Commits (5)
......@@ -993,7 +993,7 @@ install )
if [ ".$opt_t" = .yes ]; then
echo "strip $dsttmp" 1>&2
fi
$STRIP $dsttmp || shtool_exit $?
${STRIP:-strip} $dsttmp || shtool_exit $?
fi
if [ ".$opt_o" != . ]; then
if [ ".$opt_t" = .yes ]; then
......
......@@ -1199,36 +1199,32 @@ overlay_destroy_one( BackendDB *be, slap_overinst *on )
#ifdef SLAP_CONFIG_DELETE
typedef struct ov_remove_ctx {
BackendDB *be;
BackendDB be;
slap_overinst *on;
} ov_remove_ctx;
int
overlay_remove_cb( Operation *op, SlapReply *rs )
{
slap_callback *sc = op->o_callback;
ov_remove_ctx *rm_ctx = (ov_remove_ctx*) op->o_callback->sc_private;
BackendInfo *bi_orig = rm_ctx->be->bd_info;
rm_ctx->be->bd_info = (BackendInfo*) rm_ctx->on;
op->o_callback = sc->sc_next;
rm_ctx->be.bd_info = (BackendInfo*) rm_ctx->on;
if ( rm_ctx->on->on_bi.bi_db_close ) {
rm_ctx->on->on_bi.bi_db_close( rm_ctx->be, NULL );
rm_ctx->on->on_bi.bi_db_close( &rm_ctx->be, NULL );
}
if ( rm_ctx->on->on_bi.bi_db_destroy ) {
rm_ctx->on->on_bi.bi_db_destroy( rm_ctx->be, NULL );
rm_ctx->on->on_bi.bi_db_destroy( &rm_ctx->be, NULL );
}
/* clean up after removing last overlay */
if ( ! rm_ctx->on->on_info->oi_list ) {
/* reset db flags and bd_info to orig */
SLAP_DBFLAGS( rm_ctx->be ) &= ~SLAP_DBFLAG_GLOBAL_OVERLAY;
rm_ctx->be->bd_info = rm_ctx->on->on_info->oi_orig;
ch_free(rm_ctx->on->on_info);
} else {
rm_ctx->be->bd_info = bi_orig;
}
free( rm_ctx->on );
op->o_tmpfree(rm_ctx, op->o_tmpmemctx);
ch_free( rm_ctx->on );
op->o_tmpfree( sc, op->o_tmpmemctx );
return SLAP_CB_CONTINUE;
}
......@@ -1251,17 +1247,18 @@ overlay_remove( BackendDB *be, slap_overinst *on, Operation *op )
/* The db_close and db_destroy handlers to cleanup a release
* the overlay's resources are called from the cleanup callback
*/
rm_ctx = op->o_tmpalloc( sizeof( ov_remove_ctx ), op->o_tmpmemctx );
rm_ctx->be = be;
rm_ctx->on = on;
rm_cb = op->o_tmpalloc( sizeof( slap_callback ), op->o_tmpmemctx );
rm_cb = op->o_tmpalloc( sizeof( slap_callback ) + sizeof( ov_remove_ctx ), op->o_tmpmemctx );
rm_cb->sc_next = NULL;
rm_cb->sc_cleanup = overlay_remove_cb;
rm_cb->sc_response = NULL;
rm_cb->sc_private = (void*) rm_ctx;
rm_cb->sc_private = (void*) ( rm_cb + 1 );
rm_cb->sc_writewait = NULL;
rm_ctx = rm_cb->sc_private;
rm_ctx->be = *be;
rm_ctx->on = on;
/* Append callback to the end of the list */
if ( !op->o_callback ) {
op->o_callback = rm_cb;
......@@ -1269,6 +1266,13 @@ overlay_remove( BackendDB *be, slap_overinst *on, Operation *op )
for ( cb = op->o_callback; cb->sc_next; cb = cb->sc_next );
cb->sc_next = rm_cb;
}
/* if this is the last overlay */
if ( ! on->on_info->oi_list ) {
/* reset db flags and bd_info to orig */
SLAP_DBFLAGS( be ) &= ~SLAP_DBFLAG_GLOBAL_OVERLAY;
be->bd_info = on->on_info->oi_orig;
}
}
#endif /* SLAP_CONFIG_DELETE */
......
......@@ -1939,76 +1939,99 @@ static struct {
int bindconf_tls_set( slap_bindconf *bc, LDAP *ld )
{
int i, rc, res = 0;
int i, rc, newctx = 0, res = 0;
char *ptr = (char *)bc, **word;
bc->sb_tls_do_init = 0;
for (i=0; bindtlsopts[i].opt; i++) {
word = (char **)(ptr + bindtlsopts[i].offset);
if ( *word ) {
rc = ldap_set_option( ld, bindtlsopts[i].opt, *word );
if ( bc->sb_tls_do_init ) {
for (i=0; bindtlsopts[i].opt; i++) {
word = (char **)(ptr + bindtlsopts[i].offset);
if ( *word ) {
rc = ldap_set_option( ld, bindtlsopts[i].opt, *word );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"bindconf_tls_set: failed to set %s to %s\n",
bindtlsopts[i].key, *word );
res = -1;
} else
newctx = 1;
}
}
if ( bc->sb_tls_reqcert ) {
rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_REQUIRE_CERT,
bc->sb_tls_reqcert );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"bindconf_tls_set: failed to set %s to %s\n",
bindtlsopts[i].key, *word );
"bindconf_tls_set: failed to set tls_reqcert to %s\n",
bc->sb_tls_reqcert );
res = -1;
} else {
newctx = 1;
/* retrieve the parsed setting for later use */
ldap_get_option( ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &bc->sb_tls_int_reqcert );
}
}
}
if ( bc->sb_tls_reqcert ) {
rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_REQUIRE_CERT,
bc->sb_tls_reqcert );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"bindconf_tls_set: failed to set tls_reqcert to %s\n",
bc->sb_tls_reqcert );
res = -1;
}
}
if ( bc->sb_tls_reqsan ) {
rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_REQUIRE_SAN,
bc->sb_tls_reqsan );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"bindconf_tls_set: failed to set tls_reqsan to %s\n",
bc->sb_tls_reqsan );
res = -1;
if ( bc->sb_tls_reqsan ) {
rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_REQUIRE_SAN,
bc->sb_tls_reqsan );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"bindconf_tls_set: failed to set tls_reqsan to %s\n",
bc->sb_tls_reqsan );
res = -1;
} else {
newctx = 1;
/* retrieve the parsed setting for later use */
ldap_get_option( ld, LDAP_OPT_X_TLS_REQUIRE_SAN, &bc->sb_tls_int_reqsan );
}
}
}
if ( bc->sb_tls_protocol_min ) {
rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_PROTOCOL_MIN,
bc->sb_tls_protocol_min );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"bindconf_tls_set: failed to set tls_protocol_min to %s\n",
bc->sb_tls_protocol_min );
res = -1;
if ( bc->sb_tls_protocol_min ) {
rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_PROTOCOL_MIN,
bc->sb_tls_protocol_min );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"bindconf_tls_set: failed to set tls_protocol_min to %s\n",
bc->sb_tls_protocol_min );
res = -1;
} else
newctx = 1;
}
}
#ifdef HAVE_OPENSSL
if ( bc->sb_tls_crlcheck ) {
rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_CRLCHECK,
bc->sb_tls_crlcheck );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"bindconf_tls_set: failed to set tls_crlcheck to %s\n",
bc->sb_tls_crlcheck );
res = -1;
if ( bc->sb_tls_crlcheck ) {
rc = ldap_pvt_tls_config( ld, LDAP_OPT_X_TLS_CRLCHECK,
bc->sb_tls_crlcheck );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"bindconf_tls_set: failed to set tls_crlcheck to %s\n",
bc->sb_tls_crlcheck );
res = -1;
} else
newctx = 1;
}
}
#endif
if ( bc->sb_tls_ctx ) {
rc = ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, bc->sb_tls_ctx );
if ( rc )
res = rc;
} else {
if ( !res )
bc->sb_tls_do_init = 0;
}
if ( newctx ) {
int opt = 0;
if ( bc->sb_tls_ctx ) {
ldap_pvt_tls_ctx_free( bc->sb_tls_ctx );
bc->sb_tls_ctx = NULL;
}
rc = ldap_set_option( ld, LDAP_OPT_X_TLS_NEWCTX, &opt );
if ( rc )
res = rc;
else
ldap_get_option( ld, LDAP_OPT_X_TLS_CTX, &bc->sb_tls_ctx );
} else if ( bc->sb_tls_ctx ) {
rc = ldap_set_option( ld, LDAP_OPT_X_TLS_CTX, bc->sb_tls_ctx );
if ( rc == LDAP_SUCCESS ) {
/* these options aren't actually inside the ctx, so have to be set again */
ldap_set_option( ld, LDAP_OPT_X_TLS_REQUIRE_CERT, &bc->sb_tls_int_reqcert );
ldap_set_option( ld, LDAP_OPT_X_TLS_REQUIRE_SAN, &bc->sb_tls_int_reqsan );
} else
res = rc;
}
return res;
......
......@@ -1658,6 +1658,8 @@ typedef struct slap_bindconf {
#ifdef HAVE_OPENSSL
char *sb_tls_crlcheck;
#endif
int sb_tls_int_reqcert;
int sb_tls_int_reqsan;
int sb_tls_do_init;
#endif
} slap_bindconf;
......
......@@ -61,7 +61,14 @@ struct nonpresent_entry {
LDAP_LIST_ENTRY(nonpresent_entry) npe_link;
};
typedef struct cookie_vals {
struct berval *cv_vals;
int *cv_sids;
int cv_num;
} cookie_vals;
typedef struct cookie_state {
ldap_pvt_thread_mutex_t cs_modmutex;
ldap_pvt_thread_mutex_t cs_mutex;
ldap_pvt_thread_cond_t cs_cond;
struct berval *cs_vals;
......@@ -1107,6 +1114,45 @@ compare_csns( struct sync_cookie *sc1, struct sync_cookie *sc2, int *which )
return match;
}
#define CV_CSN_OK 0
#define CV_CSN_OLD 1
#define CV_SID_NEW 2
static int
check_csn_age(
syncinfo_t *si,
struct berval *dn,
struct berval *csn,
int sid,
cookie_vals *cv,
int *slot )
{
int i, rc = CV_SID_NEW;
for ( i =0; i<cv->cv_num; i++ ) {
#ifdef CHATTY_SYNCLOG
Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN for sid %d: %s\n",
si->si_ridtxt, i, cv->cv_vals[i].bv_val );
#endif
/* new SID */
if ( sid < cv->cv_sids[i] )
break;
if ( cv->cv_sids[i] == sid ) {
if ( ber_bvcmp( csn, &cv->cv_vals[i] ) <= 0 ) {
dn->bv_val[dn->bv_len] = '\0';
Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN too old, ignoring %s (%s)\n",
si->si_ridtxt, csn->bv_val, dn->bv_val );
return CV_CSN_OLD;
}
rc = CV_CSN_OK;
break;
}
}
if ( slot )
*slot = i;
return rc;
}
#define SYNC_TIMEOUT 0
#define SYNC_SHUTDOWN -100
#define SYNC_ERROR -101
......@@ -1288,33 +1334,18 @@ do_syncrep2(
{
slap_parse_sync_cookie( &syncCookie, NULL );
if ( syncCookie.ctxcsn ) {
int i, sid = slap_parse_csn_sid( syncCookie.ctxcsn );
int i, slot, sid = slap_parse_csn_sid( syncCookie.ctxcsn );
check_syncprov( op, si );
ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
for ( i =0; i<si->si_cookieState->cs_num; i++ ) {
#ifdef CHATTY_SYNCLOG
Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN for sid %d: %s\n",
si->si_ridtxt, i, si->si_cookieState->cs_vals[i].bv_val );
#endif
/* new SID */
if ( sid < si->si_cookieState->cs_sids[i] )
break;
if ( si->si_cookieState->cs_sids[i] == sid ) {
if ( ber_bvcmp( syncCookie.ctxcsn, &si->si_cookieState->cs_vals[i] ) <= 0 ) {
bdn.bv_val[bdn.bv_len] = '\0';
Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN too old, ignoring %s (%s)\n",
si->si_ridtxt, syncCookie.ctxcsn->bv_val, bdn.bv_val );
si->si_too_old = 1;
ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
ldap_controls_free( rctrls );
rc = 0;
goto done;
}
si->si_too_old = 0;
break;
}
}
i = check_csn_age( si, &bdn, syncCookie.ctxcsn, sid, (cookie_vals *)&si->si_cookieState->cs_vals, NULL );
ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
if ( i == CV_CSN_OLD ) {
si->si_too_old = 1;
ldap_controls_free( rctrls );
rc = 0;
goto done;
}
si->si_too_old = 0;
/* check pending CSNs too */
while ( ldap_pvt_thread_mutex_trylock( &si->si_cookieState->cs_pmutex )) {
......@@ -1326,33 +1357,23 @@ do_syncrep2(
ldap_pvt_thread_yield();
}
for ( i =0; i<si->si_cookieState->cs_pnum; i++ ) {
if ( sid < si->si_cookieState->cs_psids[i] )
break;
if ( si->si_cookieState->cs_psids[i] == sid ) {
if ( ber_bvcmp( syncCookie.ctxcsn, &si->si_cookieState->cs_pvals[i] ) <= 0 ) {
ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex );
bdn.bv_val[bdn.bv_len] = '\0';
Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN pending, ignoring %s (%s)\n",
si->si_ridtxt, syncCookie.ctxcsn->bv_val, bdn.bv_val );
ldap_controls_free( rctrls );
rc = 0;
goto done;
}
ber_bvreplace( &si->si_cookieState->cs_pvals[i],
syncCookie.ctxcsn );
break;
}
}
i = check_csn_age( si, &bdn, syncCookie.ctxcsn, sid, (cookie_vals *)&si->si_cookieState->cs_pvals, &slot );
if ( i == CV_CSN_OK ) {
ber_bvreplace( &si->si_cookieState->cs_pvals[slot],
syncCookie.ctxcsn );
} else if ( i == CV_CSN_OLD ) {
ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_pmutex );
ldap_controls_free( rctrls );
rc = 0;
goto done;
} else {
/* new SID, add it */
if ( i == si->si_cookieState->cs_pnum ||
sid != si->si_cookieState->cs_psids[i] ) {
slap_insert_csn_sids(
(struct sync_cookie *)&si->si_cookieState->cs_pvals,
i, sid, syncCookie.ctxcsn );
slot, sid, syncCookie.ctxcsn );
}
assert( punlock < 0 );
punlock = i;
punlock = slot;
} else if (si->si_too_old) {
bdn.bv_val[bdn.bv_len] = '\0';
Debug( LDAP_DEBUG_SYNC, "do_syncrep2: %s CSN too old, ignoring (%s)\n",
......@@ -2546,33 +2567,6 @@ syncrepl_op_modify( Operation *op, SlapReply *rs )
if ( !mod )
return SLAP_CB_CONTINUE;
{
int i, sid;
sid = slap_parse_csn_sid( &mod->sml_nvalues[0] );
ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
for ( i =0; i<si->si_cookieState->cs_num; i++ ) {
#ifdef CHATTY_SYNCLOG
Debug( LDAP_DEBUG_SYNC, "syncrepl_op_modify: %s CSN for sid %d: %s\n",
si->si_ridtxt, i, si->si_cookieState->cs_vals[i].bv_val );
#endif
/* new SID */
if ( sid < si->si_cookieState->cs_sids[i] )
break;
if ( si->si_cookieState->cs_sids[i] == sid ) {
if ( ber_bvcmp( &mod->sml_nvalues[0], &si->si_cookieState->cs_vals[i] ) <= 0 ) {
Debug( LDAP_DEBUG_SYNC, "syncrepl_op_modify: %s entryCSN too old, ignoring %s (%s)\n",
si->si_ridtxt, mod->sml_nvalues[0].bv_val, op->o_req_dn.bv_val );
ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
slap_graduate_commit_csn( op );
/* tell accesslog this was a failure */
rs->sr_err = LDAP_TYPE_OR_VALUE_EXISTS;
return LDAP_SUCCESS;
}
}
}
ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
}
rc = overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on );
if ( rc == 0 ) {
Attribute *a;
......@@ -2759,6 +2753,7 @@ syncrepl_message_to_op(
const char *text;
char txtbuf[SLAP_TEXT_BUFLEN];
size_t textlen = sizeof txtbuf;
char csnbuf[LDAP_PVT_CSNSTR_BUFSIZE];
struct berval bdn, dn = BER_BVNULL, ndn;
struct berval bv, bv2, *bvals = NULL;
......@@ -2766,8 +2761,9 @@ syncrepl_message_to_op(
prdn = BER_BVNULL, nrdn = BER_BVNULL,
psup = BER_BVNULL, nsup = BER_BVNULL;
struct berval dsee_uuid = BER_BVNULL, dsee_mods = BER_BVNULL;
struct berval csn = {0, csnbuf};
int rc, deleteOldRdn = 0, freeReqDn = 0;
int do_graduate = 0;
int do_graduate = 0, do_unlock = 0;
unsigned long changenum = 0;
if ( ldap_msgtype( msg ) != LDAP_RES_SEARCH_ENTRY ) {
......@@ -2873,8 +2869,13 @@ syncrepl_message_to_op(
} else if ( !ber_bvstrcasecmp( &bv,
&slap_schema.si_ad_entryCSN->ad_cname ) )
{
slap_queue_csn( op, bvals );
do_graduate = 1;
int len = bvals->bv_len;
if ( bvals->bv_len >= sizeof(csnbuf) )
csn.bv_len = sizeof(csnbuf) - 1;
else
csn.bv_len = bvals->bv_len;
AC_MEMCPY( csn.bv_val, bvals->bv_val, csn.bv_len );
csn.bv_val[csn.bv_len] = '\0';
}
ch_free( bvals );
}
......@@ -2893,6 +2894,22 @@ syncrepl_message_to_op(
goto done;
}
ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_modmutex );
do_unlock = 1;
if ( csn.bv_len ) {
int i, sid = slap_parse_csn_sid( &csn );
ldap_pvt_thread_mutex_lock( &si->si_cookieState->cs_mutex );
i = check_csn_age( si, &bdn, &csn, sid, (cookie_vals *)&si->si_cookieState->cs_vals, NULL );
ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_mutex );
if ( i == CV_CSN_OLD ) {
/* skip this op */
rc = -1;
goto done;
}
slap_queue_csn( op, &csn );
do_graduate = 1;
}
op->o_callback = &cb;
slap_op_time( &op->o_time, &op->o_tincr );
......@@ -3014,6 +3031,8 @@ syncrepl_message_to_op(
done:
if ( do_graduate )
slap_graduate_commit_csn( op );
if ( do_unlock )
ldap_pvt_thread_mutex_unlock( &si->si_cookieState->cs_modmutex );
op->o_bd = si->si_be;
op->o_tmpfree( op->o_csn.bv_val, op->o_tmpmemctx );
BER_BVZERO( &op->o_csn );
......@@ -5739,6 +5758,7 @@ syncinfo_free( syncinfo_t *sie, int free_all )
ber_bvarray_free( sie->si_cookieState->cs_vals );
ldap_pvt_thread_cond_destroy( &sie->si_cookieState->cs_cond );
ldap_pvt_thread_mutex_destroy( &sie->si_cookieState->cs_mutex );
ldap_pvt_thread_mutex_destroy( &sie->si_cookieState->cs_modmutex );
ch_free( sie->si_cookieState->cs_psids );
ber_bvarray_free( sie->si_cookieState->cs_pvals );
ldap_pvt_thread_mutex_destroy( &sie->si_cookieState->cs_pmutex );
......@@ -6557,6 +6577,7 @@ add_syncrepl(
sip->si_next = si;
} else {
si->si_cookieState = ch_calloc( 1, sizeof( cookie_state ));
ldap_pvt_thread_mutex_init( &si->si_cookieState->cs_modmutex );
ldap_pvt_thread_mutex_init( &si->si_cookieState->cs_mutex );
ldap_pvt_thread_mutex_init( &si->si_cookieState->cs_pmutex );
ldap_pvt_thread_cond_init( &si->si_cookieState->cs_cond );
......