Works with correct privileges checking, as in your patch attached.

ACK

Matúš Honěk


----- Original Message -----
From: "Petr Spacek" <pspa...@redhat.com>
To: tho...@redhat.com
Cc: freeipa-devel@redhat.com, "Matus Honek" <mho...@redhat.com>
Sent: Friday, May 22, 2015 10:03:49 AM
Subject: Re: [Freeipa-devel] [PATCH 0367] Support unknown record types (RFC 
3597)

On 18.5.2015 17:31, Petr Spacek wrote:
> Hello,
> 
> This patch is unrelated to metaDB but it should be merged before alpha, too.
> 
> Thank you for review!
> 
> Support unknown record types (RFC 3597).
> 
> Fallback to generic LDAP attribute "UnknownRecord;TYP256" if attempt to
> add specific attribute like "URIRecord" failed with 
> LDAP_OBJECT_CLASS_VIOLATION
> and always delete both attributes like "URIRecord" and 
> "UnknownRecord;TYPE256".
> 
> https://fedorahosted.org/bind-dyndb-ldap/ticket/157

Fixed version is attached. Version 1 could dereference NULL pointers in second
iteration of while loops.

-- 
Petr^2 Spacek
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 67a1c9a..944169a 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -3112,7 +3112,7 @@ retry:
 
        log_ldap_error(ldap_conn->handle, "while %s entry '%s'", operation_str, dn);
        /* attempt to manipulate attribute failed - likely a unknown RR type */
-       if (err_code == LDAP_OBJECT_CLASS_VIOLATION)
+       if (err_code == LDAP_OBJECT_CLASS_VIOLATION || err_code == LDAP_INSUFFICIENT_ACCESS)
                CLEANUP_WITH(DNS_R_UNKNOWN);
 
        /* do not error out if we are trying to delete an

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to