From 78f9c6a3b013ef67f0cd4d898ad1fbe86b69d386 Mon Sep 17 00:00:00 2001 From: Thierry Bordaz Date: Nov 08 2017 09:32:26 +0000 Subject: 389-ds-base crashed as part of ipa-server-intall in ipa-uuid Bug Description: When adding an entry, ipa-uuid plugin may generate a unique value for some of its attribute. If the generated attribute is part of the RDN, the target DN is replaced on the fly and the previous one freed. Unfortunately, previous DN may be later used instead of the new one. Fix Description: Make sure to use only the current DN of the operation https://bugzilla.redhat.com/show_bug.cgi?id=1496226 https://pagure.io/freeipa/issue/7227 Reviewed-By: Alexander Bokovoy --- diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c index ffade14..87d8be2 100644 --- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c +++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c @@ -911,6 +911,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) list != ipauuid_global_config; list = PR_NEXT_LINK(list)) { cfgentry = (struct configEntry *) list; + char *current_dn = NULL; generate = false; set_attr = false; @@ -920,16 +921,21 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) cfgentry->attr)) { continue; } + /* Current DN may have been reset by + * slapi_pblock_set(pb, SLAPI_ADD_TARGET,..) see below + * need to reread it + */ + current_dn = ipauuid_get_dn(pb); /* is the entry in scope? */ if (cfgentry->scope) { - if (!slapi_dn_issuffix(dn, cfgentry->scope)) { + if (!slapi_dn_issuffix(current_dn, cfgentry->scope)) { continue; } } if (cfgentry->exclude_subtree) { - if (slapi_dn_issuffix(dn, cfgentry->exclude_subtree)) { + if (slapi_dn_issuffix(current_dn, cfgentry->exclude_subtree)) { continue; } } @@ -1108,7 +1114,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) ret = LDAP_OPERATIONS_ERROR; goto done; } - sdn = slapi_sdn_new_dn_byval(dn); + sdn = slapi_sdn_new_dn_byval(current_dn); if (!sdn) { LOG_OOM(); ret = LDAP_OPERATIONS_ERROR;