URL: https://github.com/freeipa/freeipa/pull/1251
Author: stlaz
 Title: #1251: [Backport][ipa-4-5] 389-ds-base crashed as part of 
ipa-server-intall in ipa-uuid
Action: opened

PR body:
"""
This PR was opened automatically because PR #1241 was pushed to master and 
backport to ipa-4-5 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1251/head:pr1251
git checkout pr1251
From 366bd7d5fd3c8cb96028e7048c22d9aa8eadac1f Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbor...@redhat.com>
Date: Mon, 25 Sep 2017 16:41:51 +0200
Subject: [PATCH] 389-ds-base crashed as part of ipa-server-intall in ipa-uuid

Bug Description:
	When adding an entry, ipa-uuid plugin may generate a unique value
	for some of its attribute.
	If the generated attribute is part of the RDN, the target DN
	is replaced on the fly and the previous one freed.
	Unfortunately, previous DN may be later used instead of
	the new one.

Fix Description:
	Make sure to use only the current DN of the operation

https://bugzilla.redhat.com/show_bug.cgi?id=1496226
https://pagure.io/freeipa/issue/7227
---
 daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index ffade14672..87d8be2d88 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -911,6 +911,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
         list != ipauuid_global_config;
         list = PR_NEXT_LINK(list)) {
         cfgentry = (struct configEntry *) list;
+        char *current_dn = NULL;
 
         generate = false;
         set_attr = false;
@@ -920,16 +921,21 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                                        cfgentry->attr)) {
             continue;
         }
+        /* Current DN may have been reset by
+         * slapi_pblock_set(pb, SLAPI_ADD_TARGET,..) see below
+         * need to reread it
+         */
+        current_dn = ipauuid_get_dn(pb);
 
         /* is the entry in scope? */
         if (cfgentry->scope) {
-            if (!slapi_dn_issuffix(dn, cfgentry->scope)) {
+            if (!slapi_dn_issuffix(current_dn, cfgentry->scope)) {
                 continue;
             }
         }
 
         if (cfgentry->exclude_subtree) {
-                if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) {
+                if (slapi_dn_issuffix(current_dn, cfgentry->exclude_subtree)) {
                         continue;
                 }
         }
@@ -1108,7 +1114,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                     ret = LDAP_OPERATIONS_ERROR;
                     goto done;
                 }
-                sdn = slapi_sdn_new_dn_byval(dn);
+                sdn = slapi_sdn_new_dn_byval(current_dn);
                 if (!sdn) {
                     LOG_OOM();
                     ret = LDAP_OPERATIONS_ERROR;
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to