andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0008-Ticket-50282-OPERATIONS-ERROR-when-trying-to-delete-.patch

26521d
From 57f661a8acea18aa19985d0556a78d81a9361b89 Mon Sep 17 00:00:00 2001
26521d
From: Thierry Bordaz <tbordaz@redhat.com>
26521d
Date: Thu, 14 Mar 2019 17:33:35 +0100
26521d
Subject: [PATCH 1/4] Ticket 50282 - OPERATIONS ERROR when trying to delete a
26521d
 group with automember members
26521d
26521d
Bug Description:
26521d
	When automember and memberof are enabled, if a user is member of a group
26521d
	because of an automember rule. Then when the group is deleted,
26521d
	memberof updates the member (to update 'memberof' attribute) that
26521d
	trigger automember to reevaluate the automember rule and add the member
26521d
	to the group. But at this time the group is already deleted.
26521d
	Chaining back the failure up to the top level operation the deletion
26521d
	of the group fails
26521d
26521d
Fix Description:
26521d
	The fix consists to check that if a automember rule tries to add a user
26521d
	in a group, then to check that the group exists before updating it.
26521d
26521d
https://pagure.io/389-ds-base/issue/50282
26521d
26521d
Reviewed by: Mark Reynolds, William Brown
26521d
26521d
Platforms tested: F29
26521d
26521d
Flag Day: no
26521d
26521d
Doc impact: no
26521d
---
26521d
 ldap/servers/plugins/automember/automember.c | 23 ++++++++++++++++++++
26521d
 1 file changed, 23 insertions(+)
26521d
26521d
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
26521d
index bb6ff1f8e..fcf0cdb9a 100644
26521d
--- a/ldap/servers/plugins/automember/automember.c
26521d
+++ b/ldap/servers/plugins/automember/automember.c
26521d
@@ -1636,6 +1636,29 @@ automember_update_member_value(Slapi_Entry *member_e, const char *group_dn, char
26521d
     char *member_value = NULL;
26521d
     int freeit = 0;
26521d
     int rc = 0;
26521d
+    Slapi_DN *group_sdn;
26521d
+    Slapi_Entry *group_entry = NULL;
26521d
+
26521d
+    /* First thing check that the group still exists */
26521d
+    group_sdn = slapi_sdn_new_dn_byval(group_dn);
26521d
+    rc = slapi_search_internal_get_entry(group_sdn, NULL, &group_entry, automember_get_plugin_id());
26521d
+    slapi_sdn_free(&group_sdn);
26521d
+    if (rc != LDAP_SUCCESS || group_entry == NULL) {
26521d
+        if (rc == LDAP_NO_SUCH_OBJECT) {
26521d
+            /* the automember group (default or target) does not exist, just skip this definition */
26521d
+            slapi_log_err(SLAPI_LOG_PLUGIN, AUTOMEMBER_PLUGIN_SUBSYSTEM,
26521d
+                      "automember_update_member_value - group (default or target) does not exist (%s)\n",
26521d
+                      group_dn);
26521d
+            rc = 0;
26521d
+        } else {
26521d
+            slapi_log_err(SLAPI_LOG_ERR, AUTOMEMBER_PLUGIN_SUBSYSTEM,
26521d
+                      "automember_update_member_value - group (default or target) can not be retrieved (%s) err=%d\n",
26521d
+                      group_dn, rc);
26521d
+        }
26521d
+        slapi_entry_free(group_entry);
26521d
+        return rc;
26521d
+    }
26521d
+    slapi_entry_free(group_entry);
26521d
 
26521d
     /* If grouping_value is dn, we need to fetch the dn instead. */
26521d
     if (slapi_attr_type_cmp(grouping_value, "dn", SLAPI_TYPE_CMP_EXACT) == 0) {
26521d
-- 
26521d
2.17.2
26521d