Commit 9d3860fe authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import 389-ds-base-1.4.2.4-8.module+el8.2.0+5959+cfcaedbd

parent 6753a945
50c525db2c9adfc7cca119ed13110a42d88d079c SOURCES/389-ds-base-1.4.1.3.tar.bz2 fcf4e095176c048550be8838df112b8d247f34db SOURCES/389-ds-base-1.4.2.4.tar.bz2
5a5255f7bca3e79a063f26f292cf93f17fe3b14f SOURCES/jemalloc-5.2.0.tar.bz2 9e06b5cc57fd185379d007696da153893cf73e30 SOURCES/jemalloc-5.2.1.tar.bz2
SOURCES/389-ds-base-1.4.1.3.tar.bz2 SOURCES/389-ds-base-1.4.2.4.tar.bz2
SOURCES/jemalloc-5.2.0.tar.bz2 SOURCES/jemalloc-5.2.1.tar.bz2
From b823da0b0e3f02a7972ebec4e714877d2ee2170e Mon Sep 17 00:00:00 2001
From: Viktor Ashirov <vashirov@redhat.com>
Date: Fri, 15 Nov 2019 11:55:07 +0100
Subject: [PATCH 1/2] Issue 50712 - Version comparison doesn't work correctly
on git builds
Bug Description:
`python3-packaging` is not shipped in RHEL8. But it's bundled with
`setuptools` which is present in all major distributions.
Fix Description:
Use `pkg_resources` module from `setuptools` which provides needed
functionality, change lib389 and rpm dependencies accordingly.
Unfortunately, `pkg_resources.parse_version()` returns different
objects for different strings too, so use `LegacyVersion` directly
from `pkg_resources.extern.packaging.version`.
Fixes: https://pagure.io/389-ds-base/issue/50712
Relates: https://pagure.io/389-ds-base/issue/50706
---
rpm/389-ds-base.spec.in | 2 +-
src/lib389/lib389/tests/utils_test.py | 29 +++++++++++++++++++++++++++
src/lib389/lib389/utils.py | 11 +++++-----
src/lib389/requirements.txt | 2 +-
src/lib389/setup.py | 2 +-
5 files changed, 38 insertions(+), 8 deletions(-)
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
index e60b0f3c5..6f4a1e1a9 100644
--- a/rpm/389-ds-base.spec.in
+++ b/rpm/389-ds-base.spec.in
@@ -130,7 +130,6 @@ BuildRequires: python%{python3_pkgversion}-argcomplete
BuildRequires: python%{python3_pkgversion}-argparse-manpage
BuildRequires: python%{python3_pkgversion}-policycoreutils
BuildRequires: python%{python3_pkgversion}-libselinux
-BuildRequires: python%{python3_pkgversion}-packaging
# For cockpit
BuildRequires: rsync
@@ -303,6 +302,7 @@ Requires: python%{python3_pkgversion}-pyasn1-modules
Requires: python%{python3_pkgversion}-dateutil
Requires: python%{python3_pkgversion}-argcomplete
Requires: python%{python3_pkgversion}-libselinux
+Requires: python%{python3_pkgversion}-setuptools
%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
%description -n python%{python3_pkgversion}-lib389
diff --git a/src/lib389/lib389/tests/utils_test.py b/src/lib389/lib389/tests/utils_test.py
index 5378066b6..a696eb5c9 100644
--- a/src/lib389/lib389/tests/utils_test.py
+++ b/src/lib389/lib389/tests/utils_test.py
@@ -145,6 +145,35 @@ def test_get_log_data(data):
assert display_log_data(before) == after
+@pytest.mark.parametrize('ds_ver, cmp_ver', [
+ ('1.3.1', '1.3.2'),
+ ('1.3.1', '1.3.10'),
+ ('1.3.2', '1.3.10'),
+ ('1.3.9', ('1.3.10', '1.4.2.0')),
+ ('1.4.0.1', ('1.3.9', '1.4.1.0', '1.4.2.1')),
+ ('1.4.1', '1.4.2.0-20191115gitbadc0ffee' ),
+])
+def test_ds_is_older_versions(ds_ver, cmp_ver):
+ if isinstance(cmp_ver, tuple):
+ assert ds_is_related('older', ds_ver, *cmp_ver)
+ else:
+ assert ds_is_related('older', ds_ver, cmp_ver)
+
+@pytest.mark.parametrize('ds_ver, cmp_ver', [
+ ('1.3.2', '1.3.1'),
+ ('1.3.10', '1.3.1'),
+ ('1.3.10', '1.3.2'),
+ ('1.3.10', ('1.3.9', '1.4.2.0')),
+ ('1.4.2.1', ('1.3.9', '1.4.0.1', '1.4.2.0')),
+ ('1.4.2.0-20191115gitbadc0ffee', '1.4.1' ),
+])
+def test_ds_is_newer_versions(ds_ver, cmp_ver):
+ if isinstance(cmp_ver, tuple):
+ assert ds_is_related('newer', ds_ver, *cmp_ver)
+ else:
+ assert ds_is_related('newer', ds_ver, cmp_ver)
+
+
if __name__ == "__main__":
CURRENT_FILE = os.path.realpath(__file__)
pytest.main("-s -v %s" % CURRENT_FILE)
diff --git a/src/lib389/lib389/utils.py b/src/lib389/lib389/utils.py
index 3234cdccb..b9eacfdea 100644
--- a/src/lib389/lib389/utils.py
+++ b/src/lib389/lib389/utils.py
@@ -40,7 +40,7 @@ import shlex
import operator
import subprocess
import math
-from packaging.version import LegacyVersion
+from pkg_resources.extern.packaging.version import LegacyVersion
from socket import getfqdn
from ldapurl import LDAPUrl
from contextlib import closing
@@ -1067,13 +1067,12 @@ def get_ds_version():
return p.version
-def ds_is_related(relation, *ver):
+def ds_is_related(relation, ds_ver, *ver):
"""
Return a result of a comparison between the current version of ns-slapd and a provided version.
"""
ops = {'older': operator.lt,
'newer': operator.ge}
- ds_ver = get_ds_version()
if len(ver) > 1:
for cmp_ver in ver:
if cmp_ver.startswith(ds_ver[:3]):
@@ -1086,14 +1085,16 @@ def ds_is_older(*ver):
"""
Return True if the current version of ns-slapd is older than a provided version
"""
- return ds_is_related('older', *ver)
+ ds_ver = get_ds_version()
+ return ds_is_related('older', ds_ver, *ver)
def ds_is_newer(*ver):
"""
Return True if the current version of ns-slapd is newer than a provided version
"""
- return ds_is_related('newer', *ver)
+ ds_ver = get_ds_version()
+ return ds_is_related('newer', ds_ver, *ver)
def gentime_to_datetime(gentime):
diff --git a/src/lib389/requirements.txt b/src/lib389/requirements.txt
index 5cce1d04b..eb2475f3b 100644
--- a/src/lib389/requirements.txt
+++ b/src/lib389/requirements.txt
@@ -6,4 +6,4 @@ six
argcomplete
argparse-manpage
python-ldap
-packaging
+setuptools
diff --git a/src/lib389/setup.py b/src/lib389/setup.py
index f2e404333..056173936 100644
--- a/src/lib389/setup.py
+++ b/src/lib389/setup.py
@@ -82,7 +82,7 @@ setup(
'argcomplete',
'argparse-manpage',
'python-ldap',
- 'packaging',
+ 'setuptools',
],
cmdclass={
--
2.21.0
From 00bc5150aeb5e0d7676d0c578cd64a3977ae5d85 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Fri, 15 Nov 2019 11:04:14 -0500
Subject: [PATCH 2/2] Issue 50499 - Fix npm audit issues
Description: Updated npm handlebars package to 4.5.2
relates: https://pagure.io/389-ds-base/issue/50499
---
src/cockpit/389-console/package-lock.json | 12 ++++++------
src/cockpit/389-console/package.json | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/cockpit/389-console/package-lock.json b/src/cockpit/389-console/package-lock.json
index 7207e92a0..f61e48985 100644
--- a/src/cockpit/389-console/package-lock.json
+++ b/src/cockpit/389-console/package-lock.json
@@ -6053,9 +6053,9 @@
"integrity": "sha512-zGEOVKFM5sVPPrYs7J5/hYEw2Pof8KCyOwyhG8sAF26mCAeUFAcYPu1mwB7hhpIP29zOIBaDqwuHdLp0jvZXjw=="
},
"handlebars": {
- "version": "4.5.1",
- "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.5.1.tgz",
- "integrity": "sha512-C29UoFzHe9yM61lOsIlCE5/mQVGrnIOrOq7maQl76L7tYPCgC1og0Ajt6uWnX4ZTxBPnjw+CUvawphwCfJgUnA==",
+ "version": "4.5.2",
+ "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.5.2.tgz",
+ "integrity": "sha512-29Zxv/cynYB7mkT1rVWQnV7mGX6v7H/miQ6dbEpYTKq5eJBN7PsRB+ViYJlcT6JINTSu4dVB9kOqEun78h6Exg==",
"requires": {
"neo-async": "^2.6.0",
"optimist": "^0.6.1",
@@ -6075,9 +6075,9 @@
"integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g=="
},
"uglify-js": {
- "version": "3.6.7",
- "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.6.7.tgz",
- "integrity": "sha512-4sXQDzmdnoXiO+xvmTzQsfIiwrjUCSA95rSP4SEd8tDb51W2TiDOlL76Hl+Kw0Ie42PSItCW8/t6pBNCF2R48A==",
+ "version": "3.6.9",
+ "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.6.9.tgz",
+ "integrity": "sha512-pcnnhaoG6RtrvHJ1dFncAe8Od6Nuy30oaJ82ts6//sGSXOP5UjBMEthiProjXmMNHOfd93sqlkztifFMcb+4yw==",
"optional": true,
"requires": {
"commander": "~2.20.3",
diff --git a/src/cockpit/389-console/package.json b/src/cockpit/389-console/package.json
index ffa429d83..fb2449675 100644
--- a/src/cockpit/389-console/package.json
+++ b/src/cockpit/389-console/package.json
@@ -52,7 +52,7 @@
"@patternfly/react-core": "^3.58.1",
"bootstrap": "^4.3.1",
"file-loader": "^4.1.0",
- "handlebars": "^4.4.5",
+ "handlebars": "^4.5.2",
"node-sass": "4.12.0",
"patternfly": "^3.59.3",
"patternfly-react": "^2.34.3",
--
2.21.0
From 1f4955d5e09f44f19b96dc671a1462cc43ee29a8 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 25 Nov 2019 17:24:04 -0500
Subject: [PATCH] Issue 50701 - Fix type in lint report
Description: Fix typo introduced from the previous commit for 50701
relates: https://pagure.io/389-ds-base/issue/50701
Reviewed by: firstyear(Thanks!)
---
src/lib389/lib389/lint.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lib389/lib389/lint.py b/src/lib389/lib389/lint.py
index 515711136..736dffa14 100644
--- a/src/lib389/lib389/lint.py
+++ b/src/lib389/lib389/lint.py
@@ -42,7 +42,7 @@ DSBLE0002 = {
'dsle': 'DSBLE0002',
'severity': 'HIGH',
'items' : [],
- 'detail' : """Unable to querying the backend. LDAP error (ERROR)""",
+ 'detail' : """Unable to query the backend. LDAP error (ERROR)""",
'fix' : """Check the server's error and access logs for more information."""
}
--
2.21.0
From 44e46e0dd71567756928be3f773d09cc2cee22c2 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 13 Jan 2020 17:58:52 -0500
Subject: [PATCH] Issue 50816 - dsconf allows the root password to be set to
nothing
Bug Description: dsconf allows you to set the root DN password to nothing/
Fix Description: Do not allow the root DN password to be set to nothing
relates: https://pagure.io/389-ds-base/issue/50816
Reviewed by: firstyear(Thanks!)
---
src/lib389/lib389/idm/directorymanager.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/lib389/lib389/idm/directorymanager.py b/src/lib389/lib389/idm/directorymanager.py
index bb3b58355..4c573e7b4 100644
--- a/src/lib389/lib389/idm/directorymanager.py
+++ b/src/lib389/lib389/idm/directorymanager.py
@@ -31,6 +31,8 @@ class DirectoryManager(Account):
self._protected = True
def change_password(self, new_password):
+ if new_password == "":
+ raise ValueError("You can not set the Directory Manager password to nothing")
self._instance.config.set('nsslapd-rootpw', new_password)
def bind(self, password=PW_DM, *args, **kwargs):
--
2.21.1
From f570348659620a59b681e7bf315bd979cd7de497 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Mon, 13 Jan 2020 14:40:49 -0500
Subject: [PATCH] Issue 50812 - dscontainer executable should be placed under
/usr/libexec/dirsrv/
Description: dscontainer is not a user-runnable executable. Per packaging
guidelines it should be placed under /usr/libexec/dirsrv/
relates: https://pagure.io/389-ds-base/issue/50812
Reviewed by: firstyear & mhonek (Thanks!!)
---
docker/389-ds-fedora/Dockerfile | 6 +++---
docker/389-ds-suse/Dockerfile | 4 ++--
docker/389-ds-suse/Dockerfile.release | 2 +-
rpm/389-ds-base.spec.in | 2 +-
src/lib389/setup.py | 4 +++-
5 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/docker/389-ds-fedora/Dockerfile b/docker/389-ds-fedora/Dockerfile
index d61df8cba..45523ccf1 100644
--- a/docker/389-ds-fedora/Dockerfile
+++ b/docker/389-ds-fedora/Dockerfile
@@ -40,7 +40,7 @@ VOLUME /etc/dirsrv
VOLUME /var/log/dirsrv
VOLUME /var/lib/dirsrv
-# Or, run them as dirsrv
-USER dirsrv
-CMD ["/usr/sbin/ns-slapd", "-d", "0", "-D", "/etc/dirsrv/slapd-localhost", "-i", "/var/run/dirsrv/slapd-localhost.pid"]
+HEALTHCHECK --start-period=5m --timeout=5s --interval=5s --retries=2 \
+ CMD /usr/libexec/dirsrv/dscontainer -H
+CMD [ "/usr/libexec/dirsrv/dscontainer", "-r" ]
diff --git a/docker/389-ds-suse/Dockerfile b/docker/389-ds-suse/Dockerfile
index 1e56e1f5a..6022d04c6 100644
--- a/docker/389-ds-suse/Dockerfile
+++ b/docker/389-ds-suse/Dockerfile
@@ -76,7 +76,7 @@ VOLUME /data
# USER dirsrv
HEALTHCHECK --start-period=5m --timeout=5s --interval=5s --retries=2 \
- CMD /usr/sbin/dscontainer -H
+ CMD /usr/libexec/dirsrv/dscontainer -H
-CMD [ "/usr/sbin/dscontainer", "-r" ]
+CMD [ "/usr/libexec/dirsrv/dscontainer", "-r" ]
diff --git a/docker/389-ds-suse/Dockerfile.release b/docker/389-ds-suse/Dockerfile.release
index c934edaf0..6f4adf735 100644
--- a/docker/389-ds-suse/Dockerfile.release
+++ b/docker/389-ds-suse/Dockerfile.release
@@ -69,4 +69,4 @@ VOLUME /data
# here and ds should do the right thing if a non root user runs the server.
# USER dirsrv
-CMD [ "/usr/sbin/dscontainer", "-r" ]
+CMD [ "/usr/libexec/dirsrv/dscontainer", "-r" ]
diff --git a/rpm/389-ds-base.spec.in b/rpm/389-ds-base.spec.in
index 6f4a1e1a9..6491bda00 100644
--- a/rpm/389-ds-base.spec.in
+++ b/rpm/389-ds-base.spec.in
@@ -806,7 +806,7 @@ exit 0
%{_mandir}/man8/dsctl.8.gz
%{_sbindir}/dsidm
%{_mandir}/man8/dsidm.8.gz
-%{_sbindir}/dscontainer
+%{_libexecdir}/%{pkgname}/dscontainer
%files -n cockpit-389-ds -f cockpit.list
%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
diff --git a/src/lib389/setup.py b/src/lib389/setup.py
index 056173936..296b555a4 100644
--- a/src/lib389/setup.py
+++ b/src/lib389/setup.py
@@ -63,7 +63,6 @@ setup(
'cli/dsconf',
'cli/dscreate',
'cli/dsidm',
- 'cli/dscontainer',
]),
('/usr/share/man/man8', [
'man/dsctl.8',
@@ -71,6 +70,9 @@ setup(
'man/dscreate.8',
'man/dsidm.8',
]),
+ ('/usr/libexec/dirsrv/', [
+ 'cli/dscontainer',
+ ]),
],
install_requires=[
--
2.21.1
From b5d7a0b34d532335da7171dd7a308f95638c91c8 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Tue, 19 Nov 2019 09:56:46 +0100
Subject: [PATCH] Ticket 50741 - bdb_start - Detected Disorderly Shutdown last
time Directory Server was running
Bug description:
At startup plugins are started (plugin_dependency_startall) including ldbm database
that read/remove the guardian file (bdb_start).
If one of the plugin fails to start, for example because of a missing dependency,
the statup function just exits without recreating the guardian file.
The next restart will not find the guardian file, trigger a recovery and
log the alarming message "Detected Disorderly Shutdown last time Directory Server was running..."
Fix description:
In case the startup function fails it should call the closing function of all
started plugin: plugin_closeall
The fix also contains fixes for plugin acceptance tests. If DS startup is expected
to fail, it is caught by subprocess.CalledProcessError but actually the startup
function can also return ValueError exception
https://pagure.io/389-ds-base/issue/50741
Reviewed By: Mark Reynolds
---
dirsrvtests/tests/suites/plugins/acceptance_test.py | 6 +++---
ldap/servers/slapd/plugin.c | 1 +
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/dirsrvtests/tests/suites/plugins/acceptance_test.py b/dirsrvtests/tests/suites/plugins/acceptance_test.py
index 8aacb74be..cdb629eef 100644
--- a/dirsrvtests/tests/suites/plugins/acceptance_test.py
+++ b/dirsrvtests/tests/suites/plugins/acceptance_test.py
@@ -64,7 +64,7 @@ def check_dependency(inst, plugin, online=True):
acct_usability.remove('nsslapd-plugin-depends-on-named', plugin.rdn)
else:
plugin.disable()
- with pytest.raises(subprocess.CalledProcessError):
+ with pytest.raises((subprocess.CalledProcessError, ValueError)):
inst.restart()
dse_ldif = DSEldif(inst)
dse_ldif.delete(acct_usability.dn, 'nsslapd-plugin-depends-on-named')
@@ -1739,14 +1739,14 @@ def test_rootdn(topo, args=None):
# First, test that invalid plugin changes are rejected
if args is None:
plugin.replace('rootdn-deny-ip', '12.12.ZZZ.12')
- with pytest.raises(subprocess.CalledProcessError):
+ with pytest.raises((subprocess.CalledProcessError, ValueError)):
inst.restart()
dse_ldif = DSEldif(inst)
dse_ldif.delete(plugin.dn, 'rootdn-deny-ip')
_rootdn_restart(inst)
plugin.replace('rootdn-allow-host', 'host._.com')
- with pytest.raises(subprocess.CalledProcessError):
+ with pytest.raises((subprocess.CalledProcessError, ValueError)):
inst.restart()
dse_ldif = DSEldif(inst)
dse_ldif.delete(plugin.dn, 'rootdn-allow-host')
diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c
index a77bb5aa7..b00c1bd8f 100644
--- a/ldap/servers/slapd/plugin.c
+++ b/ldap/servers/slapd/plugin.c
@@ -1811,6 +1811,7 @@ plugin_dependency_startall(int argc, char **argv, char *errmsg __attribute__((un
}
i++;
}
+ plugin_closeall(1 /* Close Backends */, 1 /* Close Globals */);
exit(1);
}
--
2.21.1
From f77760fb4e39e6d5b673ee8c5388407ff1ae98be Mon Sep 17 00:00:00 2001
From: William Brown <william@blackhats.net.au>
Date: Wed, 23 Oct 2019 12:01:04 +1000
Subject: [PATCH] Ticket 50667 - dsctl -l did not respect PREFIX
Bug Description: dsctl list was not coded to allow
using the paths module.
Fix Description: Change to the paths module to allow
better and consistent CLI handling.
https://pagure.io/389-ds-base/issue/50667
Author: William Brown <william@blackhats.net.au>
Review by: mreynolds, spichugi (thanks)
---
src/lib389/cli/dsctl | 4 ++--
src/lib389/lib389/cli_ctl/instance.py | 2 +-
src/lib389/lib389/utils.py | 8 ++++++--
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/lib389/cli/dsctl b/src/lib389/cli/dsctl
index 8b86629ac..47ca8269b 100755
--- a/src/lib389/cli/dsctl
+++ b/src/lib389/cli/dsctl
@@ -46,8 +46,8 @@ parser.add_argument('-l', '--list',
default=False, action='store_true'
)
-parser.add_argument('--remove-all', nargs="?", default=False, const=None,
- help="Remove all instances of Directory Server (you can also provide an optional directory prefix for this argument)",
+parser.add_argument('--remove-all', default=False, action='store_true',
+ help=argparse.SUPPRESS
)
subparsers = parser.add_subparsers(help="action")
diff --git a/src/lib389/lib389/cli_ctl/instance.py b/src/lib389/lib389/cli_ctl/instance.py
index 95958e14c..f0111f35b 100644
--- a/src/lib389/lib389/cli_ctl/instance.py
+++ b/src/lib389/lib389/cli_ctl/instance.py
@@ -127,7 +127,7 @@ def instance_remove_all(log, args):
"""Remove all instances - clean sweep!
"""
- inst_names = get_instance_list(args.remove_all)
+ inst_names = get_instance_list()
if len(inst_names) > 0:
answer = input("Are you sure you want to remove all the Directory Server instances? Enter \"Yes\" to continue: ")
if answer != 'Yes':
diff --git a/src/lib389/lib389/utils.py b/src/lib389/lib389/utils.py
index b9eacfdea..587c7b07b 100644
--- a/src/lib389/lib389/utils.py
+++ b/src/lib389/lib389/utils.py
@@ -1244,9 +1244,10 @@ def get_ldapurl_from_serverid(instance):
return ("ldap://{}:{}".format(host, port), None)
-def get_instance_list(prefix=None):
+def get_instance_list():
# List all server instances
- conf_dir = (prefix or "") + "/etc/dirsrv/"
+ paths = Paths()
+ conf_dir = os.path.join(paths.sysconf_dir, 'dirsrv')
insts = []
try:
for inst in os.listdir(conf_dir):
@@ -1254,6 +1255,9 @@ def get_instance_list(prefix=None):
insts.append(inst)
except OSError as e:
log.error("Failed to check directory: {} - {}".format(conf_dir, str(e)))
+ except IOError as e:
+ log.error(e)
+ log.error("Perhaps you need to be a different user?")
insts.sort()
return insts
--
2.21.1
From 2040a0a1e517b444fef35a30c86bc6380b03bb21 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Fri, 8 Nov 2019 18:16:06 +0100
Subject: [PATCH] Ticket 50709: Several memory leaks reported by Valgrind for
389-ds 1.3.9.1-10
Description of the problem:
When evaluating an ACI with 'ip' subject, it adds a PRNetAddr to the subject
property list. When the list is free (acl__done_aclpb) the property is not freed.
Description of the fix:
Add the property to the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP) so that it
the property is freed with acl pblock.
https://pagure.io/389-ds-base/issue/50709
Reviewed by: Mark Reynolds, William Brown, Ludwig Krispenz
---
ldap/servers/plugins/acl/acllas.c | 51 ++++++++++++++++++++-----------
ldap/servers/slapd/connection.c | 2 ++
ldap/servers/slapd/pblock.c | 16 ++++++++++
ldap/servers/slapd/slap.h | 1 +
ldap/servers/slapd/slapi-plugin.h | 1 +
5 files changed, 53 insertions(+), 18 deletions(-)
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
index 3950fd405..dd41d41bd 100644
--- a/ldap/servers/plugins/acl/acllas.c
+++ b/ldap/servers/plugins/acl/acllas.c
@@ -251,6 +251,7 @@ DS_LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_in
{
struct acl_pblock *aclpb = NULL;
PRNetAddr *client_praddr = NULL;
+ PRNetAddr *pb_client_praddr = NULL;
char ip_str[256];
int rv = LAS_EVAL_TRUE;
@@ -262,25 +263,39 @@ DS_LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_in
return LAS_EVAL_FAIL;
}
- client_praddr = (PRNetAddr *)slapi_ch_malloc(sizeof(PRNetAddr));
- if (client_praddr == NULL) {
- slapi_log_err(SLAPI_LOG_ERR, plugin_name, "DS_LASIpGetter - Failed to allocate client_praddr\n");
- return (LAS_EVAL_FAIL);
- }
+ slapi_pblock_get(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR_ACLIP, &pb_client_praddr);
+ if (pb_client_praddr == NULL) {
- if (slapi_pblock_get(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR, client_praddr) != 0) {
- slapi_log_err(SLAPI_LOG_ERR, plugin_name, "DS_LASIpGetter - Could not get client IP.\n");
- slapi_ch_free((void **)&client_praddr);
- return (LAS_EVAL_FAIL);
- }
+ client_praddr = (PRNetAddr *) slapi_ch_malloc(sizeof (PRNetAddr));
+ if (client_praddr == NULL) {