[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][upstream] 192 commits: Bump version to 1.4.1.0
Timo Aaltonen
gitlab at salsa.debian.org
Wed Jul 10 08:24:26 BST 2019
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / 389-ds-base
Commits:
abdf8aab by Mark Reynolds at 2019-01-24T17:01:02Z
Bump version to 1.4.1.0
- - - - -
614ab2a2 by Simon Pichugin at 2019-01-28T17:32:26Z
Issue 50041 - CLI and WebUI - Add memberOf plugin functionality
Description: Add the main functionality to memberOf plugin tab.
Increase the eslint max line length from 80 to 100.
Rework plugin properties to be more compact.
Eslint webpack config. Add react-bootstrap-typeahead for
multivalued attributes. Fix the word 'successfully' typos.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds, wibrown (Thanks!)
- - - - -
341eeabd by William Brown at 2019-01-28T22:40:35Z
Ticket 50151 - lib389 support cli add/replace/delete on objects
Bug Description: We need a generic way to add/replace/delete on
objects, that is not ldif. Ldif is wildly inaccessible and hard
to use.
Fix Description: Add a "modify" generic to cli_base, that is
used by user. It supports a syntax of:
modify <selector> <add|replace|delete>:<attr>:<value>
An example is:
... user modify demo_user add:objectclass:nsMemberOf
These can have many modifications in a single transaction:
user modify demo_user add:objectclass:nsMemberOf add:description:test
https://pagure.io/389-ds-base/issue/50151
Author: William Brown <william at blackhats.net.au>
Review by: spichugi, mreynolds, lkrispen (Thanks!)
- - - - -
af9bb720 by Mark Reynolds at 2019-01-30T20:08:52Z
Bump version to 1.4.1.1
- - - - -
ae39d1f0 by William Brown at 2019-02-01T00:48:39Z
Ticket 50159 - sssd and config display
Bug Description: It can be very hard and confusing for an admin
when they first start with LDAP to know how to configure clients
both generic, ldapcli tools or sssd.
Fix Description: Add a subcommand to dsidm that allows generation
of example configs for ldap.conf, sssd.conf and generic display
of parameters for LDAP clients. These have been tested to work on
SUSE and Fedora, and they are well commented to advise admins
to review and improve the configurations.
https://pagure.io/389-ds-base/issue/50159
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
1c5f0605 by William Brown at 2019-02-01T00:50:00Z
Ticket 50184 - Add cli tool parity to dsconf/dsctl
Bug Description: As we are removing the shell/perl tools, we need
to have functional parity with the existing tools. This adds the
final tools needed to make that equivalent.
Fix Description: Add support for dbverify, linkedattr fixup and
a monitoring tool.
https://pagure.io/389-ds-base/issue/50184
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (thanks!)
- - - - -
84dba178 by William Brown at 2019-02-01T00:51:59Z
Ticket 50140 - Use high ports in container installs
Bug Description: Out of the box, linux and containers don't
have the required root permissions to use ports below 1024.
We can't expect admins to change this, so we should configure
ourselves on high ports in container installs.
Fix Description: Add containised argument to slapd2base
options, and pass it as required for example file and
installer sections.
https://pagure.io/389-ds-base/issue/50140
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
cd908573 by Thierry Bordaz at 2019-02-01T14:42:54Z
Ticket 50177 - import task should not be deleted too rapidely after import finishes to be able to query the status
Bug Description:
scripts that create online import and export tasks do not define a Time To Life of the tasks.
As a consequence the task entry is cleared 2min (default value) after task completion.
This is too rapid and some admin scripts may miss the final task status.
Fix Description:
The fix is to keep the entry of completed online import and export tasks for 1 day.
It also allows defines a default TTL to 1h (instead of 2min)
https://pagure.io/389-ds-base/issue/50177
Reviewed by:
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
9408b94d by Mark Reynolds at 2019-02-01T15:37:23Z
Ticket 50165 - Fix issues with dscreate
Bug Description: The install would fail under these two conditions:
[1] You do not specfiy a secure port, even if not using TLS
[2] The suffix has a space after a comma.
Fix Description: If the secure port is not specified set it to the default,
and normalize the suffix DN
https://pagure.io/389-ds-base/issue/50165
Reviewed by: ?
- - - - -
24271fe6 by Hugh McMaster at 2019-02-03T06:58:57Z
Ticket 50111: Use pkg-config to detect icu
Use of icu-config is deprecated upstream and no longer supported
in Debian, Ubuntu and Linux Mint.
Signed-off-by: Hugh McMaster <hugh.mcmaster at outlook.com>
- - - - -
e09725e7 by Thierry Bordaz at 2019-02-05T14:19:49Z
Ticket 49658 - In replicated topology a single-valued attribute can diverge
Bug Description:
When deleting a specific value of a single valued attribute,
the deleted value can be erronously resurrected.
Fix Description:
This second fix is a rewrite of entry state resolution.
The original function (resolve_attribute_state_single_valued) implemented
a main algorythm but it was heavily merged with resolution of specific cases.
It was too difficult to make the function understandable and preserving
the handling of the specific cases.
The risk of that rewrite fix is that I can not guarantee it fully covers
the set of specific cases
https://pagure.io/389-ds-base/issue/49658
Reviewed by: William Brown (Thanks !!)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
d8a94c28 by William Brown at 2019-02-06T00:16:42Z
Ticket 50195 - improve selinux error messages in interactive
Bug Description: During an interactive install, the selinux
module if not found would produce many error messages that
were not necessary.
Fix Description: Warn the user at the start of the install
that selinux isn't found, and allow them to continue
https://pagure.io/389-ds-base/issue/50195
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
ff94e562 by William Brown at 2019-02-06T00:19:28Z
Ticket 50197 - Container integration improvements
Bug Description: During the container integration process
I have noticed a small number of remaining issues.
Fix Description:
* dm password is left as randomised in container install
* nss_ssl only removes dir content, not the directory itself
* basic tests rely on incorrect assumptions about file perms,
hostnames and ports.
https://pagure.io/389-ds-base/issue/50197
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
e580506d by Thierry Bordaz at 2019-02-06T12:41:22Z
Ticket 49873 - Contention on virtual attribute lookup
Bug Description:
During lookup of the virtual attribute table (filter evaluation and returned attribute)
the lock is acquired many times in read. For example it is acquired for each targetfilter aci and for
each evaluated entry.
Unfortunately RW lock is expensive and appears frequently on pstacks.
The lock exists because the table can be updated but update is very rare (addition of a new service provider).
So it slows down general proceeding for exceptional events.
Fix Description:
The fix is to acquire/release the read lock at the operation level and set a per-cpu flag, so that later lookup
would just check the flag.
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Ludwig Krispenz, William Brown (thanks !!)
Platforms tested: F27
Flag Day: no
Doc impact: no
- - - - -
cab38f97 by Mark Reynolds at 2019-02-07T17:07:17Z
Ticket 50155 - password history check has no way to just check the current password
Description: Currently if you set passwordinhistory 1, it checks the last
recorded password and the current password. To get it to just
check the current password we need to allow "0" in passwordinhistory.
Then only check the current password, and not the entry's
passwordHistory attributes (if any).
Also added new "rebind" function to Accounts class to "rebind"
on the current connection.
https://pagure.io/389-ds-base/issue/50155
Reviewed by: firstyear & spichugi (Thanks!!)
- - - - -
d68b131e by Anuj Borah at 2019-02-11T06:49:36Z
Issue:50211 - Making an actual Anonymous type in lib389/idm/account.py
Making an actual Anonymous type in lib389/idm/account.py
https://pagure.io/389-ds-base/issue/50211
Reviewed by: William Brown
- - - - -
8e2da5db by William Brown at 2019-02-11T22:26:39Z
Ticket 50199 - disable perl by default
Bug Description: Our python lib389 tools have become much
more mature. We should disable perl by default as it's really
not maintained, and deprecated, so we should stop emitting it
by default. It can still be enabled with --enable-perl to
./configure, but we just discourage it.
Fix Description: Turn yes to no.
https://pagure.io/389-ds-base/issue/50199
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, mhonek, lslebodn (Thanks)
- - - - -
6714c456 by Anuj Borah at 2019-02-14T02:31:25Z
Issue: 50170 - composable object types for nsRole in lib389
Composable object types for nsRole in lib389
https://pagure.io/389-ds-base/issue/50170
Reviewed by: Ludwig Krispenz, William Brown, thierry bordaz
- - - - -
e373f392 by William Brown at 2019-02-15T00:46:32Z
Ticket 50208 - make instances mark off based on dse.ldif not sysconfig
Bug Description: As sysconfig isn't cross platform compatible, and
there are some potential plans to remove it from our systemd files,
we need to make sure that lib389 can handle this file not being present
in new installs.
Fix Description: Thankfully, we have a file we can always guarantee
exists: dse.ldif. This makes /etc/dirsrv/slapd-instance the only
fixed location in the server now, all other locations can be "moved".
This patch:
* Fixes a large number of removal regressions
* Add comments and warnings throughout remove and setup to help
prevent future regresions
* Create no longer creates /etc/sysconfig/dirsrv-instance
* Create makes dse.ldif *first* as it's the marker location
* Remove works when there is no marker file (but will remove if it
exists)
* Listing now ignores /etc/sysconfig, and reads dse.ldif instead
with a follow up https://pagure.io/389-ds-base/issue/50207 to
parse data from this file for offline
https://pagure.io/389-ds-base/issue/50208
Author: William Brown <william at blackhats.net.au>
Review by: spichugi, abbra (Thanks)
- - - - -
ddf79e62 by Anuj Borah at 2019-02-18T03:55:12Z
Issue: 50112 Port ACI test suit from TET to python3(Aci Atter)
Port ACI test suit from TET to python3
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown and Simon Pichugin
modified: acivattr_test.py
deleted: deladd_test.py
deleted: globalgroup_part2_test.py
deleted: globalgroup_test.py
deleted: keywords_part2_test.py
deleted: keywords_test.py
deleted: misc_test.py
deleted: modify_test.py
deleted: modrdn_test.py
deleted: roledn_test.py
deleted: search_real_part2_test.py
deleted: search_real_part3_test.py
deleted: search_real_test.py
deleted: syntax_test.py
deleted: userattr_test.py
deleted: valueacl_part2_test.py
deleted: valueacl_test.py
modified: working_contstants.py
- - - - -
39d13101 by Anuj Borah at 2019-02-18T04:13:54Z
Issue:50112 - Port ACI test suit from TET to python3(valueaci)
Port ACI test suit from TET to python3(valueaci)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown
- - - - -
2031ed0d by William Brown at 2019-02-18T23:18:04Z
Ticket 50224 - warnings on deprecated API usage
Bug Description: There have been many cases of incorrect and
invalid api usage. As we go on, we can't allow more usage of
these apis to be added as it only puts more work on us in
the future to remove.
Fix Description: Add deprecation warnings to these apis, telling
people they will be removed, and where their faulty code is.
https://pagure.io/389-ds-base/issue/50224
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks!)
- - - - -
459f7383 by Anuj Borah at 2019-02-20T02:44:30Z
Issue: 50112 - Port ACI test suit from TET to python3(modify)
Port ACI test suit from TET to python3(modify)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown
- - - - -
bc3ea14c by Anuj Borah at 2019-02-21T02:19:35Z
Issue: 50227 - Making an cosClassicDefinition type in src/lib389/lib389/cos.py
Making an cosClassicDefinition type in src/lib389/lib389/cos.py
https://pagure.io/389-ds-base/issue/50227
Reviewed by: William Brown
- - - - -
5262f50b by Anuj Borah at 2019-02-25T03:55:02Z
Issue: 50219 - Add generic filter to DSLdapObjects
Add generic filter to DSLdapObjects
https://pagure.io/389-ds-base/issue/50219
Reviewed by: William Brown
- - - - -
6963780b by William Brown at 2019-02-25T04:11:10Z
Ticket 50213 - fix list instance issue
Bug Description: A format string would not always be created
which caused instance list to fail. This may lead to instance
removal failing (creation and api removal still functioned)
Fix Description: Use a correctly initialised paths object, and
add extra debugging around the list capability for -v
https://pagure.io/389-ds-base/issue/50213
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds (Thanks)
- - - - -
47c42590 by Mark Reynolds at 2019-02-26T14:20:05Z
Ticket 50236 - memberOf should be more robust
Bug Description: When doing a modrdn, or any memberOf update, if the entry
already has the memberOf attribute with the same value
the operation is incorrectly rejected.
Fix Description: If we get an error 20 (type or value exists) return success.
Also fixed a coding mistake that causes the wrong error
code to be returned. This also required fixing the CI
test to check for the new correct errro code.
https://pagure.io/389-ds-base/issue/50236
Reviewed by: firstyear, spichugi, and tbordaz (Thanks!!!)
- - - - -
b30295a7 by Mark Reynolds at 2019-02-26T14:21:34Z
Ticket 50238 - Failed modrdn can corrupt entry cache
Bug Description: Under certain conditions (found under IPA) when a backend
transaction plugin fails and causes a modrdn operation to
fail the entry cache no longer contains the original/pre
entry, but instead it has the post modrdn'ed entry with
the original entry's ID
Fix Description: Upon failure, if the post entry is in the cache, then swap
it out with the original entry.
https://pagure.io/389-ds-base/issue/50238
Reviewed by: firstyear, spichugi, & tboardaz (Thanks!!!)
- - - - -
45e84745 by William Brown at 2019-02-27T00:14:30Z
Ticket 50243 - refint modrdn stress test
Bug Description: It was reported that modrdn of an ou which
contained many items could break refint in some cases.
Fix Description: Add a stress test to try to reproduce the issue
https://pagure.io/389-ds-base/issue/50243
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks)
- - - - -
752801b8 by Mark Reynolds at 2019-02-27T21:09:30Z
Ticket 50215 - UI - implement Database Tab in reachJS
Description: Implement database tab in ReactJS.
https://pagure.io/389-ds-base/issue/50215
Reviewed by: spichugi & firstyear (Thanks!!)
- - - - -
eb1b5c51 by Ludwig Krispenz at 2019-02-28T14:18:16Z
Ticket 50232 - export creates not importable ldif file
Bug: If the RUV entry hasa smaller entryid than the suffix entry it will be
exported before the suffix. If that ldif is used for import the RUV entry
is skipped and a new one generated with a different database generation
Fix: Before exporting the RUV check that the suffix is alread exported, if not
make the RUV entry pending and write it after all othere entries
Reviewed by: tbordaz, wbrown. Thanks
- - - - -
fb5ae2ca by William Brown at 2019-03-01T04:31:36Z
Ticket 50197 - Container init tools
Bug Description: It's important that 389 Directory Server
has a functional, correct, and high quality container integration
system. After years of work on the server core and lib389, this is
nearly possible.
Importantly, containers have certain requirements we must understand.
All state must be in external-filesystem volumes. We can not assume
that we have an instance installed, so must create one on launch.
If one exists, we need to expose it. We don't have the ability to
ask questions, so we need to use environment, or work with no
input at all. We can't make assumptions about backends. Finally,
we need to assume that we could be a new version of the server -
we don't know about anything else.
Fix Description: This adds a dscontainer wrapper tool that is
intended for operation inside of containers. It handles and binds
many of the existing parts of lib389 for container support. I have
cleaned up past container support realising how it was done wasn't
as elegant as this.
The dscontainer tool is intended to be the entry point from a
dockerfile, IE the CMD directive.
There are still some avenues to explore. For example, we could
attempt to override the storage paths for logs and db rather than
relying on dockerfile system links. (this may break apparmor though).
https://pagure.io/389-ds-base/issue/50197
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
0f918de1 by William Brown at 2019-03-01T04:43:59Z
Ticket 50197 - Container integration part 2
Bug Description: Rather than hardcoding behaviours into the setup
process of the installer, the container init process adapts the
slapd config to match what a container needs.
Fix Description: To achieve this, we expose a "start" option
in the from-file install which allows the post install start
to be true/false. We also correct the container's locations
to install ds into known paths. Finally a flag is added to
dsctl to prevent certain actions from running inside a container
limiting us only to maintenance actions (and still only offline)
https://pagure.io/389-ds-base/issue/50197
Author: William Brown <william at blackhats.net.au>
Review by: mreynolds, mhonek
- - - - -
c6054d12 by Simon Pichugin at 2019-03-01T20:46:17Z
Issue 50246 - Fix the regression in old control tools
Bug Description: The old control tools - status-dirsrv, start-dirsrv,
stop-dirsrv, restart-dirsrv stopped working properly after
the /etc/sysconfig/dirsrv removal.
Fix Description: Make them the direct systemctl command wrappers and
don't look for instances in /etc/sysconfig/dirsrv.
Fix UI. Make it use the new dsctl tools. Extend dsctl status (add JSON).
Also, remove the dragon warning because it breaks the QE test reports
when we run all the tests (we don't use DEBUGGING mode there
because it doesn't remove the instances).
The deprication warning should be enough for now.
https://pagure.io/389-ds-base/issue/50246
Reviewed by: wibrown, vashirov, mhonek, mreynolds (Thanks!)
- - - - -
f1661548 by William Brown at 2019-03-04T01:42:04Z
Ticket 50230 - improve ioerror msg when not root/dirsrv
Bug Description: When not running as root or dirsrv, improve the clarity
of the error messages as the previous messages were misleading.
Fix Description: Improve the exception handling and messages.
https://pagure.io/389-ds-base/issue/50230
Author: William Brown <william at blackhats.net.au>
Review by: mhonek
- - - - -
e6e18004 by Barbora Smejkalová at 2019-03-05T23:46:46Z
Issue 49029 - [RFE] improve internal operations logging
Description:
Added test cases and fixtures to check correct internal log values of user operations (add, rename, delete) in access log when different access log level is set.
https://pagure.io/389-ds-base/issue/49029
Reviewed by: spichugi, firstyear, mreynolds (Thanks!)
- - - - -
2c5f34d6 by Anuj Borah at 2019-03-06T01:01:24Z
Issue: 50253 - Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py
Making an nsManagedRoleDefinition type in src/lib389/lib389/idm/nsrole.py
https://pagure.io/389-ds-base/issue/50253
Reviewed by: William Brown, thierry bordaz
- - - - -
0ad1dd2e by Mark Reynolds at 2019-03-06T04:11:27Z
Ticket 50257 - lib389 - password policy user vs subtree checks are broken
Description: We were not properly checking for user verses subtree policies.
This patch cleaned up alot of flawed code, and properly uses
DSLdapObjects to find policies and process them.
https://pagure.io/389-ds-base/issue/50257
Reviewed by: firstyear(Thanks!)
- - - - -
47045414 by Ludwig Krispenz at 2019-03-06T10:32:40Z
Ticket 50234 - one level search returns not matching entry
Bug: if in a onelevel search the IDList for the parentid is smaller than the filter
threshold and smaller than the list generated by the search filter
then the intersection is aborted and all children are returned.
Fix: In the above case we need to set the flag that the filter evaluation
cannot be bypassed
Reviewed by: William, Thierry. Thanks
- - - - -
eed079c0 by Simon Pichugin at 2019-03-06T15:43:58Z
Issue 50197 - Fix dscreate regression
Description: dscreate fails to create an instance because
the wrong number of arguments is used for Slapd2Base() call.
https://pagure.io/389-ds-base/issue/50197
Reviewed by: ?
- - - - -
d79fea60 by William Brown at 2019-03-06T23:58:35Z
Ticket 49655 - remove doap file
Bug Description: Remove the unused and unmaintained doap file
Fix Description: rm 389-doap.rdf
https://pagure.io/389-ds-base/issue/49655
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
28fe1601 by William Brown at 2019-03-08T02:00:58Z
Ticket 50137 - create should not check in non-stateful mode for exist
Bug Description: In def create, we should do a existance check for an
entry before creating. However, depending on access control this may not
work as intended because you can create without sight of the target, and
then this may cause misleading exceptions preventing the create.
Fix Description: In stateless mode, don't check the existance of the
entry before create.
In stateful ensure mode, continue to check for the existance.
https://pagure.io/389-ds-base/issue/50137
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
00dfb129 by William Brown at 2019-03-08T02:14:40Z
Ticket 49575 - Indicate autosize value errors and corrective actions
Bug Description: The autosize system would fail if the values were
greater than 100 comibined. However, I did not disclose how to fix
these values and where.
Fix Description: Improve the error message to give reasonable
advice and location of the fix for corrective action.
https://pagure.io/389-ds-base/issue/49575
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz (Thanks!)
- - - - -
118f8a2f by Simon Pichugin at 2019-03-08T11:04:25Z
Issue 50263 - LDAPS port not listening after installation
Bug description: When I add an additional instance to my server,
an error is displayed at the end of the installation and
the LDAPS port is not listening.
The issue was introduced in
https://pagure.io/389-ds-base/pull-request/50202#_7__59
Fix description: Make interactive installation process
general["start"] argument.
https://pagure.io/389-ds-base/issue/50263
Reviewed by: mreynolds, wibrown, mhonek (Thanks!)
- - - - -
46e28cb4 by Simon Pichugin at 2019-03-08T17:49:19Z
Issue 50041 - Add CLI functionality for special plugins
Description: Add the functionality for
account-policy, attr-uniq, automember, dna, linked-attr,
managed-entries, memberof, pass-through-auth, refer-init,
retro-changelog, root-dn, usn commands.
Make DSLdapObject create an entry with only DN and attributes
(cases when RDN is not specified).
Fix two small typos in pwpolicy CLI's arguments.
Port test for DNA plugin.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: wibrown, mreynolds, mhonek (Thanks!)
- - - - -
5563e770 by Anuj Borah at 2019-03-11T02:09:00Z
Issue: 50112 - Port ACI test suit from TET to python3(Global Group)
Port ACI test suit from TET to python3(Global Group)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: Mark Reynolds, Simon Pichugin, William Brown
- - - - -
9f3344a3 by Mark Reynolds at 2019-03-11T14:30:21Z
Ticket 50208 - lib389- Fix issue with list all instances
Description: There was a regression where listing "all" instances
failed and returned none. This corrects the instance
path gathering logic
https://pagure.io/389-ds-base/issue/50208
Reviewed by: firstyear(Thanks!)
- - - - -
a703d101 by Mark Reynolds at 2019-03-11T16:27:20Z
Ticket 50273 - reduce default replicaton agmt timeout
Description: The default timeout of 10 minutes is just too long.
Change default to 2 minutes.
https://pagure.io/389-ds-base/issue/50273
Reviewed by: tbordaz(Thanks!)
- - - - -
813030cc by William Brown at 2019-03-12T01:38:46Z
Ticket 50259 - implement dn construction test
Bug Description: Implement a lib389 dn test to show we have correct
behaviour with dn derivation in lib389 creation.
Fix Description: Add test case.
https://pagure.io/389-ds-base/issue/50259
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks!)
- - - - -
656a6c93 by Anuj Borah at 2019-03-12T04:22:56Z
Issue: 50112 - Port ACI test suit from TET to python3(Search)
Port ACI test suit from TET to python3(Search)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown, thierry bordaz
- - - - -
f59ddfbc by Simon Pichugin at 2019-03-13T09:57:25Z
Issue 50276 - 389-ds-console is not built on RHEL8 if cockpit_dist is already present
Description: When we make srpm we want to make sure that 389-ds-console is built every time.
It is built only if it's not already there (clean up is required).
We should enforce the cockpit_dist building even if it's present.
https://pagure.io/389-ds-base/issue/50276
Reviewed by: mreynolds, vashirov (Thanks!)
- - - - -
703ee9b0 by William Brown at 2019-03-13T23:03:26Z
Ticket 49667 - 49668 - remove old spec files
Bug Description: Remove old unused spec files.
Fix Description: Lib389 and svrcore are now part of 389ds, so
these spec files are not used.
https://pagure.io/389-ds-base/issue/49667
https://pagure.io/389-ds-base/issue/49668
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
5bc92e99 by Mark Reynolds at 2019-03-14T04:45:15Z
Ticket 50255 - Port password policy test to use DSLdapObject
Description: While investigating ticket 50255 I had issues with
the CI test because it was not use DSLdapObject. So
This patch just refectors the test to use the current
DSLDAPObject model.
https://pagure.io/389-ds-base/issue/50255
Reviewed by: firstyear(Thanks!)
- - - - -
7ba8a80c by Mark Reynolds at 2019-03-14T04:47:26Z
Ticket 50260 - backend txn plugins can corrupt entry cache
Bug Description: If a nested backend txn plugin fails, any updates
it made that went into the entry cache still persist
after the database transaction is aborted.
Fix Description: In order to be sure the entry cache is not corrupted
after a backend txn plugin failure we need to flush
all the cache entries that were added to the cache
after the parent operation was started.
To do this we record the start time the original operation,
(or parent operation), and we record the time any entry
is added to the cache. Then on failure we do a comparision
and remove the entry from the cache if it's not in use.
If it is in use we add a "invalid" flag which triggers
the entry to be removed when the cache entry is returned
by the owner.
https://pagure.io/389-ds-base/issue/50260
CI tested and ASAN approved.
Reviewed by: firstyear, tbordaz, and lkrispen (Thanks!!!)
- - - - -
6d0ba294 by Thierry Bordaz at 2019-03-14T10:50:11Z
Ticket 49873: (cont) Contention on virtual attribute lookup
Bug Description:
The previous fix was incomplete.
It created the thread private counter before the fork.
The deamon process was not inheriting it.
There is a possiblity that an callback of an internal search
tries to update the map. (cos thread monitoring cos definition)
In such case the RW lock was first acquired in read at the top level
of the internal search, then later the callback try to acquire it in write.
this created a deadlock
It stored in in private counter a value (int) rather than the address of
of the value (int*).
Fix Description:
The fix consists to create the thread private counter after the deamon creation.
In adding, when acquiring the lock in write, if the lock was already acquired
at the top level (in read), it release the lock and reset the counter. Then acquires
the lock in write.
In the opposite when releasing the lock in read, if the lock was not already acquired
it assumes it was acquired in write and do nothing
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Mark Reynolds, William Brown (thanks !!)
Platforms tested: F30
Flag Day: no
Doc impact: no
- - - - -
208111a3 by William Brown at 2019-03-14T23:28:54Z
Ticket 49715 - extend account functionality
Bug Description: It was noted by mreynolds that account doesn't
do as much as user does. This brings account to partial-feature
parity with user, able to modify, show and delete accounts.
Fix Description: Add the ability to show, modify and delete generic
account types.
Note that account can never, and will never gain the ability to
create accounts, because "accounts" are such an opinionated and
complex topic. For creating accounts, user will remain the
preferred command. Account exists to "manage existing" account
types, that an external system may create or feed to the 389
instance.
https://pagure.io/389-ds-base/issue/49715
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks)
- - - - -
da7d2de1 by Thierry Bordaz at 2019-03-15T10:35:30Z
Ticket 50282 - OPERATIONS ERROR when trying to delete a group with automember members
Bug Description:
When automember and memberof are enabled, if a user is member of a group
because of an automember rule. Then when the group is deleted,
memberof updates the member (to update 'memberof' attribute) that
trigger automember to reevaluate the automember rule and add the member
to the group. But at this time the group is already deleted.
Chaining back the failure up to the top level operation the deletion
of the group fails
Fix Description:
The fix consists to check that if a automember rule tries to add a user
in a group, then to check that the group exists before updating it.
https://pagure.io/389-ds-base/issue/50282
Reviewed by: Mark Reynolds, William Brown
Platforms tested: F29
Flag Day: no
Doc impact: no
- - - - -
d318d060 by Mark Reynolds at 2019-03-15T14:11:16Z
Ticket 50077 - Do not automatically turn automember postop modifies on
Description: Although we have set the new postop processing on by
default in the template-dse.ldif, we do not want to
enable it by default for upgrades (only new installs).
So if the attribute is not set, it is assumed "off".
https://pagure.io/389-ds-base/issue/50077
Reviewed by: firstyear(Thanks!)
- - - - -
c7da16fb by Thierry Bordaz at 2019-03-18T13:45:58Z
Ticket 49561 - MEP plugin, upon direct op failure, will delete twice the same managed entry
Bug Description:
When a failure occurs during betxn_post plugin callback, the betxn_post plugins are called again.
This is to process some kind of undo action (for example usn or dna that manage counters).
If MEP plugin is called for a managing entry, it deletes the managed entry (that become a tombstone).
If later an other betxn_postop fails, then MEP is called again.
But as it does not detect the operation failure (for DEL and ADD), then it tries again
to delete the managed entry that is already a tombstone.
Fix Description:
The MEP betxn_post plugin callbacks (ADD and DEL) should catch the operation failure
and return.
It is already in place for MODRDN and MOD.
https://pagure.io/389-ds-base/issue/49561
Reviewed by: Mark Reynold, thanks !!
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
33fbced2 by Mark Reynolds at 2019-03-18T16:42:49Z
Ticket 50260 - Invalid cache flushing improvements
Description: The original version of the fix only checked if backend
transaction "post" operation plugins failed, but it did
not check for errors from the backend transaction "pre"
operation plugin. To address this we flush invalid
entries whenever any error occurs.
We were also not flushing invalid cache entries when
modrdn errors occurred. Modrdns only make changes to
the DN hashtable inside the entry cache, but we were only
checking the ID hashtable. So we also need to check the
DN hashtable in the entry cache for invalid entries.
https://pagure.io/389-ds-base/issue/50260
Reviewed by: firstyear & tbordaz(Thanks!!)
- - - - -
0a4ee32c by Ludwig Krispenz at 2019-03-21T08:24:58Z
Ticket 50265: the warning about skew time could last forever
Bug: if the local system time is set back more than 300 seconds
a worning about too much time skew is logged and the sampled
time is updated. This adjustment is done at every write operation
and can increase the time skew and be logged infinitely
Fix: the intention of the adjustment was to avoid a roll over of seq_num
if the sampled time is not increased for more than 65k oberations.
But this is already handled with an explicite check for seq_num
rollover. The extra adjustment for negative time skew can be removed.
Reviewed by: Thierry, William. Thanks.
- - - - -
37f919a7 by Mark Reynolds at 2019-03-22T20:27:15Z
Ticket 50300 - Fix memory leak in automember plugin
Description: We were allocating a pblock long before it was used, and
we were returning from the function on an error before we
freed it. The fix just allocates the pblock right before
it's used, and then it is properly freed.
https://pagure.io/389-ds-base/issue/50300
Reviewed by: mreynolds (one line commit rule)
- - - - -
28a5ddbd by Akshay Adhikari at 2019-03-25T09:26:54Z
Ticket 49463 After cleanALLruv, replication is looping on keep alive DEL
Bug Description: When cleanAllRuv is launched, it spawn cleanAllRuv on all replicas.
Each replica will clean its changelog and database RUV but in addition
will DEL the keep alive entry of the target ReplicaID.
Fix Description: Test case cover all the scenario to be tested for the fix.
https://pagure.io/389-ds-base/issue/49463
Review by: firstyear,tbordaz
- - - - -
395a4a26 by Mark Reynolds at 2019-03-25T15:23:59Z
Ticket 50289 - Fix various database UI issues
Description:
Fixed these issues:
- https://bugzilla.redhat.com/show_bug.cgi?id=1664621 - backup freezes when no suffix present
- https://bugzilla.redhat.com/show_bug.cgi?id=1685395 - Perform Backup fails when Backend Name is not configured
- https://bugzilla.redhat.com/show_bug.cgi?id=1688587 - typo when restarting instance
- https://bugzilla.redhat.com/show_bug.cgi?id=1688775 - db tree breaks when suffix contains spaces.
- https://bugzilla.redhat.com/show_bug.cgi?id=1688919 - backups fail with empty name
Also fixed issue where if you start an instance in UI the configuration is correctly loaded.
https://pagure.io/389-ds-base/issue/50289
Reviewed by: spichugi(Thanks!)
- - - - -
24f8b6d9 by Anuj Borah at 2019-03-25T17:48:24Z
Issue:50112 - Port ACI test suit from TET to python3(misc and syntax)
Port ACI test suit from TET to python3(misc and syntax)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: thierry bordaz, William Brown, Matus Honek, Ludwig Krispenz, Simon Pichugin
- - - - -
09965c45 by Simon Pichugin at 2019-03-26T22:07:47Z
Issue 50292 - Fix Plugin CLI and UI issues
Description: Fix 'All plugins' tab rendering issue.
Fix nsds5replicalastinitstatus typo.
Fix generic_object_add logic for cases when RDN is in props and BaseDN is supplied.
Add Posix Winsync API plugin
Add PAM PTA plugin
Fix underscore issues in plugin arguments.
Fix Linked Attribute plugin Fixup task arguments and name.
Change a 'print()' function to a 'log.info()' function.
https://pagure.io/389-ds-base/issue/50292
Reviewed by: mreynolds, wibrown (Thanks!)
- - - - -
38d4e523 by Thierry Bordaz at 2019-03-27T09:28:52Z
Ticket 49873 - (cont 2nd) Contention on virtual attribute lookup
Bug Description:
SSL initialization does internal searches that access the vattr_global_lock
Thread private counter needs to be initialized by that time.
Currently it is initialized after SSL init.
Second problem was a leak of one 'int' per worker. It was used to keep the private counter.
Fix Description:
Call of vattr_global_lock_create needs to be called before slapd_do_all_nss_ssl_init.
Also, 'main' may or may not fork, the initialization fo the thread private variable
is done either on the child or parent depending if main forks or not.
The leak is fixed using a destructor callback of the private variable and so
call PR_SetThreadPrivate only if there is no private variable.
https://pagure.io/389-ds-base/issue/49873
Reviewed by: Mark Reynolds, Simon Pichugi (thanks)
Platforms tested: F28
Flag Day: no
Doc impact: no
Ticket foo
- - - - -
235bde93 by Thierry Bordaz at 2019-03-28T16:58:46Z
Ticket 49873 - (cont 3rd) cleanup debug log
- - - - -
5d76a244 by Hugh McMaster at 2019-03-29T01:39:47Z
Use PKG_CHECK_MODULES to detect the event library
- - - - -
f56f78db by Hugh McMaster at 2019-03-29T01:39:47Z
Use PKG_CHECK_MODULES to detect the nspr library
- - - - -
a7f1dd08 by Hugh McMaster at 2019-03-29T01:39:47Z
Use PKG_CHECK_MODULES to detect the nss library
- - - - -
d6a32479 by Hugh McMaster at 2019-03-29T01:39:47Z
Use PKG_CHECK_MODULES to detect the cmocka library
- - - - -
5203410c by Hugh McMaster at 2019-03-29T01:39:47Z
Use PKG_CHECK_MODULES to detect the pcre library
- - - - -
9f5f29a7 by Hugh McMaster at 2019-03-29T01:39:47Z
m4/doxygen.m4: Fix spelling of Doxygen in a message
- - - - -
40ca6e97 by Hugh McMaster at 2019-03-29T01:39:47Z
configure.ac: Remove unpaired parentheses from two help strings
- - - - -
a2ebc6d5 by Hugh McMaster at 2019-03-29T01:39:47Z
configure.ac: Add missing comma to an AC_ARG_ENABLE macro
- - - - -
e50466ee by Hugh McMaster at 2019-03-29T01:39:47Z
Use PKG_CHECK_MODULES to detect the libsasl2 library
- - - - -
9d6531aa by Hugh McMaster at 2019-03-29T01:39:47Z
Use pkg-config from the host system to better support cross-compiling
- - - - -
773e8989 by Hugh McMaster at 2019-03-29T01:39:47Z
Use PKG_CHECK_MODULES to detect the kerberos library
- - - - -
11309bf3 by Hugh McMaster at 2019-03-29T01:39:47Z
Use PKG_CHECK_MODULES to detect the systemd library
- - - - -
6c2bb66f by Mark Reynolds at 2019-03-29T13:18:44Z
Ticket 50308 - Fix memory leaks for repeat binds and replication
Description: Fixed two memory leaks:
- If a worker thread had multiple binds the "bind dn"
thread data was leaked.
- Memory leak when processing changes in the changelog
https://pagure.io/389-ds-base/issue/50308
Reviewed by: firstyear(Thanks!)
- - - - -
1808f317 by Mark Reynolds at 2019-03-29T18:59:05Z
Ticket 50308 - Revise memory leak fix
Description; Turns out the previous commit did not address
the changelog leak, and it introduced a compiler
warning. This part of the fix is being reverted.
https://pagure.io/389-ds-base/issue/50308
- - - - -
9a126614 by Mark Reynolds at 2019-03-29T20:06:14Z
Bump version to 1.4.1.2
- - - - -
223846df by William Brown at 2019-04-01T23:27:17Z
Ticket 49390 - improve compare and cn=config compare tests
Bug Description: We had a number of tests for the dsldapobject
compare cases, but they were in the lib389 tests. Move and update
these to work as part of the dirsrvtests suite.
Fix Description: Update lib389 to properly handle attribute casing
and update compare tests to work with newer lib389 ideas
https://pagure.io/389-ds-base/issue/49390
Author: William Brown <william at blackhats.net.au>
Review by: spichugi (Thanks)
- - - - -
bc207222 by William Brown at 2019-04-02T03:06:28Z
Ticket 50310 - fix sasl header include
Bug Description: After the merge of the PKG_CONFIG change, on SUSE
the server fails to build. This is because the pkg-config for
sasl on suse doesn't add the -I include for sasl to the path so
using sasl.h doesn't work.
Fix Description: Change all references to sasl/sasl.h
https://pagure.io/389-ds-base/issue/50310
Author: William Brown <william at blackhats.net.au>
Review by: hmc, mreynolds (thanks!)
- - - - -
7a0b8ae5 by Viktor Ashirov at 2019-04-02T13:31:07Z
Issue 50032 - Fix deprecation warnings in tests
Bug Description:
Deprecation warnings are issued by Python for the following changes:
1. https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behavior
https://bugs.python.org/issue27364 - Deprecate invalid escape sequences in str/bytes
2. https://docs.python.org/3/whatsnew/3.7.html#deprecated-python-behavior
https://bugs.python.org/issue25988 - collections.abc.Indexable
3. https://docs.python.org/3/library/logging.html#logging.warning
https://bugs.python.org/issue13235 - logging.warn() is not documented
Fix Description:
1. Use correct escape sequences or raw strings where needed.
2. Import Callable from collections.abc instead of collections module directly.
3. Use logging.warning() instead of logging.warn().
Fixes https://pagure.io/389-ds-base/issue/50032
Reviewed by: mreynolds, spichugi
- - - - -
38515800 by Mark Reynolds at 2019-04-02T17:31:16Z
Ticket 50240 - Improve task logging
Description: Improve the updates to the task's log attribute when
errors occur. Previously we were not recording the
reason for most failures during db2ldif, ldif2db, and
db2index.
https://pagure.io/389-ds-base/issue/50240
Reviewed by: ?
- - - - -
c9d65282 by Mark Reynolds at 2019-04-02T17:36:48Z
Ticket 50306 - Move connection config inside struct
Description: We are constantly calling configuration get functions
during a connection. These calls are expensive, so we
should just store all these settings in the conn struct
during handle_new_connection()
https://pagure.io/389-ds-base/issue/50306
Reviewed by: firstyear(Thanks!)
- - - - -
78003de2 by Mark Reynolds at 2019-04-03T01:08:11Z
Ticket 50303 - Add task creation date to task data
Description: Add a new attribute to the slapi task entry containing
the start date. This provides a nice convenience without
having to change LDAP clients.
https://pagure.io/389-ds-base/issue/50303
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
0319ec02 by Viktor Ashirov at 2019-04-04T14:54:47Z
Issue 49915 - Add regression test
Fixes https://pagure.io/389-ds-base/issue/49915
Reviewed by: mreynolds (Thanks!)
- - - - -
018c8364 by William Brown at 2019-04-04T23:43:27Z
Ticket 49899 - fix pin.txt and pwdfile permissions
Bug Description: On unix, user and group permissions are basically
the same, because users always have a primary group. However, best
practice ignores this, and states everything should be user
owned only if security sensitive.
Fix Description: Make pin.txt and pwdfile user only owned to prevent
disclosure (in limited circumstances, this is little more than
a compliance step).
https://pagure.io/389-ds-base/issue/49899
Author: William Brown <william at blackhats.net.au>
Review by: tbordaz, mhonek (Thanks)
- - - - -
9e4ce5fa by Barbora Smejkalová at 2019-04-05T11:05:32Z
Issue 50026 - Audit log does not capture the operation where nsslapd-lookthroughlimit is modified
Description:
Updated test case to check modification of attributes in audit log, because it wasn't logged in correct format.
Also removed function in test_internal_log_level_131076 in ds_logs_test.py that I used for debugging when making that test and forgot to delete it.
https://pagure.io/389-ds-base/issue/50026
Reviewed by: mreynolds, tbordaz, spichugi (Thanks!)
- - - - -
78f8c17a by Matúš Honěk at 2019-04-05T12:48:08Z
Fix typo from: Issue 49915 - Add regression test
Fixes commit 0319ec02a.
Relates https://pagure.io/389-ds-base/pull-request/50320
- - - - -
d08f7eb6 by Mark Reynolds at 2019-04-05T15:13:36Z
Ticket 50305 - Revise CleanAllRUV task restart process
Bug Description: If the server was stopped while a CleanAllRUV task was
running the task gets marked in the replica config entry
so it knowns to resume the task at server startup. The
problem is that when it resumed it just fires off the
task thread, and did not create a new Slapi_Task entry.
This makes it impossible to track these tasks that got
resumed.
Fix Description: There were a few things wrong with the resume process,
including it was harded coded to only handle a maximum
of 4 tasks. We also were not recording all the required
information needed to resume the task.
Now "resume" process can handle an infinite number of
tasks, and it creates fresh Slapi_Task entries so the
tasks can be tracked.
CI tested & ASAN approved
https://pagure.io/389-ds-base/issue/50305
Reviewed by: lkrispenz(Thanks!)
- - - - -
51eb5b26 by William Brown at 2019-04-08T01:07:08Z
Ticket 50317 - fix ds-backtrace issue on latest gdb
Bug Description: ds-backtrace was failing due to a
type issue on latest python/gdb on suse.
Fix Description: If debug info is missing, a nonetype
was returned in the backtrace, causing a type mismatch
on " ".join().
https://pagure.io/389-ds-base/pull-request/50317
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
3347d922 by Martin Pitt at 2019-04-11T12:04:56Z
Fix cockpit console AppStream data
* Add missing <?xml> header
* Update <extends> to renamed cockpit ID, as "cockpit.desktop" is
invalid (§ 2.1.3 [1]) and got changed in [2]
* Avoid dashes in <id> (§2.1.3) and use the actual project's home page.
Rename the file accordingly.
* Use a more verbose description from the home page ("style-invalid"
validation error)
* Avoid whitespace in <summary>
* Add homepage URL
* Add <update_contact>
`appstream-util validate src/cockpit/389-console/org.cockpit-project.389-console.metainfo.xml`
is happy now.
[1] https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html#sect-Metadata-GenericComponent
[2] https://github.com/cockpit-project/cockpit/pull/11557
- - - - -
ab94fc12 by Mark Reynolds at 2019-04-12T20:14:22Z
Ticket 50291 - Add monitor tab functionality to Cockpit UI
Description: Added the backend functionality to the monitoring
tab.
Also returned all dsconf errors as json objects so
the UI could display friendly error messages
https://pagure.io/389-ds-base/issue/50291
Reviewed by: spichugi(Thanks!)
- - - - -
117d4ba0 by Thierry Bordaz at 2019-04-15T09:52:27Z
Ticket 50306 - (cont typo) Move connection config inside struct
Bug Description:
typo where ioblocktimeout was erronously computed from maxbersize
Fix Description:
move c_maxbersize to c_ioblocktimeout
https://pagure.io/389-ds-base/issue/50306
Reviewed by: Thierry Bordaz
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
8ca14203 by Mark Reynolds at 2019-04-15T15:15:02Z
Ticket 49990 - Increase the default FD limits
Description: As discussed in the ticket, this fix sets the maxdescriptors
to the maximum allowed by the OS/systemd. If this limit can
not be obtained then we fall back to 8192 as the limit
https://pagure.io/389-ds-base/issue/49990
Reviewed by: tbordaz & firstyear(Thanks!!)
- - - - -
4d9cc24d by Thierry Bordaz at 2019-04-15T16:06:17Z
Ticket 50329 - Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
Bug Description:
A secure socket is configured in blocking mode. If an event
is detected on a secure socket a worker, tries to read the request.
The read can hang indefinitely if there is nothing to read.
As a consequence ioblocktimeout is not enforced when reading secure socket
Fix Description:
The fix is specific to secure socket read.
Before reading it polls the socket for a read. The socket is poll
(with a 0.1s timeout) until read is possible or sum of poll timeout
is greater than ioblocktimeout.
https://pagure.io/389-ds-base/issue/50329
Reviewed by: Mark Reynolds
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
68b6319d by Simon Pichugin at 2019-04-15T16:32:43Z
Issue 50041 - Add the rest UI Plugin tabs - Part 1
Description: Add UI plugin tabs for accountPolicy, attributeUniqueness,
linkedAttributes, referentialIntegrity, retroChangelog, rootDNAccessControl
and winsync.
Reorder the tabs to make the usage more intuitive.
Fix Attribute Uniqueness logging level issue.
Move pluginTable.jsx content to pluginTables.jsx.
Fix a small 'help' typo in dbtasks.py.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds (Thanks!)
- - - - -
56373fb5 by William Brown at 2019-04-16T00:53:40Z
Ticket 49390, 50019 - support cn=config compare operations
Bug Description: Ansible will attempt to check the state of a value
before it makes an alteration on the ldap server. To do this in a
correct and schema aware fashion, it will use the ldapcompare operation.
It's a request that people want to manage their cn=config with ansible,
however dse.c didn't support ldapcompare on these backends.
Fix Description: Add support for ldapcompare operations on dse.c,
including the ability to correctly generate the cn=config defaults
into the entry for comparison.
This also adds support for ldapcompare as the default comparitor in
lib389.
https://pagure.io/389-ds-base/issue/49390
https://pagure.io/389-ds-base/issue/50019
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
af97382f by Anuj Borah at 2019-04-16T08:30:20Z
Issue:50112 - Port ACI test suit from TET to python3(Delete and Add)
Port ACI test suit from TET to python3(Delete and Add)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: William Brown, Simon Pichugin
- - - - -
9724e8bb by Anuj Borah at 2019-04-17T09:47:28Z
Issue: 50313 - Add a NestedRole type to lib389
Add the NestedRole and the NestedRoles classes to src/lib389/lib389/idm/role.py
Add one test case that will test that the new class NestedRoles is
working fine.
https://pagure.io/389-ds-base/issue/50313
Reviewed by: Simon Pichugin, thierry bordaz
- - - - -
6d080a0a by William Brown at 2019-04-18T02:58:01Z
Ticket 50329 - improve connection default parameters
Bug Description: An issue was raised that appears that our default
values may be misleading and hard to configure correctly in some
circumstances. We should improve our default values to have better
time sharing for connections.
Fix Description: Improve ioblock to be shorter to prevent write
blocks, make reads quicker for sharing, and by default have an
idle disconnect to clients.
https://pagure.io/389-ds-base/issue/50329
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
4f7c05e2 by Mark Reynolds at 2019-04-18T13:37:20Z
Ticket 50327 - Add replication conflict entry support to lib389/CLI
Description: Added Conflict Entry and Glue entry classes to lib389,
and updated dsconf to allow for conflict entry management.
Made some other minor changes to mapped objects:
- Added an attribute list option to display()
- Added a recursive delete option to delete()
https://pagure.io/389-ds-base/issue/50327
Reviewed by: firstyear, lkrispen, and spichugi(Thanks!!!)
- - - - -
21e10bd5 by Mark Reynolds at 2019-04-22T14:59:02Z
Ticket 50327 - Add replication conflict support to UI
Description: Added a page under the monitor tab to view and management
replication conflict and glue entries.
https://pagure.io/389-ds-base/issue/50327
Reviewed by: spichugi(Thanks!)
- - - - -
fc46de68 by Ludwig Krispenz at 2019-04-25T11:51:51Z
Ticket 50340 - structs for diabled plugins will not be freed
Bug: when plugins are loaded from dse.ldif enabled plugins will be added to
the list of the plugin type and freed when plugins are stopped.
But the memory allocated for disabled plugins will remain allocated and
and be reported.
Fix: free plugin if not enabled after loading
This will alos let the many leaks reported for "GrowStuff" disappear.
The fix also contains one missing free for slapi_ch_smprintf allocated memory
Reviewed by: Mark, thanks
- - - - -
6a6b8d96 by Simon Pichugin at 2019-04-26T11:29:44Z
Issue #50067 - Fix krb5 dependency in a specfile
Bug Description: The build fails because the krb5 dependencies
are not installed while using specfile.
Fix Description: Add pkgconfig(krb5) to the BuildRequires section.
https://pagure.io/389-ds-base/issue/50067
Reviewed by: mhonek, mreynolds (Thanks!)
- - - - -
80468425 by William Brown at 2019-05-01T01:38:11Z
Ticket 50344 - tidy rpm vs build systemd flag handling
Bug Description: In rpm builds we would read with_systemd from
defaults.inf, which has a diffeent value to hand-building. AS
a result this caused as issue in dscontainer on opensuse where
it believed systemd was present.
Fix Description: Simplify the systemd handling to a single flag
which is possible to override in a container env.
https://pagure.io/389-ds-base/issue/50344
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
468b8a8d by Anuj Borah at 2019-05-06T15:35:57Z
Issue: 50112 - Port ACI test suit from TET to python3(keyaci)
Port ACI test suit from TET to python3(keyaci)
https://pagure.io/389-ds-base/issue/50112
Reviewed by: Mark Reynolds, Simon Pichugin, William Brown, Viktor Ashirov
- - - - -
f35ad371 by Thierry Bordaz at 2019-05-07T15:36:07Z
Ticket 50329 - revert fix
Bug Description:
This fix introduces a regression BZ 1705125
https://pagure.io/389-ds-base/issue/50329
- - - - -
06c9f534 by Hugh McMaster at 2019-05-09T11:35:00Z
Remove the nss3 path prefix from the cert.h C preprocessor source file inclusion
Bug Description:
The NSS header cert.h resides in different paths on different operating
systems. Hardcoding a path prefix as #include <nss3/cert.h> caused
fatal compile-time errors on some operating systems, such as Debian,
because the C preprocessor could not find the header.
Fix Description:
Removing the 'nss3' path prefix allows compilation to succeed, as
the compiler can locate cert.h in the NSS include path detected
by pkg-config.
Changes to rpm/389-ds-base.spec.in included at the request of
Matus Honek in https://pagure.io/389-ds-base/pull-request/50352
Author: Hugh McMaster <hugh.mcmaster at outlook.com>
Reviewed by: firstyear, mhonek, mreynolds
Remove NSS header and library path hacks from the rpm package spec file
Patch suggested by Matus Honek in https://pagure.io/389-ds-base/pull-request/50352
- - - - -
aa1bde47 by Anuj Borah at 2019-05-10T02:36:41Z
Issue: 50358 - Create a Bitwise Plugin class in plugins.py
Create a Bitwise Plugin class in plugins.py
https://pagure.io/389-ds-base/issue/50358
Author: aborah
Reviewed by: William Brown
- - - - -
e5ae9d0d by Viktor Ashirov at 2019-05-10T12:18:33Z
Issue 50303 - Add creation date to task data
Bug Description:
Tests are failing on <1.4.1.2 where nsTaskCreated attribute doesn't exists
Fix Description:
Check for nsTaskCreated attribute only in 1.4.1.2+
Additionally, run dscreate test only on 1.4.0.0+
Fixes https://pagure.io/389-ds-base/issue/50303
Reviewed by: mhonek (Thanks!)
- - - - -
9e80a33e by Viktor Ashirov at 2019-05-10T12:20:38Z
Issue #50353 - Categorize tests by tiers
Bug Description:
We should have different tiers of tests:
tier0 - basic functionality (installation, instance startup, basic operations, import/export, etc.)
tier1 - functional tests for the most used features
tier2 - functional tests for the less used features and tests that take more time to complete (stress tests)
tier3 - long duration tests.
Fix Description:
Use pytest marks per test module or individually.
Fixes https://pagure.io/389-ds-base/issue/50353
Reviewed by: spichugi (Thanks!)
- - - - -
b770ac72 by Matúš Honěk at 2019-05-10T13:41:36Z
Issue 49730 - MozLDAP bindings have been unsupported for a while
Bug Description:
We haven't been supporting MozLDAP for a long time. In fact, it is not possible
to build without OpenLDAP as MozLDAP specifics were not maintained properly.
Fix Description:
Remove all MozLDAP-only features from the code.
Fixes https://pagure.io/389-ds-base/issue/49730
Relates https://pagure.io/389-ds-base/pull-request/50332
Author: mhonek
Review by: hmc, firstyear, spichugi (Thanks!)
- - - - -
974c802f by Mark Reynolds at 2019-05-13T13:56:35Z
Ticket 50363 - ds-replcheck incorrectly reports error out of order multi-valued attributes
Bug Description: If for some reason an entry's multi-valued attribute
values are in different orders on different replicas
the tool reports this as an inconsistency when it is
not.
Fix Description: For both offline & online processing sort each entry's
multi-valued attribute values.
https://pagure.io/389-ds-base/issue/50363
Reviewed by: firstyear & mhonek (Thanks!!)
- - - - -
423a9ce2 by Viktor Ashirov at 2019-05-14T08:20:32Z
Issue 50164 - Add test for dscreate to basic test suite
Bug Description:
dscreate tests do not work properly when newer lib389 is used
with older 389-ds-base versions.
Fix Description:
* Unset PYTHONPATH for dscreate if it's set to prevent clobbering system
lib389.
* Don't run dscreate_test on older versions, where instance-specific sysconfig
env file is mentioned in systemd unit file. dscreate no longer creates it and
causes dirsrv service fail to start.
* Don't check for instance-specific sysconfig env file on removing the instance
since it's no longer created.
Fixes https://pagure.io/389-ds-base/issue/50164
Reviewed by: mreynolds (Thanks!)
- - - - -
fa74996f by Viktor Ashirov at 2019-05-14T08:24:15Z
Fix missing import
Reviewed by: one line commit rule
- - - - -
505b563d by Ludwig Krispenz at 2019-05-14T15:16:30Z
Ticket 50340 cont - structs for disabled plugins will not be freed
Bug: The original fix did free structs for not enabled plugins, but
they remained in the depenendency list of plugins and when the
list was processed a freed struct could be accessed
Fix: do not add a disabled plugin to the plugin dependency list
Reviewed by: Mark, thanks
- - - - -
7141b8d1 by Mark Reynolds at 2019-05-15T02:22:04Z
Ticket 50370 - CleanAllRUV task crashing during server shutdown
Description: There is a race condition during server shutdown that
can cause the server to crash. Increment the active
thread count for each cleaning task to prevent the plugins
from being closed before the thread terminates.
https://pagure.io/389-ds-base/issue/50370
Reviewed by: firstyear(Thanks!)
- - - - -
87338c17 by Akshay Adhikari at 2019-05-15T09:22:22Z
Issue 50220 - attr_encryption test suite failing
Description: Fixed the issue by removing the old function of creating an encrypted attribute
with a new one.
Fixes https://pagure.io/389-ds-base/issue/50220
Reviewed by: firstyear,viktor
- - - - -
d0da0284 by Anuj Borah at 2019-05-15T13:50:18Z
Issue:48851 - investigate and port TET matching rules filter tests
Investigate and port TET matching rules filter tests
https://pagure.io/389-ds-base/issue/48851
Reviewed by: William Brown, thierry bordaz, Viktor Ashirov, Simon Pichugin, Matus Honek
- - - - -
41c30fd5 by Mark Reynolds at 2019-05-15T20:07:42Z
Ticket 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
Description: When the client is a IPv6 client, any ACI's that contain bind rules
for IPv4 addresses essentially break that aci causing it to not be
fully evaluated.
For example we have an aci like this:
aci: (targetattr != "aci")(version 3.0; aci "rootdse anon read access"; allow(
read,search,compare) userdn="ldap:///anyone" and
(ip="127.0.0.1" or ip="2620:52:0:84:f816:3eff:fe4b:4f35");)
So when the client is IPv6 we start processing the IP addresses in
the ACI, as soon as a IPv4 address is found the ACI evaluation stops
and in this case the IPv6 address is never checked and access is denied.
The problem is that we set the wrong return code variable in libaccess
https://pagure.io/389-ds-base/issue/50378
Reviewed by: mreynolds (one line commit rule)
- - - - -
632ecb90 by Mark Reynolds at 2019-05-16T00:16:42Z
Ticket 50251 - clear text passwords visable in CLI verbose mode logging
Bug Description: If you run any of the CLI tools using "-v", and set a password,
that password will be displayed in clear text in the console.
Fix Description: Create an internal list of sensitive attributes to filter, and
mask them in the operation debug logging. But still allow the
password to be seen if you set the env variable DEBUGGING=true
We also still print the root DN password if it is a container
installation.
https://pagure.io/389-ds-base/issue/50251
Reviewed by: spichugi, firstyear, and mhonek (Thanks!!!)
- - - - -
2c51eeb4 by Viktor Ashirov at 2019-05-16T10:44:48Z
Issue - 50374 dsdim posixgroup create fails with ERROR
Bug Description:
dsidm posixgroup create passes a wrong parameter to
_get_attributes.
Fix Description:
Fix the parameter name.
Fixes https://pagure.io/389-ds-base/issue/50374
Reviewed by: mreynolds (Thanks!)
- - - - -
a9e4ce00 by Viktor Ashirov at 2019-05-16T12:48:08Z
Issue 49761 - Fix CI test suite issues
Description:
Fix various failures on older releases for tier1 tests
Relates https://pagure.io/389-ds-base/issue/49761
Reviewed by: spichugi (Thanks!)
- - - - -
cd000871 by Barbora Smejkalová at 2019-05-16T13:01:38Z
Issue 49029 - [RFE] improve internal operations logging
Description:
Edited the test cases by changing the 'op' number to regex, because the values were hardcoded into the test and if there was some more fixing of internal logs that would cause the 'op' number to raise up/lower down then the test would fail. The main goal is to check syntax of internal messages, not to match 'op' numbers.
Also changed strings in src/lib389/lib389/dirsrv_log.py to raw strings to stop showing warnings about deprecation.
https://pagure.io/389-ds-base/issue/49029
Reviewed by: vashirov (Thanks!)
- - - - -
9ebf5f8a by Viktor Ashirov at 2019-05-16T16:38:08Z
Issue 50384 - Missing dependency: cracklib-dicts
Bug Description:
passwordDictCheck relies on cracklib and uses a default dictionary
provided by cracklib-dicts, but we don't depend on it.
Fix Description:
Add missing dependency for cracklib-dicts
Fixes https://pagure.io/389-ds-base/issue/50384
Reviewed by: ???
- - - - -
26b9e1b0 by Mark Reynolds at 2019-05-16T20:26:49Z
Ticket 50306 - Fix regression with maxbersize
Description: When passing the max BER size to openldap we were using the wrong
integer type, and it caused it to not be enforced.
https://pagure.io/389-ds-base/issue/50306
Reviewed by: mreynolds(one line commit rule)
- - - - -
31c89d3b by Simon Pichugin at 2019-05-17T18:35:26Z
Issue 50390 - Add Managed Entries Plug-in Config Entry schema
Description: Add AttributeTypes and an ObjectClass to Managed Entries
Plug-in Configuration entry schema.
Fix MEPConfigs(DSLdapObjects) accordingly.
https://pagure.io/389-ds-base/issue/50390
Reviewed by: mreynolds (Thanks!)
- - - - -
f2c63bcd by Viktor Ashirov at 2019-05-20T12:50:47Z
Issue 50387 - enable_tls() should label ports with ldap_port_t
Bug Description:
In some tests we use enable_tls(), but the secure port doesn't get
labeled automatically with ldap_port_t.
Fix Description:
Fix enable_tls() to label secure port.
Additionally fix typo in pluginpath_validation_test.py
Fixes https://pagure.io/389-ds-base/issue/50387
Reviewed by: mreynolds, mhonek (Thanks!)
- - - - -
0935b8af by Mark Reynolds at 2019-05-20T19:06:54Z
Ticket 50396 - Crash in PAM plugin when user does not exist
Description: pam passthru & addn plugin causes crash in bind when
user does not exist. Need to make sure we don't
dereference NULL pointer.
https://pagure.io/389-ds-base/issue/50396
Reviewed by: mreynolds & tbordaz
- - - - -
2738fd00 by Viktor Ashirov at 2019-05-21T09:16:41Z
Issue 49960 - Core schema contains strings instead of numer oids
Bug Description:
Core schema contains strings instead of numer oids.
Fix Description:
Update schema files with the correct oids.
Relates: https://pagure.io/389-ds-base/issue/49960
Reviewed by: firstyear, mreynolds, spichugi (Thanks!)
- - - - -
6fd9a413 by Anuj Borah at 2019-05-21T10:24:26Z
Issue: 50112 - Port ACI test suit from TET to python3(roledn)
Description: Port ACI test suit from TET to python3 (roledn)
Relates: https://pagure.io/389-ds-base/issue/50112
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
ca70d06f by Mark Reynolds at 2019-05-21T16:26:47Z
Ticket 50393 - maxlogsperdir accepting negative values
Description: Improve the log "digit" config setting validation
for all settings.
https://pagure.io/389-ds-base/issue/50393
Reviewed by: tbordaz, firstyear, mhonek, and spichugi (Thanks!!!!)
- - - - -
a8bc2e33 by Anuj Borah at 2019-05-21T17:02:50Z
Issue: 50112 - Port ACI test suit from TET to python3(userattr)
Description: Port ACI test suit from TET to python3(userattr)
Fixes https://pagure.io/389-ds-base/issue/50112
Author: aborah
Reviewed by: Matus Honek, Simon Pichugin
- - - - -
c4a2eb4a by Viktor Ashirov at 2019-05-22T15:12:21Z
Issue 50037 - lib389 fails to install in venv under non-root user
Bug description:
Some files were installed using absolute path, preventing installation
under non-root user.
Fix description:
Change paths to be relative to the current prefix.
Update .gitignore to exlcude venv and build products.
Update tox.ini to the current supported Python versions.
Fixes https://pagure.io/389-ds-base/issue/50037
Reviewed by: mhonek, firstyear, spichugi (Thanks!)
- - - - -
db29fc2d by Anuj Borah at 2019-05-23T10:01:14Z
Issue: 48851 - investigate and port TET matching rules filter tests(scanlimit)
investigate and port TET matching rules filter tests(scanlimit)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin, Matus Honek
- - - - -
2886ba77 by Thierry Bordaz at 2019-05-23T13:15:28Z
Ticket 50389 - ns-slapd craches while two threads are polling the same connection
Bug Description:
nspr IO is not multi-threaded safe.
389-ds should not be in a situation where several threads are polling
a same connection at the same time.
The scenario is a worker send back an operation result at the same time
another worker wants to read an incoming request.
Fix Description:
The fix consist in synchonizing polling with c_pdumutex.
The thread that sends data (flush_ber) hold c_pdumutex.
The thread that reads the data does a non blocking read. It then
enforce ioblocktimeout with iteration of poll.
The reading thread must hold c_pdumutex during poll to synchronize
with the reader thread.
The reading thread must poll with a small timeout
(CONN_TURBO_TIMEOUT_INTERVAL). In order to not block
the thread that send back data, the fix reduces the delay to 0.1s.
https://pagure.io/389-ds-base/issue/50389
Reviewed by: Mark Reynolds, Matus Honek, William Brown
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
f8e5e010 by Viktor Ashirov at 2019-05-23T14:17:40Z
Issue 50403 - Instance creation fails on 1.3.9 using perl utils and latest lib389
Bug Description:
There is a typo in formatInfData() that generates invalid inf file.
Fix Description:
Fix the typo.
Fixes https://pagure.io/389-ds-base/issue/50403
Reviewed by: mreynolds (Thanks!)
- - - - -
2ca86fe1 by Ludwig Krispenz at 2019-05-24T16:55:36Z
Ticket 50340 - 2nd try - structs for diabled plugins will not be freed
Bug: when plugins are loaded from dse.ldif enabled plugins will be added to
the list of the plugin type and freed when plugins are stopped.
But the memory allocated for disabled plugins will remain allocated and
and be reported.
Fix: The previous fix did free not enabled plugins in plugin_setup, but
that caused a lot of issues.
This patch frees not enabled plugins in plugin_dependency_freeall
Reviewed by: ?
Signed-off-by: Mark Reynolds <mreynolds at redhat.com>
- - - - -
ba46b9a8 by Simon Pichugin at 2019-05-24T17:11:29Z
Issue 50041 - Add the rest UI Plugin tabs - Part 2
Description: Add UI plugin tabs for autoMembership, DNA, managedEntries,
passthroughAuthentication, usn.
Add Shared Config Entry to referentialIntegrity plugin.
Add Plugin Precedence field to the basic plugin configuration.
Fix CLI tools according to the UI changes.
https://pagure.io/389-ds-base/issue/50041
Reviewed by: mreynolds (Thanks!)
- - - - -
bc773989 by Viktor Ashirov at 2019-05-24T18:24:41Z
Issue 49761 - Fix CI test suite issues
Bug Description:
RootDN plugin test was failing because of a race condition: existing
connection was reused to test allow/deny rules.
Fix Description:
Refactor test to use direct ldap connection instead of topology's bind.
Relates https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
1f1119d4 by Mark Reynolds at 2019-05-24T18:37:38Z
Bump version to 1.4.1.3
- - - - -
08a6aadc by Hugh McMaster at 2019-05-27T12:50:59Z
Ticket 49730 - Remove unused Mozilla ldapsdk variables
Bug Description:
The recent removal of support for Mozilla's ldapsdk in b770ac7
left behind some unused variables.
Fix Description:
Remove the unused variables from the code base.
Author: Hugh McMaster <hugh.mcmaster at outlook.com>
Review by: firstyear, mreynolds, mhonek
- - - - -
71e27117 by Viktor Ashirov at 2019-05-27T15:01:51Z
Issue 50390 - Add Managed Entries Plug-in Config Entry schema
Bug Description:
On older versions without the MEP config entry schema lib389 fails
to configure MEP plugin
Fix Description:
Check if we have required schema present, otherwise fallback to extensibleObject
Relates https://pagure.io/389-ds-base/issue/50390
Reviewed by: spichugi (Thanks!)
- - - - -
cf01e3b4 by Anuj Borah at 2019-05-28T10:59:16Z
Issue: 48851 - investigate and port TET matching rules filter tests(vfilter_ld)
Investigate and port TET matching rules filter tests(vfilter_ld)
Relates: https://pagure.io/389-ds-base/issue/48851
Reviewed by: Simon Pichugin
- - - - -
3d4c48eb by Mark Reynolds at 2019-05-28T13:33:10Z
Ticket 50355 - NSS can change the requested SSL min and max versions
Description: If we try and set a min and max SSL version in the server,
it is actually only a request. After setting the min and
max, you need to retrieve the min and max to see what NSS
did. Then you have to reset the min and max versions one
more time to actually set the valid range. So yes, you do
have to do a set() -> get() -> set().
There also another outstanding issue with NSS where it says
the default max SSL version in FIPS mode is 1.3, but in fact
it is 1.2. So this patch has a hack fix to workaround that
bug. It should be able to be removed soon...
https://pagure.io/389-ds-base/issue/50355
Reviewed by: mhonek(Thanks!)
- - - - -
aa2649fa by Anuj Borah at 2019-05-30T11:32:23Z
Issue: 48851 - investigate and port TET matching rules filter tests(vfilter simple)
Investigate and port TET matching rules filter tests(vfilter simple)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin, Viktor Ashirov, Barbora Smejkalová
- - - - -
255faf93 by Simon Pichugin at 2019-05-31T11:52:24Z
Issue 50052 - Add package-lock.json and use "npm ci"
Bug description: All software changes incur some risk,
and it's critical to be able to manage this risk.
We can use a common way of dealing with it - npm-shrinkwrap.
Fix description: The suggested approach - npm-shrinkwrap - is an "overkill"
for our case. We don't need to publish the package on NPM.
It will be sufficient enough to use existing NPM functionality added in 5.7 version.
Replace `npm install` with `npm ci` which uses package-lock.json
and throws an error if any inconsistencies with pachage.json are found.
Add package-lock.json to the repo.
When we change the package.json content, a new pachage-lock.json should be
generated (using `npm install`) and the change should be commited.
Fix audit issues and update package.json. Add repository field.
Add audit-ci tool. While creating a tarball, we now check that
there are no vulnerabilities higher than "moderate".
If you it's impossible to fix issue on our side right now and it is safe
to proceed, the vulnerable package can be added to whitelist temporary.
https://pagure.io/389-ds-base/issue/50052
Reviewed by: mhonek, vashirov (Thanks!)
Add audit-ci tool, fix audit issues, add "repository" field
- - - - -
423a7ba0 by Mark Reynolds at 2019-05-31T12:45:22Z
Ticket 50413 - ds-replcheck - Always display the Result Summary
Description: Previously we only printed a "Result Summary" if there
were no inconsistencies and the entry counts matched.
However, the entry counts do not need to match. So
this made the "Result Summary" checks too strict, and
if things were out of sync there was no Result Summary
printed at all. This fix just always prints a result
summary and it removes the entry count check.
https://pagure.io/389-ds-base/issue/50413
Reviewed by: ?
- - - - -
10bffac3 by Matus Honek at 2019-06-03T12:23:48Z
Issue 49875 - Move SystemD service config to a drop-in file
Bug Description:
Runtime configuration options are mixed into the service specification
which should seldom be changed by users.
Fix Description:
Move the runtime configuration options into a drop-in file. These options
are then automatically pulled in by SystemD.
Additional Info:
Erasing the default values of the mentioned options to implicitly pull in
system defaults which are more sane nowadays.
The .service file is now common for xsan and non-xsan builds, the former
differring only by an additional drop-in file.
Related https://pagure.io/389-ds-base/issue/49875
Author: Matus Honek <mhonek at redhat.com>
Review by: firstyear, mreynolds, vashirov (thanks!)
- - - - -
73cdeb71 by Viktor Ashirov at 2019-06-03T16:22:36Z
Issue 49761 - Fix CI test suite issues
Bug Description:
ds_is_older() and ds_is_newer() accept only one value. This becomes tricky
when we need to compare current DS version to a number of versions
across different branches where a feature was implemented or a bug was
fixed.
Fix Description:
Add a generic function that accepts either string or multiple strings
containing versions. If a single version string is passed, it is
compared only to that string. If multiple version strings are passed,
the comparison happens only in a related branch, i.e. '1.3.9.1' is
compared only to '1.3.x', but not to '1.4.x'.
Update replcheck_test.py to use different parameters for ds-replcheck
depending on the version.
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
7596ca04 by Anuj Borah at 2019-06-04T11:16:38Z
Issue: 48851 - Add more search filters to vfilter_simple test suite
Add more search filters to vfilter_simple test suite
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
65e325a0 by Mark Reynolds at 2019-06-05T13:07:04Z
Ticket 50417 - Revise legacy tool scripts to work with new systemd changes
Description: Since we no longer use unit files in /etc/sysconfig all the shell/perl
scripts need to ifnd instances using /etc/dirsrv (@instconfigdir@)
https://pagure.io/389-ds-base/issue/50417
Reviewed by: ?
- - - - -
f20e982c by Thierry Bordaz at 2019-06-06T13:40:44Z
Ticket 50329 - (2nd) Possible Security Issue: DOS due to ioblocktimeout not applying to TLS
Bug Description:
A secure socket is configured in blocking mode. If an event
is detected on a secure socket a worker tries to receive the request.
If handshake occurs during the read, it can hang longer than
ioblocktimeout because it takes into account the socket option
rather than the timeout used for the ssl_Recv
Fix Description:
The fix is specific to secure socket and set this socket option
to do non blocking IO.
https://pagure.io/389-ds-base/issue/50329
Reviewed by: ?
Platforms tested: F28, RHEL7.6
Flag Day: no
Doc impact: no
- - - - -
278f5aac by Thierry Bordaz at 2019-06-07T12:24:55Z
Ticket 50428 - Log the actual base DN when the search fails with "invalid attribute request"
Bug Description:
When a search request contains invalid parameters (attribute list with empty attribute
name, unknown scope, invalid filter..) the search is rejected but the access log
contains a wrong base search: ... SRCH base="(null)"...
This is because it does not use for logging the variable that gather the actual base ('rawbase')
Fix Description:
Use 'rawbase' value for logging
https://pagure.io/389-ds-base/issue/50428
Reviewed by: Mark Reynolds
Platforms tested: F28
Flag Day: no
Doc impact: no
- - - - -
c96ef350 by Matus Honek at 2019-06-07T12:41:14Z
Issue 50365 - PIDFile= references path below legacy directory /var/run/
Bug description:
SystemD complains the PIDFile= in the .service file points into a legacy
directory /var/run
Fix description:
Drop '@localstatedir@' which interpolates to '/var'. Although the actual
directory referenced everywhere else is the one prefixed with '/var' it
should not pose a problem since every environment SystemD is supposed to
run in has to have absolute path `/run' present which is effectively
always linked to the legacy '/var/run'.
Fixes https://pagure.io/389-ds-base/issue/50365
Author: Matus Honek <mhonek at redhat.com>
Review by: mreynolds, vashirov, firstyear (thanks!)
- - - - -
ff46f533 by Simon Pichugin at 2019-06-07T15:34:40Z
Issue 50052 - Fix rpm.mk according to audit-ci change
Description: Always run `npm ci` when we run node_modules install.
It should be done because we always have to be sure about
what we ship in the package is safe and stable.
https://pagure.io/389-ds-base/issue/50052
Reviewed by: mreynolds (Thanks!)
- - - - -
22f2f9a1 by Mark Reynolds at 2019-06-07T18:33:17Z
Issue 50426 - nsSSL3Ciphers is limited to 1024 characters
Bug Description: There was a hardcoded buffer for processing TLS ciphers.
Anything over 1024 characters was truncated and was not
applied.
Fix Description: Don't use a fixed size buffer and just use the entire
string. When printing errors about invalid format then
we must use a fixed sized buffer, but we will truncate
that log value as to not exceed the ssl logging function's
buffer, and still output a useful message.
ASAN approved
https://pagure.io/389-ds-base/issue/50426
Reviewed by: firstyear, tbordaz, and spichugi (Thanks!!!)
- - - - -
3ca307d2 by Mark Reynolds at 2019-06-07T18:38:50Z
Revert "Issue 49960 - Core schema contains strings instead of numer oids"
This reverts commit 2738fd00ffd7b9bced16e2e9ce61da80eec51206.
- - - - -
4934b57a by Mark Reynolds at 2019-06-10T19:34:06Z
Ticket 50431 - Fix covscan warnings
Description: Most coverity errors happen when something fails.
https://pagure.io/389-ds-base/issue/50431
Reviewed by: firstyear & spichugi(Thanks!)
- - - - -
8af8e785 by Mark Reynolds at 2019-06-10T20:02:12Z
Issue 50417 - Fix missing quote in some legacy tools
Description: A few scripts were missing a quote for the CONFIG_DIR var
https://pagure.io/389-ds-base/issue/50417
Reviewed by: mreynolds (one line commit rule)
- - - - -
b4e585fa by Anuj Borah at 2019-06-12T12:07:00Z
Issue: 48851 - investigate and port TET matching rules filter tests(match)
Investigate and port TET matching rules filter tests(match)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Matus Honek, Simon Pichugin
- - - - -
84243ab8 by Barbora Smejkalová at 2019-06-13T08:15:17Z
Issue 50370 - CleanAllRUV task crashing during server shutdown
Description:
Added test case to check if CleanAllRUV task didn't crash during server shutdown.
This code is not in a mergeable state yet.
I need review, if my steps are correct, because it is a timing issue to reproduce the bug.
https://pagure.io/389-ds-base/issue/50370
Reviewed by: mreynolds (Thanks!)
- - - - -
054d32e7 by Mark Reynolds at 2019-06-13T21:55:25Z
Issue 50431 - Fix regression from coverity fix
Description: Fix a regression from the initial coverity commit
where we did not allow NULL pointers to set into
the pblock. They were false positives reported by
covscan.
https://pagure.io/389-ds-base/issue/50431
Reviewed by: mreynolds (one line commit rule)
- - - - -
09ba2514 by William Brown at 2019-06-14T09:26:51Z
Ticket 50037 - revert path changes as it breaks prefix/rpm builds
Bug Description: A change was made to support virtual envs, but it
causes a regression that breaks prefix building to access the cli
tools.
Fix Description: Revert the path changes - the other patch changes
were tottaly reasonable, and can remain.
Related: https://pagure.io/389-ds-base/issue/50037
Author: William Brown <william at blackhats.net.au>
Review by: vashirov (Thanks!)
- - - - -
5c6ffae1 by William Brown at 2019-06-14T12:54:43Z
Ticket 50439 - Update docker integration to work out of source directory
Bug Description: Docker did not function in some cases, and we had to wait for
releases via rpm.
Fix Description: This adds the support to build from source into the tree
so that we can build and test git master. This also resolves a var/run
issue in the image, as well as some other minor python cleaning such
as handling sigchld to act as init.
https://pagure.io/389-ds-base/issue/50439
Author: William Brown william at blackhats.net.au
Review by: spichugi
- - - - -
bd80a4f5 by Mark Reynolds at 2019-06-14T18:32:56Z
Issue 49602 - Revise replication status messages
Bug Description: All agreement status messages start with "Error (##)" followed
by a text string. Even success states start with "Error", and
this is confusing.
Added new attributes to display the status in a JSON format
for easier parsing for applications:
replicaLastUpdateStatusJSON
replicaLastInitStatusJSON
Design Doc: https://www.port389.org/docs/389ds/design/repl-agmt-status-design.html
https://pagure.io/389-ds-base/issue/49602
Reviewed by: firstyear(Thanks!)
- - - - -
89081d1f by Anuj Borah at 2019-06-17T12:36:05Z
Issue: 50446 - NameError: name 'ds_is_older' is not defined
Bug description: ds_is_older module is not imported in account.py
that's why enroll_certificate function is not working.
Fixes: https://pagure.io/389-ds-base/issue/50446
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
86077ec5 by Anuj Borah at 2019-06-18T11:16:05Z
Issue: 48851 - Investigate and port TET matching rules filter tests(bug772777)
Bug description: Investigate and port TET matching rules filter tests(bug772777).
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Matus Honek, Simon Pichugin
- - - - -
a90dec70 by Mark Reynolds at 2019-06-18T19:26:31Z
Ticket 49361 - Use IPv6 friendly network functions
Description: We use these functions that are not reliable with IPv6:
- gethostbyname()
- inet_ntoa()
- inet_aton()
- inet_addr()
This patch replaces these calls using one of the following
preferred functions:
- inet_ntop()
- inet_pton()
Also fixed a few failures in the replication CI test
regression_test.py as replication uses code touched by this
patch.
ASAN approved
https://pagure.io/389-ds-base/issue/49361
Reviewed by: firstyear(Thanks!)
- - - - -
5f0d45a3 by Mark Reynolds at 2019-06-18T20:18:31Z
Bump version to 1.4.1.4
- - - - -
d4a676cf by Simon Pichugin at 2019-06-19T10:42:36Z
Issue 49232 - Truncate the message when buffer capacity is exceeded
Bug Description: When the access log buffer capacity is exceeded we log
an emergency error and the access log line is not logged at all.
Fix Description: Log the error message to errors log and log the access
log message but truncate its elements (for the search access log message).
Or just log what is in the buffer in other cases.
Add CI test to ds_logs test suite for the basic feature testing.
https://pagure.io/389-ds-base/issue/49232
Reviewed by: mreynolds, tbordaz, firstyear (Thanks!!)
- - - - -
73cb6b9e by Anuj Borah at 2019-06-19T11:58:53Z
Issue: 48851 - investigate and port TET matching rules filter tests(index)
Investigate and port TET matching rules filter tests(index)
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
5c0198d9 by Mark Reynolds at 2019-06-19T19:41:04Z
Issue 50454 - Fix Cockpit UI branding
Bug Description: On RHEL we still displayed "389 Directory Server" in
the Cockpit vertical navigation panel instead of
"Red Hat Directory Server".
Fix Description: Instead of using separate files, just do a "sed" replacement
in the specfile to handle the branding
https://pagure.io/389-ds-base/issue/50454
Reviewed by: viktor & mhonek (Thanks!!)
- - - - -
f874c39f by William Brown at 2019-06-20T13:22:10Z
Ticket 50439 - fix waitpid issue when pid does not exist
Bug Description: In some situations, waitpid will fail with
a no child process error, when the pid file has a value but
no pid exists.
Fix Description: Catch the exception, because in this case
we have no pids to wait upon, so there is no harm to skip this.
https://pagure.io/389-ds-base/issue/50439
Author: William Brown <william at blackhats.net.au>
Review by: ???
- - - - -
5e285f63 by Viktor Ashirov at 2019-06-24T15:42:12Z
Issue 50378 - ACI's with IPv4 and IPv6 bind rules do not work for IPv6 clients
Description:
Add a new test case for #50378 instead of the older one that was testing
an unsupported corner case (ip=*).
Relates: https://pagure.io/389-ds-base/issue/50378
Reviewed by: mreynolds (Thanks!)
- - - - -
1924c12b by Anuj Borah at 2019-06-25T13:02:19Z
Issue: 48851 - Add more test cases to the match test suite.
Bug Description: Add more test cases to the match test suite.
Relates: https://pagure.io/389-ds-base/issue/48851
Author: aborah
Reviewed by: Simon Pichugin
- - - - -
e4ec3e0e by Matúš Honěk at 2019-06-25T14:46:05Z
Ticket 50217 - Implement dsconf security section
Bug Description:
dsconf lacks options to configure security options
Fix Description:
Implementing options to configure security related attributes and handle ciphers
configuration.
Fixes: https://pagure.io/389-ds-base/issue/50217
Author: Matus Honek <mhonek at redhat.com>
Review by: firstyear, mreynolds (Thanks!)
- - - - -
19d2029b by Mark Reynolds at 2019-06-25T19:18:43Z
Issue 50462 - Fix CI tests
Description: Port some of the failing ticket tests to suites
related: https://pagure.io/389-ds-base/issue/50462
Reviewed by: vashirov, mhonek, spichugi, and aadhikari (thanks!)
- - - - -
71138c04 by Mark Reynolds at 2019-06-25T19:22:40Z
Issue 50462 - Fix Root DN access control plugin CI tests
Description: Port CI test to use DSLDapObject instead of raw types,
and add sleeps after every config change.
Also increased replication timeout in the referint_plugin
test.
related: https://pagure.io/389-ds-base/issue/50462
Reviewed by: vashirov(thanks!)
- - - - -
0b2f0475 by Ludwig Krispenz at 2019-06-27T07:26:13Z
Ticket 50472 - memory leak with encryption
Bug: In ssl initialization a lot of memory is allocated by calls to nss functions
and not freed
Fix: free all allocations reported by asan
Reviewed by: Mark, thanks
- - - - -
9bf0fc29 by Matúš Honěk at 2019-06-27T08:10:17Z
Issue 50474 - Unify result codes for add and modify of repl5 config
Bug Description:
Same constraints resulting in error are reported as different LDAP
result codes when using different operation for adjusting these.
Fix Description:
A part of the code had not conveyed the error reason down the stack,
therefore adding this information and returning the proper code.
Fixes: https://pagure.io/389-ds-base/issue/50474
Author: Matus Honek <mhonek at redhat.com>
Review by: mreynolds, spichugi (thanks!)
- - - - -
4661c793 by Viktor Ashirov at 2019-07-01T14:30:07Z
Issue 49761 - Fix CI test suite issues
Description:
Fix test failures in tier0 and tier1 tests:
* Skip tests where it's not implemented.
* Set custom fd limits to the value less than allowed per process.
* Use a correct URI for ACI related tests in paged_results_test.py.
Relates: https://pagure.io/389-ds-base/issue/49761
Reviewed by: mreynolds (Thanks!)
- - - - -
4677007d by Akshay Adhikari at 2019-07-03T14:39:20Z
Issue 50177 - Add a new CI test case, also added fixes in lib389
Bug Description: Import task should not be deleted too rapidely after import finishes
to be able to query the status.
Fix Description: A new attribute 'ttl' is order to tune the life time of the task.
The default value is increased to '86400'. Added a test to check that and added it
to ImportTask & ExportTask classes in lib389 so it will create ttl attribute by default.
Fixes: https://pagure.io/389-ds-base/issue/50177
Review by: mreynolds (Thanks!)
- - - - -
70ba6e38 by Akshay Adhikari at 2019-07-03T15:01:38Z
Issue 49997 - Add a new CI test case
Bug Description: If the suffix provided in the command line does not exist or it's
not replicated, we have an error message that it's regarding the RUV
Fix Description: Added a test case that will validate if a wrong suffix is passed then
a proper error message is displayed or not.
Relates: https://pagure.io/389-ds-base/issue/49997
Review by: vashirov (Thanks!)
- - - - -
c2650f02 by Akshay Adhikari at 2019-07-04T06:57:21Z
Issue 49239 - Add a new CI test case
Bug Description: ds-replcheck unreliable, showing false positives, showing missing tombstone entries
in the report.
Fix Description: Added a test case to check missing tombstone entries is not reported, also fixed
py3 issue in ds-replcheck by explicitly adding bytes.
Relates: https://pagure.io/389-ds-base/issue/49239
Review by: vashirov, mreynolds (Thanks!)
- - - - -
fdf59ee0 by Mark Reynolds at 2019-07-08T18:00:28Z
Issue 50431 - Fix regression from coverity fix
Description: Fix a regression from the initial coverity commit that
caused the memebrOf groupattrs to become corrupted and
crash the server.
https://pagure.io/389-ds-base/issue/50431
Reviewed by: vashirov(Thanks!)
- - - - -
74833414 by Mark Reynolds at 2019-07-08T19:23:01Z
Bump version to 1.4.1.5
- - - - -
25 changed files:
- + .dockerignore
- .gitignore
- − 389-doap.rdf
- Makefile.am
- VERSION.sh
- autogen.sh
- configure.ac
- + dirsrvtests/pytest.ini
- dirsrvtests/tests/perf/memberof_test.py
- dirsrvtests/tests/stress/cos/cos_scale_template_test.py
- dirsrvtests/tests/stress/reliabilty/reliab_7_5_test.py
- dirsrvtests/tests/stress/reliabilty/reliab_conn_test.py
- dirsrvtests/tests/stress/replication/mmr_01_4m-2h-4c_test.py
- dirsrvtests/tests/stress/replication/mmr_01_4m_test.py
- + dirsrvtests/tests/suites/acl/acivattr_test.py
- dirsrvtests/tests/suites/acl/acl_deny_test.py
- dirsrvtests/tests/suites/acl/acl_test.py
- + dirsrvtests/tests/suites/acl/conftest.py
- + dirsrvtests/tests/suites/acl/deladd_test.py
- dirsrvtests/tests/suites/acl/enhanced_aci_modrnd_test.py
- + dirsrvtests/tests/suites/acl/globalgroup_part2_test.py
- + dirsrvtests/tests/suites/acl/globalgroup_test.py
- + dirsrvtests/tests/suites/acl/keywords_part2_test.py
- + dirsrvtests/tests/suites/acl/keywords_test.py
- + dirsrvtests/tests/suites/acl/misc_test.py
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/92909976b6b741a8932c8b6db42fa9ba660c1520...7483341432b1a7c3d8448ff3b3e01b09d0540bc7
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/compare/92909976b6b741a8932c8b6db42fa9ba660c1520...7483341432b1a7c3d8448ff3b3e01b09d0540bc7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20190710/6a5b4b81/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list