Thursday, June 20, 2019

[389-commits] [389-ds-base] branch 389-ds-base-1.3.6 updated: BZ1518320 - entry cache crash fix

This is an automated email from the git hooks/post-receive script.

mreynolds pushed a commit to branch 389-ds-base-1.3.6
in repository 389-ds-base.

The following commit(s) were added to refs/heads/389-ds-base-1.3.6 by this push:
new f071f26 BZ1518320 - entry cache crash fix
f071f26 is described below

commit f071f260be70fe0ddb568e19fdf25f9c95b4ddad
Author: Mark Reynolds <mreynolds@redhat.com>
AuthorDate: Thu Jun 20 15:50:08 2019 -0400

BZ1518320 - entry cache crash fix

Description: THis patch is combination of all the entry cache fixes.

If these fixes are not enough, there is an experimental
"fix" that should prevent the crash. A message will be
logged that reports the crash was averted:

"(avoided crash, but cache was corrupted)"

The customer should monitor the errors log for this text,
and let GSS know if they see it.
---
configure.ac | 2 +-
dirsrvtests/tests/suites/betxns/betxn_test.py | 57 ++++++++++
ldap/servers/slapd/back-ldbm/back-ldbm.h | 4 +
ldap/servers/slapd/back-ldbm/backentry.c | 2 +-
ldap/servers/slapd/back-ldbm/cache.c | 147 ++++++++++++++++++++++++-
ldap/servers/slapd/back-ldbm/ldbm_add.c | 14 +++
ldap/servers/slapd/back-ldbm/ldbm_delete.c | 22 +++-
ldap/servers/slapd/back-ldbm/ldbm_modify.c | 12 ++
ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 24 +++-
ldap/servers/slapd/back-ldbm/proto-back-ldbm.h | 1 +
ldap/servers/slapd/slapi-plugin.h | 15 +++
ldap/servers/slapd/time.c | 26 +++++
12 files changed, 313 insertions(+), 13 deletions(-)

diff --git a/configure.ac b/configure.ac
index 17831a6..ee9dc01 100644
--- a/configure.ac
+++ b/configure.ac
@@ -70,7 +70,7 @@ AC_FUNC_STAT
AC_FUNC_STRERROR_R
AC_FUNC_STRFTIME
AC_FUNC_VPRINTF
-AC_CHECK_FUNCS([clock_gettime endpwent ftruncate getcwd gethostbyname inet_ntoa localtime_r memmove memset mkdir munmap putenv rmdir setrlimit socket strcasecmp strchr strcspn strdup strerror strncasecmp strpbrk strrchr strstr strtol tzset])
+AC_CHECK_FUNCS([endpwent ftruncate getcwd gethostbyname inet_ntoa localtime_r memmove memset mkdir munmap putenv rmdir setrlimit socket strcasecmp strchr strcspn strdup strerror strncasecmp strpbrk strrchr strstr strtol tzset])

# This will detect if we need to add the LIBADD_DL value for us.
LT_LIB_DLLOAD
diff --git a/dirsrvtests/tests/suites/betxns/betxn_test.py b/dirsrvtests/tests/suites/betxns/betxn_test.py
index ed8acbf..0f3d767 100644
--- a/dirsrvtests/tests/suites/betxns/betxn_test.py
+++ b/dirsrvtests/tests/suites/betxns/betxn_test.py
@@ -8,6 +8,7 @@
#
import pytest
import six
+import ldap
from lib389.tasks import *
from lib389.utils import *
from lib389.topologies import topology_st
@@ -195,6 +196,62 @@ def test_betxn_memberof(topology_st):
log.info('test_betxn_memberof: PASSED')


+def test_betxn_modrdn_memberof(topology_st):
+ """Test modrdn operartions and memberOf
+
+ :id: 70d0b96e-b693-4bf7-bbf5-102a66ac5994
+
+ :setup: Standalone instance
+
+ :steps: 1. Enable and configure memberOf plugin
+ 2. Set memberofgroupattr="member" and memberofAutoAddOC="nsContainer"
+ 3. Create group and user outside of memberOf plugin scope
+ 4. Do modrdn to move group into scope
+ 5. Do modrdn to move group into scope (again)
+
+ :expectedresults:
+ 1. memberOf plugin plugin should be ON
+ 2. Set memberofgroupattr="member" and memberofAutoAddOC="nsContainer" should PASS
+ 3. Creating group and user should PASS
+ 4. Modrdn should fail with objectclass violation
+ 5. Second modrdn should also fail with objectclass violation
+ """
+
+ peoplebase = 'ou=people,%s' % DEFAULT_SUFFIX
+ memberof = MemberOfPlugin(topology_st.standalone)
+ memberof.enable()
+ memberof.set_autoaddoc('nsContainer') # Bad OC
+ memberof.set('memberOfEntryScope', peoplebase)
+ memberof.set('memberOfAllBackends', 'on')
+ topology_st.standalone.restart()
+
+ groups = Groups(topology_st.standalone, DEFAULT_SUFFIX)
+ group = groups.create(properties={
+ 'cn': 'group',
+ })
+
+ # Create user and add it to group
+ users = UserAccounts(topology_st.standalone, basedn=DEFAULT_SUFFIX)
+ user = users.create(properties=TEST_USER_PROPERTIES)
+ if not ds_is_older('1.3.7'):
+ user.remove('objectClass', 'nsMemberOf')
+
+ group.add_member(user.dn)
+
+ # Attempt modrdn that should fail, but the original entry should stay in the cache
+ with pytest.raises(ldap.OBJECTCLASS_VIOLATION):
+ group.rename('cn=group_to_people', newsuperior=peoplebase)
+
+ # Should fail, but not with NO_SUCH_OBJECT as the original entry should still be in the cache
+ with pytest.raises(ldap.OBJECTCLASS_VIOLATION):
+ group.rename('cn=group_to_people', newsuperior=peoplebase)
+
+ #
+ # Done
+ #
+ log.info('test_betxn_modrdn_memberof: PASSED')
+
+
if __name__ == '__main__':
# Run isolated
# -s for DEBUG mode
diff --git a/ldap/servers/slapd/back-ldbm/back-ldbm.h b/ldap/servers/slapd/back-ldbm/back-ldbm.h
index 0bb15e3..9e2819a 100644
--- a/ldap/servers/slapd/back-ldbm/back-ldbm.h
+++ b/ldap/servers/slapd/back-ldbm/back-ldbm.h
@@ -303,8 +303,10 @@ struct backcommon {
#define ENTRY_STATE_DELETED 0x1 /* entry is marked as deleted */
#define ENTRY_STATE_CREATING 0x2 /* entry is being created; don't touch it */
#define ENTRY_STATE_NOTINCACHE 0x4 /* cache_add failed; not in the cache */
+#define ENTRY_STATE_INVALID 0x8 /* cache entry is invalid and needs to be removed */
int ep_refcnt; /* entry reference cnt */
size_t ep_size; /* for cache tracking */
+ struct timespec ep_create_time; /* the time the entry was added to the cache */
};

/* From ep_type through ep_size MUST be identical to backcommon */
@@ -316,6 +318,7 @@ struct backentry {
char ep_state; /* state in the cache */
int ep_refcnt; /* entry reference cnt */
size_t ep_size; /* for cache tracking */
+ struct timespec ep_create_time; /* the time the entry was added to the cache */
Slapi_Entry *ep_entry; /* real entry */
Slapi_Entry *ep_vlventry;
void * ep_dn_link; /* linkage for the 3 hash */
@@ -333,6 +336,7 @@ struct backdn {
char ep_state; /* state in the cache; share ENTRY_STATE_* */
int ep_refcnt; /* entry reference cnt */
size_t ep_size; /* for cache tracking */
+ struct timespec ep_create_time; /* the time the entry was added to the cache */
Slapi_DN *dn_sdn;
void *dn_id_link; /* for hash table */
};
diff --git a/ldap/servers/slapd/back-ldbm/backentry.c b/ldap/servers/slapd/back-ldbm/backentry.c
index 844df58..8b76d91 100644
--- a/ldap/servers/slapd/back-ldbm/backentry.c
+++ b/ldap/servers/slapd/back-ldbm/backentry.c
@@ -23,7 +23,7 @@ backentry_free( struct backentry **bep )
return;
}
ep = *bep;
- PR_ASSERT(ep->ep_state & (ENTRY_STATE_DELETED|ENTRY_STATE_NOTINCACHE));
+ PR_ASSERT(ep->ep_state & (ENTRY_STATE_DELETED | ENTRY_STATE_NOTINCACHE | ENTRY_STATE_INVALID));
if ( ep->ep_entry != NULL ) {
slapi_entry_free( ep->ep_entry );
}
diff --git a/ldap/servers/slapd/back-ldbm/cache.c b/ldap/servers/slapd/back-ldbm/cache.c
index 3e40eec..24f7795 100644
--- a/ldap/servers/slapd/back-ldbm/cache.c
+++ b/ldap/servers/slapd/back-ldbm/cache.c
@@ -55,6 +55,11 @@
#define LOG(...)
at

No comments:

Post a Comment