andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0020-Issue-4447-Crash-when-the-Referential-Integrity-log-.patch

6d0b66
From 7b7217538908ae58df864ef5cd82e1d3303c189f Mon Sep 17 00:00:00 2001
6d0b66
From: Mark Reynolds <mreynolds@redhat.com>
6d0b66
Date: Mon, 7 Jun 2021 12:58:42 -0400
6d0b66
Subject: [PATCH] Issue 4447 - Crash when the Referential Integrity log is
6d0b66
 manually edited
6d0b66
6d0b66
Bug Description:  If the referint log is manually edited with a string
6d0b66
                  that is not a DN the server will crash when processing
6d0b66
                  the log.
6d0b66
6d0b66
Fix Description:  Check for NULL pointers when strtoking the file line.
6d0b66
6d0b66
relates: https://github.com/389ds/389-ds-base/issues/4447
6d0b66
6d0b66
Reviewed by: firstyear(Thanks!)
6d0b66
---
6d0b66
 .../tests/suites/plugins/referint_test.py     | 72 +++++++++++++++----
6d0b66
 ldap/servers/plugins/referint/referint.c      |  7 ++
6d0b66
 src/lib389/lib389/plugins.py                  | 15 ++++
6d0b66
 3 files changed, 80 insertions(+), 14 deletions(-)
6d0b66
6d0b66
diff --git a/dirsrvtests/tests/suites/plugins/referint_test.py b/dirsrvtests/tests/suites/plugins/referint_test.py
6d0b66
index 02b985767..fda602545 100644
6d0b66
--- a/dirsrvtests/tests/suites/plugins/referint_test.py
6d0b66
+++ b/dirsrvtests/tests/suites/plugins/referint_test.py
6d0b66
@@ -1,5 +1,5 @@
6d0b66
 # --- BEGIN COPYRIGHT BLOCK ---
6d0b66
-# Copyright (C) 2016 Red Hat, Inc.
6d0b66
+# Copyright (C) 2021 Red Hat, Inc.
6d0b66
 # All rights reserved.
6d0b66
 #
6d0b66
 # License: GPL (version 3 or any later version).
6d0b66
@@ -12,13 +12,11 @@ Created on Dec 12, 2019
6d0b66
 @author: tbordaz
6d0b66
 '''
6d0b66
 import logging
6d0b66
-import subprocess
6d0b66
 import pytest
6d0b66
 from lib389 import Entry
6d0b66
-from lib389.utils import *
6d0b66
-from lib389.plugins import *
6d0b66
-from lib389._constants import *
6d0b66
-from lib389.idm.user import UserAccounts, UserAccount
6d0b66
+from lib389.plugins import ReferentialIntegrityPlugin
6d0b66
+from lib389._constants import DEFAULT_SUFFIX
6d0b66
+from lib389.idm.user import UserAccounts
6d0b66
 from lib389.idm.group import Groups
6d0b66
 from lib389.topologies import topology_st as topo
6d0b66
 
6d0b66
@@ -29,21 +27,27 @@ log = logging.getLogger(__name__)
6d0b66
 ESCAPED_RDN_BASE = "foo\\,oo"
6d0b66
 def _user_get_dn(no):
6d0b66
     uid = '%s%d' % (ESCAPED_RDN_BASE, no)
6d0b66
-    dn = 'uid=%s,%s' % (uid, SUFFIX)
6d0b66
+    dn = 'uid=%s,%s' % (uid, DEFAULT_SUFFIX)
6d0b66
     return (uid, dn)
6d0b66
 
6d0b66
 def add_escaped_user(server, no):
6d0b66
     (uid, dn) = _user_get_dn(no)
6d0b66
     log.fatal('Adding user (%s): ' % dn)
6d0b66
-    server.add_s(Entry((dn, {'objectclass': ['top', 'person', 'organizationalPerson', 'inetOrgPerson'],
6d0b66
-                             'uid': [uid],
6d0b66
-                             'sn' : [uid],
6d0b66
-                             'cn' : [uid]})))
6d0b66
+    users = UserAccounts(server, DEFAULT_SUFFIX, None)
6d0b66
+    user_properties = {
6d0b66
+        'objectclass': ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount'],
6d0b66
+        'uid': uid,
6d0b66
+        'cn' : uid,
6d0b66
+        'sn' : uid,
6d0b66
+        'uidNumber' : '1000',
6d0b66
+        'gidNumber' : '2000',
6d0b66
+        'homeDirectory' : '/home/testuser',
6d0b66
+    }
6d0b66
+    users.create(properties=user_properties)
6d0b66
     return dn
6d0b66
 
6d0b66
-@pytest.mark.ds50020
6d0b66
 def test_referential_false_failure(topo):
6d0b66
-    """On MODRDN referential integrity can erronously fail
6d0b66
+    """On MODRDN referential integrity can erroneously fail
6d0b66
 
6d0b66
     :id: f77aeb80-c4c4-471b-8c1b-4733b714778b
6d0b66
     :setup: Standalone Instance
6d0b66
@@ -100,6 +104,46 @@ def test_referential_false_failure(topo):
6d0b66
     inst.restart()
6d0b66
 
6d0b66
     # Here if the bug is fixed, referential is able to update the member value
6d0b66
-    inst.rename_s(user1.dn, 'uid=new_test_user_1001', newsuperior=SUFFIX, delold=0)
6d0b66
+    user1.rename('uid=new_test_user_1001', newsuperior=DEFAULT_SUFFIX, deloldrdn=False)
6d0b66
 
6d0b66
 
6d0b66
+def test_invalid_referint_log(topo):
6d0b66
+    """If there is an invalid log line in the referint log, make sure the server
6d0b66
+    does not crash at startup
6d0b66
+
6d0b66
+    :id: 34807b5a-ab17-4281-ae48-4e3513e19145
6d0b66
+    :setup: Standalone Instance
6d0b66
+    :steps:
6d0b66
+        1. Set the referint log delay
6d0b66
+        2. Create invalid log
6d0b66
+        3. Start the server (no crash)
6d0b66
+    :expectedresults:
6d0b66
+        1. Success
6d0b66
+        2. Success
6d0b66
+        3. Success
6d0b66
+    """
6d0b66
+
6d0b66
+    inst = topo.standalone
6d0b66
+
6d0b66
+    # Set delay - required for log parsing at server startup
6d0b66
+    plugin = ReferentialIntegrityPlugin(inst)
6d0b66
+    plugin.enable()
6d0b66
+    plugin.set_update_delay('2')
6d0b66
+    logfile = plugin.get_log_file()
6d0b66
+    inst.restart()
6d0b66
+
6d0b66
+    # Create invalid log
6d0b66
+    inst.stop()
6d0b66
+    with open(logfile, 'w') as log_fh:
6d0b66
+        log_fh.write("CRASH\n")
6d0b66
+
6d0b66
+    # Start the instance
6d0b66
+    inst.start()
6d0b66
+    assert inst.status()
6d0b66
+
6d0b66
+
6d0b66
+if __name__ == '__main__':
6d0b66
+    # Run isolated
6d0b66
+    # -s for DEBUG mode
6d0b66
+    CURRENT_FILE = os.path.realpath(__file__)
6d0b66
+    pytest.main("-s %s" % CURRENT_FILE)
6d0b66
diff --git a/ldap/servers/plugins/referint/referint.c b/ldap/servers/plugins/referint/referint.c
6d0b66
index fd5356d72..28240c1f6 100644
6d0b66
--- a/ldap/servers/plugins/referint/referint.c
6d0b66
+++ b/ldap/servers/plugins/referint/referint.c
6d0b66
@@ -1447,6 +1447,13 @@ referint_thread_func(void *arg __attribute__((unused)))
6d0b66
             sdn = slapi_sdn_new_normdn_byref(ptoken);
6d0b66
             ptoken = ldap_utf8strtok_r(NULL, delimiter, &iter);
6d0b66
 
6d0b66
+            if (ptoken == NULL) {
6d0b66
+                /* Invalid line in referint log, skip it */
6d0b66
+                slapi_log_err(SLAPI_LOG_ERR, REFERINT_PLUGIN_SUBSYSTEM,
6d0b66
+                        "Skipping invalid referint log line: (%s)\n", thisline);
6d0b66
+                slapi_sdn_free(&sdn;;
6d0b66
+                continue;
6d0b66
+            }
6d0b66
             if (!strcasecmp(ptoken, "NULL")) {
6d0b66
                 tmprdn = NULL;
6d0b66
             } else {
6d0b66
diff --git a/src/lib389/lib389/plugins.py b/src/lib389/lib389/plugins.py
6d0b66
index 2d88e60bd..b07e80022 100644
6d0b66
--- a/src/lib389/lib389/plugins.py
6d0b66
+++ b/src/lib389/lib389/plugins.py
6d0b66
@@ -518,6 +518,21 @@ class ReferentialIntegrityPlugin(Plugin):
6d0b66
 
6d0b66
         self.set('referint-update-delay', str(value))
6d0b66
 
6d0b66
+    def get_log_file(self):
6d0b66
+        """Get referint log file"""
6d0b66
+
6d0b66
+        return self.get_attr_val_utf8('referint-logfile')
6d0b66
+
6d0b66
+    def get_log_file_formatted(self):
6d0b66
+        """Get referint log file"""
6d0b66
+
6d0b66
+        return self.display_attr('referint-logfile')
6d0b66
+
6d0b66
+    def set_log_file(self, value):
6d0b66
+        """Set referint log file"""
6d0b66
+
6d0b66
+        self.set('referint-logfile', value)
6d0b66
+
6d0b66
     def get_membership_attr(self, formatted=False):
6d0b66
         """Get referint-membership-attr attribute"""
6d0b66
 
6d0b66
-- 
6d0b66
2.31.1
6d0b66