andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
Source Code
GIT

Blame 0419-Ticket-49072-validate-memberof-fixup-task-args.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   c6
  2.   0419-Ticket-49072-validate-memberof-fixup-task-args.patch
Blob History Raw
dc8c34 
From 7793b7f764c9a60dc8a67289c690c78835fc337b Mon Sep 17 00:00:00 2001
dc8c34 
From: Mark Reynolds <mreynolds@redhat.com>
dc8c34 
Date: Tue, 20 Dec 2016 14:59:02 -0500
dc8c34 
Subject: [PATCH 419/425] Ticket 49072 - validate memberof fixup task args
dc8c34
dc8c34 
Bug Description:  If an invalid base dn, or invalid filter was provided
dc8c34 
                  in the task there was no way to tell thathte task
dc8c34 
                  actually failed.
dc8c34
dc8c34 
Fix Description:  Log an error, and properly update the task status/exit
dc8c34 
                  code when an error occurs.
dc8c34
dc8c34 
                  Added CI test (also fixed some issues in the dynamic
dc8c34 
                  plugins test suite).
dc8c34
dc8c34 
https://fedorahosted.org/389/ticket/49072
dc8c34
dc8c34 
Reviewed by: nhosoi(Thanks!)
dc8c34
dc8c34 
(cherry picked from commit a79ae70df6b20cd288fca511f784c414e8c52df4)
dc8c34 
(cherry picked from commit b0020b73d34bdd630fb5b1a3e4fcebbb4b81f9c9)
dc8c34 
(cherry picked from commit 8efcc704c42fb11e0950b12d7abaf65e77050070)
dc8c34 
---
dc8c34 
 ldap/servers/plugins/memberof/memberof.c | 48 ++++++++++++++++++++++----------
dc8c34 
 ldap/servers/slapd/plugin_internal_op.c  | 27 ++++++++----------
dc8c34 
 2 files changed, 46 insertions(+), 29 deletions(-)
dc8c34
dc8c34 
diff --git a/ldap/servers/plugins/memberof/memberof.c b/ldap/servers/plugins/memberof/memberof.c
dc8c34 
index 7cb0e27..fd080da 100644
dc8c34 
--- a/ldap/servers/plugins/memberof/memberof.c
dc8c34 
+++ b/ldap/servers/plugins/memberof/memberof.c
dc8c34 
@@ -92,6 +92,13 @@ typedef struct _memberof_get_groups_data
dc8c34 
         Slapi_ValueSet **groupvals;
dc8c34 
 } memberof_get_groups_data;
dc8c34
dc8c34 
+typedef struct _task_data
dc8c34 
+{
dc8c34 
+	char *dn;
dc8c34 
+	char *bind_dn;
dc8c34 
+	char *filter_str;
dc8c34 
+} task_data;
dc8c34 
+
dc8c34 
 /*** function prototypes ***/
dc8c34
dc8c34 
 /* exported functions */
dc8c34 
@@ -169,7 +176,7 @@ static void memberof_task_destructor(Slapi_Task *task);
dc8c34 
 static const char *fetch_attr(Slapi_Entry *e, const char *attrname,
dc8c34 
                                               const char *default_val);
dc8c34 
 static void memberof_fixup_task_thread(void *arg);
dc8c34 
-static int memberof_fix_memberof(MemberOfConfig *config, char *dn, char *filter_str);
dc8c34 
+static int memberof_fix_memberof(MemberOfConfig *config, Slapi_Task *task, task_data *td);
dc8c34 
 static int memberof_fix_memberof_callback(Slapi_Entry *e, void *callback_data);
dc8c34
dc8c34
dc8c34 
@@ -2271,13 +2278,6 @@ void memberof_unlock()
dc8c34 
 	PR_ExitMonitor(memberof_operation_lock);
dc8c34 
 }
dc8c34
dc8c34 
-typedef struct _task_data
dc8c34 
-{
dc8c34 
-	char *dn;
dc8c34 
-	char *bind_dn;
dc8c34 
-	char *filter_str;
dc8c34 
-} task_data;
dc8c34 
-
dc8c34 
 void memberof_fixup_task_thread(void *arg)
dc8c34 
 {
dc8c34 
 	MemberOfConfig configCopy = {0, 0, 0, 0};
dc8c34 
@@ -2285,6 +2285,11 @@ void memberof_fixup_task_thread(void *arg)
dc8c34 
 	task_data *td = NULL;
dc8c34 
 	int rc = 0;
dc8c34
dc8c34 
+
dc8c34 
+	if (!task) {
dc8c34 
+		return; /* no task */
dc8c34 
+	}
dc8c34 
+
dc8c34 
 	/* Fetch our task data from the task */
dc8c34 
 	td = (task_data *)slapi_task_get_data(task);
dc8c34
dc8c34 
@@ -2292,8 +2297,10 @@ void memberof_fixup_task_thread(void *arg)
dc8c34 
 	slapi_td_set_dn(slapi_ch_strdup(td->bind_dn));
dc8c34
dc8c34 
 	slapi_task_begin(task, 1);
dc8c34 
-	slapi_task_log_notice(task, "Memberof task starts (arg: %s) ...\n",
dc8c34 
-								td->filter_str);
dc8c34 
+	slapi_task_log_notice(task, "Memberof task starts (filter: %s) ...\n",
dc8c34 
+	                      td->filter_str);
dc8c34 
+	slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
dc8c34 
+	                "Memberof task starts (filter: \"%s\") ...\n", td->filter_str);
dc8c34
dc8c34 
 	/* We need to get the config lock first.  Trying to get the
dc8c34 
 	 * config lock after we already hold the op lock can cause
dc8c34 
@@ -2310,7 +2317,7 @@ void memberof_fixup_task_thread(void *arg)
dc8c34 
 	memberof_lock();
dc8c34
dc8c34 
 	/* do real work */
dc8c34 
-	rc = memberof_fix_memberof(&configCopy, td->dn, td->filter_str);
dc8c34 
+	rc = memberof_fix_memberof(&configCopy, task, td);
dc8c34
dc8c34 
 	/* release the memberOf operation lock */
dc8c34 
 	memberof_unlock();
dc8c34 
@@ -2320,6 +2327,9 @@ void memberof_fixup_task_thread(void *arg)
dc8c34 
 	slapi_task_log_notice(task, "Memberof task finished.");
dc8c34 
 	slapi_task_log_status(task, "Memberof task finished.");
dc8c34 
 	slapi_task_inc_progress(task);
dc8c34 
+	slapi_log_error(SLAPI_LOG_FATAL, MEMBEROF_PLUGIN_SUBSYSTEM,
dc8c34 
+	                "Memberof task finished (filter: %s) result: %d\n",
dc8c34 
+	                td->filter_str, rc);
dc8c34
dc8c34 
 	/* this will queue the destruction of the task */
dc8c34 
 	slapi_task_finish(task, rc);
dc8c34 
@@ -2434,13 +2444,13 @@ memberof_task_destructor(Slapi_Task *task)
dc8c34 
 	}
dc8c34 
 }
dc8c34
dc8c34 
-int memberof_fix_memberof(MemberOfConfig *config, char *dn, char *filter_str)
dc8c34 
+int memberof_fix_memberof(MemberOfConfig *config, Slapi_Task *task, task_data *td)
dc8c34 
 {
dc8c34 
 	int rc = 0;
dc8c34 
 	Slapi_PBlock *search_pb = slapi_pblock_new();
dc8c34
dc8c34 
-	slapi_search_internal_set_pb(search_pb, dn,
dc8c34 
-		LDAP_SCOPE_SUBTREE, filter_str, 0, 0,
dc8c34 
+	slapi_search_internal_set_pb(search_pb, td->dn,
dc8c34 
+		LDAP_SCOPE_SUBTREE, td->filter_str, 0, 0,
dc8c34 
 		0, 0,
dc8c34 
 		memberof_get_plugin_id(),
dc8c34 
 		0);
dc8c34 
@@ -2449,6 +2459,16 @@ int memberof_fix_memberof(MemberOfConfig *config, char *dn, char *filter_str)
dc8c34 
 		config,
dc8c34 
 		0, memberof_fix_memberof_callback,
dc8c34 
 		0);
dc8c34 
+	if (rc){
dc8c34 
+		char *errmsg;
dc8c34 
+		int result;
dc8c34 
+
dc8c34 
+		slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
dc8c34 
+		errmsg = ldap_err2string(result);
dc8c34 
+		slapi_log_err(SLAPI_LOG_ERR, MEMBEROF_PLUGIN_SUBSYSTEM,
dc8c34 
+			"memberof_fix_memberof - Failed (%s)\n", errmsg );
dc8c34 
+		slapi_task_log_notice(task, "Memberof task failed (%s)\n", errmsg );
dc8c34 
+	}
dc8c34
dc8c34 
 	slapi_pblock_destroy(search_pb);
dc8c34
dc8c34 
diff --git a/ldap/servers/slapd/plugin_internal_op.c b/ldap/servers/slapd/plugin_internal_op.c
dc8c34 
index 4c7462d..f916caf 100644
dc8c34 
--- a/ldap/servers/slapd/plugin_internal_op.c
dc8c34 
+++ b/ldap/servers/slapd/plugin_internal_op.c
dc8c34 
@@ -757,7 +757,7 @@ search_internal_callback_pb (Slapi_PBlock *pb, void *callback_data,
dc8c34 
 	if (ifstr == NULL || (scope != LDAP_SCOPE_BASE && scope != LDAP_SCOPE_ONELEVEL
dc8c34 
         && scope != LDAP_SCOPE_SUBTREE))
dc8c34 
     {
dc8c34 
-        opresult =  LDAP_PARAM_ERROR;
dc8c34 
+        opresult = LDAP_PARAM_ERROR;
dc8c34 
         slapi_pblock_set(pb, SLAPI_PLUGIN_INTOP_RESULT, &opresult);
dc8c34 
         return -1;
dc8c34 
     }
dc8c34 
@@ -774,19 +774,19 @@ search_internal_callback_pb (Slapi_PBlock *pb, void *callback_data,
dc8c34 
     op->o_search_referral_handler = internal_ref_entry_callback;
dc8c34
dc8c34 
     filter = slapi_str2filter((fstr = slapi_ch_strdup(ifstr)));
dc8c34 
-    if(scope == LDAP_SCOPE_BASE) {
dc8c34 
-        filter->f_flags |= (SLAPI_FILTER_LDAPSUBENTRY |
dc8c34 
-                            SLAPI_FILTER_TOMBSTONE | SLAPI_FILTER_RUV);
dc8c34 
+    if (NULL == filter) {
dc8c34 
+        int result = LDAP_FILTER_ERROR;
dc8c34 
+        send_ldap_result(pb, result, NULL, NULL, 0, NULL);
dc8c34 
+        slapi_pblock_set(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
dc8c34 
+        rc = -1;
dc8c34 
+        goto done;
dc8c34 
     }
dc8c34
dc8c34 
-    if (NULL == filter)
dc8c34 
-	{
dc8c34 
-    	send_ldap_result(pb, LDAP_FILTER_ERROR, NULL, NULL, 0, NULL);
dc8c34 
-		rc = -1;
dc8c34 
-    	goto done;
dc8c34 
+    if (scope == LDAP_SCOPE_BASE) {
dc8c34 
+        filter->f_flags |= (SLAPI_FILTER_LDAPSUBENTRY |
dc8c34 
+                            SLAPI_FILTER_TOMBSTONE | SLAPI_FILTER_RUV);
dc8c34 
     }
dc8c34 
     filter_normalize(filter);
dc8c34 
-
dc8c34 
     slapi_pblock_set(pb, SLAPI_SEARCH_FILTER, filter);
dc8c34 
 	slapi_pblock_set(pb, SLAPI_REQCONTROLS, controls);
dc8c34
dc8c34 
@@ -814,11 +814,8 @@ search_internal_callback_pb (Slapi_PBlock *pb, void *callback_data,
dc8c34 
     slapi_pblock_get(pb, SLAPI_SEARCH_FILTER, &filter);
dc8c34
dc8c34 
 done:
dc8c34 
-    slapi_ch_free((void **) & fstr);
dc8c34 
-    if (filter != NULL)
dc8c34 
-    {
dc8c34 
-        slapi_filter_free(filter, 1 /* recurse */);
dc8c34 
-    }
dc8c34 
+    slapi_ch_free_string(&fstr);
dc8c34 
+    slapi_filter_free(filter, 1 /* recurse */);
dc8c34 
     slapi_pblock_get(pb, SLAPI_SEARCH_ATTRS, &tmp_attrs);
dc8c34 
     slapi_ch_array_free(tmp_attrs);
dc8c34 
     slapi_pblock_set(pb, SLAPI_SEARCH_ATTRS, NULL);
dc8c34 
--
dc8c34 
2.9.3
dc8c34

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation