rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   a2f18fa85c26c86de0b562d43ddf87c2f0994ba6
  2.   SOURCES
  3.   0060-Ticket-48188-segfault-in-ns-slapd-due-to-accessing-S.patch
Blob History Raw
a2f18f 
From caab3e19a97d58450bbf06034974d4631aa904b6 Mon Sep 17 00:00:00 2001
a2f18f 
From: Simo Sorce <simo@redhat.com>
a2f18f 
Date: Fri, 18 Sep 2015 11:13:43 -0700
a2f18f 
Subject: [PATCH 60/61] Ticket #48188 - segfault in ns-slapd due to accessing
a2f18f 
 Slapi_DN freed in pre bind plug-in
a2f18f
a2f18f 
This patch is based upon the patch provided by Simo Sorce <simo@redhat.com> for
a2f18f 
Ticket #48272 - Allow PRE_BIND plugins to mangle DNs
a2f18f
a2f18f 
Description:
a2f18f 
Allow a pre_bind plugin to map a DN to another
a2f18f
a2f18f 
This is useful for plugins that deal with virtual trees or non-standard
a2f18f 
clients binding with values that are not proper DNs and similar situations.
a2f18f
a2f18f 
Signed-off-by: Simo Sorce <simo@redhat.com>
a2f18f
a2f18f 
2 changes are made to the original patch:
a2f18f 
1. removed "slapi_sdn_free(&sdn)" with this comment:
a2f18f 
   * It is a plug-in's responsibility to free the original Slapi_DN.
a2f18f 
   Note: slapi-nis already freed the original sdn.
a2f18f 
2. reset dn from the new sdn.
a2f18f 
   dn = slapi_sdn_get_dn(sdn);
a2f18f
a2f18f 
https://fedorahosted.org/389/ticket/48188
a2f18f
a2f18f 
Reviewed by rmeggins@redhat.com and lkrispen@redhat.com.
a2f18f
a2f18f 
(cherry picked from commit 40e0d0f80d6fd1271431e105580293747c43c327)
a2f18f 
(cherry picked from commit 6871f4f6d14198563f7f3cb0646a00faa28d35ea)
a2f18f 
---
a2f18f 
 ldap/servers/slapd/bind.c | 21 ++++++++++++++++++---
a2f18f 
 1 file changed, 18 insertions(+), 3 deletions(-)
a2f18f
a2f18f 
diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c
a2f18f 
index 1bd604f..4ec276a 100644
a2f18f 
--- a/ldap/servers/slapd/bind.c
a2f18f 
+++ b/ldap/servers/slapd/bind.c
a2f18f 
@@ -669,7 +669,7 @@ do_bind( Slapi_PBlock *pb )
a2f18f
a2f18f 
     slapi_pblock_set( pb, SLAPI_BACKEND, be );
a2f18f
a2f18f 
-	/* not root dn - pass to the backend */
a2f18f 
+    /* not root dn - pass to the backend */
a2f18f 
     if ( be->be_bind != NULL ) {
a2f18f
a2f18f 
         /*
a2f18f 
@@ -677,10 +677,25 @@ do_bind( Slapi_PBlock *pb )
a2f18f 
          * the backend bind function. then call the post-bind
a2f18f 
          * plugins.
a2f18f 
          */
a2f18f 
-        if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN )
a2f18f 
-             == 0 )  {
a2f18f 
+        if ( plugin_call_plugins( pb, SLAPI_PLUGIN_PRE_BIND_FN ) == 0 )  {
a2f18f 
             rc = 0;
a2f18f
a2f18f 
+            /* Check if a pre_bind plugin mapped the DN to another backend */
a2f18f 
+            Slapi_DN *pb_sdn;
a2f18f 
+            slapi_pblock_get(pb, SLAPI_BIND_TARGET_SDN, &pb_sdn);
a2f18f 
+            if (pb_sdn != sdn) {
a2f18f 
+                /*
a2f18f 
+                 * Slapi_DN set in pblock was changed by a pre bind plug-in.
a2f18f 
+                 * It is a plug-in's responsibility to free the original Slapi_DN.
a2f18f 
+                 */
a2f18f 
+                sdn = pb_sdn;
a2f18f 
+                dn = slapi_sdn_get_dn(sdn);
a2f18f 
+
a2f18f 
+                slapi_be_Unlock(be);
a2f18f 
+                be = slapi_be_select(sdn);
a2f18f 
+                slapi_be_Rlock(be);
a2f18f 
+            }
a2f18f 
+
a2f18f 
             /*
a2f18f 
              * Is this account locked ?
a2f18f 
              *	could be locked through the account inactivation
a2f18f 
--
a2f18f 
1.9.3
a2f18f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation