From 1a4a6e0350e1b95e4c5185fdd299f2c1a2273a94 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 12 Dec 2014 13:56:51 -0500 Subject: [PATCH] Avoid calling ldap functions without a context We need to make sure we have a ld context before we can load the configuration, otherwise ldap APIs will abort crashing the KDC. If we have an issue connecting to LDAP the lcontext will be NULL, but we are not checking that condition when we try to refresh the global configuration. https://fedorahosted.org/freeipa/ticket/4810 Signed-off-by: Simo Sorce Reviewed-By: Martin Kosek --- daemons/ipa-kdb/ipa_kdb.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index e5101bdd0ad880888fd58fd93a5ca8133868db98..d20b6a1f4666a40f1f0523c5ee9b729e27b666ad 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -224,6 +224,10 @@ static int ipadb_load_global_config(struct ipadb_context *ipactx) int ret; char **authz_data_list; + if (!ipactx || !ipactx->lcontext) { + return EINVAL; + } + ret = asprintf(&base, "cn=ipaConfig,cn=etc,%s", ipactx->base); if (ret == -1) { ret = ENOMEM; @@ -295,10 +299,19 @@ const struct ipadb_global_config * ipadb_get_global_config(struct ipadb_context *ipactx) { time_t now = 0; + int ret; - if (time(&now) != (time_t)-1 - && now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME) - ipadb_load_global_config(ipactx); + if (time(&now) != (time_t)-1 && + now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME) { + if (!ipactx->lcontext) { + ret = ipadb_get_connection(ipactx); + if (ret != 0) + return NULL; + } + ret = ipadb_load_global_config(ipactx); + if (ret != 0) + return NULL; + } return &ipactx->config; } -- 2.1.0