389-ds-base crashed as part of ipa-server-intall in ipa-uuid

Bug Description: When adding an entry, ipa-uuid plugin may generate a unique value for some of its attribute. If the generated attribute is part of the RDN, the target DN is replaced on the fly and the previous one freed. Unfortunately, previous DN may be later used instead of the new one. Fix Description: Make sure to use only the current DN of the operation https://bugzilla.redhat.com/show_bug.cgi?id=1496226 https://pagure.io/freeipa/issue/7227 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-09-25 16:41:51 +02:00
parent e76ab3e8b0
commit cb6ac16fcd
1 changed files with 9 additions and 3 deletions
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -911,6 +911,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
        list != ipauuid_global_config;
        list = PR_NEXT_LINK(list)) {
        cfgentry = (struct configEntry *) list;
+        char *current_dn = NULL;

        generate = false;
        set_attr = false;
@@ -920,16 +921,21 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                                       cfgentry->attr)) {
            continue;
        }
+        /* Current DN may have been reset by
+         * slapi_pblock_set(pb, SLAPI_ADD_TARGET,..) see below
+         * need to reread it
+         */
+        current_dn = ipauuid_get_dn(pb);

        /* is the entry in scope? */
        if (cfgentry->scope) {
-            if (!slapi_dn_issuffix(dn, cfgentry->scope)) {
+            if (!slapi_dn_issuffix(current_dn, cfgentry->scope)) {
                continue;
            }
        }

        if (cfgentry->exclude_subtree) {
-                if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) {
+                if (slapi_dn_issuffix(current_dn, cfgentry->exclude_subtree)) {
                        continue;
                }
        }
@@ -1108,7 +1114,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                    ret = LDAP_OPERATIONS_ERROR;
                    goto done;
                }
-                sdn = slapi_sdn_new_dn_byval(dn);
+                sdn = slapi_sdn_new_dn_byval(current_dn);
                if (!sdn) {
                    LOG_OOM();
                    ret = LDAP_OPERATIONS_ERROR;