From caab3e19a97d58450bbf06034974d4631aa904b6 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 18 Sep 2015 11:13:43 -0700
Subject: [PATCH 60/61] Ticket #48188 - segfault in ns-slapd due to accessing
 Slapi_DN freed in pre bind plug-in

This patch is based upon the patch provided by Simo Sorce <simo@redhat.com> for
Ticket #48272 - Allow PRE_BIND plugins to mangle DNs

Description:
Allow a pre_bind plugin to map a DN to another

This is useful for plugins that deal with virtual trees or non-standard
clients binding with values that are not proper DNs and similar situations.

Signed-off-by: Simo Sorce <simo@redhat.com>

2 changes are made to the original patch:
1. removed "slapi_sdn_free(&sdn)" with this comment:
   * It is a plug-in's responsibility to free the original Slapi_DN.
   Note: slapi-nis already freed the original sdn.
2. reset dn from the new sdn.
   dn = slapi_sdn_get_dn(sdn);

https://fedorahosted.org/389/ticket/48188

Reviewed by rmeggins@redhat.com and lkrispen@redhat.com.

(cherry picked from commit 40e0d0f80d6fd1271431e105580293747c43c327)
(cherry picked from commit 6871f4f6d14198563f7f3cb0646a00faa28d35ea)
---
 ldap/servers/slapd/bind.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
index 1bd604f..4ec276a 100644
--- a/ldap/servers/slapd/bind.c
+++ b/ldap/servers/slapd/bind.c
@@ -669,7 +669,7 @@ do_bind( Slapi_PBlock *pb )
 
     slapi_pblock_set( pb, SLAPI_BACKEND, be );
 
-	/* not root dn - pass to the backend */
+    /* not root dn - pass to the backend */
     if ( be->be_bind != NULL ) {
 
         /*
@@ -677,10 +677,25 @@ do_bind( Slapi_PBlock *pb )
          * the backend bind function. then call the post-bind
          * plugins.
          */
-        if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN )
-             == 0 )  {
+        if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 )  {
             rc = 0;
 
+            /* Check if a pre_bind plugin mapped the DN to another backend */
+            Slapi_DN *pb_sdn;
+            slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
+            if (pb_sdn != sdn) {
+                /*
+                 * Slapi_DN set in pblock was changed by a pre bind plug-in.
+                 * It is a plug-in's responsibility to free the original Slapi_DN.
+                 */
+                sdn = pb_sdn;
+                dn = slapi_sdn_get_dn(sdn);
+
+                slapi_be_Unlock(be);
+                be = slapi_be_select(sdn);
+                slapi_be_Rlock(be);
+            }
+
             /*
              * Is this account locked ?
              *	could be locked through the account inactivation
-- 
1.9.3