diff --git a/.389-ds-base.metadata b/.389-ds-base.metadata index cdaaccd..67cbf12 100644 --- a/.389-ds-base.metadata +++ b/.389-ds-base.metadata @@ -1,2 +1,2 @@ -e7345ce7d65766dc8d8a779d2661ec76a3913b63 SOURCES/389-ds-base-2.2.4.tar.bz2 +09d78ce7b3e2f3d5d28c889cabd56720a573ade3 SOURCES/389-ds-base-2.3.6.tar.bz2 1c8f2d0dfbf39fa8cd86363bf3314351ab21f8d4 SOURCES/jemalloc-5.3.0.tar.bz2 diff --git a/.gitignore b/.gitignore index 0b11ded..9c09797 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/389-ds-base-2.2.4.tar.bz2 +SOURCES/389-ds-base-2.3.6.tar.bz2 SOURCES/jemalloc-5.3.0.tar.bz2 diff --git a/SOURCES/0001-Issue-3729-cont-RFE-Extend-log-of-operations-statist.patch b/SOURCES/0001-Issue-3729-cont-RFE-Extend-log-of-operations-statist.patch deleted file mode 100644 index 623dc9c..0000000 --- a/SOURCES/0001-Issue-3729-cont-RFE-Extend-log-of-operations-statist.patch +++ /dev/null @@ -1,294 +0,0 @@ -From 8b89bf22dea16956e4a21174f28ec11f32fc2db4 Mon Sep 17 00:00:00 2001 -From: tbordaz -Date: Mon, 21 Nov 2022 11:41:15 +0100 -Subject: [PATCH 1/3] Issue 3729 - (cont) RFE Extend log of operations - statistics in access log (#5538) - -Bug description: - This is a continuation of the #3729 - The previous fix did not manage internal SRCH, so - statistics of internal SRCH were not logged - -Fix description: - For internal operation log_op_stat uses - connid/op_id/op_internal_id/op_nested_count that have been - computed log_result - - For direct operation log_op_stat uses info from the - operation itself (o_connid and o_opid) - - log_op_stat relies on operation_type rather than - o_tag that is not available for internal operation - -relates: #3729 - -Reviewed by: Pierre Rogier ---- - .../tests/suites/ds_logs/ds_logs_test.py | 90 ++++++++++++++++++- - ldap/servers/slapd/proto-slap.h | 2 +- - ldap/servers/slapd/result.c | 74 +++++++++------ - 3 files changed, 136 insertions(+), 30 deletions(-) - -diff --git a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py -index 865a6d0a3..67605438b 100644 ---- a/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py -+++ b/dirsrvtests/tests/suites/ds_logs/ds_logs_test.py -@@ -13,7 +13,7 @@ import pytest - import subprocess - from lib389._mapped_object import DSLdapObject - from lib389.topologies import topology_st --from lib389.plugins import AutoMembershipPlugin, ReferentialIntegrityPlugin, AutoMembershipDefinitions -+from lib389.plugins import AutoMembershipPlugin, ReferentialIntegrityPlugin, AutoMembershipDefinitions, MemberOfPlugin - from lib389.idm.user import UserAccounts - from lib389.idm.group import Groups - from lib389.idm.organizationalunit import OrganizationalUnits -@@ -1254,6 +1254,94 @@ def test_stat_index(topology_st, request): - - request.addfinalizer(fin) - -+def test_stat_internal_op(topology_st, request): -+ """Check that statistics can also be collected for internal operations -+ -+ :id: 19f393bd-5866-425a-af7a-4dade06d5c77 -+ :setup: Standalone Instance -+ :steps: -+ 1. Check that nsslapd-statlog-level is 0 (default) -+ 2. Enable memberof plugins -+ 3. Create a user -+ 4. Remove access log (to only detect new records) -+ 5. Enable statistic logging nsslapd-statlog-level=1 -+ 6. Check that on direct SRCH there is no 'Internal' Stat records -+ 7. Remove access log (to only detect new records) -+ 8. Add group with the user, so memberof triggers internal search -+ and check it exists 'Internal' Stat records -+ :expectedresults: -+ 1. Success -+ 2. Success -+ 3. Success -+ 4. Success -+ 5. Success -+ 6. Success -+ 7. Success -+ 8. Success -+ """ -+ -+ inst = topology_st.standalone -+ -+ # Step 1 -+ log.info("Assert nsslapd-statlog-level is by default 0") -+ assert topology_st.standalone.config.get_attr_val_int("nsslapd-statlog-level") == 0 -+ -+ # Step 2 -+ memberof = MemberOfPlugin(inst) -+ memberof.enable() -+ inst.restart() -+ -+ # Step 3 Add setup entries -+ users = UserAccounts(inst, DEFAULT_SUFFIX, rdn=None) -+ user = users.create(properties={'uid': 'test_1', -+ 'cn': 'test_1', -+ 'sn': 'test_1', -+ 'description': 'member', -+ 'uidNumber': '1000', -+ 'gidNumber': '2000', -+ 'homeDirectory': '/home/testuser'}) -+ # Step 4 reset accesslog -+ topology_st.standalone.stop() -+ lpath = topology_st.standalone.ds_access_log._get_log_path() -+ os.unlink(lpath) -+ topology_st.standalone.start() -+ -+ # Step 5 enable statistics -+ log.info("Set nsslapd-statlog-level: 1 to enable indexing statistics") -+ topology_st.standalone.config.set("nsslapd-statlog-level", "1") -+ -+ # Step 6 for direct SRCH only non internal STAT records -+ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, "uid=test_1") -+ topology_st.standalone.stop() -+ assert topology_st.standalone.ds_access_log.match('.*STAT read index.*') -+ assert topology_st.standalone.ds_access_log.match('.*STAT read index: attribute.*') -+ assert topology_st.standalone.ds_access_log.match('.*STAT read index: duration.*') -+ assert not topology_st.standalone.ds_access_log.match('.*Internal.*STAT.*') -+ topology_st.standalone.start() -+ -+ # Step 7 reset accesslog -+ topology_st.standalone.stop() -+ lpath = topology_st.standalone.ds_access_log._get_log_path() -+ os.unlink(lpath) -+ topology_st.standalone.start() -+ -+ # Step 8 trigger internal searches and check internal stat records -+ groups = Groups(inst, DEFAULT_SUFFIX, rdn=None) -+ group = groups.create(properties={'cn': 'mygroup', -+ 'member': 'uid=test_1,%s' % DEFAULT_SUFFIX, -+ 'description': 'group'}) -+ topology_st.standalone.restart() -+ assert topology_st.standalone.ds_access_log.match('.*Internal.*STAT read index.*') -+ assert topology_st.standalone.ds_access_log.match('.*Internal.*STAT read index: attribute.*') -+ assert topology_st.standalone.ds_access_log.match('.*Internal.*STAT read index: duration.*') -+ -+ def fin(): -+ log.info('Deleting user/group') -+ user.delete() -+ group.delete() -+ -+ request.addfinalizer(fin) -+ - if __name__ == '__main__': - # Run isolated - # -s for DEBUG mode -diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h -index 77832797b..c63ad8e74 100644 ---- a/ldap/servers/slapd/proto-slap.h -+++ b/ldap/servers/slapd/proto-slap.h -@@ -515,7 +515,7 @@ long long config_get_pw_minage(void); - long long config_get_pw_warning(void); - int config_get_errorlog_level(void); - int config_get_accesslog_level(void); --int config_get_statlog_level(); -+int config_get_statlog_level(void); - int config_get_securitylog_level(void); - int config_get_auditlog_logging_enabled(void); - int config_get_auditfaillog_logging_enabled(void); -diff --git a/ldap/servers/slapd/result.c b/ldap/servers/slapd/result.c -index c8b363cce..2ba205e04 100644 ---- a/ldap/servers/slapd/result.c -+++ b/ldap/servers/slapd/result.c -@@ -33,7 +33,7 @@ static long current_conn_count; - static PRLock *current_conn_count_mutex; - static int flush_ber(Slapi_PBlock *pb, Connection *conn, Operation *op, BerElement *ber, int type); - static char *notes2str(unsigned int notes, char *buf, size_t buflen); --static void log_op_stat(Slapi_PBlock *pb); -+static void log_op_stat(Slapi_PBlock *pb, uint64_t connid, int32_t op_id, int32_t op_internal_id, int32_t op_nested_count); - static void log_result(Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentries); - static void log_entry(Operation *op, Slapi_Entry *e); - static void log_referral(Operation *op); -@@ -2000,65 +2000,82 @@ notes2str(unsigned int notes, char *buf, size_t buflen) - return (buf); - } - -+#define STAT_LOG_CONN_OP_FMT_INT_INT "conn=Internal(%" PRIu64 ") op=%d(%d)(%d)" -+#define STAT_LOG_CONN_OP_FMT_EXT_INT "conn=%" PRIu64 " (Internal) op=%d(%d)(%d)" - static void --log_op_stat(Slapi_PBlock *pb) -+log_op_stat(Slapi_PBlock *pb, uint64_t connid, int32_t op_id, int32_t op_internal_id, int32_t op_nested_count) - { -- -- Connection *conn = NULL; - Operation *op = NULL; - Op_stat *op_stat; - struct timespec duration; - char stat_etime[ETIME_BUFSIZ] = {0}; -+ int internal_op; - - if (config_get_statlog_level() == 0) { - return; - } - -- slapi_pblock_get(pb, SLAPI_CONNECTION, &conn); - slapi_pblock_get(pb, SLAPI_OPERATION, &op); -+ internal_op = operation_is_flag_set(op, OP_FLAG_INTERNAL); - op_stat = op_stat_get_operation_extension(pb); - -- if (conn == NULL || op == NULL || op_stat == NULL) { -+ if (op == NULL || op_stat == NULL) { - return; - } - /* process the operation */ -- switch (op->o_tag) { -- case LDAP_REQ_BIND: -- case LDAP_REQ_UNBIND: -- case LDAP_REQ_ADD: -- case LDAP_REQ_DELETE: -- case LDAP_REQ_MODRDN: -- case LDAP_REQ_MODIFY: -- case LDAP_REQ_COMPARE: -+ switch (operation_get_type(op)) { -+ case SLAPI_OPERATION_BIND: -+ case SLAPI_OPERATION_UNBIND: -+ case SLAPI_OPERATION_ADD: -+ case SLAPI_OPERATION_DELETE: -+ case SLAPI_OPERATION_MODRDN: -+ case SLAPI_OPERATION_MODIFY: -+ case SLAPI_OPERATION_COMPARE: -+ case SLAPI_OPERATION_EXTENDED: - break; -- case LDAP_REQ_SEARCH: -+ case SLAPI_OPERATION_SEARCH: - if ((LDAP_STAT_READ_INDEX & config_get_statlog_level()) && - op_stat->search_stat) { - struct component_keys_lookup *key_info; - for (key_info = op_stat->search_stat->keys_lookup; key_info; key_info = key_info->next) { -- slapi_log_stat(LDAP_STAT_READ_INDEX, -- "conn=%" PRIu64 " op=%d STAT read index: attribute=%s key(%s)=%s --> count %d\n", -- op->o_connid, op->o_opid, -- key_info->attribute_type, key_info->index_type, key_info->key, -- key_info->id_lookup_cnt); -+ if (internal_op) { -+ slapi_log_stat(LDAP_STAT_READ_INDEX, -+ connid == 0 ? STAT_LOG_CONN_OP_FMT_INT_INT "STAT read index: attribute=%s key(%s)=%s --> count %d\n": -+ STAT_LOG_CONN_OP_FMT_EXT_INT "STAT read index: attribute=%s key(%s)=%s --> count %d\n", -+ connid, op_id, op_internal_id, op_nested_count, -+ key_info->attribute_type, key_info->index_type, key_info->key, -+ key_info->id_lookup_cnt); -+ } else { -+ slapi_log_stat(LDAP_STAT_READ_INDEX, -+ "conn=%" PRIu64 " op=%d STAT read index: attribute=%s key(%s)=%s --> count %d\n", -+ connid, op_id, -+ key_info->attribute_type, key_info->index_type, key_info->key, -+ key_info->id_lookup_cnt); -+ } - } - - /* total elapsed time */ - slapi_timespec_diff(&op_stat->search_stat->keys_lookup_end, &op_stat->search_stat->keys_lookup_start, &duration); - snprintf(stat_etime, ETIME_BUFSIZ, "%" PRId64 ".%.09" PRId64 "", (int64_t)duration.tv_sec, (int64_t)duration.tv_nsec); -- slapi_log_stat(LDAP_STAT_READ_INDEX, -- "conn=%" PRIu64 " op=%d STAT read index: duration %s\n", -- op->o_connid, op->o_opid, stat_etime); -+ if (internal_op) { -+ slapi_log_stat(LDAP_STAT_READ_INDEX, -+ connid == 0 ? STAT_LOG_CONN_OP_FMT_INT_INT "STAT read index: duration %s\n": -+ STAT_LOG_CONN_OP_FMT_EXT_INT "STAT read index: duration %s\n", -+ connid, op_id, op_internal_id, op_nested_count, stat_etime); -+ } else { -+ slapi_log_stat(LDAP_STAT_READ_INDEX, -+ "conn=%" PRIu64 " op=%d STAT read index: duration %s\n", -+ op->o_connid, op->o_opid, stat_etime); -+ } - } - break; -- case LDAP_REQ_ABANDON_30: -- case LDAP_REQ_ABANDON: -+ case SLAPI_OPERATION_ABANDON: - break; - - default: - slapi_log_err(SLAPI_LOG_ERR, -- "log_op_stat", "Ignoring unknown LDAP request (conn=%" PRIu64 ", tag=0x%lx)\n", -- conn->c_connid, op->o_tag); -+ "log_op_stat", "Ignoring unknown LDAP request (conn=%" PRIu64 ", op_type=0x%lx)\n", -+ connid, operation_get_type(op)); - break; - } - } -@@ -2218,7 +2235,7 @@ log_result(Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentries - } else { - ext_str = ""; - } -- log_op_stat(pb); -+ log_op_stat(pb, op->o_connid, op->o_opid, 0, 0); - slapi_log_access(LDAP_DEBUG_STATS, - "conn=%" PRIu64 " op=%d RESULT err=%d" - " tag=%" BERTAG_T " nentries=%d wtime=%s optime=%s etime=%s%s%s%s\n", -@@ -2233,6 +2250,7 @@ log_result(Slapi_PBlock *pb, Operation *op, int err, ber_tag_t tag, int nentries - } - } else { - int optype; -+ log_op_stat(pb, connid, op_id, op_internal_id, op_nested_count); - #define LOG_MSG_FMT " tag=%" BERTAG_T " nentries=%d wtime=%s optime=%s etime=%s%s%s\n" - slapi_log_access(LDAP_DEBUG_ARGS, - connid == 0 ? LOG_CONN_OP_FMT_INT_INT LOG_MSG_FMT : --- -2.38.1 - diff --git a/SOURCES/0002-Issue-5544-Increase-default-task-TTL.patch b/SOURCES/0002-Issue-5544-Increase-default-task-TTL.patch deleted file mode 100644 index 9d1497c..0000000 --- a/SOURCES/0002-Issue-5544-Increase-default-task-TTL.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 3bc889b6564b70c5113f74e8add1a47b38fce04b Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Mon, 28 Nov 2022 09:47:09 -0500 -Subject: [PATCH 2/3] Issue 5544 - Increase default task TTL - -Description: Increase the Time To Live of tasks from 1 hour to 12 hours - -relates: https://github.com/389ds/389-ds-base/issues/5544 - -Reviewed by: progier(Thanks!) ---- - ldap/servers/slapd/task.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c -index c0e3dd7c4..1dc4f6b28 100644 ---- a/ldap/servers/slapd/task.c -+++ b/ldap/servers/slapd/task.c -@@ -48,7 +48,7 @@ static uint64_t shutting_down = 0; - #define TASK_DATE_NAME "nsTaskCreated" - #define TASK_WARNING_NAME "nsTaskWarning" - --#define DEFAULT_TTL "3600" /* seconds */ -+#define DEFAULT_TTL "43200" /* 12 hours in seconds */ - #define TASK_SYSCONFIG_FILE_ATTR "sysconfigfile" /* sysconfig reload task file attr */ - #define TASK_SYSCONFIG_LOGCHANGES_ATTR "logchanges" - #define TASK_TOMBSTONE_FIXUP "fixup tombstones task" --- -2.38.1 - diff --git a/SOURCES/0003-Issue-5413-Allow-mutliple-MemberOf-fixup-tasks-with-.patch b/SOURCES/0003-Issue-5413-Allow-mutliple-MemberOf-fixup-tasks-with-.patch deleted file mode 100644 index 81c4963..0000000 --- a/SOURCES/0003-Issue-5413-Allow-mutliple-MemberOf-fixup-tasks-with-.patch +++ /dev/null @@ -1,219 +0,0 @@ -From 99dbba52eb45628c7f290e9ed3aeabb2a2a67db4 Mon Sep 17 00:00:00 2001 -From: Mark Reynolds -Date: Tue, 13 Dec 2022 09:41:34 -0500 -Subject: [PATCH] Issue 5413 - Allow mutliple MemberOf fixup tasks with - different bases/filters - -Description: - -A change was made to only allow a single fixup task at a time, but there are -cases where you would want to run mutliple tasks but on different branches/filters. - -Now we maintain a linked list of bases/filters of the current running tasks to -monitor this. - -relates: https://github.com/389ds/389-ds-base/issues/5413 - -Reviewed by: tbordaz(Thanks!) ---- - .../suites/memberof_plugin/fixup_test.py | 5 +- - ldap/servers/plugins/memberof/memberof.c | 101 ++++++++++++++---- - 2 files changed, 85 insertions(+), 21 deletions(-) - -diff --git a/dirsrvtests/tests/suites/memberof_plugin/fixup_test.py b/dirsrvtests/tests/suites/memberof_plugin/fixup_test.py -index 9566e144c..d5369439f 100644 ---- a/dirsrvtests/tests/suites/memberof_plugin/fixup_test.py -+++ b/dirsrvtests/tests/suites/memberof_plugin/fixup_test.py -@@ -59,12 +59,15 @@ def test_fixup_task_limit(topo): - with pytest.raises(ldap.UNWILLING_TO_PERFORM): - memberof.fixup(DEFAULT_SUFFIX) - -+ # Add second task but on different suffix which should be allowed -+ memberof.fixup("ou=people," + DEFAULT_SUFFIX) -+ - # Wait for first task to complete - task.wait() - - # Add new task which should be allowed now - memberof.fixup(DEFAULT_SUFFIX) -- -+ - - if __name__ == '__main__': - # Run isolated -diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c -index 0b8cfe95c..a14617044 100644 ---- a/ldap/servers/plugins/memberof/memberof.c -+++ b/ldap/servers/plugins/memberof/memberof.c -@@ -52,7 +52,6 @@ static Slapi_DN* _pluginDN = NULL; - MemberOfConfig *qsortConfig = 0; - static int usetxn = 0; - static int premodfn = 0; --static PRBool fixup_running = PR_FALSE; - static PRLock *fixup_lock = NULL; - static int32_t fixup_progress_count = 0; - static int64_t fixup_progress_elapsed = 0; -@@ -65,6 +64,15 @@ typedef struct _memberofstringll - void *next; - } memberofstringll; - -+typedef struct _fixup_ll -+{ -+ Slapi_DN *sdn; -+ char *filter_str; -+ void *next; -+} mo_fixup_ll; -+ -+static mo_fixup_ll *fixup_list = NULL; -+ - typedef struct _memberof_get_groups_data - { - MemberOfConfig *config; -@@ -438,6 +446,15 @@ memberof_postop_close(Slapi_PBlock *pb __attribute__((unused))) - PR_DestroyLock(fixup_lock); - fixup_lock = NULL; - -+ mo_fixup_ll *fixup_task = fixup_list; -+ while (fixup_task != NULL) { -+ mo_fixup_ll *tmp = fixup_task; -+ fixup_task = fixup_task->next; -+ slapi_sdn_free(&tmp->sdn); -+ slapi_ch_free_string(&tmp->filter_str); -+ slapi_ch_free((void**)&tmp); -+ } -+ - slapi_log_err(SLAPI_LOG_TRACE, MEMBEROF_PLUGIN_SUBSYSTEM, - "<-- memberof_postop_close\n"); - return 0; -@@ -2817,7 +2834,6 @@ memberof_fixup_task_thread(void *arg) - } - - PR_Lock(fixup_lock); -- fixup_running = PR_TRUE; - fixup_progress_count = 0; - fixup_progress_elapsed = slapi_current_rel_time_t(); - fixup_start_time = slapi_current_rel_time_t(); -@@ -2849,11 +2865,10 @@ memberof_fixup_task_thread(void *arg) - /* Mark this as a task operation */ - configCopy.fixup_task = 1; - configCopy.task = task; -- -+ Slapi_DN *sdn = slapi_sdn_new_dn_byref(td->dn); - if (usetxn) { -- Slapi_DN *sdn = slapi_sdn_new_dn_byref(td->dn); - Slapi_Backend *be = slapi_be_select_exact(sdn); -- slapi_sdn_free(&sdn); -+ - if (be) { - fixup_pb = slapi_pblock_new(); - slapi_pblock_set(fixup_pb, SLAPI_BACKEND, be); -@@ -2894,14 +2909,37 @@ done: - fixup_progress_count, slapi_current_rel_time_t() - fixup_start_time); - slapi_task_inc_progress(task); - -+ /* Cleanup task linked list */ -+ PR_Lock(fixup_lock); -+ mo_fixup_ll *prev = NULL; -+ for (mo_fixup_ll *curr = fixup_list; curr; curr = curr->next) { -+ mo_fixup_ll *next = curr->next; -+ if (slapi_sdn_compare(curr->sdn, sdn) == 0 && -+ strcasecmp(curr->filter_str, td->filter_str) == 0) -+ { -+ /* free current code */ -+ slapi_sdn_free(&curr->sdn); -+ slapi_ch_free_string(&curr->filter_str); -+ slapi_ch_free((void**)&curr); -+ -+ /* update linked list */ -+ if (prev == NULL) { -+ /* first node */ -+ fixup_list = next; -+ } else { -+ prev->next = next; -+ } -+ break; -+ } -+ prev = curr; -+ } -+ PR_Unlock(fixup_lock); -+ slapi_sdn_free(&sdn); -+ - /* this will queue the destruction of the task */ - slapi_task_finish(task, rc); - slapi_task_dec_refcount(task); - -- PR_Lock(fixup_lock); -- fixup_running = PR_FALSE; -- PR_Unlock(fixup_lock); -- - slapi_log_err(SLAPI_LOG_INFO, MEMBEROF_PLUGIN_SUBSYSTEM, - "memberof_fixup_task_thread - Memberof task finished (processed %d entries in %ld seconds)\n", - fixup_progress_count, slapi_current_rel_time_t() - fixup_start_time); -@@ -2919,23 +2957,13 @@ memberof_task_add(Slapi_PBlock *pb, - int rv = SLAPI_DSE_CALLBACK_OK; - task_data *mytaskdata = NULL; - Slapi_Task *task = NULL; -+ Slapi_DN *sdn = NULL; - char *bind_dn; - const char *filter; - const char *dn = 0; - - *returncode = LDAP_SUCCESS; - -- PR_Lock(fixup_lock); -- if (fixup_running) { -- PR_Unlock(fixup_lock); -- *returncode = LDAP_UNWILLING_TO_PERFORM; -- slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, -- "memberof_task_add - there is already a fixup task running\n"); -- rv = SLAPI_DSE_CALLBACK_ERROR; -- goto out; -- } -- PR_Unlock(fixup_lock); -- - /* get arg(s) */ - if ((dn = slapi_entry_attr_get_ref(e, "basedn")) == NULL) { - *returncode = LDAP_OBJECT_CLASS_VIOLATION; -@@ -2949,6 +2977,39 @@ memberof_task_add(Slapi_PBlock *pb, - goto out; - } - -+ PR_Lock(fixup_lock); -+ sdn = slapi_sdn_new_dn_byval(dn); -+ if (fixup_list == NULL) { -+ fixup_list = (mo_fixup_ll *)slapi_ch_calloc(1, sizeof(mo_fixup_ll)); -+ fixup_list->sdn = sdn; -+ fixup_list->filter_str = slapi_ch_strdup(filter); -+ } else { -+ for (mo_fixup_ll *fixup_task = fixup_list; fixup_task; fixup_task = fixup_task->next) { -+ if (slapi_sdn_compare(sdn, fixup_task->sdn) == 0 && -+ strcasecmp(filter, fixup_task->filter_str) == 0) -+ { -+ /* Found an identical running task, reject it */ -+ PR_Unlock(fixup_lock); -+ slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM, -+ "memberof_task_add - there is already an identical fixup task running: base: %s filter: %s\n", -+ slapi_sdn_get_dn(sdn), filter); -+ slapi_sdn_free(&sdn); -+ *returncode = LDAP_UNWILLING_TO_PERFORM; -+ rv = SLAPI_DSE_CALLBACK_ERROR; -+ goto out; -+ } -+ } -+ /* Add the new task DN to the top of the list */ -+ mo_fixup_ll *head = fixup_list; -+ mo_fixup_ll *new_task = (mo_fixup_ll *)slapi_ch_calloc(1, sizeof(mo_fixup_ll)); -+ new_task->sdn = sdn; -+ new_task->filter_str = slapi_ch_strdup(filter); -+ new_task->next = head; -+ fixup_list = new_task; -+ } -+ PR_Unlock(fixup_lock); -+ -+ - /* setup our task data */ - slapi_pblock_get(pb, SLAPI_REQUESTOR_DN, &bind_dn); - mytaskdata = (task_data *)slapi_ch_malloc(sizeof(task_data)); --- -2.38.1 - diff --git a/SOURCES/389-ds-base.sysusers b/SOURCES/389-ds-base.sysusers new file mode 100644 index 0000000..32a3452 --- /dev/null +++ b/SOURCES/389-ds-base.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +g dirsrv 389 +u dirsrv 389:389 "user for 389-ds-base" /usr/share/dirsrv/ /sbin/nologin diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec index da1781a..373c149 100644 --- a/SPECS/389-ds-base.spec +++ b/SPECS/389-ds-base.spec @@ -46,9 +46,9 @@ ExcludeArch: i686 Summary: 389 Directory Server (base) Name: 389-ds-base -Version: 2.2.4 -Release: 3%{?dist} -License: GPLv3+ and (ASL 2.0 or MIT) +Version: 2.3.6 +Release: 2%{?dist} +License: GPLv3+ and MIT and ASL 2.0 URL: https://www.port389.org Conflicts: selinux-policy-base < 3.9.8 Conflicts: freeipa-server < 4.0.3 @@ -58,82 +58,94 @@ Obsoletes: %{name}-legacy-tools-debuginfo < 1.4.4.6 Provides: ldif2ldbm >= 0 ##### Bundled cargo crates list - START ##### +Provides: bundled(crate(addr2line)) = 0.20.0 +Provides: bundled(crate(adler)) = 1.0.2 Provides: bundled(crate(ahash)) = 0.7.6 Provides: bundled(crate(ansi_term)) = 0.12.1 Provides: bundled(crate(atty)) = 0.2.14 Provides: bundled(crate(autocfg)) = 1.1.0 -Provides: bundled(crate(base64)) = 0.13.0 +Provides: bundled(crate(backtrace)) = 0.3.68 +Provides: bundled(crate(base64)) = 0.13.1 Provides: bundled(crate(bitflags)) = 1.3.2 +Provides: bundled(crate(bitflags)) = 2.3.3 Provides: bundled(crate(byteorder)) = 1.4.3 Provides: bundled(crate(cbindgen)) = 0.9.1 -Provides: bundled(crate(cc)) = 1.0.73 +Provides: bundled(crate(cc)) = 1.0.82 Provides: bundled(crate(cfg-if)) = 1.0.0 Provides: bundled(crate(clap)) = 2.34.0 Provides: bundled(crate(concread)) = 0.2.21 Provides: bundled(crate(crossbeam)) = 0.8.2 -Provides: bundled(crate(crossbeam-channel)) = 0.5.6 -Provides: bundled(crate(crossbeam-deque)) = 0.8.2 -Provides: bundled(crate(crossbeam-epoch)) = 0.9.10 -Provides: bundled(crate(crossbeam-queue)) = 0.3.6 -Provides: bundled(crate(crossbeam-utils)) = 0.8.11 +Provides: bundled(crate(crossbeam-channel)) = 0.5.8 +Provides: bundled(crate(crossbeam-deque)) = 0.8.3 +Provides: bundled(crate(crossbeam-epoch)) = 0.9.15 +Provides: bundled(crate(crossbeam-queue)) = 0.3.8 +Provides: bundled(crate(crossbeam-utils)) = 0.8.16 Provides: bundled(crate(entryuuid)) = 0.1.0 Provides: bundled(crate(entryuuid_syntax)) = 0.1.0 -Provides: bundled(crate(fastrand)) = 1.8.0 +Provides: bundled(crate(errno)) = 0.3.2 +Provides: bundled(crate(errno-dragonfly)) = 0.1.2 +Provides: bundled(crate(fastrand)) = 2.0.0 Provides: bundled(crate(fernet)) = 0.1.4 Provides: bundled(crate(foreign-types)) = 0.3.2 Provides: bundled(crate(foreign-types-shared)) = 0.1.1 -Provides: bundled(crate(getrandom)) = 0.2.7 +Provides: bundled(crate(getrandom)) = 0.2.10 +Provides: bundled(crate(gimli)) = 0.27.3 Provides: bundled(crate(hashbrown)) = 0.12.3 Provides: bundled(crate(hermit-abi)) = 0.1.19 Provides: bundled(crate(instant)) = 0.1.12 -Provides: bundled(crate(itoa)) = 1.0.3 -Provides: bundled(crate(jobserver)) = 0.1.24 -Provides: bundled(crate(libc)) = 0.2.132 +Provides: bundled(crate(itoa)) = 1.0.9 +Provides: bundled(crate(jobserver)) = 0.1.26 +Provides: bundled(crate(libc)) = 0.2.147 Provides: bundled(crate(librnsslapd)) = 0.1.0 Provides: bundled(crate(librslapd)) = 0.1.0 -Provides: bundled(crate(lock_api)) = 0.4.7 -Provides: bundled(crate(log)) = 0.4.17 +Provides: bundled(crate(linux-raw-sys)) = 0.4.5 +Provides: bundled(crate(lock_api)) = 0.4.10 +Provides: bundled(crate(log)) = 0.4.19 Provides: bundled(crate(lru)) = 0.7.8 -Provides: bundled(crate(memoffset)) = 0.6.5 -Provides: bundled(crate(once_cell)) = 1.13.1 -Provides: bundled(crate(openssl)) = 0.10.41 -Provides: bundled(crate(openssl-macros)) = 0.1.0 -Provides: bundled(crate(openssl-sys)) = 0.9.75 +Provides: bundled(crate(memchr)) = 2.5.0 +Provides: bundled(crate(memoffset)) = 0.9.0 +Provides: bundled(crate(miniz_oxide)) = 0.7.1 +Provides: bundled(crate(object)) = 0.31.1 +Provides: bundled(crate(once_cell)) = 1.18.0 +Provides: bundled(crate(openssl)) = 0.10.56 +Provides: bundled(crate(openssl-macros)) = 0.1.1 +Provides: bundled(crate(openssl-sys)) = 0.9.91 Provides: bundled(crate(parking_lot)) = 0.11.2 -Provides: bundled(crate(parking_lot_core)) = 0.8.5 +Provides: bundled(crate(parking_lot_core)) = 0.8.6 Provides: bundled(crate(paste)) = 0.1.18 Provides: bundled(crate(paste-impl)) = 0.1.18 -Provides: bundled(crate(pin-project-lite)) = 0.2.9 -Provides: bundled(crate(pkg-config)) = 0.3.25 -Provides: bundled(crate(ppv-lite86)) = 0.2.16 -Provides: bundled(crate(proc-macro-hack)) = 0.5.19 -Provides: bundled(crate(proc-macro2)) = 1.0.43 +Provides: bundled(crate(pin-project-lite)) = 0.2.11 +Provides: bundled(crate(pkg-config)) = 0.3.27 +Provides: bundled(crate(ppv-lite86)) = 0.2.17 +Provides: bundled(crate(proc-macro-hack)) = 0.5.20+deprecated +Provides: bundled(crate(proc-macro2)) = 1.0.66 Provides: bundled(crate(pwdchan)) = 0.1.0 -Provides: bundled(crate(quote)) = 1.0.21 +Provides: bundled(crate(quote)) = 1.0.32 Provides: bundled(crate(rand)) = 0.8.5 Provides: bundled(crate(rand_chacha)) = 0.3.1 -Provides: bundled(crate(rand_core)) = 0.6.3 +Provides: bundled(crate(rand_core)) = 0.6.4 Provides: bundled(crate(redox_syscall)) = 0.2.16 -Provides: bundled(crate(remove_dir_all)) = 0.5.3 -Provides: bundled(crate(ryu)) = 1.0.11 -Provides: bundled(crate(scopeguard)) = 1.1.0 -Provides: bundled(crate(serde)) = 1.0.143 -Provides: bundled(crate(serde_derive)) = 1.0.143 -Provides: bundled(crate(serde_json)) = 1.0.83 +Provides: bundled(crate(redox_syscall)) = 0.3.5 +Provides: bundled(crate(rustc-demangle)) = 0.1.23 +Provides: bundled(crate(rustix)) = 0.38.7 +Provides: bundled(crate(ryu)) = 1.0.15 +Provides: bundled(crate(scopeguard)) = 1.2.0 +Provides: bundled(crate(serde)) = 1.0.183 +Provides: bundled(crate(serde_derive)) = 1.0.183 +Provides: bundled(crate(serde_json)) = 1.0.104 Provides: bundled(crate(slapd)) = 0.1.0 Provides: bundled(crate(slapi_r_plugin)) = 0.1.0 -Provides: bundled(crate(smallvec)) = 1.9.0 +Provides: bundled(crate(smallvec)) = 1.11.0 Provides: bundled(crate(strsim)) = 0.8.0 -Provides: bundled(crate(syn)) = 1.0.99 -Provides: bundled(crate(synstructure)) = 0.12.6 -Provides: bundled(crate(tempfile)) = 3.3.0 +Provides: bundled(crate(syn)) = 1.0.109 +Provides: bundled(crate(syn)) = 2.0.28 +Provides: bundled(crate(tempfile)) = 3.7.1 Provides: bundled(crate(textwrap)) = 0.11.0 -Provides: bundled(crate(tokio)) = 1.20.1 -Provides: bundled(crate(tokio-macros)) = 1.8.0 -Provides: bundled(crate(toml)) = 0.5.9 -Provides: bundled(crate(unicode-ident)) = 1.0.3 -Provides: bundled(crate(unicode-width)) = 0.1.9 -Provides: bundled(crate(unicode-xid)) = 0.2.3 +Provides: bundled(crate(tokio)) = 1.29.1 +Provides: bundled(crate(tokio-macros)) = 2.1.0 +Provides: bundled(crate(toml)) = 0.5.11 +Provides: bundled(crate(unicode-ident)) = 1.0.11 +Provides: bundled(crate(unicode-width)) = 0.1.10 Provides: bundled(crate(uuid)) = 0.8.2 Provides: bundled(crate(vcpkg)) = 0.2.15 Provides: bundled(crate(vec_map)) = 0.8.2 @@ -142,8 +154,17 @@ Provides: bundled(crate(wasi)) = 0.11.0+wasi_snapshot_preview1 Provides: bundled(crate(winapi)) = 0.3.9 Provides: bundled(crate(winapi-i686-pc-windows-gnu)) = 0.4.0 Provides: bundled(crate(winapi-x86_64-pc-windows-gnu)) = 0.4.0 -Provides: bundled(crate(zeroize)) = 1.5.7 -Provides: bundled(crate(zeroize_derive)) = 1.3.2 +Provides: bundled(crate(windows-sys)) = 0.48.0 +Provides: bundled(crate(windows-targets)) = 0.48.1 +Provides: bundled(crate(windows_aarch64_gnullvm)) = 0.48.0 +Provides: bundled(crate(windows_aarch64_msvc)) = 0.48.0 +Provides: bundled(crate(windows_i686_gnu)) = 0.48.0 +Provides: bundled(crate(windows_i686_msvc)) = 0.48.0 +Provides: bundled(crate(windows_x86_64_gnu)) = 0.48.0 +Provides: bundled(crate(windows_x86_64_gnullvm)) = 0.48.0 +Provides: bundled(crate(windows_x86_64_msvc)) = 0.48.0 +Provides: bundled(crate(zeroize)) = 1.6.0 +Provides: bundled(crate(zeroize_derive)) = 1.4.2 ##### Bundled cargo crates list - END ##### BuildRequires: nspr-devel >= 4.32 @@ -175,6 +196,8 @@ BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: systemd-units BuildRequires: systemd-devel +BuildRequires: systemd-rpm-macros +%{?sysusers_requires_compat} %if %{use_asan} BuildRequires: libasan %endif @@ -208,6 +231,7 @@ BuildRequires: python%{python3_pkgversion}-argcomplete BuildRequires: python%{python3_pkgversion}-argparse-manpage BuildRequires: python%{python3_pkgversion}-libselinux BuildRequires: python%{python3_pkgversion}-policycoreutils +BuildRequires: python%{python3_pkgversion}-cryptography # For cockpit %if %{use_cockpit} @@ -269,10 +293,7 @@ Source2: %{name}-devel.README %if %{bundle_jemalloc} Source3: https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2 %endif -Patch01: 0001-Issue-3729-cont-RFE-Extend-log-of-operations-statist.patch -Patch02: 0002-Issue-5544-Increase-default-task-TTL.patch -Patch03: 0003-Issue-5413-Allow-mutliple-MemberOf-fixup-tasks-with-.patch - +Source4: 389-ds-base.sysusers %description 389 Directory Server is an LDAPv3 compliant server. The base package includes @@ -352,6 +373,7 @@ Requires: python%{python3_pkgversion}-dateutil Requires: python%{python3_pkgversion}-argcomplete Requires: python%{python3_pkgversion}-libselinux Requires: python%{python3_pkgversion}-setuptools +Requires: python%{python3_pkgversion}-cryptography %{?python_provide:%python_provide python%{python3_pkgversion}-lib389} %description -n python%{python3_pkgversion}-lib389 @@ -499,6 +521,7 @@ mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} # for systemd mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants +install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/389-ds-base.conf # remove libtool archives and static libs rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a @@ -533,20 +556,8 @@ fi # https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation # Soft static allocation for UID and GID -USERNAME="dirsrv" -ALLOCATED_UID=389 -GROUPNAME="dirsrv" -ALLOCATED_GID=389 -HOMEDIR="/usr/share/dirsrv" - -getent group $GROUPNAME >/dev/null || /usr/sbin/groupadd -f -g $ALLOCATED_GID -r $GROUPNAME -if ! getent passwd $USERNAME >/dev/null ; then - if ! getent passwd $ALLOCATED_UID >/dev/null ; then - /usr/sbin/useradd -r -u $ALLOCATED_UID -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - else - /usr/sbin/useradd -r -g $GROUPNAME -d $HOMEDIR -s /sbin/nologin -c "user for 389-ds-base" $USERNAME - fi -fi +# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format +%sysusers_create_compat %{SOURCE4} # Reload our sysctl before we restart (if we can) sysctl --system &> $output; true @@ -620,6 +631,7 @@ exit 0 %config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif %dir %{_sysconfdir}/%{pkgname}/config %dir %{_sysconfdir}/systemd/system/%{groupname}.wants +%{_sysusersdir}/389-ds-base.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf %config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf %{_datadir}/%{pkgname} @@ -723,6 +735,30 @@ exit 0 %endif %changelog +* Tue Aug 8 2023 Mark Reynolds - 2.3.6-2 +- Bump version to 2.3.6-2 +- Resolves: rhbz#2225532 - 389-ds-base FTBFS with rust-1.71.0 +- Resolves: rhbz#2218209 - useradd: invalid user ID '389:389': installing 389-ds-base in container fails to create the dirsrv user +- Resolves: rhbz#2207691 - python3-lib389: Python tarfile extraction needs change to avoid a warning +- Resolves: rhbz#2179278 - dirsrv failed to start after reboot because "dirsrv" did not have access on /run/dirsrv + +* Mon Jul 24 2023 Mark Reynolds - 2.3.4-3 +- Bump version to 2.3.4-3 +- Resolves: rhbz#2189954 - RFE Improve reponse time to filters containing 'nsrole' +- Resolves: rhbz#2189946 - RFE support of slapi_memberof for plugins/core server +- Resolves: rhbz#1974242 - Paged search impacts performance + +* Fri May 19 2023 Mark Reynolds - 2.3.4-2 +- Bump version to 2.3.4-2 +- Resolves: rhbz#2188627 - Fix license + +* Thu May 18 2023 Mark Reynolds - 2.3.4-1 +- Bump version to 2.3.4-1 +- Resolves: rhbz#2188627 - Rebase 389-ds-base-2.3 in RHEL 9.3 + +* Wed Mar 08 2023 Simon Pichugin - 2.2.4-4 +- Resolves: rhbz#2095366 - [RFE] 389-ds-base systemd-sysusers + * Tue Dec 13 2022 Mark Reynolds - 2.2.4-3 - Bump version to 2.2.4-3 - Resolves: rhbz#2142636 - pam mutex lock causing high etimes, affecting red hat internal sso