zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone
Blob Blame History Raw
From 2afc65fd1750afcb1667545da5625f5a932aacdd Mon Sep 17 00:00:00 2001
From: Simon Pichugin <spichugi@redhat.com>
Date: Wed, 13 Jan 2021 15:16:08 +0100
Subject: [PATCH] Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529)

Bug Description: While doing a ldapsearch on "cn=monitor" is
throwing err=32 with -s one.

Fix Description: 'cn=monitor' is not a real entry so we should not
trying to check if the searched suffix (cm=monitor or its children)
belongs to the searched backend.

Fixes: #4528

Reviewed by: @mreynolds389 @Firstyear @tbordaz (Thanks!)
---
 ldap/servers/slapd/opshared.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/ldap/servers/slapd/opshared.c b/ldap/servers/slapd/opshared.c
index c0bc5dcd0..f5ed71144 100644
--- a/ldap/servers/slapd/opshared.c
+++ b/ldap/servers/slapd/opshared.c
@@ -240,6 +240,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result)
     int rc = 0;
     int internal_op;
     Slapi_DN *basesdn = NULL;
+    Slapi_DN monitorsdn = {0};
     Slapi_DN *sdn = NULL;
     Slapi_Operation *operation = NULL;
     Slapi_Entry *referral = NULL;
@@ -765,9 +766,11 @@ op_shared_search(Slapi_PBlock *pb, int send_result)
             }
         } else {
             /* be_suffix null means that we are searching the default backend
-       * -> don't change the search parameters in pblock
-       */
-            if (be_suffix != NULL) {
+             * -> don't change the search parameters in pblock
+             * Also, we skip this block for 'cn=monitor' search and its subsearches
+             * as they are done by callbacks from monitor.c */
+            slapi_sdn_init_dn_byref(&monitorsdn, "cn=monitor");
+            if (!((be_suffix == NULL) || slapi_sdn_issuffix(basesdn, &monitorsdn))) {
                 if ((be_name == NULL) && (scope == LDAP_SCOPE_ONELEVEL)) {
                     /* one level searches
            * - depending on the suffix of the backend we might have to
@@ -789,8 +792,10 @@ op_shared_search(Slapi_PBlock *pb, int send_result)
                     } else if (slapi_sdn_issuffix(basesdn, be_suffix)) {
                         int tmp_scope = LDAP_SCOPE_ONELEVEL;
                         slapi_pblock_set(pb, SLAPI_SEARCH_SCOPE, &tmp_scope);
-                    } else
+                    } else {
+                        slapi_sdn_done(&monitorsdn);
                         goto next_be;
+                    }
                 }
 
                 /* subtree searches :
@@ -811,7 +816,7 @@ op_shared_search(Slapi_PBlock *pb, int send_result)
                     }
                 }
             }
-
+            slapi_sdn_done(&monitorsdn);
             slapi_pblock_set(pb, SLAPI_BACKEND, be);
             slapi_pblock_set(pb, SLAPI_PLUGIN, be->be_database);
             slapi_pblock_set(pb, SLAPI_SEARCH_RESULT_SET, NULL);
-- 
2.26.2