URL: https://github.com/freeipa/freeipa/pull/1250
Author: stlaz
 Title: #1250: [Backport][ipa-4-6] 389-ds-base crashed as part of 
ipa-server-intall in ipa-uuid
Action: opened

PR body:
"""
This PR was opened automatically because PR #1241 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1250/head:pr1250
git checkout pr1250
From 0fdfb82ae2bdf117641d60c074e33e74ef214421 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbor...@redhat.com>
Date: Mon, 25 Sep 2017 16:41:51 +0200
Subject: [PATCH] 389-ds-base crashed as part of ipa-server-intall in ipa-uuid

Bug Description:
	When adding an entry, ipa-uuid plugin may generate a unique value
	for some of its attribute.
	If the generated attribute is part of the RDN, the target DN
	is replaced on the fly and the previous one freed.
	Unfortunately, previous DN may be later used instead of
	the new one.

Fix Description:
	Make sure to use only the current DN of the operation

https://bugzilla.redhat.com/show_bug.cgi?id=1496226
https://pagure.io/freeipa/issue/7227
---
 daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index ffade14672..87d8be2d88 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -911,6 +911,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
         list != ipauuid_global_config;
         list = PR_NEXT_LINK(list)) {
         cfgentry = (struct configEntry *) list;
+        char *current_dn = NULL;
 
         generate = false;
         set_attr = false;
@@ -920,16 +921,21 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                                        cfgentry->attr)) {
             continue;
         }
+        /* Current DN may have been reset by
+         * slapi_pblock_set(pb, SLAPI_ADD_TARGET,..) see below
+         * need to reread it
+         */
+        current_dn = ipauuid_get_dn(pb);
 
         /* is the entry in scope? */
         if (cfgentry->scope) {
-            if (!slapi_dn_issuffix(dn, cfgentry->scope)) {
+            if (!slapi_dn_issuffix(current_dn, cfgentry->scope)) {
                 continue;
             }
         }
 
         if (cfgentry->exclude_subtree) {
-                if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) {
+                if (slapi_dn_issuffix(current_dn, cfgentry->exclude_subtree)) {
                         continue;
                 }
         }
@@ -1108,7 +1114,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                     ret = LDAP_OPERATIONS_ERROR;
                     goto done;
                 }
-                sdn = slapi_sdn_new_dn_byval(dn);
+                sdn = slapi_sdn_new_dn_byval(current_dn);
                 if (!sdn) {
                     LOG_OOM();
                     ret = LDAP_OPERATIONS_ERROR;
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to