ITS#5972

CHANGES

@@ -8,10 +8,12 @@ OpenLDAP 2.4.16 Engineering
 	Fixed libldap peer cert memory leak again (ITS#5849)
 	Fixed libldap referral chasing (ITS#5980)
 	Fixed slapd backglue with empty DBs (ITS#5986)
+	Fixed slapd syncrepl newCookie sync messages (ITS#5972)
 	Fixed slapd-bdb/hdb cachesize handling (ITS#5860)
 	Fixed slapd-ldap/meta with broken AD results (ITS#5977)
 	Fixed slapd-ldap/meta with invalid attrs again (ITS#5959)
 	Fixed slapo-accesslog interaction with ppolicy (ITS#5979)
+	Fixed slapo-syncprov newCookie sync messages (ITS#5972)
 	Documentation
 		admin24 clarified MMR URI requirements (ITS#5942,ITS#5987)
 		slapd-ldap/meta(5) added missing TLS options (ITS#5989)

include/ldap.h

@@ -282,6 +282,7 @@ typedef struct ldapcontrol {
 #define LDAP_SYNC_ADD					1
 #define LDAP_SYNC_MODIFY				2
 #define LDAP_SYNC_DELETE				3
+#define LDAP_SYNC_NEW_COOKIE			4
 
 
 /* Password policy Controls *//* work in progress */

servers/slapd/overlays/syncprov.c

@@ -876,27 +876,34 @@ syncprov_qplay( Operation *op, struct re_s *rtask )
 			break;
 		ldap_pvt_thread_mutex_unlock( &so->s_mutex );
 
-		opc.sdn = sr->s_dn;
-		opc.sndn = sr->s_ndn;
-		opc.suuid = sr->s_uuid;
-		opc.sctxcsn = sr->s_csn;
-		opc.sreference = sr->s_isreference;
-		e = NULL;
-
-		if ( sr->s_mode != LDAP_SYNC_DELETE ) {
-			rc = overlay_entry_get_ov( op, &opc.sndn, NULL, NULL, 0, &e, on );
-			if ( rc ) {
-				Debug( LDAP_DEBUG_SYNC, "syncprov_qplay: failed to get %s, "
-					"error (%d), ignoring...\n", opc.sndn.bv_val, rc, 0 );
-				ch_free( sr );
-				rc = 0;
-				continue;
+		if ( sr->s_mode == LDAP_SYNC_NEW_COOKIE ) {
+		    SlapReply rs = { REP_INTERMEDIATE };
+
+		    rc = syncprov_sendinfo( op, &rs, LDAP_TAG_SYNC_NEW_COOKIE,
+				&sr->s_csn, 0, NULL, 0 );
+		} else {
+			opc.sdn = sr->s_dn;
+			opc.sndn = sr->s_ndn;
+			opc.suuid = sr->s_uuid;
+			opc.sctxcsn = sr->s_csn;
+			opc.sreference = sr->s_isreference;
+			e = NULL;
+
+			if ( sr->s_mode != LDAP_SYNC_DELETE ) {
+				rc = overlay_entry_get_ov( op, &opc.sndn, NULL, NULL, 0, &e, on );
+				if ( rc ) {
+					Debug( LDAP_DEBUG_SYNC, "syncprov_qplay: failed to get %s, "
+						"error (%d), ignoring...\n", opc.sndn.bv_val, rc, 0 );
+					ch_free( sr );
+					rc = 0;
+					continue;
+				}
 			}
-		}
-		rc = syncprov_sendresp( op, &opc, so, &e, sr->s_mode );
+			rc = syncprov_sendresp( op, &opc, so, &e, sr->s_mode );
 
-		if ( e ) {
-			overlay_entry_release_ov( op, e, 0, on );
+			if ( e ) {
+				overlay_entry_release_ov( op, e, 0, on );
+			}
 		}
 
 		ch_free( sr );
@@ -1007,17 +1014,25 @@ static int
 syncprov_qresp( opcookie *opc, syncops *so, int mode )
 {
 	syncres *sr;
-	int sid, srsize;
-
-	/* Don't send changes back to their originator */
-	sid = slap_parse_csn_sid( &opc->sctxcsn );
-	if ( sid >= 0 && sid == so->s_sid )
-		return LDAP_SUCCESS;
+	int srsize;
+	struct berval cookie = opc->sctxcsn;
+
+	if ( mode == LDAP_SYNC_NEW_COOKIE ) {
+		syncprov_info_t	*si = opc->son->on_bi.bi_private;
+
+		slap_compose_sync_cookie( NULL, &cookie, si->si_ctxcsn,
+			so->s_rid, so->s_sid);
+	} else if ( opc->sctxcsn.bv_len ) {
+		/* Don't send changes back to their originator */
+		int sid = slap_parse_csn_sid( &opc->sctxcsn );
+		if ( sid >= 0 && sid == so->s_sid )
+			return LDAP_SUCCESS;
+	}
 
 	srsize = sizeof(syncres) + opc->suuid.bv_len + 1 +
 		opc->sdn.bv_len + 1 + opc->sndn.bv_len + 1;
-	if ( opc->sctxcsn.bv_len )
-		srsize += opc->sctxcsn.bv_len + 1;
+	if ( cookie.bv_len )
+		srsize += cookie.bv_len + 1;
 	sr = ch_malloc( srsize );
 	sr->s_next = NULL;
 	sr->s_dn.bv_val = (char *)(sr + 1);
@@ -1031,13 +1046,17 @@ syncprov_qresp( opcookie *opc, syncops *so, int mode )
 		 opc->sndn.bv_val ) + 1;
 	sr->s_uuid.bv_len = opc->suuid.bv_len;
 	AC_MEMCPY( sr->s_uuid.bv_val, opc->suuid.bv_val, opc->suuid.bv_len );
-	if ( opc->sctxcsn.bv_len ) {
+	if ( cookie.bv_len ) {
 		sr->s_csn.bv_val = sr->s_uuid.bv_val + sr->s_uuid.bv_len + 1;
-		strcpy( sr->s_csn.bv_val, opc->sctxcsn.bv_val );
+		strcpy( sr->s_csn.bv_val, cookie.bv_val );
 	} else {
 		sr->s_csn.bv_val = NULL;
 	}
-	sr->s_csn.bv_len = opc->sctxcsn.bv_len;
+	sr->s_csn.bv_len = cookie.bv_len;
+
+	if ( mode == LDAP_SYNC_NEW_COOKIE && cookie.bv_val ) {
+		ch_free( cookie.bv_val );
+	}
 
 	ldap_pvt_thread_mutex_lock( &so->s_mutex );
 	if ( !so->s_res ) {
@@ -1266,6 +1285,8 @@ syncprov_matchops( Operation *op, opcookie *opc, int saveit )
 		} else if ( !saveit && found ) {
 			/* send DELETE */
 			syncprov_qresp( opc, ss, LDAP_SYNC_DELETE );
+		} else if ( !saveit ) {
+			syncprov_qresp( opc, ss, LDAP_SYNC_NEW_COOKIE );
 		}
 		if ( !saveit && found ) {
 			/* Decrement s_inuse, was incremented when called

servers/slapd/syncrepl.c

@@ -1037,6 +1037,17 @@ do_syncrep2(
 						"LDAP_RES_INTERMEDIATE", 
 						"NEW_COOKIE" );
 					ber_scanf( ber, "tm", &tag, &cookie );
+					Debug( LDAP_DEBUG_SYNC,
+						"do_syncrep2: %s NEW_COOKIE: %s\n",
+						si->si_ridtxt,
+						cookie.bv_val, 0);
+					if ( !BER_BVISNULL( &cookie ) ) {
+						ch_free( syncCookie.octet_str.bv_val );
+						ber_dupbv( &syncCookie.octet_str, &cookie );
+					}
+					if (!BER_BVISNULL( &syncCookie.octet_str ) ) {
+						slap_parse_sync_cookie( &syncCookie, NULL );
+					}
 					break;
 				case LDAP_TAG_SYNC_REFRESH_DELETE:
 				case LDAP_TAG_SYNC_REFRESH_PRESENT:
@@ -1149,6 +1160,7 @@ do_syncrep2(
 
 				if ( match < 0 ) {
 					if ( si->si_refreshPresent == 1 &&
+						si_tag != LDAP_TAG_SYNC_NEW_COOKIE &&
 						syncCookie_req.numcsns == syncCookie.numcsns ) {
 						syncrepl_del_nonpresent( op, si, NULL,
 							&syncCookie, m );