The LDAP context was not checked on the first api call and a context may be null on some error conditions (LDAP server unreachable).
Always check that we have a valid context before calling the ldap API. Builds abut it is untested. Simo. -- Simo Sorce * Red Hat, Inc * New York
From 934568405c8868016dad0dbdcae91e5eada29c8a Mon Sep 17 00:00:00 2001 From: Simo Sorce <[email protected]> Date: Tue, 5 Jan 2016 16:04:49 -0500 Subject: [PATCH] Always verify we have a valid ldap context. LDAP calls just assert if an invalid (NULL) context is passed in, so we need to be sure we have a valid connection context before calling into LDAP APIs and fail outright if a context can't be obtained. Signed-off-by: Simo Sorce <[email protected]> --- daemons/ipa-kdb/ipa_kdb_common.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c index 112086b57c9f83895589538b5494ae81fb14a948..7438f35049ba4e88c401f85a1703323c38c063cc 100644 --- a/daemons/ipa-kdb/ipa_kdb_common.c +++ b/daemons/ipa-kdb/ipa_kdb_common.c @@ -158,6 +158,14 @@ static bool ipadb_need_retry(struct ipadb_context *ipactx, int error) return false; } +static int ipadb_check_connection(struct ipadb_context *ipactx) +{ + if (ipactx->lcontext == NULL) { + return ipadb_get_connection(ipactx); + } + return 0; +} + krb5_error_code ipadb_simple_search(struct ipadb_context *ipactx, char *basedn, int scope, char *filter, char **attrs, @@ -165,6 +173,10 @@ krb5_error_code ipadb_simple_search(struct ipadb_context *ipactx, { int ret; + ret = ipadb_check_connection(ipactx); + if (ret != 0) + return ipadb_simple_ldap_to_kerr(ret); + ret = ldap_search_ext_s(ipactx->lcontext, basedn, scope, filter, attrs, 0, NULL, NULL, &std_timeout, LDAP_NO_LIMIT, @@ -187,6 +199,10 @@ krb5_error_code ipadb_simple_delete(struct ipadb_context *ipactx, char *dn) { int ret; + ret = ipadb_check_connection(ipactx); + if (ret != 0) + return ipadb_simple_ldap_to_kerr(ret); + ret = ldap_delete_ext_s(ipactx->lcontext, dn, NULL, NULL); /* first test if we need to retry to connect */ @@ -204,6 +220,10 @@ krb5_error_code ipadb_simple_add(struct ipadb_context *ipactx, { int ret; + ret = ipadb_check_connection(ipactx); + if (ret != 0) + return ipadb_simple_ldap_to_kerr(ret); + ret = ldap_add_ext_s(ipactx->lcontext, dn, mods, NULL, NULL); /* first test if we need to retry to connect */ @@ -221,6 +241,10 @@ krb5_error_code ipadb_simple_modify(struct ipadb_context *ipactx, { int ret; + ret = ipadb_check_connection(ipactx); + if (ret != 0) + return ipadb_simple_ldap_to_kerr(ret); + ret = ldap_modify_ext_s(ipactx->lcontext, dn, mods, NULL, NULL); /* first test if we need to retry to connect */ @@ -320,6 +344,11 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, retry = true; while (retry) { times--; + + ret = ipadb_check_connection(ipactx); + if (ret != 0) + break; + ret = ldap_search_ext_s(ipactx->lcontext, base_dn, scope, filter, entry_attrs, 0, -- 2.5.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
