[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 29 commits: Issue 49858 - Add backup/restore and import/export functionality to WebUI/CLI

Timo Aaltonen gitlab at salsa.debian.org
Wed Oct 10 23:00:19 BST 2018

Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base

c393394f by Simon Pichugin at 2018-08-18T08:58:03Z
Issue 49858 - Add backup/restore and import/export functionality to WebUI/CLI

Description: dsconf tool now has:
'dsconf localhost backup create' and 'dsconf localhost backup restore';
'dsconf localhost backend import' and 'dsconf localhost backend export'.
Add basic tests for the CLI part
Add JS logic for online backup/restore.
Add more HTML and JS for online import/export functionality.
Fix CSS alignment issues. Fix validity checks in CLI.


Reviewed by: mreynolds, wibrown, mhonek (Thanks!)

- - - - -
d06b5bb2 by William Brown at 2018-08-22T08:51:07Z
Ticket 49887: Fix SASL map creation when --disable-perl

When the SASL maps for single backend was made, it was assuming a number
of behaviours such as a single backend was added. This is *not* the
default in lib389, and caused a crashed when a valid ZERO backend
server was created. Additionally, it used a template file that
will not be present in the future.

This Fixes the behaviour to account for 0, 1 and multiple backends
and uses the correct saslmapping objects to create the types needed


Author: William Brown <william at blackhats.net.au>

- - - - -
104968b6 by Mark Reynolds at 2018-08-24T20:21:32Z
Revert "Ticket 49432 - filter optimise crash"

This reverts commit 5c89dd8f9c8eb77c967574412d049d55565bb364.

- - - - -
14a10a34 by Mark Reynolds at 2018-08-24T20:24:21Z
Revert "Ticket 49372 - filter optimisation improvements for common queries"

This reverts commit 4cd1a24b3ce88968ff5f9a2b87efdc84dee176da.

- - - - -
de78c494 by Mark Reynolds at 2018-08-24T20:34:25Z
Bump version to

- - - - -
09ad0d01 by Mark Reynolds at 2018-08-27T19:48:23Z
Ticket 49877 - Add log level functionality to UI

Description:  Add logic to get and save the access & errors log levels
              in the UI tables


Reviewed by: ?

- - - - -
d6616221 by Simon Pichugin at 2018-08-28T13:19:38Z
Issue 49866 - Refactor PwPolicy lib389/CLI module

Description: Refactor Password Policy module and its CLI part.
Add PwPolicyManager object and PwPolicyEntry(DSLdapObject).
Validate LDIF and Backup dir paths. Don't accept a forward slash
because it can lead to a security flow.
Add an additional assertion to Backup/Restore CLI test suite.


Reviewed by: mreynolds (Thanks!)

- - - - -
2dc26d9b by Amita Sharma at 2018-08-29T15:43:54Z
Issue 48053 - Add attribute encryption test cases

Description: Added test cases for attribute encryption


Reviewed by: Simon and Viktor

- - - - -
78fc627a by Mark Reynolds at 2018-08-30T18:28:10Z
Ticket 49932 - Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly

Bug Description:  We clone a pblock in a psearch search, and under certain
                  error conditions this pblock is freed, but it frees the
                  password policy struct which can lead to a double free
                  when the original pblock is destroyed.

Fix Description:  During the cloning, set the pwppolicy struct to NULL
                  so the clone allocates its own policy if needed


Reviewed by: ?

- - - - -
8857b150 by Akshay Adhikari at 2018-09-04T04:15:06Z
Issue 49930 - Correction of the existing fixture function names to remove test_ prefix

Description: Fixed fixture names and also python3 issue.


Reviewed by: amsharma & spichugi (Thanks!)

- - - - -
c64f7fb1 by Mark Reynolds at 2018-09-04T13:33:18Z
Ticket 49866 - fix typo in cos template in pwpolicy subtree create

Description:  Typo in the pwdpolicy subentry attribute name


Reviewed by: mreynodls(one line commit rule)

- - - - -
8ff8cb85 by Mark Reynolds at 2018-09-05T18:10:42Z
Ticket 49937 - Log buffer exceeded emergency logging msg is not thread-safe

Bug Description:  Multiple operations making modificatiosn on a DN
                  that is very large can crash the server, because
                  when we do emergency logging, we close and reopen
                  the errors log withgout hold the error log write
                  lock.  This causes the FD pointer to be become
                  invalid and triggers a crash.

Fix description:  Hold the errors log write lock while closing and
                  reopening the log


Reviewed by: vashirov(Thanks!)

- - - - -
e59b309c by William Brown at 2018-09-12T10:36:02Z
Ticket 49887: Clean thread local usage

Clean the thread local usage of the logging system to be more inline with
pthread's intent, remove bad practices of case/switch get setters, and change
the types to be more effecient struct types. Generally make it better


Author: William Brown <william at blackhats.net.au>

- - - - -
4881826e by Mark Reynolds at 2018-09-14T14:18:52Z
Ticket 49926 - Add replication functionality to dsconf

Description: Add replication functionality to the dsconf.  This includes
             repl config, agmts, winsync agmts, and cleanallruv/abort cleanallruv

             Adjusted the backend options to use hyphens for consistency


Reviewed by: spichugi & firstyear(Thanks!!)

- - - - -
fc2008c4 by Viktor Ashirov at 2018-09-17T12:01:35Z
Ticket 49926 - Fix replication tests on 1.3.x

nsAccount is not supported by 1.3.x branch.

Fix description:
Remove nsAccount objectClass from Replication Manager
if DS is older than 1.4.x.


Reviewed by: mreynolds, firstyear (Thanks!)

- - - - -
219fd4b1 by Simon Pichugin at 2018-09-18T07:50:16Z
Issue 49928 - Refactor and improve schema CLI/lib389 part to DSLdapObject

Description: First commit that refactors Schema object and
removes SchemaLegacy usage from CLI.
Add full CLI Schema functionality to lib389.
It includes: list, query, add, edit, remove operations.


Reviewed by: mreynolds, wibrown (Thanks!)

- - - - -
b4164ccf by Thierry Bordaz at 2018-09-18T12:33:20Z
Ticket 49954 - On s390x arch retrieved DB page size is stored as size_t rather than uint32_t

Bug Description:
	The page size is retrieved from uint32_t dblayer_page_size.
	Later it is stored in a size_t variable with a cast.
	Depending on little/big endian the page size can be stored in the upper/lower bits of the 64bits variable.
	Later the variable is used to set the page size of a database file using the lower bits (uint32_t) that are zeroed.

Fix Description:
	The BDB callback to set the pagesize, expects a a uint32_t.
	Make sure the field containing it is uint32_t (instead of size_t) as the page
	size is retrieved as a uint32_t as well (dblayer_page_size/BACK_INFO_INDEXPAGESIZE)


Reviewed by: Ludwig Krispen

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
efa39cbc by Simon Pichugin at 2018-09-21T14:26:38Z
Issue 49928 - WebUI schema functionality and improve CLI part

Description: Add schema functionality for add/edit/remove for
for attributes and objectClasses. Add get_attr_syntaxes funciton.
Fix small CLI schema issues and lib389 API part.
Set LogCapture level on the init.
Add copyright for cli/conf_backup_test.py.


Reviewed by: mreynolds, mhonek (Thanks!)

- - - - -
ff3da975 by Thierry Bordaz at 2018-09-25T07:47:23Z
Ticket 49958: extended search fail to match entries

Bug Description:
	During an extended search, a structure is created for each filter component.
	The structure contains the keys generated from the assertion and using the given
	matching rule indexer.
	Later the keys will be compared (with the MR) with keys generated from the
	attribute values of the candidate entries.
	The bug is that parsing the assertion, instead of removing the heading spaces
	the routine clear the assertion that is empty. So the generated keys is NULL.

Fix Description:
	The fix consists to only remove heading spaces


Reviewed by: Mark Reynolds

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
4f118f42 by Matúš Honěk at 2018-09-25T14:01:04Z
Issue 49947 - Coverity: 389-ds-base-

Bugs and fixes description:
- 15607:
  - in lib389/suffix.py: Structurally dead code
- 15604:
  - in bug_harness.py: Null dereference
  + solved by removing the file as it is unused and outdated
    - additionally, remove the static_var decorator definition as it
      is not used anyway any more
- 15754:
  - in pwdPolicy_syntax_test.py: fix typo in identifier
  + Fix log msg in file pw.c
- 17046, 17061, 17063, 17069, 17084:
  - in backend_test and backendLegacy_test: fix use before NULL check
- 17473:
  - in lib389/__init__.py: Identical code in different branches
  + removed the wrapper altogether as we don't support Python2 any more
- replace SafeConfigParser with ConfigParser for it has been just an
  alias since Python 3.2 and will be removed in the future


Author: mhonek

Review by: spichugi, firstyear (Thanks!)

- - - - -
c73cd26d by Viktor Ashirov at 2018-09-26T12:28:10Z
Issue 49963 - ASan build fails on F28

Bug Description:
When building with gcc, we need to link wit libasan.

Fix Description:
Add -lasan to compiler flags.


Reviewed by: tbordaz (Thanks!)

- - - - -
bdb86769 by Thierry Bordaz at 2018-10-04T09:44:04Z
Ticket 49915 - Master ns-slapd had 100% CPU usage after starting replication and replication cannot finish

Bug Description:
	During a total initialization the supplier builds a candidate list of the entries to send.
	Because of https://fedorahosted.org/389/ticket/48755, the candidate list relies on parentid attribute.
	All entries, except tombstones and suffix itself, have parentid.
	There is an assumption that the first found key (i.e. '=1') contains the suffix children.
	So when it finally finds the suffix key it adds its children to a leftover list rather to the candidate list.
	Later idl_new_range_fetch loops for ever trying to add suffix children from leftover to candidate list.

Fix Description:
	The fix consist to store the suffix_id (if it does not exist already) in the parentid index (with the key '=0').
	Then get it to detect the suffix key from the index in idl_new_range_fetch.


Reviewed by: Ludwig Krispenz, William Brown (thanks !)

Platforms tested: F27

Flag Day: no

Doc impact: no

- - - - -
e2810e78 by Matúš Honěk at 2018-10-05T08:46:36Z
Ticket 49943 - rfc3673_all_oper_attrs_test is not strict enough

Bug Description:
Test suites/filter/rfc3673_all_oper_attrs_test.py::test_search_basic
does not reach constraints extensively. The asserts are too

The commit 6ef4eb5 changed 'normal user' ACIs, however these changes
introduced new attr 'modifiersName' which was supposed to be missing
when searching.

In the first case, assert checks only for 'objectClass' and
pseudo-randomly one more attr to be present which is not sufficient.

In the second case, recently changed assert introduced weaker check
than the one present before.

Fix Description:
Bring back previous ACI to explicitly test the difference when binding
as normal user and the DM.

In case of add_attr == '*', test for all expected_attrs to be in
found_attrs. In the other case bring back the strict comparison as
there used to be before.


Author: mhonek

Review by: firstyear, spichugi (Thanks!)

- - - - -
a49bd03d by Mark Reynolds at 2018-10-09T18:42:46Z
Ticket 49969 - DOS caused by malformed search operation (security fix)

Bug Description:  There are two issues here.  The one in we don't cloase a
                  connection when an invalid unbind occurs.  The other is a
                  search request passing 8MB of NULL bytes as search attributes
                  will keep one thread busy for a long time.  The reason is
                  that the attr array is copied/normalized to the searchattrs in
                  the search operation and does this using charray_add() which
                  iterates thru the array to determine the size of the array and
                  then allocate one element more.  So this means we iterate 8
                  million times an array with a then average size of 4 million

Fix Description:  We already have traversed the array once and know the size,
                  so we can allocate the needed size once and only copy the element.
                  In addition we check for the kind of degenerated attributes ""
                  as used in this test scenario.  So the fix will reject invalid
                  attr lists and improve performance for valid ones

Author: Ludwig Krispens <lkrispen at redhat.com>


Reviewed by: tbordaz & mreynolds (Thanks!)

- - - - -
068a00fb by Mark Reynolds at 2018-10-09T18:54:53Z
Bump version to

- - - - -
a6369790 by Mark Reynolds at 2018-10-10T13:27:36Z
Ticket 49969 - DOS caused by malformed search operation (part 2)

Description:  Fix regression that casued a crash


- - - - -
614837ac by German Parente at 2018-10-10T15:29:50Z
Ticket #49946 upgrade of 389-ds-base could remove replication agreements.

Bug Description:

when a replication agreement starts with "cn=->...", the upgrade is removing
the entry.

Fix Description:

a check is missing when re-building dse.ldif in "setup-ds.pl -u" that provoked this entry not to be re-added to the file.


Author: German Parente <gparente at redhat.com>

Review by: ???

- - - - -
80d0d712 by Thierry Bordaz at 2018-10-10T15:39:04Z
Ticket 49968 - Confusing CRITICAL message: list_candidates - NULL idl was recieved from filter_candidates_ext

Bug Description:
	When a filter component is indexed but returns an empty IDL
	an alarming message is logged although it is normal.

Fix Description:
	Remove the alarming message


Reviewed by: Mark Reynolds

Platforms tested: F27 + testcase

Flag Day: no

Doc impact: no

- - - - -
d2aa131f by Mark Reynolds at 2018-10-10T16:32:17Z
Bump version to

- - - - -

30 changed files:

- Makefile.am
- configure.ac
- + dirsrvtests/tests/suites/attr_encryption/attr_encryption_test.py
- dirsrvtests/tests/suites/basic/basic_test.py
- dirsrvtests/tests/suites/filter/filter_test.py
- dirsrvtests/tests/suites/filter/rfc3673_all_oper_attrs_test.py
- dirsrvtests/tests/suites/paged_results/paged_results_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_inherit_global_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_syntax_test.py
- dirsrvtests/tests/suites/password/regression_test.py
- dirsrvtests/tests/suites/replication/acceptance_test.py
- dirsrvtests/tests/suites/replication/conflict_resolve_test.py
- dirsrvtests/tests/suites/replication/regression_test.py
- dirsrvtests/tests/tickets/ticket48808_test.py
- ldap/admin/src/scripts/FileConn.pm
- ldap/admin/src/scripts/ns-slapd-gdb.py
- ldap/servers/plugins/collation/orfilter.c
- ldap/servers/plugins/replication/cl5_api.c
- ldap/servers/plugins/replication/cl5_api.h
- ldap/servers/plugins/replication/repl5_agmt.c
- ldap/servers/plugins/replication/repl5_tot_protocol.c
- ldap/servers/slapd/back-ldbm/dblayer.c
- ldap/servers/slapd/back-ldbm/filterindex.c
- ldap/servers/slapd/back-ldbm/idl_new.c
- ldap/servers/slapd/back-ldbm/index.c
- ldap/servers/slapd/back-ldbm/ldbm_modrdn.c
- ldap/servers/slapd/back-ldbm/ldbm_search.c
- ldap/servers/slapd/back-ldbm/proto-back-ldbm.h

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/94f30daf7c9b48a68a4690d4badd1cae336ec5e8...d2aa131f8af38f79a16f55a70add81e829056cd0

View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/94f30daf7c9b48a68a4690d4badd1cae336ec5e8...d2aa131f8af38f79a16f55a70add81e829056cd0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20181010/6c5a876e/attachment-0001.html>

More information about the Pkg-freeipa-devel mailing list