From 50d62b6d5ea69e5cad6359dbd1dccb09fcfa1a6b Mon Sep 17 00:00:00 2001

From: Mark Reynolds <mreynolds@redhat.com>

Date: Tue, 3 Oct 2017 09:51:53 -0400

Subject: [PATCH] Ticket 49320 - Activating already active role returns error

 16

Bug Description:  ns-activate.pl returns error 16 when trying to activate an

                  already active role.

Fix Description:  Check for error 16 (no such attr), and return error 100.

                  Also added a "redirect"otion to the ldapmod function to

                  hide any errors printed to STDERR, so that the script can

                  display its own error message.

https://pagure.io/389-ds-base/issue/49320

Reviewed by: firstyear(Thanks!)

(cherry picked from commit 406084847f29aa44ffd81de746770aeff6b67c61)

---

 ldap/admin/src/scripts/DSUtil.pm.in      | 18 +++++++++++-------

 ldap/admin/src/scripts/ns-activate.pl.in |  9 ++++++++-

 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in

index 805a9b91d..791464d0a 100644

--- a/ldap/admin/src/scripts/DSUtil.pm.in

+++ b/ldap/admin/src/scripts/DSUtil.pm.in

@@ -1447,6 +1447,10 @@ sub ldapmod {

         close (FILE);

     }

+    if ($info{redirect} eq ""){

+        $info{redirect} = "> /dev/null";

+    }

+

     #

     # Check the protocol, and reset it if it's invalid

     #

@@ -1470,9 +1474,9 @@ sub ldapmod {

             print "STARTTLS)\n";

         }

         if($info{openldap} eq "yes"){

-            system "ldapmodify -x -ZZ -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";

+            system "ldapmodify -x -ZZ -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";

         } else {

-            system "ldapmodify -ZZZ -P \"$info{certdir}\" -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";

+            system "ldapmodify -ZZZ -P \"$info{certdir}\" -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";

         }

     } elsif (($info{security} eq "on" && $info{protocol} eq "") || ($info{security} eq "on" && $info{protocol} =~ m/LDAPS/i) ){ 

         # 

@@ -1482,9 +1486,9 @@ sub ldapmod {

             print "LDAPS)\n";

         }

         if($info{openldap} eq "yes"){

-            system "ldapmodify -x -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";

+            system "ldapmodify -x -H \"ldaps://$info{host}:$info{secure_port}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";

         } else {

-            system "ldapmodify -Z -P \"$info{certdir}\" -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";

+            system "ldapmodify -Z -P \"$info{certdir}\" -p $info{secure_port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";

         }

     } elsif (($info{openldap} eq "yes") && (($info{ldapi} eq "on" && $info{protocol} eq "") || ($info{ldapi} eq "on" && $info{protocol} =~ m/LDAPI/i)) ){  

         #

@@ -1499,7 +1503,7 @@ sub ldapmod {

             if($protocol_error eq "yes"){

                 print "LDAPI)\n";

             }

-            system "ldapmodify -x -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";

+            system "ldapmodify -x -H \"$info{ldapiURL}\" -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";

         }

     } else {

         # 

@@ -1509,9 +1513,9 @@ sub ldapmod {

             print "LDAP)\n";

         }

         if($info{openldap} eq "yes"){

-            system "ldapmodify -x -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";

+            system "ldapmodify -x -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";

         } else {

-            system "ldapmodify -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" > /dev/null";

+            system "ldapmodify -h $info{host} -p $info{port} -D \"$info{rootdn}\" -w $myrootdnpw $info{args} -f \"$file\" $info{redirect}";

         }

     }

     unlink ($file);

diff --git a/ldap/admin/src/scripts/ns-activate.pl.in b/ldap/admin/src/scripts/ns-activate.pl.in

index 5922c9aab..bec19c8e7 100644

--- a/ldap/admin/src/scripts/ns-activate.pl.in

+++ b/ldap/admin/src/scripts/ns-activate.pl.in

@@ -731,11 +731,18 @@ if ( $single == 1 ){

 }

 $info{args} = "-c";

+$info{redirect} = "> /dev/null 2>&1;;

 DSUtil::ldapmod($record, %info);

 if( $? != 0 ){

     debug("delete, $entry\n");

     $retCode=$?>>8;

-    exit $retCode;

+    if ($retCode == "16") {  # Error 16 (no such attr) - already activated

+        out("$entry already $state.\n");

+        exit 100;

+    } else {

+        out("Failed to activate $entry, error $retCode\n");

+        exit $retCode;

+    }

 }

 out("$entry $state.\n");

-- 

2.13.6