pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 5 years ago
Clone

Blame SOURCES/0086-Avoid-calling-ldap-functions-without-a-context.patch

e3ffab
From 1a4a6e0350e1b95e4c5185fdd299f2c1a2273a94 Mon Sep 17 00:00:00 2001
e3ffab
From: Simo Sorce <simo@redhat.com>
e3ffab
Date: Fri, 12 Dec 2014 13:56:51 -0500
e3ffab
Subject: [PATCH] Avoid calling ldap functions without a context
e3ffab
e3ffab
We need to make sure we have a ld context before we can load the
e3ffab
configuration, otherwise ldap APIs will abort crashing the KDC.
e3ffab
e3ffab
If we have an issue connecting to LDAP the lcontext will be NULL, but
e3ffab
we are not checking that condition when we try to refresh the global
e3ffab
configuration.
e3ffab
e3ffab
https://fedorahosted.org/freeipa/ticket/4810
e3ffab
e3ffab
Signed-off-by: Simo Sorce <simo@redhat.com>
e3ffab
Reviewed-By: Martin Kosek <mkosek@redhat.com>
e3ffab
---
e3ffab
 daemons/ipa-kdb/ipa_kdb.c | 19 ++++++++++++++++---
e3ffab
 1 file changed, 16 insertions(+), 3 deletions(-)
e3ffab
e3ffab
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
e3ffab
index e5101bdd0ad880888fd58fd93a5ca8133868db98..d20b6a1f4666a40f1f0523c5ee9b729e27b666ad 100644
e3ffab
--- a/daemons/ipa-kdb/ipa_kdb.c
e3ffab
+++ b/daemons/ipa-kdb/ipa_kdb.c
e3ffab
@@ -224,6 +224,10 @@ static int ipadb_load_global_config(struct ipadb_context *ipactx)
e3ffab
     int ret;
e3ffab
     char **authz_data_list;
e3ffab
 
e3ffab
+    if (!ipactx || !ipactx->lcontext) {
e3ffab
+        return EINVAL;
e3ffab
+    }
e3ffab
+
e3ffab
     ret = asprintf(&base, "cn=ipaConfig,cn=etc,%s", ipactx->base);
e3ffab
     if (ret == -1) {
e3ffab
         ret = ENOMEM;
e3ffab
@@ -295,10 +299,19 @@ const struct ipadb_global_config *
e3ffab
 ipadb_get_global_config(struct ipadb_context *ipactx)
e3ffab
 {
e3ffab
     time_t now = 0;
e3ffab
+    int ret;
e3ffab
 
e3ffab
-    if (time(&now) != (time_t)-1
e3ffab
-        && now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME)
e3ffab
-        ipadb_load_global_config(ipactx);
e3ffab
+    if (time(&now) != (time_t)-1 &&
e3ffab
+        now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME) {
e3ffab
+        if (!ipactx->lcontext) {
e3ffab
+            ret = ipadb_get_connection(ipactx);
e3ffab
+            if (ret != 0)
e3ffab
+                return NULL;
e3ffab
+        }
e3ffab
+        ret = ipadb_load_global_config(ipactx);
e3ffab
+        if (ret != 0)
e3ffab
+            return NULL;
e3ffab
+    }
e3ffab
 
e3ffab
     return &ipactx->config;
e3ffab
 }
e3ffab
-- 
e3ffab
2.1.0
e3ffab