pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Blob Blame History Raw
From b047d30b8aabad424fa2bd30872721f9fab9e325 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Mon, 25 Sep 2017 16:41:51 +0200
Subject: [PATCH] 389-ds-base crashed as part of ipa-server-intall in ipa-uuid

Bug Description:
	When adding an entry, ipa-uuid plugin may generate a unique value
	for some of its attribute.
	If the generated attribute is part of the RDN, the target DN
	is replaced on the fly and the previous one freed.
	Unfortunately, previous DN may be later used instead of
	the new one.

Fix Description:
	Make sure to use only the current DN of the operation

https://bugzilla.redhat.com/show_bug.cgi?id=1496226
https://pagure.io/freeipa/issue/7227

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index ffade14672e8cd9e3f3e18d45a0a7095a6341d30..87d8be2d88d9ff9bbf7d47eab57b765063f7a230 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -911,6 +911,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
         list != ipauuid_global_config;
         list = PR_NEXT_LINK(list)) {
         cfgentry = (struct configEntry *) list;
+        char *current_dn = NULL;
 
         generate = false;
         set_attr = false;
@@ -920,16 +921,21 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                                        cfgentry->attr)) {
             continue;
         }
+        /* Current DN may have been reset by
+         * slapi_pblock_set(pb, SLAPI_ADD_TARGET,..) see below
+         * need to reread it
+         */
+        current_dn = ipauuid_get_dn(pb);
 
         /* is the entry in scope? */
         if (cfgentry->scope) {
-            if (!slapi_dn_issuffix(dn, cfgentry->scope)) {
+            if (!slapi_dn_issuffix(current_dn, cfgentry->scope)) {
                 continue;
             }
         }
 
         if (cfgentry->exclude_subtree) {
-                if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) {
+                if (slapi_dn_issuffix(current_dn, cfgentry->exclude_subtree)) {
                         continue;
                 }
         }
@@ -1108,7 +1114,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                     ret = LDAP_OPERATIONS_ERROR;
                     goto done;
                 }
-                sdn = slapi_sdn_new_dn_byval(dn);
+                sdn = slapi_sdn_new_dn_byval(current_dn);
                 if (!sdn) {
                     LOG_OOM();
                     ret = LDAP_OPERATIONS_ERROR;
-- 
2.13.6