Fedora Info: [389-commits] Branch '389-ds-base-1.3.2'

New commits:
commit 5582b14982b8d1d02748ef66f9320daf0211c07f
Author: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
Date: Tue May 20 10:24:34 2014 +0200

Ticket 47541 - Replication of the schema may overwrite
consumer 'attributetypes' even if
consumer definition is a superset

Bug Description: Need to check consumer attributetypes to make sure it doesn't get
overwritten if it is a superset.

Fix Description: First, extended the attribute syntax struct to make it a double
linked list. This allows us to easily look through all the attributeTypes.
Then check for supersets by looking at single vs multi-valued, and
syntax oid's. Matching rules are not being evalauated at this time.

https://fedorahosted.org/389/ticket/47541

Reveiwed by: rmeggins(Thanks!)

diff --git a/ldap/servers/plugins/replication/repl5_connection.c b/ldap/servers/plugins/replication/repl5_connection.c
index 2069a98..3d29a79 100644
--- a/ldap/servers/plugins/replication/repl5_connection.c
+++ b/ldap/servers/plugins/replication/repl5_connection.c
@@ -98,7 +98,7 @@ typedef struct repl_connection

/*** from proto-slap.h ***/
int schema_objectclasses_superset_check(struct berval **remote_schema, char *type);
-
+int schema_attributetypes_superset_check(struct berval **remote_schema, char *type);
/* Controls we add on every outbound operation */

static LDAPControl manageDSAITControl = {LDAP_CONTROL_MANAGEDSAIT, {0, ""}, '\0'};
@@ -1589,33 +1589,57 @@ conn_push_schema(Repl_Connection *conn, CSN **remotecsn)
/* Need to free the remote_schema_csn_bervals */
ber_bvecfree(remote_schema_csn_bervals);
}
- if (return_value != CONN_SCHEMA_NO_UPDATE_NEEDED) {
- struct berval **remote_schema_objectclasses_bervals;
- /* before pushing the schema do some checking */
-
- /* First objectclasses */
- return_value = conn_read_entry_attribute(conn, "cn=schema", "objectclasses", &remote_schema_objectclasses_bervals);
- if (return_value == CONN_OPERATION_SUCCESS) {
- /* Check if the consumer objectclasses are a superset of the local supplier schema */
- if (schema_objectclasses_superset_check(remote_schema_objectclasses_bervals, OC_SUPPLIER)) {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "Schema %s must not be overwritten (set replication log for additional info)\n",
- agmt_get_long_name(conn->agmt));
- return_value = CONN_OPERATION_FAILED;
- }
- } else {
- slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
- "%s: Fail to retrieve the remote schema objectclasses\n",
- agmt_get_long_name(conn->agmt));
- }
-
- /* In case of success, possibly log a message */
- if (return_value == CONN_OPERATION_SUCCESS) {
- slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
- "Schema checking successful: ok to push the schema (%s)\n", agmt_get_long_name(conn->agmt));
- }
- }
-
+ if (return_value != CONN_SCHEMA_NO_UPDATE_NEEDED) {
+ struct berval **remote_schema_objectclasses_bervals = NULL;
+ struct berval **remote_schema_attributetypes_bervals = NULL;
+ /* before pushing the schema do some checking */
+
+ /* First objectclasses */
+ return_value = conn_read_entry_attribute(conn, "cn=schema", "objectclasses",
+ &remote_schema_objectclasses_bervals);
+ if (return_value == CONN_OPERATION_SUCCESS) {
+ /* Check if the consumer objectclasses are a superset of the local supplier schema */
+ if (schema_objectclasses_superset_check(remote_schema_objectclasses_bervals, OC_SUPPLIER)) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "Schema %s must not be overwritten (set replication log for additional info)\n",
+ agmt_get_long_name(conn->agmt));
+ return_value = CONN_OPERATION_FAILED;
+ }
+ if(remote_schema_objectclasses_bervals){
+ ber_bvecfree(remote_schema_objectclasses_bervals);
+ }
+ } else {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Fail to retrieve the remote schema objectclasses\n",
+ agmt_get_long_name(conn->agmt));
+ }
+ if (return_value == CONN_OPERATION_SUCCESS) {
+ /* Next attribute types */
+ return_value = conn_read_entry_attribute(conn, "cn=schema", "attributetypes",
+ &remote_schema_attributetypes_bervals);
+ if (return_value == CONN_OPERATION_SUCCESS) {
+ /* Check if the consumer attributes are a superset of the local supplier schema */
+ if (schema_attributetypes_superset_check(remote_schema_attributetypes_bervals, OC_SUPPLIER)) {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "Schema %s must not be overwritten (set replication log for additional info)\n",
+ agmt_get_long_name(conn->agmt));
+ return_value = CONN_OPERATION_FAILED;
+ }
+ if(remote_schema_attributetypes_bervals){
+ ber_bvecfree(remote_schema_attributetypes_bervals);
+ }
+ } else {
+ slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name,
+ "%s: Fail to retrieve the remote schema attribute types\n",
+ agmt_get_long_name(conn->agmt));
+ }
+ }
+ /* In case of success, possibly log a message */
+ if (return_value == CONN_OPERATION_SUCCESS) {
+ slapi_log_error(SLAPI_LOG_REPL, repl_plugin_name,
+ "Schema checking successful: ok to push the schema (%s)\n", agmt_get_long_name(conn->agmt));
+ }
+ }
}
}
}
diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
index 6386fbe..885d02a 100644
--- a/ldap/servers/slapd/attrsyntax.c
+++ b/ldap/servers/slapd/attrsyntax.c
@@ -58,6 +58,9 @@ static PLHashTable *oid2asi = NULL;
static Slapi_RWLock *oid2asi_lock = NULL;
static PLHashTable *internalasi = NULL;

+/* global attribute linked list */
+static asyntaxinfo *global_at = NULL;
+
/*
* This hashtable maps the name or alias of the attribute to the
* syntax info structure for that attribute. An attribute type has as
@@ -82,12 +85,20 @@ static void attr_syntax_delete_no_lock( struct asyntaxinfo *asip,
PRBool remove_from_oid_table );
static struct asyntaxinfo *attr_syntax_get_by_oid_locking_optional( const
char *oid, PRBool use_lock);
+static void attr_syntax_insert( struct asyntaxinfo *asip );
+static void attr_syntax_remove( struct asyntaxinfo *asip );

#ifdef ATTR_LDAP_DEBUG
static void attr_syntax_print();

Fedora Info

Tuesday, May 20, 2014

[389-commits] Branch '389-ds-base-1.3.2' - ldap/servers

No comments:

Post a Comment