|
 |
c58629 |
From b047d30b8aabad424fa2bd30872721f9fab9e325 Mon Sep 17 00:00:00 2001
|
|
|
c58629 |
From: Thierry Bordaz <tbordaz@redhat.com>
|
|
|
c58629 |
Date: Mon, 25 Sep 2017 16:41:51 +0200
|
|
|
c58629 |
Subject: [PATCH] 389-ds-base crashed as part of ipa-server-intall in ipa-uuid
|
|
|
c58629 |
|
|
|
c58629 |
Bug Description:
|
|
|
c58629 |
When adding an entry, ipa-uuid plugin may generate a unique value
|
|
|
c58629 |
for some of its attribute.
|
|
|
c58629 |
If the generated attribute is part of the RDN, the target DN
|
|
|
c58629 |
is replaced on the fly and the previous one freed.
|
|
|
c58629 |
Unfortunately, previous DN may be later used instead of
|
|
|
c58629 |
the new one.
|
|
|
c58629 |
|
|
|
c58629 |
Fix Description:
|
|
|
c58629 |
Make sure to use only the current DN of the operation
|
|
|
c58629 |
|
|
|
c58629 |
https://bugzilla.redhat.com/show_bug.cgi?id=1496226
|
|
|
c58629 |
https://pagure.io/freeipa/issue/7227
|
|
|
c58629 |
|
|
|
c58629 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
c58629 |
---
|
|
|
c58629 |
daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 12 +++++++++---
|
|
|
c58629 |
1 file changed, 9 insertions(+), 3 deletions(-)
|
|
|
c58629 |
|
|
|
c58629 |
diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
|
|
|
c58629 |
index ffade14672e8cd9e3f3e18d45a0a7095a6341d30..87d8be2d88d9ff9bbf7d47eab57b765063f7a230 100644
|
|
|
c58629 |
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
|
|
|
c58629 |
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
|
|
|
c58629 |
@@ -911,6 +911,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
|
|
|
c58629 |
list != ipauuid_global_config;
|
|
|
c58629 |
list = PR_NEXT_LINK(list)) {
|
|
|
c58629 |
cfgentry = (struct configEntry *) list;
|
|
|
c58629 |
+ char *current_dn = NULL;
|
|
|
c58629 |
|
|
|
c58629 |
generate = false;
|
|
|
c58629 |
set_attr = false;
|
|
|
c58629 |
@@ -920,16 +921,21 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
|
|
|
c58629 |
cfgentry->attr)) {
|
|
|
c58629 |
continue;
|
|
|
c58629 |
}
|
|
|
c58629 |
+ /* Current DN may have been reset by
|
|
|
c58629 |
+ * slapi_pblock_set(pb, SLAPI_ADD_TARGET,..) see below
|
|
|
c58629 |
+ * need to reread it
|
|
|
c58629 |
+ */
|
|
|
c58629 |
+ current_dn = ipauuid_get_dn(pb);
|
|
|
c58629 |
|
|
|
c58629 |
/* is the entry in scope? */
|
|
|
c58629 |
if (cfgentry->scope) {
|
|
|
c58629 |
- if (!slapi_dn_issuffix(dn, cfgentry->scope)) {
|
|
|
c58629 |
+ if (!slapi_dn_issuffix(current_dn, cfgentry->scope)) {
|
|
|
c58629 |
continue;
|
|
|
c58629 |
}
|
|
|
c58629 |
}
|
|
|
c58629 |
|
|
|
c58629 |
if (cfgentry->exclude_subtree) {
|
|
|
c58629 |
- if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) {
|
|
|
c58629 |
+ if (slapi_dn_issuffix(current_dn, cfgentry->exclude_subtree)) {
|
|
|
c58629 |
continue;
|
|
|
c58629 |
}
|
|
|
c58629 |
}
|
|
|
c58629 |
@@ -1108,7 +1114,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
|
|
|
c58629 |
ret = LDAP_OPERATIONS_ERROR;
|
|
|
c58629 |
goto done;
|
|
|
c58629 |
}
|
|
|
c58629 |
- sdn = slapi_sdn_new_dn_byval(dn);
|
|
|
c58629 |
+ sdn = slapi_sdn_new_dn_byval(current_dn);
|
|
|
c58629 |
if (!sdn) {
|
|
|
c58629 |
LOG_OOM();
|
|
|
c58629 |
ret = LDAP_OPERATIONS_ERROR;
|
|
|
c58629 |
--
|
|
|
c58629 |
2.13.6
|
|
|
c58629 |
|