adamwill / 389-ds-base

Forked from 389-ds-base 4 years ago
Clone

9740c20 Ticket 50020 - during MODRDN referential integrity can fail erronously while updating large groups

Authored and Committed by tbordaz 5 years ago
    Ticket 50020 - during MODRDN referential integrity can fail erronously while updating large groups
    
    Bug Description:
    	During a MODRDN of a group member, referential integrity will update the groups containing this member.
    	Under specific conditions, the MODRDN can fail (err=1).
    
    	on MODRDN Referential integrity checks if the original DN of the target MODRDN entry is
    	member of a given group. If it is then it updates the group.
    	The returned code of the group update is using the variable 'rc'.
    	It does a normalized DN comparison to compare original DN with members DN, to determine if
    	a group needs to be updated.
    	If the group does not need to be updated, 'rc' is not set.
    	The bug is that it uses 'rc' to normalize the DN and if the group is not updated
    	the returned code reflects the normalization returned code rather that the group update.
    
    	The bug is hit in specific conditions
    
    	    One of the evaluated group contains more than 128 members
    	    the last member (last value) of the group is not the moved entry
    	    the last member (last value) of the group is a DN value that contains escaped chars
    
    Fix Description:
    	Use a local variable to check the result of the DN normalization
    
    https://pagure.io/389-ds-base/issue/50020
    
    Reviewed by: Simon Pichugin, Mark Reynolds (thanks)
    
    Platforms tested: F27
    
    Flag Day: no