Avoid calling ldap functions without a context

We need to make sure we have a ld context before we can load the configuration, otherwise ldap APIs will abort crashing the KDC. If we have an issue connecting to LDAP the lcontext will be NULL, but we are not checking that condition when we try to refresh the global configuration. https://fedorahosted.org/freeipa/ticket/4810 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-12-12 13:56:51 -05:00 · 2014-12-12 13:56:51 -05:00 · 730b472db1
commit 730b472db1
parent 3c69435c1b
1 changed files with 16 additions and 3 deletions
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@ -224,6 +224,10 @@ static int ipadb_load_global_config(struct ipadb_context *ipactx)
    int ret;
    char **authz_data_list;

+    if (!ipactx || !ipactx->lcontext) {
+        return EINVAL;
+    }
+
    ret = asprintf(&base, "cn=ipaConfig,cn=etc,%s", ipactx->base);
    if (ret == -1) {
        ret = ENOMEM;
@ -295,10 +299,19 @@ const struct ipadb_global_config *
 ipadb_get_global_config(struct ipadb_context *ipactx)
 {
    time_t now = 0;
+    int ret;

-    if (time(&now) != (time_t)-1
-        && now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME)
-        ipadb_load_global_config(ipactx);
+    if (time(&now) != (time_t)-1 &&
+        now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME) {
+        if (!ipactx->lcontext) {
+            ret = ipadb_get_connection(ipactx);
+            if (ret != 0)
+                return NULL;
+        }
+        ret = ipadb_load_global_config(ipactx);
+        if (ret != 0)
+            return NULL;
+    }

    return &ipactx->config;
 }