From b59b9c87042cb8f4d99421e101349c5f48f91235 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 26 Jul 2016 18:11:53 +0300 Subject: [PATCH 6/8] back-sch: do not clobber target of the pblock for idview When extracting idview all we care is the DN of new target. We don't really use the rewritten target as a string anymore, so there is no need to rewrite the string in the pblock. This fixes a bug when running with 389-ds 1.3.5.10+ which is more strict about modification of the values in pblock. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1360245 --- src/back-sch.c | 43 ++++++++++++++++++++++--------------------- src/back-sch.h | 2 +- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/src/back-sch.c b/src/back-sch.c index 0745329..e15988f 100644 --- a/src/back-sch.c +++ b/src/back-sch.c @@ -1652,6 +1652,8 @@ backend_search_cb(Slapi_PBlock *pb) struct backend_search_cbdata cbdata; struct backend_staged_search *staged, *next; int i, isroot, ret; + char *original_target = NULL; + char *target = NULL; if (wrap_get_call_level() > 0) { return 0; @@ -1676,7 +1678,7 @@ backend_search_cb(Slapi_PBlock *pb) return 0; } - slapi_pblock_get(pb, SLAPI_SEARCH_TARGET, &cbdata.target); + slapi_pblock_get(pb, SLAPI_SEARCH_TARGET, &original_target); slapi_pblock_get(pb, SLAPI_SEARCH_SCOPE, &cbdata.scope); slapi_pblock_get(pb, SLAPI_SEARCH_SIZELIMIT, &cbdata.sizelimit); slapi_pblock_get(pb, SLAPI_SEARCH_TIMELIMIT, &cbdata.timelimit); @@ -1697,15 +1699,15 @@ backend_search_cb(Slapi_PBlock *pb) /* Okay, we can search. */ slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id, "searching from \"%s\" for \"%s\" with scope %d%s\n", - cbdata.target, cbdata.strfilter, cbdata.scope, + original_target, cbdata.strfilter, cbdata.scope, backend_sch_scope_as_string(cbdata.scope)); - cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target); + cbdata.target_dn = slapi_sdn_new_dn_byval(original_target); /* Check if there's a backend handling this search. */ if (!slapi_be_exist(cbdata.target_dn)) { slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id, "slapi_be_exists(\"%s\") = 0, " - "ignoring search\n", cbdata.target); + "ignoring search\n", original_target); slapi_sdn_free(&cbdata.target_dn); return 0; } @@ -1716,22 +1718,23 @@ backend_search_cb(Slapi_PBlock *pb) * detect the ID view use. Unless the ID view is within the set we control, don't consider the override */ map_data_foreach_domain(cbdata.state, backend_search_find_set_dn_cb, &cbdata); if (cbdata.answer == FALSE) { - idview_replace_target_dn(&cbdata.target, &cbdata.idview); + target = slapi_ch_strdup(original_target); + idview_replace_target_dn(&target, &cbdata.idview); if (cbdata.idview != NULL) { slapi_sdn_free(&cbdata.target_dn); /* Perform another check, now for rewritten DN */ - cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target); + cbdata.target_dn = slapi_sdn_new_dn_byval(target); map_data_foreach_domain(cbdata.state, backend_search_find_set_dn_cb, &cbdata); /* Rewritten DN might still be outside of our trees */ if (cbdata.answer == TRUE) { slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id, "Use of ID view '%s' is detected, searching from \"%s\" " "for \"%s\" with scope %d%s. Filter may get overridden later.\n", - cbdata.idview, cbdata.target, cbdata.strfilter, cbdata.scope, + cbdata.idview, target, cbdata.strfilter, cbdata.scope, backend_sch_scope_as_string(cbdata.scope)); } else { slapi_sdn_free(&cbdata.target_dn); - slapi_ch_free_string(&cbdata.target); + slapi_ch_free_string(&target); slapi_ch_free_string(&cbdata.idview); slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id, @@ -1739,6 +1742,8 @@ backend_search_cb(Slapi_PBlock *pb) "ignoring search\n"); return 0; } + } else { + slapi_ch_free_string(&target); } } cbdata.answer = FALSE; @@ -1890,7 +1895,7 @@ backend_search_cb(Slapi_PBlock *pb) } slapi_sdn_free(&cbdata.target_dn); if (cbdata.idview != NULL) { - slapi_ch_free_string(&cbdata.target); + slapi_ch_free_string(&target); } slapi_ch_free_string(&cbdata.idview); #ifdef USE_IPA_IDVIEWS @@ -1904,7 +1909,6 @@ backend_search_cb(Slapi_PBlock *pb) /* Locate the entry for a given DN. */ struct backend_locate_cbdata { struct plugin_state *state; - char *target; Slapi_DN *target_dn; struct backend_entry_data *entry_data; @@ -1953,6 +1957,7 @@ static void backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char **group, const char**set) { struct backend_locate_cbdata cbdata; + char *original_target = NULL; slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state); if (cbdata.state->plugin_base == NULL) { @@ -1960,9 +1965,9 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char ** *data = NULL; return; } - slapi_pblock_get(pb, SLAPI_TARGET_DN, &cbdata.target); + slapi_pblock_get(pb, SLAPI_TARGET_DN, &original_target); - cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target); + cbdata.target_dn = slapi_sdn_new_dn_byval(original_target); cbdata.entry_data = NULL; cbdata.entry_group = NULL; cbdata.entry_set = NULL; @@ -1972,12 +1977,9 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char ** * rebuild the target's RDN to use original attribute's value */ if (cbdata.entry_data == NULL) { char *idview = NULL; - char *target, *original_target; - target = original_target = slapi_ch_strdup(cbdata.target); + char *target = NULL; + target = slapi_ch_strdup(original_target); idview_replace_target_dn(&target, &idview); - if (target != original_target) { - slapi_ch_free_string(&original_target); - } if (idview != NULL) { char *rdnstr; char *val; @@ -1992,7 +1994,6 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char ** bval.bv_val = slapi_ch_strdup(val); memset(&scbdata, 0, sizeof(scbdata)); scbdata.idview = idview; - scbdata.target = target; scbdata.pb = pb; scbdata.state = cbdata.state; scbdata.target_dn = slapi_sdn_new_dn_byval(target); @@ -2025,7 +2026,6 @@ backend_locate(Slapi_PBlock *pb, struct backend_entry_data **data, const char ** * insufficient-access error. */ struct backend_group_check_scope_cbdata { struct plugin_state *state; - const char *target; Slapi_DN *target_dn; bool_t ours; }; @@ -2050,14 +2050,15 @@ static bool_t backend_check_scope_pb(Slapi_PBlock *pb) { struct backend_group_check_scope_cbdata cbdata; + char *original_target = NULL; slapi_pblock_get(pb, SLAPI_PLUGIN_PRIVATE, &cbdata.state); if (cbdata.state->plugin_base == NULL) { /* The plugin was not actually started. */ return FALSE; } - slapi_pblock_get(pb, SLAPI_TARGET_DN, &cbdata.target); - cbdata.target_dn = slapi_sdn_new_dn_byval(cbdata.target); + slapi_pblock_get(pb, SLAPI_TARGET_DN, &original_target); + cbdata.target_dn = slapi_sdn_new_dn_byval(original_target); cbdata.ours = FALSE; map_data_foreach_domain(cbdata.state, backend_group_check_scope_cb, &cbdata); diff --git a/src/back-sch.h b/src/back-sch.h index 1258ae0..9a9abc7 100644 --- a/src/back-sch.h +++ b/src/back-sch.h @@ -88,7 +88,7 @@ struct entries_to_send { struct backend_search_cbdata { Slapi_PBlock *pb; struct plugin_state *state; - char *target, *strfilter, **attrs; + char *strfilter, **attrs; char *idview; Slapi_Entry **overrides; int scope, sizelimit, timelimit, attrsonly; -- 2.7.4