(passwd->bv_val, orig_pass, passwd->bv_len);
 
-       if (rc < (int)(sizeof(MD5digest)+SALT_SIZE)) {
+       if (rc <= (int)(sizeof(MD5digest))) {
                ber_memfree(orig_pass);
                return LUTIL_PASSWD_ERR;
        }

diff --git a/servers/slapd/abandon.c b/servers/slapd/abandon.c
index 96d29297c88ee45c2bb8ee3dba35a70e404135a0..10dab8d82cb6c279f5dc46bd4874b23ac4ceddca 100644 (file)
--- a/servers/slapd/abandon.c
+++ b/servers/slapd/abandon.c
@@ -103,6 +103,7 @@ do_abandon( Operation *op, SlapReply *rs )
        LDAP_STAILQ_FOREACH( o, &op->o_conn->c_pending_ops, o_next ) {
                if ( o->o_msgid == id ) {
                        LDAP_STAILQ_REMOVE( &op->o_conn->c_pending_ops, o, slap_op, o_next );
+                       op->o_conn->c_n_ops_pending--;
                        slap_op_free( o );
                        goto done;
                }

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index b8f4b17d0077b9956eef877d337e504b197a0f8b..aa91da194827ea3ff4be5738ea7f52ba27a78906 100644 (file)
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -302,7 +302,9 @@ int backend_startup(Backend *be)
        if(be != NULL) {
                /* startup a specific backend database */
 
-               LDAP_TAILQ_INIT( &be->be_pending_csn_list );
+               be->be_pending_csn_list = (struct be_pcl *)
+                                                               ch_calloc( 1, sizeof( struct be_pcl ));
+               LDAP_TAILQ_INIT( be->be_pending_csn_list );
 
 #ifdef NEW_LOGGING
                LDAP_LOG( BACKEND, DETAIL1, "backend_startup:  starting \"%s\"\n",
@@ -381,7 +383,9 @@ int backend_startup(Backend *be)
                /* append global access controls */
                acl_append( &backendDB[i].be_acl, global_acl );
 
-               LDAP_TAILQ_INIT( &backendDB[i].be_pending_csn_list );
+               backendDB[i].be_pending_csn_list = (struct be_pcl *)
+                                                               ch_calloc( 1, sizeof( struct be_pcl ));
+               LDAP_TAILQ_INIT( backendDB[i].be_pending_csn_list );
 
                if ( backendDB[i].be_suffix == NULL ) {
 #ifdef NEW_LOGGING

diff --git a/servers/slapd/backglue.c b/servers/slapd/backglue.c
index cd8a63d3546201cd0e65a3230777f0bcfbfab6a4..59ea867f524135cd39a5460cec4e8a6e7536b8ec 100644 (file)
--- a/servers/slapd/backglue.c
+++ b/servers/slapd/backglue.c
@@ -138,6 +138,7 @@ glue_back_db_open (
        glueOpened = 1;
 
        gi->bd.be_acl = be->be_acl;
+       gi->bd.be_pending_csn_list = be->be_pending_csn_list;
 
        if (gi->bd.bd_info->bi_db_open)
                rc = gi->bd.bd_info->bi_db_open(&gi->bd);
@@ -193,7 +194,7 @@ glue_back_response ( Operation *op, SlapReply *rs )
 
        switch(rs->sr_type) {
        case REP_SEARCH:
-               if ( gs->slimit && rs->sr_nentries >= gs->slimit ) {
+               if ( gs->slimit != -1 && rs->sr_nentries >= gs->slimit ) {
                        rs->sr_err = gs->err = LDAP_SIZELIMIT_EXCEEDED;
                        return -1;
                }
@@ -206,7 +207,8 @@ glue_back_response ( Operation *op, SlapReply *rs )
                        rs->sr_err == LDAP_SIZELIMIT_EXCEEDED ||
                        rs->sr_err == LDAP_TIMELIMIT_EXCEEDED ||
                        rs->sr_err == LDAP_ADMINLIMIT_EXCEEDED ||
-                               gs->err != LDAP_SUCCESS)
+                       rs->sr_err == LDAP_NO_SUCH_OBJECT ||
+                       gs->err != LDAP_SUCCESS)
                        gs->err = rs->sr_err;
                if (gs->err == LDAP_SUCCESS && gs->matched) {
                        ch_free (gs->matched);
@@ -251,6 +253,7 @@ static int
 glue_back_search ( Operation *op, SlapReply *rs )
 {
        BackendDB *b0 = op->o_bd;
+       BackendDB *b1 = NULL;
        glueinfo *gi = (glueinfo *) b0->bd_info;
        int i;
        long stoptime = 0;
@@ -263,14 +266,12 @@ glue_back_search ( Operation *op, SlapReply *rs )
 
        cb.sc_next = op->o_callback;
 
-       if (op->ors_tlimit) {
-               stoptime = slap_get_time () + op->ors_tlimit;
-       }
+       stoptime = slap_get_time () + op->ors_tlimit;
+
+       op->o_bd = glue_back_select (b0, op->o_req_ndn.bv_val);
 
        switch (op->ors_scope) {
        case LDAP_SCOPE_BASE:
-               op->o_bd = glue_back_select (b0, op->o_req_ndn.bv_val);
-
                if (op->o_bd && op->o_bd->be_search) {
                        rs->sr_err = op->o_bd->be_search( op, rs );
                } else {
@@ -284,6 +285,17 @@ glue_back_search ( Operation *op, SlapReply *rs )
 #ifdef LDAP_SCOPE_SUBORDINATE
        case LDAP_SCOPE_SUBORDINATE: /* FIXME */
 #endif
+
+               if ( op->o_sync_mode & SLAP_SYNC_REFRESH ) {
+                       if (op->o_bd && op->o_bd->be_search) {
+                               rs->sr_err = op->o_bd->be_search( op, rs );
+                       } else {
+                               send_ldap_error(op, rs, LDAP_UNWILLING_TO_PERFORM,
+                                             "No search target found");
+                       }
+                       return rs->sr_err;
+               }
+
                op->o_callback = &cb;
                rs->sr_err = gs.err = LDAP_UNWILLING_TO_PERFORM;
                scope0 = op->ors_scope;
@@ -291,6 +303,7 @@ glue_back_search ( Operation *op, SlapReply *rs )
                tlimit0 = op->ors_tlimit;
                dn = op->o_req_dn;
                ndn = op->o_req_ndn;
+               b1 = op->o_bd;
 
                /*
                 * Execute in reverse order, most general first 
@@ -298,14 +311,16 @@ glue_back_search ( Operation *op, SlapReply *rs )
                for (i = gi->nodes-1; i >= 0; i--) {
                        if (!gi->n[i].be || !gi->n[i].be->be_search)
                                continue;
-                       if (tlimit0) {
+                       if (!dnIsSuffix(&gi->n[i].be->be_nsuffix[0], &b1->be_nsuffix[0]))
+                               continue;
+                       if (tlimit0 != -1) {
                                op->ors_tlimit = stoptime - slap_get_time ();
                                if (op->ors_tlimit <= 0) {
                                        rs->sr_err = gs.err = LDAP_TIMELIMIT_EXCEEDED;
                                        break;
                                }
                        }
-                       if (slimit0) {
+                       if (slimit0 != -1) {
                                op->ors_slimit = slimit0 - rs->sr_nentries;
                                if (op->ors_slimit < 0) {
                                        rs->sr_err = gs.err = LDAP_SIZELIMIT_EXCEEDED;
@@ -352,6 +367,7 @@ glue_back_search ( Operation *op, SlapReply *rs )
                        case LDAP_SIZELIMIT_EXCEEDED:
                        case LDAP_TIMELIMIT_EXCEEDED:
                        case LDAP_ADMINLIMIT_EXCEEDED:
+                       case LDAP_NO_SUCH_OBJECT:
                                goto end_of_loop;
                        
                        default:

diff --git a/servers/slapd/cancel.c b/servers/slapd/cancel.c
index 70f3be3369b7187952c72c9cb752c8e62cf0e00d..005dbba0b27e75f9983610d06a8077257a1705fc 100644 (file)
--- a/servers/slapd/cancel.c
+++ b/servers/slapd/cancel.c
@@ -66,6 +66,7 @@ int cancel_extop( Operation *op, SlapReply *rs )
        LDAP_STAILQ_FOREACH( o, &op->o_conn->c_pending_ops, o_next ) {
                if ( o->o_msgid == opid ) {
                        LDAP_STAILQ_REMOVE( &op->o_conn->c_pending_ops, o, slap_op, o_next );
+                       op->o_conn->c_n_ops_pending--;
                        slap_op_free( o );
                        found = 1;
                        break;

diff --git a/servers/slapd/ctxcsn.c b/servers/slapd/ctxcsn.c
index ab1061978edca72b40f496c4fe57e93dfe931815..4672273293f078b2e0e6f3955e857642aa12bc13 100644 (file)
--- a/servers/slapd/ctxcsn.c
+++ b/servers/slapd/ctxcsn.c
@@ -41,14 +41,14 @@ slap_get_commit_csn( Operation *op, struct berval *csn )
 
        ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex );
 
-       LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) {
+       LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
                if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
                        csne->ce_state = SLAP_CSN_COMMIT;
                        break;
                }
        }
 
-       LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) {
+       LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
                if ( csne->ce_state == SLAP_CSN_COMMIT ) committed_csne = csne;
                if ( csne->ce_state == SLAP_CSN_PENDING ) break;
        }
@@ -64,7 +64,7 @@ slap_rewind_commit_csn( Operation *op )
 
        ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex );
 
-       LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) {
+       LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
                if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
                        csne->ce_state = SLAP_CSN_PENDING;
                        break;
@@ -84,9 +84,9 @@ slap_graduate_commit_csn( Operation *op )
 
        ldap_pvt_thread_mutex_lock( &op->o_bd->be_pcl_mutex );
 
-       LDAP_TAILQ_FOREACH( csne, &op->o_bd->be_pending_csn_list, ce_csn_link ) {
+       LDAP_TAILQ_FOREACH( csne, op->o_bd->be_pending_csn_list, ce_csn_link ) {
                if ( csne->ce_opid == op->o_opid && csne->ce_connid == op->o_connid ) {
-                       LDAP_TAILQ_REMOVE( &op->o_bd->be_pending_csn_list,
+                       LDAP_TAILQ_REMOVE( op->o_bd->be_pending_csn_list,
                                csne, ce_csn_link );
                        ch_free( csne->ce_csn->bv_val );
                        ch_free( csne->ce_csn );
@@ -166,7 +166,7 @@ slap_get_csn(
                pending->ce_connid = op->o_connid;
                pending->ce_opid = op->o_opid;
                pending->ce_state = SLAP_CSN_PENDING;
-               LDAP_TAILQ_INSERT_TAIL( &op->o_bd->be_pending_csn_list,
+               LDAP_TAILQ_INSERT_TAIL( op->o_bd->be_pending_csn_list,
                        pending, ce_csn_link );
                ldap_pvt_thread_mutex_unlock( &op->o_bd->be_pcl_mutex );
        }

diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c
index 60395e62c6c964e7cee0212beb11d5cb748a34f1..1b009b750926f7113de87f4343c5b8a181290e99 100644 (file)
--- a/servers/slapd/overlays/pcache.c
+++ b/servers/slapd/overlays/pcache.c
@@ -911,6 +911,7 @@ remove_query_data (
                        mod.sml_desc = ad_queryid;
                        mod.sml_type = ad_queryid->ad_cname;
                        mod.sml_values = vals;
+                       mod.sml_nvalues = NULL;
                        mod.sml_next = NULL;
 #ifdef NEW_LOGGING
                        LDAP_LOG( BACK_META, DETAIL1,

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index d38ad64079a38f7b49caa59cf05c2be89696596b..dca9a0eb15c37e2f116a571c8dd266b9a7e239f3 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -633,9 +633,7 @@ int slap_sasl_match( Operation *opx, struct berval *rule,
                &op.ors_filterstr );
        if( rc != LDAP_SUCCESS ) goto CONCLUDED;
 
-       /* Massive shortcut: search scope == base */
        switch ( op.oq_search.rs_scope ) {
-       case LDAP_SCOPE_BASE:
        case LDAP_X_SCOPE_EXACT:
 exact_match:
                if ( dn_match( &op.o_req_ndn, assertDN ) ) {
@@ -886,9 +884,7 @@ void slap_sasl2dn( Operation *opx,
        /* Must do an internal search */
        op.o_bd = select_backend( &op.o_req_ndn, 0, 1 );
 
-       /* Massive shortcut: search scope == base */
        switch ( op.oq_search.rs_scope ) {
-       case LDAP_SCOPE_BASE:
        case LDAP_X_SCOPE_EXACT:
                *sasldn = op.o_req_ndn;
                op.o_req_ndn.bv_len = 0;
@@ -902,6 +898,7 @@ void slap_sasl2dn( Operation *opx,
                /* correctly parsed, but illegal */
                goto FINISHED;
 
+       case LDAP_SCOPE_BASE:
        case LDAP_SCOPE_ONELEVEL:
        case LDAP_SCOPE_SUBTREE:
 #ifdef LDAP_SCOPE_SUBORDINATE

diff --git a/servers/slapd/sl_malloc.c b/servers/slapd/sl_malloc.c
index cb96ed09dad7f7b9846e428c5ac850e2b588e3be..21afb5230701dcc81d533c7d3f1c44349291e17f 100644 (file)
--- a/servers/slapd/sl_malloc.c
+++ b/servers/slapd/sl_malloc.c
@@ -54,6 +54,10 @@ sl_mem_init()
        ber_set_option( NULL, LBER_OPT_MEMORY_FNS, &sl_mfuncs );
 }
 
+#ifdef NO_THREADS
+static struct slab_heap *slheap;
+#endif
+
 void *
 sl_mem_create(
        ber_len_t size,
@@ -63,7 +67,11 @@ sl_mem_create(
        struct slab_heap *sh = NULL;
        int pad = 2*sizeof(int)-1;
 
+#ifdef NO_THREADS
+       sh = slheap;
+#else
        ldap_pvt_thread_pool_getkey( ctx, (void *)sl_mem_init, (void **)&sh, NULL );
+#endif
 
        /* round up to doubleword boundary */
        size += pad;
@@ -72,7 +80,11 @@ sl_mem_create(
        if (!sh) {
                sh = ch_malloc( sizeof(struct slab_heap) );
                sh->h_base = ch_malloc( size );
+#ifdef NO_THREADS
+               slheap = sh;
+#else
                ldap_pvt_thread_pool_setkey( ctx, (void *)sl_mem_init, (void *)sh, sl_mem_destroy );
+#endif
        } else if ( size > (char *) sh->h_end - (char *) sh->h_base ) {
                sh->h_base = ch_realloc( sh->h_base, size );
        }
@@ -87,8 +99,12 @@ sl_mem_detach(
        void *memctx
 )
 {
+#ifdef NO_THREADS
+       slheap = NULL;
+#else
        /* separate from context */
        ldap_pvt_thread_pool_setkey( ctx, (void *)sl_mem_init, NULL, NULL );
+#endif
 }
 
 void *
@@ -212,9 +228,13 @@ sl_context( void *ptr )
        struct slab_heap *sh = NULL;
        void *ctx;
 
+#ifdef NO_THREADS
+       sh = slheap;
+#else
        ctx = ldap_pvt_thread_pool_context();
 
        ldap_pvt_thread_pool_getkey( ctx, (void *)sl_mem_init, (void **)&sh, NULL );
+#endif
 
        if ( sh && ptr >= sh->h_base && ptr <= sh->h_end ) {
                return sh;

diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 99e492c472ead10853aa9d3b02334b3f67e11e22..0ceb96e1d9d8ad414542142e49bb1541c6d35c86 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1403,6 +1403,8 @@ typedef struct syncinfo_s {
                LDAP_STAILQ_ENTRY( syncinfo_s ) si_next;
 } syncinfo_t;
 
+LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry );
+
 struct slap_backend_db {
        BackendInfo     *bd_info;       /* pointer to shared backend info */
 
@@ -1548,7 +1550,7 @@ struct slap_backend_db {
        char    *be_replogfile; /* replication log file (in master)        */
        struct berval be_update_ndn;    /* allowed to make changes (in replicas) */
        BerVarray       be_update_refs; /* where to refer modifying clients to */
-       LDAP_TAILQ_HEAD( be_pcl, slap_csn_entry )       be_pending_csn_list;
+       struct          be_pcl  *be_pending_csn_list;
        ldap_pvt_thread_mutex_t                                 be_pcl_mutex;
        struct berval                                                   be_context_csn;
        ldap_pvt_thread_mutex_t                                 be_context_csn_mutex;

diff --git a/servers/slapd/starttls.c b/servers/slapd/starttls.c
index ff164a4c61a178fa85713389b4de5401f564b1d9..11f2c0c917ead5a5a2eae31681d2fcb14c265508 100644 (file)
--- a/servers/slapd/starttls.c
+++ b/servers/slapd/starttls.c
@@ -77,9 +77,7 @@ starttls_extop ( Operation *op, SlapReply *rs )
        }
 
        /* fail if TLS could not be initialized */
-       if (ldap_pvt_tls_get_option( NULL, LDAP_OPT_X_TLS_CTX, &ctx ) != 0
-               || ctx == NULL)
-       {
+       if ( slap_tls_ctx == NULL ) {
                if (default_referral != NULL) {
                        /* caller will put the referral in the result */
                        rc = LDAP_REFERRAL;