ldap/servers/plugins/automember/automember.c | 38 +++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
New commits:
commit 050adf6a910bdc204436469eb88956ad2b92d84e
Author: Mark Reynolds <mareynol(a)redhat.com>
Date: Thu Mar 8 12:37:26 2012 -0500
Ticket #308 - Automembership plugin fails if data and config area mixed in the plugin
configuration
Bug Description: If you set the nsslapd-pluginConfigArea, and set your default/target
groups
to be underneath the config area, you will deadlock the server when
you add
an entry that triggers the plugin. We grab a lock to see if the
entry is
within the plugin scope/filter. Then we try and update the group,
but since
the group is in the config area it thinks it's a config entry
and grabs the
lock again --> deadlock
Fix Description: This is a misconfiguation so we need to verify the config at
startup. Skip
definition entries if they are under the config area, and log a
error.
Reviewed by: richm (Thanks Rich!)
https://fedorahosted.org/389/ticket/308
diff --git a/ldap/servers/plugins/automember/automember.c
b/ldap/servers/plugins/automember/automember.c
index 9dcc65a..391dde7 100644
--- a/ldap/servers/plugins/automember/automember.c
+++ b/ldap/servers/plugins/automember/automember.c
@@ -531,6 +531,7 @@ automember_parse_config_entry(Slapi_Entry * e, int apply)
Slapi_PBlock *search_pb = NULL;
Slapi_Entry **rule_entries = NULL;
char *filter_str = NULL;
+ Slapi_DN *dn = NULL;
Slapi_Filter *filter = NULL;
int result;
int entry_added = 0;
@@ -626,6 +627,27 @@ automember_parse_config_entry(Slapi_Entry * e, int apply)
if (values) {
/* Just hand off the values */
entry->default_groups = values;
+
+ /*
+ * If we set the config area, we need to make sure that the default groups are
not
+ * in the config area, or else we could deadlock on updates.
+ */
+ if(automember_get_config_area()){
+ for(i = 0; values && values[i]; i++){
+ dn = slapi_sdn_new_dn_byref(values[i]);
+ if(slapi_sdn_issuffix(dn, automember_get_config_area())){
+ /* The groups are under the config area - not good */
+ slapi_log_error(SLAPI_LOG_FATAL, AUTOMEMBER_PLUGIN_SUBSYSTEM,
+ "automember_parse_config_entry: The default
group \"%s\" can not be "
+ "a child of the plugin config area
\"%s\".\n",
+ values[i],
slapi_sdn_get_dn(automember_get_config_area()));
+ slapi_sdn_free(&dn);
+ ret = -1;
+ goto bail;
+ }
+ slapi_sdn_free(&dn);
+ }
+ }
values = NULL;
}
@@ -976,6 +998,7 @@ automember_parse_regex_entry(struct configEntry *config, Slapi_Entry
*e)
{
char *target_group = NULL;
char **values = NULL;
+ Slapi_DN *group_dn = NULL;
PRCList *list;
int i = 0;
@@ -1001,6 +1024,21 @@ automember_parse_regex_entry(struct configEntry *config,
Slapi_Entry *e)
goto bail;
}
+ /* normalize the group dn and compare it to the configArea DN */
+ if(automember_get_config_area()){
+ group_dn = slapi_sdn_new_dn_byref(target_group);
+ if(slapi_sdn_issuffix(group_dn, automember_get_config_area())){
+ /* The target group is under the plugin config area - not good */
+ slapi_log_error(SLAPI_LOG_FATAL, AUTOMEMBER_PLUGIN_SUBSYSTEM,
+ "automember_parse_regex_entry: The target group \"%s\" can
not be "
+ "a child of the plugin config area \"%s\".\n",
+ slapi_sdn_get_dn(group_dn),
slapi_sdn_get_dn(automember_get_config_area()));
+ slapi_sdn_free(&group_dn);
+ goto bail;
+ }
+ slapi_sdn_free(&group_dn);
+ }
+
/* Load inclusive rules */
values = slapi_entry_attr_get_charray(e, AUTOMEMBER_INC_REGEX_TYPE);
if (values) {