[Pkg-freeipa-devel] [Git][freeipa-team/389-ds-base][master] 42 commits: Issue 4750 - Fix compiler warning in retrocl (#4751)
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Mon Oct 18 15:54:25 BST 2021
Timo Aaltonen pushed to branch master at FreeIPA packaging / 389-ds-base
Commits:
a08540a8 by James Chapman at 2021-06-03T12:56:02+00:00
Issue 4750 - Fix compiler warning in retrocl (#4751)
Description: An unused variable generates a compiler warning.
Fix description: Remove unused variable. Modify CI test to restart the test instance instead
of using dynamic plugins.
Fixes: https://github.com/389ds/389-ds-base/issues/4750
Relates: https://github.com/389ds/389-ds-base/issues/4701
Reviewed by: jchapma (One line commit rule)
- - - - -
bfb3880c by Mark Reynolds at 2021-06-07T13:08:19-04:00
Issue 4773 - Add CI test for DNA interval assignment
Description: Add test case for DNA interval assignment
relates: https://github.com/389ds/389-ds-base/issues/4773
Reviewed by: spichugi(Thanks!)
- - - - -
f31010ef by Mark Reynolds at 2021-06-08T09:36:06-04:00
Issue 4447 - Crash when the Referential Integrity log is manually edited
Bug Description: If the referint log is manually edited with a string
that is not a DN the server will crash when processing
the log.
Fix Description: Check for NULL pointers when strtoking the file line.
relates: https://github.com/389ds/389-ds-base/issues/4447
Reviewed by: firstyear(Thanks!)
- - - - -
02ca55dd by tbordaz at 2021-06-10T15:07:23+02:00
Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799)
Bug description:
The fix for ticket #3764 was broken with a missing break in a
switch. The consequence is that while setting the client IP
address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the
connection is erroneously set as replication connection.
This can lead to crash or failure of testcase
test_access_from_certain_network_only_ip.
This bug was quite hidden until the fix for #4764 is
showing it more frequently
Fix description:
Add the missing break
relates: https://github.com/389ds/389-ds-base/issues/4797
Reviewed by: Mark Reynolds
Platforms tested: F33
- - - - -
a16a6532 by tbordaz at 2021-06-15T16:18:23+02:00
Issue 4789 - Temporary password rules are not enforce with local password policy (#4790)
Bug description:
When allocating a password policy structure (new_passwdPolicy)
it is initialized with the local policy definition or
the global one. If it exists a local policy entry, the TPR
attributes (passwordTPRMaxUse, passwordTPRDelayValidFrom and
passwordTPRDelayExpireAt) are not taken into account.
Fix description:
Take into account TPR attributes to initialize the policy
relates: https://github.com/389ds/389-ds-base/issues/4789
Reviewed by: Simon Pichugin, William Brown
Platforms tested: F34
- - - - -
e4612cd4 by tbordaz at 2021-06-16T13:50:06+02:00
Issue 4747 - Remove unstable/unstatus tests (followup) (#4809)
Bug description:
test_syncrepl_basic test is unstable (1 fail out of 10 run)
with a error.PyAsn1Error exception.
Fix description:
flag this tests as flaky
relates: https://github.com/389ds/389-ds-base/issues/4747
Reviewed by: self reviewed (one line commit)
Platforms tested: F33
- - - - -
1e3f32dc by Mark Reynolds at 2021-06-16T08:12:18-04:00
Issue 4093 - Fix MEP test case
Bug Description: Once some compiler warnings were fixed it
accidentally fixed the modrdn behavior. Previously
the modrdn code accidentally ignored errors that the
test case was taking for granted. Once these checks
were properly inforced the teset case started to fail.
Fix Description: Revise test case to "properly" check modrdn operations
by creating the Managed Entry before assignign it to
an entry, and then check for the revise managhed entry
DN after the modrdn takes place.
Also, improved CI debugging logging settings
relates: https://github.com/389ds/389-ds-base/issues/4093
Reviewed by: spichugi(Thanks!)
- - - - -
fa46922b by Mark Reynolds at 2021-06-16T08:20:05-04:00
Issue 4506 - Improve SASL logging
Description:
Converted all SLAPI_LOG_TRACE logging to Connection logging (SLAPI_LOG_CONNS).
sasl_errstring() perform a simple and fast switch case mapping from
error code to const string.
relates : https://github.com/389ds/389-ds-base/issues/4506
Signed-off-by: Christian Heimes <cheimes at redhat.com>
Reviewed by: mreynolds
- - - - -
8de81d54 by tbordaz at 2021-06-17T16:56:36+02:00
Issue 4788 - CLI should support Temporary Password Rules attributes (#4793)
Bug description:
Since #4725, password policy support temporary password rules.
CLI (dsconf) does not support this RFE and only direct ldap
operation can configure global/local password policy
Fix description:
Update dsconf to support this new RFE.
To run successfully the testcase it relies on #4788
relates: #4788
Reviewed by: Simon Pichugin (thanks !!)
Platforms tested: F34
- - - - -
724763b7 by Simon Pichugin at 2021-06-23T10:08:13+02:00
Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810)
Description: The description of the field "nsslapd-db-locks-monitoring-threshold"
is unclear. Make the explanations more detailed and concise in both CLI
and Web UI.
Fixes: https://github.com/389ds/389-ds-base/issues/4803
Reviewed by: @tbordaz (Thank you!)
- - - - -
5c88c00d by Simon Pichugin at 2021-06-23T10:25:54+02:00
Issue 4803 - Improve DB Locks Monitoring Feature Descriptions
Description: Enchance one line for the threshold setting
as per comment in https://github.com/389ds/389-ds-base/pull/4810
Relates: https://github.com/389ds/389-ds-base/issues/4803
Reviewed by: @droideck (one line rule)
- - - - -
f17617d1 by Mark Reynolds at 2021-07-01T14:01:35-04:00
Issue 4656 - remove problematic language from ds-replcheck
Description: remove master from ds-replcheck and replace it with supplier
relates: https://github.com/389ds/389-ds-base/issues/4656
Reviewed by: mreynolds
e with '#' will be ignored, and an empty message aborts the commit.
- - - - -
30b13465 by tbordaz at 2021-07-02T18:12:15+02:00
Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823)
Bug description:
dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py contains
password policy attributes tests (min_age,...) and tpr tests.
Leftover of the fixture password_policy (scope module) are breaking
TPR tests with subtree/user local password policy.
Fix description:
Separate temporary password tests into their own module
relates: https://github.com/389ds/389-ds-base/issues/4822
Reviewed by: Simon Pichugin (Thanks!)
Platforms tested: 8.5, F34
- - - - -
fc53c8b2 by tbordaz at 2021-07-02T18:15:04+02:00
Issue 4262 - Fix Index out of bound in fractional test (#4828)
Bug description:
In master branch there are by default 2 groups while
in 1.4.3 it exists only one. So the index '1'
in the retrieved groups raise 'invalid index' exception
in 1.4.3.
Fix description:
Retrieve the specific group bug739172_01group
to test its membership
relates: https://github.com/389ds/389-ds-base/issues/4262
Reviewed by:
Platforms tested: 8.5, fedora
foo
- - - - -
5d956fcc by Thierry Bordaz at 2021-07-05T16:03:04+02:00
Issue 4656 - (2nd) Remove problematic language from UI/CLI/lib389
- - - - -
c1926dfc by Firstyear at 2021-07-09T11:55:56+10:00
Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819)
Bug Description: Due to mishanding of short dbpwd hashes, the
crypt_r algorithm was misused and was only comparing salts
in some cases, rather than checking the actual content
of the password.
Fix Description: Stricter checks on dbpwd lengths to ensure
that content passed to crypt_r has at least 2 salt bytes and
1 hash byte, as well as stricter checks on ct_memcmp to ensure
that compared values are the same length, rather than potentially
allowing overruns/short comparisons.
fixes: https://github.com/389ds/389-ds-base/issues/4817
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
357c16cd by Mark Reynolds at 2021-07-15T12:24:21-04:00
Issue 4443 - Internal unindexed searches in syncrepl/retro changelog
Bug Description:
When a non-system index is added to a backend it is
disabled until the database is initialized or reindexed.
So in the case of the retro changelog the changenumber index
is alway disabled by default since it is never initialized.
This leads to unexpected unindexed searches of the retro
changelog.
Fix Description:
If an index has "nsSystemIndex" set to "true" then enable it
immediately.
relates: https://github.com/389ds/389-ds-base/issues/4443
Reviewed by: spichugi & tbordaz(Thanks!!)
- - - - -
4bd1c940 by Simon Pichugin at 2021-08-03T15:37:22+02:00
Issue 4460 - Fix isLocal and TLS paths discovery (#4850)
Description: Fix isLocal inconsistency in the 'allocate' code.
Process LDAP URI and decide if it's local or not.
Make sure that while connecting locally the certdir (and other TLS paths) are accessible
(has read right) before setting ldap.OPT_X_TLS_*.
If none ldap.OPT_X_TLS_* options are set and there is no new TLS context,
don't set OPT_X_TLS_NEWCTX. Then /etc/openldap/ldap.conf will be used.
Relates: https://github.com/389ds/389-ds-base/issues/4460
Reviewed by: @mreynolds389, @Firstyear (Thanks!!)
- - - - -
b99236af by Mark Reynolds at 2021-08-03T23:35:17-04:00
Issue 4736 - CLI - Errors from certutil are not propagated
Description: Errors from certutil are not returned to the client, and
only a generic failure code is returned. The actual error text should be
returned to the client since it has meaning. Just catch all the
exception and return the output as a ValueError.
relates: https://github.com/389ds/389-ds-base/issues/4736
Reviewed by: firstyear (Thanks!)
- - - - -
07b44fe5 by Mark Reynolds at 2021-08-10T11:18:18-04:00
Issue 4736 - lib389 - fix regression in certutil error checking
Description: A regression in the previous commit accidentally called
certutil twice which triggered the CLI to prompt for the NSS database
password. This broke CI tests, etc.
relates: https://github.com/389ds/389-ds-base/issues/4736
Reviewed by: mreynolds (one line commit rule)
- - - - -
4c5a75ff by Simon Pichugin at 2021-08-12T09:36:35+02:00
Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867)
Description: Fix typos in the output of "dsconf instance_name
pwpolicy set --help".
Fixes: https://github.com/389ds/389-ds-base/issues/4851
Reviewed by: @mreynolds389 (Thanks!)
- - - - -
a3d4f63e by Simon Pichugin at 2021-08-18T16:04:41+02:00
Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871)
Bug Description: When using the Attribute uniqueness plugin, restricted
to one subtree, moving an object with an already existing attribute
to this subtree does not raise any exceptions. It appears that the
originating subtree is searched instead.
Fix Description: Use parent DN of the new entry when searching
for attribute uniqueness.
Add test to plugins/attruniq_test.py suite.
Fixes: https://github.com/389ds/389-ds-base/issues/4763
Reviewed by: @tbordaz (Thanks!)
- - - - -
a7ca0280 by Firstyear at 2021-08-19T14:30:14-04:00
Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876)
Bug Description: Due to older servers missing the syntax
plugin this breaks schema replication and causes cascading
errors.
Fix Description: This changes the syntax to be a case
insensitive string, while leaving the plugins in place
for other usage.
fixes: https://github.com/389ds/389-ds-base/issues/4872
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389 @progier389
- - - - -
66f74586 by James Chapman at 2021-08-19T15:41:25-04:00
Issue 4734 - import of entry with no parent warning (#4735)
Description: Online import of ldif file that contains an entry with
no parent doesnt generate a task warning.
Fixes: https://github.com/389ds/389-ds-base/issues/4734
Author: vashirov at redhat.com (Thanks)
Reviewed by: mreynolds, jchapma
- - - - -
16124665 by Firstyear at 2021-08-23T11:42:53+10:00
Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878)
Bug Description: Due to changing the syntax of EntryUUID's
to string, we may have invalid EntryUUID's imported into
the database.
Fix Description: To resolve this during a fixup we validate
that Uuid's have a valid syntax. If they do not, we regenerate
them.
fixes: https://github.com/389ds/389-ds-base/issues/4877
Author: William Brown <william at blackhats.net.au>
Review by: @mreynolds389
- - - - -
38e1e261 by Mark Reynolds at 2021-08-26T09:38:45-04:00
Issue 4884 - server crashes when dnaInterval attribute is set to zero
Bug Description:
A division by zero crash occurs if the dnaInterval is set to zero
Fix Description:
Validate the config value of dnaInterval and adjust it to the
default/safe value of "1" if needed.
relates: https://github.com/389ds/389-ds-base/issues/4884
Reviewed by: tbordaz(Thanks!)
- - - - -
a91c1f58 by Mark Reynolds at 2021-08-26T10:11:27-04:00
Issue 4875 - CLI - Add some verbosity to installer
Description: Previously the installer would basically say
"Starting" and "Finished". If a step would
run into a problem it is difficult to narrow
down what is going wrong. So add a little more
output during the installation.
relates: https://github.com/389ds/389-ds-base/issues/4875
Reviewed by: firstyear & spichugi(Thanks!!)
- - - - -
0491c217 by James Chapman at 2021-08-27T12:08:58-04:00
Issue - 4696 - Password hash upgrade on bind (#4840)
Description:
There is an unintended side effect of the "upgrade password
on bind" feature. It causes the password policy code to be
engaged and it resets the passwordExpirationtime in the entry.
Fix description:
Only allow an external password modify operation or an extended
password modify operation update the password info.
Relates: https://github.com/389ds/389-ds-base/issues/4696
Reviewed by: @droideck, @tbordaz, @mreynolds389 (Thank you)
- - - - -
03a67520 by Mark Reynolds at 2021-09-03T09:57:57-04:00
Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks
Bug Description: Monotonic clocks were used to check if an entry was old
enough to be trimmed, but the real system time should be
used. So entries were never trimmed from the changelog.
Fix Description: Make sure monotonic clocks are only used for the
trimming interval, and real time clocks are used
for entry age.
relates: https://github.com/389ds/389-ds-base/issues/4869
Reviewed by: firstyear(Thanks!)
- - - - -
20de3428 by Timo Aaltonen at 2021-09-07T15:39:40+03:00
tests: Add isolation-container to restrictions.
- - - - -
97f84338 by Mark Reynolds at 2021-09-09T07:46:04-04:00
Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index
Bug Description: During a reindex task we skip the RUV tombstone entry,
which corrupts the nsuniqueid index.
Fix Description: Make sure we still index nsuniqueid index for
the RUV tombstone entry.
relates: https://github.com/389ds/389-ds-base/issues/4910
Reviewed by: firstyear & progier389 (Thanks!!)
- - - - -
7eed5601 by Mark Reynolds at 2021-09-09T07:49:57-04:00
Issue 4912 - dsidm command crashing when account policy plugin is enabled
Bug Description: If the account policy plugin is enabled, but not
configured then dsidm will crash when checking an
entry's status.
Fix Description: Check if the config DN is present before trying
to check its values.
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: firstyear(thanks!)
- - - - -
3982ce69 by Mark Reynolds at 2021-09-10T10:23:32-04:00
Issue 4169 - backport lib389 cert list fix
Description: We didn't call ensure_str() on the output from certutil
commands
relates: https://github.com/389ds/389-ds-base/issues/4169
Reviewed by: mreynolds(one line commit rule)
- - - - -
012a6a35 by Simon Pichugin at 2021-09-10T14:20:03-07:00
Issue 4894 - IPA failure in ipa user-del --preserve (#4907)
Bug Description: Starting with 389-ds 2.0.8 on rawhide,
any call to ipa user-del --preserve fails with
This entry already exists.
Fix Description: We should split 'dn' parameter in searchAllSubtrees
into parent and target. As one of them is used for excluding the
subtree checks and another one for searching.
Improve 'superior' processing when we don't change the parent.
Rename variables in a more sane way.
Fixes: https://github.com/389ds/389-ds-base/issues/4894
Reviewed by: @Firstyear, @tbordaz, @progier389 (Thanks!)
- - - - -
ef01f6d8 by Mark Reynolds at 2021-09-11T10:28:47-04:00
Issue 4796 - Add support for nsslapd-state to CLI & UI
Description:
Add support for nsslapd-state to lib389 and UI. Also added a check to prevent the changing of nsslapd-state for replicated suffixes.
Also did a little UI cleanup where a bottom margin was added to the bottom of pages instead of using "hr" to create the gap.
relates: https://github.com/389ds/389-ds-base/issues/4796
Reviewed by: jchapman & spichugi(Thanks!)
- - - - -
f6bb281d by Mark Reynolds at 2021-09-13T12:24:06-04:00
Issue 4912 - Account Policy plugin does not set the config entry DN
Description: Although we create the config entry for the Account Policy
plugin, we do not list the config entry DN in the main plugin entry
via nsslapd-pluginarg0
relates: https://github.com/389ds/389-ds-base/issues/4912
Reviewed by: mreynolds(one line commit rule)
- - - - -
ebacadde by Marc Muehlfeld at 2021-09-14T09:31:02-04:00
Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.)
Description:
The --help of dsconf and its subcommands contain several incorrect descriptions, typos, inconsistent language, some entries end with a ".", some doesn't, some descriptions start with lowercase, ...
For a better user experience, the descriptions of subcommands, and parameters should be reviewed and improved.
Fixes: #4908
Reviewed by: Mark Reynolds, William Brown, and Simon Pichugin
- - - - -
8127b3d0 by Mark Reynolds at 2021-09-20T17:00:19-04:00
Issue 4927 - rebase lib389 and cockpit in 1.4.4
Description: 389-ds-base-1.4.4 has somehow become out of sync
with critical fixes in lib389 and cockpit. It is
too difficult to try and find which patches are
missing. Instead we can just rebase the source
code for lib389 and cockpit from branch 389-ds-base-2.0.
fixes: https://github.com/389ds/389-ds-base/issues/4927
Reviewed by: spichugi & jchapman(Thanks!!)
- - - - -
5e1e392a by Mark Reynolds at 2021-09-20T17:01:33-04:00
Bump version to 1.4.4.17
- - - - -
ae9fc0ac by Timo Aaltonen at 2021-10-18T17:48:33+03:00
Add a dependency to libjemalloc2, and add a symlink to it so the preload works. (Closes: #992696)
- - - - -
e60cb856 by Timo Aaltonen at 2021-10-18T17:53:19+03:00
Merge branch 'upstream'
- - - - -
93fc088c by Timo Aaltonen at 2021-10-18T17:53:42+03:00
bump the version
- - - - -
23 changed files:
- VERSION.sh
- debian/389-ds-base-libs.install
- debian/changelog
- debian/control
- debian/rules
- debian/tests/control
- + dirsrvtests/tests/data/entryuuid/localhost-userRoot-invalid.ldif
- + dirsrvtests/tests/suites/clu/dsctl_tls_test.py
- dirsrvtests/tests/suites/entryuuid/basic_test.py
- dirsrvtests/tests/suites/fractional/fractional_test.py
- dirsrvtests/tests/suites/password/pwdPolicy_attribute_test.py
- + dirsrvtests/tests/suites/password/pwdPolicy_temporary_password.py
- + dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
- dirsrvtests/tests/suites/password/pwd_upgrade_on_bind.py
- + dirsrvtests/tests/suites/plugins/attruniq_test.py
- + dirsrvtests/tests/suites/plugins/dna_interval_test.py
- dirsrvtests/tests/suites/plugins/managed_entry_test.py
- dirsrvtests/tests/suites/plugins/referint_test.py
- dirsrvtests/tests/suites/replication/regression_m2_test.py
- dirsrvtests/tests/suites/replication/ruvstore_test.py
- dirsrvtests/tests/suites/retrocl/basic_test.py
- + dirsrvtests/tests/suites/retrocl/retrocl_indexing_test.py
- dirsrvtests/tests/suites/syncrepl_plugin/basic_test.py
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/e6521870cbc22dd2107a5fa95612cc2e69767a99...93fc088ca87e524136f774419744f3655fe3661c
--
View it on GitLab: https://salsa.debian.org/freeipa-team/389-ds-base/-/compare/e6521870cbc22dd2107a5fa95612cc2e69767a99...93fc088ca87e524136f774419744f3655fe3661c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20211018/90c9d9e7/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list