From fb66571ac886ecf44fec2ea06cd192d0e008bf9e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 26 2018 15:29:21 +0000 Subject: import 389-ds-base-1.3.8.4-18.el7_6 --- diff --git a/SOURCES/0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch b/SOURCES/0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch new file mode 100644 index 0000000..1ad23eb --- /dev/null +++ b/SOURCES/0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch @@ -0,0 +1,266 @@ +From 3796e26e93991ded631ac57053049e9aad44c53b Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Wed, 10 Oct 2018 15:35:12 +0200 +Subject: [PATCH] Ticket 49968 - Confusing CRITICAL message: list_candidates - + NULL idl was recieved from filter_candidates_ext + +Bug Description: + When a filter component is indexed but returns an empty IDL + an alarming message is logged although it is normal. + +Fix Description: + Remove the alarming message + +https://pagure.io/389-ds-base/issue/49968 + +Reviewed by: Mark Reynolds + +Platforms tested: F27 + testcase + +Flag Day: no + +Doc impact: no +--- + dirsrvtests/tests/suites/basic/basic_test.py | 202 +++++++++++++++++++ + ldap/servers/slapd/back-ldbm/filterindex.c | 10 +- + 2 files changed, 204 insertions(+), 8 deletions(-) + +diff --git a/dirsrvtests/tests/suites/basic/basic_test.py b/dirsrvtests/tests/suites/basic/basic_test.py +index 45988dc7a..dc366cd67 100644 +--- a/dirsrvtests/tests/suites/basic/basic_test.py ++++ b/dirsrvtests/tests/suites/basic/basic_test.py +@@ -868,6 +868,208 @@ adds nsslapd-return-default-opattr attr with value of one operation attribute. + log.fatal('Search failed, error: ' + e.message['desc']) + assert False + ++ ++@pytest.fixture(scope="module") ++def create_users(topology_st): ++ """Add users to the default suffix ++ """ ++ ++ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX) ++ user_names = ["Directory", "Server", "389", "lib389", "pytest"] ++ ++ log.info('Adding 5 test users') ++ for name in user_names: ++ user = users.create(properties={ ++ 'uid': name, ++ 'sn': name, ++ 'cn': name, ++ 'uidNumber': '1000', ++ 'gidNumber': '1000', ++ 'homeDirectory': '/home/%s' % name, ++ 'mail': '%s@example.com' % name, ++ 'userpassword': 'pass%s' % name, ++ }) ++ ++ ++def test_basic_anonymous_search(topology_st, create_users): ++ """Tests basic anonymous search operations ++ ++ :id: c7831e04-f458-4e50-83c7-b6f77109f639 ++ :setup: Standalone instance ++ Add 5 test users with different user names ++ :steps: ++ 1. Execute anonymous search with different filters ++ :expectedresults: ++ 1. Search should be successful ++ """ ++ ++ filters = ["uid=Directory", "(|(uid=S*)(uid=3*))", "(&(uid=l*)(mail=l*))", "(&(!(uid=D*))(ou=People))"] ++ log.info("Execute anonymous search with different filters") ++ for filtr in filters: ++ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, filtr) ++ assert len(entries) != 0 ++ ++ ++@pytest.mark.ds604 ++@pytest.mark.bz915801 ++def test_search_original_type(topology_st, create_users): ++ """Test ldapsearch returning original attributes ++ using nsslapd-search-return-original-type-switch ++ ++ :id: d7831d04-f558-4e50-93c7-b6f77109f640 ++ :setup: Standalone instance ++ Add some test entries ++ :steps: ++ 1. Set nsslapd-search-return-original-type-switch to ON ++ 2. Check that ldapsearch *does* return unknown attributes ++ 3. Turn off nsslapd-search-return-original-type-switch ++ 4. Check that ldapsearch doesn't return any unknown attributes ++ :expectedresults: ++ 1. nsslapd-search-return-original-type-switch should be set to ON ++ 2. ldapsearch should return unknown attributes ++ 3. nsslapd-search-return-original-type-switch should be OFF ++ 4. ldapsearch should not return any unknown attributes ++ """ ++ ++ log.info("Set nsslapd-search-return-original-type-switch to ON") ++ topology_st.standalone.config.set('nsslapd-search-return-original-type-switch', 'on') ++ ++ log.info("Check that ldapsearch *does* return unknown attributes") ++ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'uid=Directory', ++ ['objectclass overflow', 'unknown']) ++ assert "objectclass overflow" in entries[0].getAttrs() ++ ++ log.info("Set nsslapd-search-return-original-type-switch to Off") ++ topology_st.standalone.config.set('nsslapd-search-return-original-type-switch', 'off') ++ log.info("Check that ldapsearch *does not* return unknown attributes") ++ entries = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, 'uid=Directory', ++ ['objectclass overflow', 'unknown']) ++ assert "objectclass overflow" not in entries[0].getAttrs() ++ ++ ++@pytest.mark.bz192901 ++def test_search_ou(topology_st): ++ """Test that DS should not return an entry that does not match the filter ++ ++ :id: d7831d05-f117-4e89-93c7-b6f77109f640 ++ :setup: Standalone instance ++ :steps: ++ 1. Create an OU entry without sub entries ++ 2. Search from the OU with the filter that does not match the OU ++ :expectedresults: ++ 1. Creation of OU should be successful ++ 2. Search should not return any results ++ """ ++ ++ log.info("Create a test OU without sub entries") ++ ou = OrganizationalUnits(topology_st.standalone, DEFAULT_SUFFIX) ++ ou.create(properties={ ++ 'ou': 'test_ou', ++ }) ++ ++ search_base = ("ou=test_ou,%s" % DEFAULT_SUFFIX) ++ log.info("Search from the OU with the filter that does not match the OU, it should not return anything") ++ entries = topology_st.standalone.search_s(search_base, ldap.SCOPE_SUBTREE, 'uid=*', ['dn']) ++ assert len(entries) == 0 ++ ++ ++@pytest.mark.bz1044135 ++@pytest.mark.ds47319 ++def test_connection_buffer_size(topology_st): ++ """Test connection buffer size adjustable with different values(valid values and invalid) ++ ++ :id: e7831d05-f117-4ec9-1203-b6f77109f117 ++ :setup: Standalone instance ++ :steps: ++ 1. Set nsslapd-connection-buffer to some valid values (2, 0 , 1) ++ 2. Set nsslapd-connection-buffer to some invalid values (-1, a) ++ :expectedresults: ++ 1. This should pass ++ 2. This should fail ++ """ ++ ++ valid_values = ['2', '0', '1'] ++ for value in valid_values: ++ topology_st.standalone.config.replace('nsslapd-connection-buffer', value) ++ ++ invalid_values = ['-1', 'a'] ++ for value in invalid_values: ++ with pytest.raises(ldap.OPERATIONS_ERROR): ++ topology_st.standalone.config.replace('nsslapd-connection-buffer', value) ++ ++@pytest.mark.bz1637439 ++def test_critical_msg_on_empty_range_idl(topology_st): ++ """Doing a range index lookup should not report a critical message even if IDL is empty ++ ++ :id: a07a2222-0551-44a6-b113-401d23799364 ++ :setup: Standalone instance ++ :steps: ++ 1. Create an index for internationalISDNNumber. (attribute chosen because it is ++ unlikely that previous tests used it) ++ 2. telephoneNumber being indexed by default create 20 users without telephoneNumber ++ 3. add a telephoneNumber value and delete it to trigger an empty index database ++ 4. Do a search that triggers a range lookup on empty telephoneNumber ++ 5. Check that the critical message is not logged in error logs ++ :expectedresults: ++ 1. This should pass ++ 2. This should pass ++ 3. This should pass ++ 4. This should pass on normal build but could abort a debug build ++ 4. This should pass ++ """ ++ indexedAttr = 'internationalISDNNumber' ++ ++ # Step 1 ++ from lib389.index import Indexes ++ ++ indexes = Indexes(topology_st.standalone) ++ indexes.create(properties={ ++ 'cn': indexedAttr, ++ 'nsSystemIndex': 'false', ++ 'nsIndexType': 'eq' ++ }) ++ topology_st.standalone.restart() ++ ++ # Step 2 ++ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX) ++ log.info('Adding 20 users without "%s"' % indexedAttr) ++ for i in range(20): ++ name = 'user_%d' % i ++ last_user = users.create(properties={ ++ 'uid': name, ++ 'sn': name, ++ 'cn': name, ++ 'uidNumber': '1000', ++ 'gidNumber': '1000', ++ 'homeDirectory': '/home/%s' % name, ++ 'mail': '%s@example.com' % name, ++ 'userpassword': 'pass%s' % name, ++ }) ++ ++ # Step 3 ++ # required update to create the indexAttr (i.e. 'loginShell') database, and then make it empty ++ topology_st.standalone.modify_s(last_user.dn, [(ldap.MOD_ADD, indexedAttr, b'1234')]) ++ ent = topology_st.standalone.getEntry(last_user.dn, ldap.SCOPE_BASE,) ++ assert ent ++ assert ent.hasAttr(indexedAttr) ++ topology_st.standalone.modify_s(last_user.dn, [(ldap.MOD_DELETE, indexedAttr, None)]) ++ ent = topology_st.standalone.getEntry(last_user.dn, ldap.SCOPE_BASE,) ++ assert ent ++ assert not ent.hasAttr(indexedAttr) ++ ++ # Step 4 ++ # The first component being not indexed the range on second is evaluated ++ try: ++ ents = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_SUBTREE, '(&(sudoNotAfter=*)(%s>=111))' % indexedAttr) ++ assert len(ents) == 0 ++ except ldap.SERVER_DOWN: ++ log.error('Likely testing against a debug version that asserted') ++ pass ++ ++ # Step 5 ++ assert not topology_st.standalone.searchErrorsLog('CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext.') ++ ++ + if __name__ == '__main__': + # Run isolated + # -s for DEBUG mode +diff --git a/ldap/servers/slapd/back-ldbm/filterindex.c b/ldap/servers/slapd/back-ldbm/filterindex.c +index 6d36ba33e..3ef04f884 100644 +--- a/ldap/servers/slapd/back-ldbm/filterindex.c ++++ b/ldap/servers/slapd/back-ldbm/filterindex.c +@@ -803,16 +803,10 @@ list_candidates( + } + + /* +- * Assert we recieved a valid idl. If it was NULL, it means somewhere we failed +- * during the dblayer interactions. +- * +- * idl_set requires a valid idl structure to generate the linked list of +- * idls that we insert. ++ * The IDL for that component is NULL, so no candidate retrieved from that component. This is all normal ++ * Just build a idl with an empty set + */ + if (tmp == NULL) { +- slapi_log_err(SLAPI_LOG_CRIT, "list_candidates", "NULL idl was recieved from filter_candidates_ext."); +- slapi_log_err(SLAPI_LOG_CRIT, "list_candidates", "Falling back to empty IDL set. This may affect your search results."); +- PR_ASSERT(tmp); + tmp = idl_alloc(0); + } + +-- +2.17.2 + diff --git a/SOURCES/0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch b/SOURCES/0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch new file mode 100644 index 0000000..a4f8cdb --- /dev/null +++ b/SOURCES/0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch @@ -0,0 +1,62 @@ +From a7ee52bd4b0bce82402a581ee16659ebb2f8d96e Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Wed, 24 Oct 2018 15:31:25 +0200 +Subject: [PATCH 1/2] Ticket 49967 - entry cache corruption after failed MODRDN + +Bug Description: + During a MODRDN the DN cache is updated to replace + source DN with the target DN (modrdn_rename_entry_update_indexes) + If later a failure occurs (for example if BETXN_POSTOP fails) and + the txn is aborted, the target DN (for the specific entryID) remains + in the DN cache. + + If the entry is returned in a search, to build the DN there is + a lookup of the DN cache with the entryID. It retrieves the target DN + rather than the source DN + +Fix Description: + In case of failure of the operation, the entry (from the entryID) + need to be cleared from the DN cache + +https://pagure.io/389-ds-base/issue/49967 + +Reviewed by: Mark Reynolds + +Platforms tested: F27 + +Flag Day: no + +Doc impact: no + +(cherry picked from commit ab4af68ef49fcdc5f2f6d0c1f5c7b9a5333b1bee) +--- + ldap/servers/slapd/back-ldbm/ldbm_modrdn.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c +index 71e2a8fe0..e2e9d1b46 100644 +--- a/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c ++++ b/ldap/servers/slapd/back-ldbm/ldbm_modrdn.c +@@ -1400,6 +1400,19 @@ common_return: + } + } + } ++ ++ if (ec && retval) { ++ /* if the operation failed, the destination entry does not exist ++ * but it has been added in dncache during cache_add_tentative ++ * we need to remove it. Else a retrieval from ep_id can give the wrong DN ++ */ ++ struct backdn *bdn = dncache_find_id(&inst->inst_dncache, ec->ep_id); ++ slapi_log_err(SLAPI_LOG_CACHE, "ldbm_back_modrdn", ++ "operation failed, the target entry is cleared from dncache (%s)\n", slapi_entry_get_dn(ec->ep_entry)); ++ CACHE_REMOVE(&inst->inst_dncache, bdn); ++ CACHE_RETURN(&inst->inst_dncache, &bdn); ++ } ++ + /* remove the new entry from the cache if the op failed - + otherwise, leave it in */ + if (ec && inst) { +-- +2.17.2 + diff --git a/SOURCES/0012-Ticket-49958-extended-search-fail-to-match-entries.patch b/SOURCES/0012-Ticket-49958-extended-search-fail-to-match-entries.patch new file mode 100644 index 0000000..dcc9fa4 --- /dev/null +++ b/SOURCES/0012-Ticket-49958-extended-search-fail-to-match-entries.patch @@ -0,0 +1,264 @@ +From 02de69d6987b059459980b50de285c2fd7bb3e2c Mon Sep 17 00:00:00 2001 +From: Thierry Bordaz +Date: Mon, 24 Sep 2018 14:14:16 +0200 +Subject: [PATCH] Ticket 49958: extended search fail to match entries + +Bug Description: + During an extended search, a structure is created for each filter component. + The structure contains the keys generated from the assertion and using the given + matching rule indexer. + Later the keys will be compared (with the MR) with keys generated from the + attribute values of the candidate entries. + The bug is that parsing the assertion, instead of removing the heading spaces + the routine clear the assertion that is empty. So the generated keys is NULL. + +Fix Description: + The fix consists to only remove heading spaces + +https://pagure.io/389-ds-base/issue/49958 + +Reviewed by: Mark Reynolds + +Platforms tested: F27 + +Flag Day: no + +Doc impact: no +--- + .../tests/suites/filter/filter_test.py | 203 ++++++++++++++++++ + ldap/servers/plugins/collation/orfilter.c | 4 +- + 2 files changed, 204 insertions(+), 3 deletions(-) + +diff --git a/dirsrvtests/tests/suites/filter/filter_test.py b/dirsrvtests/tests/suites/filter/filter_test.py +index 280db68a3..61c449989 100644 +--- a/dirsrvtests/tests/suites/filter/filter_test.py ++++ b/dirsrvtests/tests/suites/filter/filter_test.py +@@ -83,6 +83,209 @@ def test_filter_search_original_attrs(topology_st): + log.info('test_filter_search_original_attrs: PASSED') + + ++@pytest.mark.bz1511462 ++def test_filter_scope_one(topology_st): ++ """Test ldapsearch with scope one gives only single entry ++ ++ :id: cf5a6078-bbe6-4d43-ac71-553c45923f91 ++ :setup: Standalone instance ++ :steps: ++ 1. Search cn=Directory Administrators,dc=example,dc=com using ldapsearch with ++ scope one using base as dc=example,dc=com ++ 2. Check that search should return only one entry ++ :expectedresults: ++ 1. This should pass ++ 2. This should pass ++ """ ++ ++ parent_dn="dn: dc=example,dc=com" ++ child_dn="dn: cn=Directory Administrators,dc=example,dc=com" ++ ++ log.info('Search user using ldapsearch with scope one') ++ results = topology_st.standalone.search_s(DEFAULT_SUFFIX, ldap.SCOPE_ONELEVEL,'cn=Directory Administrators',['cn'] ) ++ log.info(results) ++ ++ log.info('Search should only have one entry') ++ assert len(results) == 1 ++ ++@pytest.mark.ds47313 ++def test_filter_with_attribute_subtype(topology_st): ++ """Adds 2 test entries and Search with ++ filters including subtype and ! ++ ++ :id: 0e69f5f2-6a0a-480e-8282-fbcc50231908 ++ :setup: Standalone instance ++ :steps: ++ 1. Add 2 entries and create 3 filters ++ 2. Search for entry with filter: (&(cn=test_entry en only)(!(cn=test_entry fr))) ++ 3. Search for entry with filter: (&(cn=test_entry en only)(!(cn;fr=test_entry fr))) ++ 4. Search for entry with filter: (&(cn=test_entry en only)(!(cn;en=test_entry en))) ++ 5. Delete the added entries ++ :expectedresults: ++ 1. Operation should be successful ++ 2. Search should be successful ++ 3. Search should be successful ++ 4. Search should not be successful ++ 5. Delete the added entries ++ """ ++ ++ # bind as directory manager ++ topology_st.standalone.log.info("Bind as %s" % DN_DM) ++ topology_st.standalone.simple_bind_s(DN_DM, PASSWORD) ++ ++ # enable filter error logging ++ # mod = [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', '32')] ++ # topology_st.standalone.modify_s(DN_CONFIG, mod) ++ ++ topology_st.standalone.log.info("\n\n######################### ADD ######################\n") ++ ++ # Prepare the entry with cn;fr & cn;en ++ entry_name_fr = '%s fr' % (ENTRY_NAME) ++ entry_name_en = '%s en' % (ENTRY_NAME) ++ entry_name_both = '%s both' % (ENTRY_NAME) ++ entry_dn_both = 'cn=%s, %s' % (entry_name_both, SUFFIX) ++ entry_both = Entry(entry_dn_both) ++ entry_both.setValues('objectclass', 'top', 'person') ++ entry_both.setValues('sn', entry_name_both) ++ entry_both.setValues('cn', entry_name_both) ++ entry_both.setValues('cn;fr', entry_name_fr) ++ entry_both.setValues('cn;en', entry_name_en) ++ ++ # Prepare the entry with one member ++ entry_name_en_only = '%s en only' % (ENTRY_NAME) ++ entry_dn_en_only = 'cn=%s, %s' % (entry_name_en_only, SUFFIX) ++ entry_en_only = Entry(entry_dn_en_only) ++ entry_en_only.setValues('objectclass', 'top', 'person') ++ entry_en_only.setValues('sn', entry_name_en_only) ++ entry_en_only.setValues('cn', entry_name_en_only) ++ entry_en_only.setValues('cn;en', entry_name_en) ++ ++ topology_st.standalone.log.info("Try to add Add %s: %r" % (entry_dn_both, entry_both)) ++ topology_st.standalone.add_s(entry_both) ++ ++ topology_st.standalone.log.info("Try to add Add %s: %r" % (entry_dn_en_only, entry_en_only)) ++ topology_st.standalone.add_s(entry_en_only) ++ ++ topology_st.standalone.log.info("\n\n######################### SEARCH ######################\n") ++ ++ # filter: (&(cn=test_entry en only)(!(cn=test_entry fr))) ++ myfilter = '(&(sn=%s)(!(cn=%s)))' % (entry_name_en_only, entry_name_fr) ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 1 ++ assert ensure_str(ents[0].sn) == entry_name_en_only ++ topology_st.standalone.log.info("Found %s" % ents[0].dn) ++ ++ # filter: (&(cn=test_entry en only)(!(cn;fr=test_entry fr))) ++ myfilter = '(&(sn=%s)(!(cn;fr=%s)))' % (entry_name_en_only, entry_name_fr) ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 1 ++ assert ensure_str(ents[0].sn) == entry_name_en_only ++ topology_st.standalone.log.info("Found %s" % ents[0].dn) ++ ++ # filter: (&(cn=test_entry en only)(!(cn;en=test_entry en))) ++ myfilter = '(&(sn=%s)(!(cn;en=%s)))' % (entry_name_en_only, entry_name_en) ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 0 ++ topology_st.standalone.log.info("Found none") ++ ++ topology_st.standalone.log.info("\n\n######################### DELETE ######################\n") ++ ++ topology_st.standalone.log.info("Try to delete %s " % entry_dn_both) ++ topology_st.standalone.delete_s(entry_dn_both) ++ ++ topology_st.standalone.log.info("Try to delete %s " % entry_dn_en_only) ++ topology_st.standalone.delete_s(entry_dn_en_only) ++ ++ log.info('Testcase PASSED') ++ ++ ++@pytest.mark.bz1615155 ++def test_extended_search(topology_st): ++ """Test we can search with equality extended matching rule ++ ++ :id: ++ :setup: Standalone instance ++ :steps: ++ 1. Add a test user with 'sn: ext-test-entry' ++ 2. Search '(cn:de:=ext-test-entry)' ++ 3. Search '(sn:caseIgnoreIA5Match:=EXT-TEST-ENTRY)' ++ 4. Search '(sn:caseIgnoreMatch:=EXT-TEST-ENTRY)' ++ 5. Search '(sn:caseExactMatch:=EXT-TEST-ENTRY)' ++ 6. Search '(sn:caseExactMatch:=ext-test-entry)' ++ 7. Search '(sn:caseExactIA5Match:=EXT-TEST-ENTRY)' ++ 8. Search '(sn:caseExactIA5Match:=ext-test-entry)' ++ :expectedresults: ++ 1. This should pass ++ 2. This should return one entry ++ 3. This should return one entry ++ 4. This should return one entry ++ 5. This should return NO entry ++ 6. This should return one entry ++ 7. This should return NO entry ++ 8. This should return one entry ++ 3. return one entry ++ """ ++ log.info('Running test_filter_escaped...') ++ ++ ATTR_VAL = 'ext-test-entry' ++ USER1_DN = "uid=%s,%s" % (ATTR_VAL, DEFAULT_SUFFIX) ++ ++ try: ++ topology_st.standalone.add_s(Entry((USER1_DN, {'objectclass': "top extensibleObject".split(), ++ 'sn': ATTR_VAL.encode(), ++ 'cn': ATTR_VAL.encode(), ++ 'uid': ATTR_VAL.encode()}))) ++ except ldap.LDAPError as e: ++ log.fatal('test_extended_search: Failed to add test user ' + USER1_DN + ': error ' + ++ e.message['desc']) ++ assert False ++ ++ # filter: '(cn:de:=ext-test-entry)' ++ myfilter = '(cn:de:=%s)' % ATTR_VAL ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 1 ++ ++ # filter: '(sn:caseIgnoreIA5Match:=EXT-TEST-ENTRY)' ++ myfilter = '(cn:caseIgnoreIA5Match:=%s)' % ATTR_VAL.upper() ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 1 ++ ++ # filter: '(sn:caseIgnoreMatch:=EXT-TEST-ENTRY)' ++ myfilter = '(cn:caseIgnoreMatch:=%s)' % ATTR_VAL.upper() ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 1 ++ ++ # filter: '(sn:caseExactMatch:=EXT-TEST-ENTRY)' ++ myfilter = '(cn:caseExactMatch:=%s)' % ATTR_VAL.upper() ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 0 ++ ++ # filter: '(sn:caseExactMatch:=ext-test-entry)' ++ myfilter = '(cn:caseExactMatch:=%s)' % ATTR_VAL ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 1 ++ ++ # filter: '(sn:caseExactIA5Match:=EXT-TEST-ENTRY)' ++ myfilter = '(cn:caseExactIA5Match:=%s)' % ATTR_VAL.upper() ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 0 ++ ++ # filter: '(sn:caseExactIA5Match:=ext-test-entry)' ++ myfilter = '(cn:caseExactIA5Match:=%s)' % ATTR_VAL ++ topology_st.standalone.log.info("Try to search with filter %s" % myfilter) ++ ents = topology_st.standalone.search_s(SUFFIX, ldap.SCOPE_SUBTREE, myfilter) ++ assert len(ents) == 1 ++ ++ + if __name__ == '__main__': + # Run isolated + # -s for DEBUG mode +diff --git a/ldap/servers/plugins/collation/orfilter.c b/ldap/servers/plugins/collation/orfilter.c +index 7705de9d6..c092d77ca 100644 +--- a/ldap/servers/plugins/collation/orfilter.c ++++ b/ldap/servers/plugins/collation/orfilter.c +@@ -531,10 +531,8 @@ or_filter_create(Slapi_PBlock *pb) + default: + break; + } +- for (; len > 0 && *val != ' '; ++val, --len) ++ for (; len > 0 && *val == ' '; ++val, --len) + ; +- if (len > 0) +- ++val, --len; /* skip the space */ + bv.bv_len = len; + bv.bv_val = (len > 0) ? val : NULL; + } else { /* mrOID does not identify an ordering rule. */ +-- +2.17.2 + diff --git a/SPECS/389-ds-base.spec b/SPECS/389-ds-base.spec index 09f1e05..cc73e59 100644 --- a/SPECS/389-ds-base.spec +++ b/SPECS/389-ds-base.spec @@ -39,7 +39,7 @@ Summary: 389 Directory Server (%{variant}) Name: 389-ds-base Version: 1.3.8.4 -Release: %{?relprefix}15%{?prerel}%{?dist} +Release: %{?relprefix}18%{?prerel}%{?dist} License: GPLv3+ URL: https://www.port389.org/ Group: System Environment/Daemons @@ -156,6 +156,9 @@ Patch06: 0006-Bug-1614820-Crash-in-vslapd_log_emergency_error.patch Patch07: 0007-Ticket-49932-Crash-in-delete_passwdPolicy-when-persi.patch Patch08: 0008-Bug-1624004-potential-denial-of-service-attack.patch Patch09: 0009-Bug-1624004-fix-regression-in-empty-attribute-list.patch +Patch10: 0010-Ticket-49968-Confusing-CRITICAL-message-list_candida.patch +Patch11: 0011-Ticket-49967-entry-cache-corruption-after-failed-MOD.patch +Patch12: 0012-Ticket-49958-extended-search-fail-to-match-entries.patch %description 389 Directory Server is an LDAPv3 compliant server. The base package includes @@ -309,8 +312,7 @@ output=/dev/null output2=/dev/null # reload to pick up any changes to systemd files /bin/systemctl daemon-reload >$output 2>&1 || : -# reload to pick up any shared lib changes -/sbin/ldconfig + # find all instances instances="" # instances that require a restart after upgrade ninst=0 # number of instances found in total @@ -505,6 +507,18 @@ fi %{_sysconfdir}/%{pkgname}/dirsrvtests %changelog +* Mon Oct 29 2018 Mark Reynolds - 1.3.8.4-18 +- Bump version to 1.3.8.4-18 +- Resolves: Bug 1638516 - CRIT - list_candidates - NULL idl was recieved from filter_candidates_ex + +* Mon Oct 29 2018 Mark Reynolds - 1.3.8.4-17 +- Bump version to 1.3.8.4-17 +- Resolves: Bug 1643875 - ns-slapd: crash in entrycache_add_int + +* Tue Oct 16 2018 Mark Reynolds - 1.3.8.4-16 +- Bump version to 1.3.8.4-16 +- Resolves: Bug 1638513 - Message: "CRIT - list_candidates - NULL idl was recieved from filter_candidates_ext." should not be critical + * Wed Sep 19 2018 Mark Reynolds - 1.3.8.4-15 - Bump version to 1.3.8.4-15 - Resolves: Bug 1624004 - Fix regression in last patch