rpms / slapi-nis

Clone
Source Code
GIT

Files

  1.   55ff7e1fe90215f830f8a71a6f0d58aedf69ec32
  2.   SOURCES
  3.   slapi-0006-back-sch-do-not-clobber-target-of-the-pblock-for-idv.patch
Blob Blame History Raw 
From b59b9c87042cb8f4d99421e101349c5f48f91235 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 26 Jul 2016 18:11:53 +0300
Subject: [PATCH 6/8] back-sch: do not clobber target of the pblock for idview

When extracting idview all we care is the DN of new target.
We don't really use the rewritten target as a string anymore,
so there is no need to rewrite the string in the pblock.

This fixes a bug when running with 389-ds 1.3.5.10+ which is more
strict about modification of the values in pblock.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1360245
---
 src/back-sch.c | 43 ++++++++++++++++++++++---------------------
 src/back-sch.h |  2 +-
 2 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/src/back-sch.c b/src/back-sch.c
index 0745329..e15988f 100644
--- a/src/back-sch.c
+++ b/src/back-sch.c
@@ -1652,6 +1652,8 @@ backend_search_cb(Slapi_PBlock *pb)
 	struct backend_search_cbdata cbdata;
 	struct backend_staged_search *staged, *next;
 	int i, isroot, ret;
+	char *original_target = NULL;
+	char *target = NULL;
 
 	if (wrap_get_call_level() > 0) {
 		return 0;
@@ -1676,7 +1678,7 @@ backend_search_cb(Slapi_PBlock *pb)
 		return 0;
 	}
 
-	slapi_pblock_get(pb, SLAPI_SEARCH_TARGET, &cbdata.target);
+	slapi_pblock_get(pb, SLAPI_SEARCH_TARGET, &original_target);
 	slapi_pblock_get(pb, SLAPI_SEARCH_SCOPE, &cbdata.scope);
 	slapi_pblock_get(pb, SLAPI_SEARCH_SIZELIMIT, &cbdata.sizelimit);
 	slapi_pblock_get(pb, SLAPI_SEARCH_TIMELIMIT, &cbdata.timelimit);
@@ -1697,15 +1699,15 @@ backend_search_cb(Slapi_PBlock *pb)
 	/* Okay, we can search. */
 	slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id,
 			"searching from \"%s\" for \"%s\" with scope %d%s\n",
-			cbdata.target, cbdata.strfilter, cbdata.scope,
+			original_target, cbdata.strfilter, cbdata.scope,
 			backend_sch_scope_as_string(cbdata.scope));
-	cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target);
+	cbdata.target_dn = slapi_sdn_new_dn_byval(original_target);
 	/* Check if there's a backend handling this search. */
 	if (!slapi_be_exist(cbdata.target_dn)) {
 		slapi_log_error(SLAPI_LOG_PLUGIN,
 				cbdata.state->plugin_desc->spd_id,
 				"slapi_be_exists(\"%s\") = 0, "
-				"ignoring search\n", cbdata.target);
+				"ignoring search\n", original_target);
 		slapi_sdn_free(&cbdata.target_dn);
 		return 0;
 	}
@@ -1716,22 +1718,23 @@ backend_search_cb(Slapi_PBlock *pb)
 	 * detect the ID view use. Unless the ID view is within the set we control, don't consider the override */
 	map_data_foreach_domain(cbdata.state, backend_search_find_set_dn_cb, &cbdata);
 	if (cbdata.answer == FALSE) {
-		idview_replace_target_dn(&cbdata.target, &cbdata.idview);
+		target = slapi_ch_strdup(original_target);
+		idview_replace_target_dn(&target, &cbdata.idview);
 		if (cbdata.idview != NULL) {
 			slapi_sdn_free(&cbdata.target_dn);
 			/* Perform another check, now for rewritten DN */
-			cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target);
+			cbdata.target_dn = slapi_sdn_new_dn_byval(target);
 			map_data_foreach_domain(cbdata.state, backend_search_find_set_dn_cb, &cbdata);
 			/* Rewritten DN might still be outside of our trees */
 			if (cbdata.answer == TRUE) {
 				slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id,
 						"Use of ID view '%s' is detected, searching from \"%s\" "
 						"for \"%s\" with scope %d%s. Filter may get overridden later.\n",
-						cbdata.idview, cbdata.target, cbdata.strfilter, cbdata.scope,
+						cbdata.idview, target, cbdata.strfilter, cbdata.scope,
 						backend_sch_scope_as_string(cbdata.scope));
 			} else {
 				slapi_sdn_free(&cbdata.target_dn);
-				slapi_ch_free_string(&cbdata.target);
+				slapi_ch_free_string(&target);
 				slapi_ch_free_string(&cbdata.idview);
 				slapi_log_error(SLAPI_LOG_PLUGIN,
 						cbdata.state->plugin_desc->spd_id,
@@ -1739,6 +1742,8 @@ backend_search_cb(Slapi_PBlock *pb)
 						"ignoring search\n");
 				return 0;
 			}
+		} else {
+			slapi_ch_free_string(&target);
 		}
 	}
 	cbdata.answer = FALSE;
@@ -1890,7 +1895,7 @@ backend_search_cb(Slapi_PBlock *pb)
 	}
 	slapi_sdn_free(&cbdata.target_dn);
 	if (cbdata.idview != NULL) {
-		slapi_ch_free_string(&cbdata.target);
+		slapi_ch_free_string(&target);
 	}
 	slapi_ch_free_string(&cbdata.idview);
 #ifdef USE_IPA_IDVIEWS
@@ -1904,7 +1909,6 @@ backend_search_cb(Slapi_PBlock *pb)
 /* Locate the entry for a given DN. */
 struct backend_locate_cbdata {
 	struct plugin_state *state;
-	char *target;
 	Slapi_DN *target_dn;
 
 	struct backend_entry_data *entry_data;
@@ -1953,6 +1957,7 @@ static void
 backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **group, const char**set)
 {
 	struct backend_locate_cbdata cbdata;
+	char *original_target = NULL;
 
 	slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state);
 	if (cbdata.state->plugin_base == NULL) {
@@ -1960,9 +1965,9 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **
 		*data = NULL;
 		return;
 	}
-	slapi_pblock_get(pb, SLAPI_TARGET_DN, &cbdata.target);
+	slapi_pblock_get(pb, SLAPI_TARGET_DN, &original_target);
 
-	cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target);
+	cbdata.target_dn = slapi_sdn_new_dn_byval(original_target);
 	cbdata.entry_data = NULL;
 	cbdata.entry_group = NULL;
 	cbdata.entry_set = NULL;
@@ -1972,12 +1977,9 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **
 	 * rebuild the target's RDN to use original attribute's value */
 	if (cbdata.entry_data == NULL) {
 		char *idview = NULL;
-		char *target, *original_target;
-		target = original_target = slapi_ch_strdup(cbdata.target);
+		char *target = NULL;
+		target = slapi_ch_strdup(original_target);
 		idview_replace_target_dn(&target, &idview);
-		if (target != original_target) {
-			slapi_ch_free_string(&original_target);
-		}
 		if (idview != NULL) {
 			char *rdnstr;
 			char *val;
@@ -1992,7 +1994,6 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **
 					bval.bv_val = slapi_ch_strdup(val);
 					memset(&scbdata, 0, sizeof(scbdata));
 					scbdata.idview = idview;
-					scbdata.target = target;
 					scbdata.pb = pb;
 					scbdata.state = cbdata.state;
 					scbdata.target_dn = slapi_sdn_new_dn_byval(target);
@@ -2025,7 +2026,6 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **
  * insufficient-access error. */
 struct backend_group_check_scope_cbdata {
 	struct plugin_state *state;
-	const char *target;
 	Slapi_DN *target_dn;
 	bool_t ours;
 };
@@ -2050,14 +2050,15 @@ static bool_t
 backend_check_scope_pb(Slapi_PBlock *pb)
 {
 	struct backend_group_check_scope_cbdata cbdata;
+	char *original_target = NULL;
 
 	slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state);
 	if (cbdata.state->plugin_base == NULL) {
 		/* The plugin was not actually started. */
 		return FALSE;
 	}
-	slapi_pblock_get(pb, SLAPI_TARGET_DN, &cbdata.target);
-	cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target);
+	slapi_pblock_get(pb, SLAPI_TARGET_DN, &original_target);
+	cbdata.target_dn = slapi_sdn_new_dn_byval(original_target);
 	cbdata.ours = FALSE;
 	map_data_foreach_domain(cbdata.state, backend_group_check_scope_cb,
 				&cbdata);
diff --git a/src/back-sch.h b/src/back-sch.h
index 1258ae0..9a9abc7 100644
--- a/src/back-sch.h
+++ b/src/back-sch.h
@@ -88,7 +88,7 @@ struct entries_to_send {
 struct backend_search_cbdata {
 	Slapi_PBlock *pb;
 	struct plugin_state *state;
-	char *target, *strfilter, **attrs;
+	char *strfilter, **attrs;
 	char *idview;
 	Slapi_Entry **overrides;
 	int scope, sizelimit, timelimit, attrsonly;
-- 
2.7.4

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation