ldap/servers/plugins/replication/cl5_api.c | 36 ++++++++++++++++++++++------- ldap/servers/slapd/util.c | 20 +++++++++++----- 2 files changed, 42 insertions(+), 14 deletions(-)
New commits: commit c35e240ff8a65225b8e1f890ccdc54da7533dbcf Author: Noriko Hosoi nhosoi@redhat.com Date: Tue Jun 14 16:04:34 2011 -0700
Bug 663752 - Cert renewal for attrcrypt and encchangelog
https://bugzilla.redhat.com/show_bug.cgi?id=663752
Description: When changelog is encrypted and the certificate used for the encryption has a problem (e.g., expired, renewed, etc.), running the CL2LDIF task could crash the server. This patch is adding more error checks for the decrypted result. If a problem is found, it skips the change.
diff --git a/ldap/servers/plugins/replication/cl5_api.c b/ldap/servers/plugins/replication/cl5_api.c index b7e56fa..c44e7fc 100644 --- a/ldap/servers/plugins/replication/cl5_api.c +++ b/ldap/servers/plugins/replication/cl5_api.c @@ -4159,7 +4159,12 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char
switch (op->operation_type) { - case SLAPI_OPERATION_ADD: if (op->p.p_add.parentuniqueid) + case SLAPI_OPERATION_ADD: if (NULL == op->p.p_add.target_entry) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "_cl5Operation2LDIF(ADD): entry is NULL\n"); + return CL5_BAD_FORMAT; + } + if (op->p.p_add.parentuniqueid) len += LDIF_SIZE_NEEDED(strlen (T_PARENTIDSTR), strlen (op->p.p_add.parentuniqueid)); slapi_entry2mods (op->p.p_add.target_entry, &rawDN, &add_mods); @@ -4169,28 +4174,43 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char ldap_mods_free (add_mods, 1); break;
- case SLAPI_OPERATION_MODIFY: len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn)); + case SLAPI_OPERATION_MODIFY: if (NULL == op->p.p_modify.modify_mods) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "_cl5Operation2LDIF(MODIFY): mods are NULL\n"); + return CL5_BAD_FORMAT; + } + len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn)); l = make_changes_string(op->p.p_modify.modify_mods, NULL); len += LDIF_SIZE_NEEDED(strlen (T_CHANGESTR), l->ls_len); break;
- case SLAPI_OPERATION_MODRDN: len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn)); + case SLAPI_OPERATION_MODRDN: if (NULL == op->p.p_modrdn.modrdn_mods) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "_cl5Operation2LDIF(MODRDN): mods are NULL\n"); + return CL5_BAD_FORMAT; + } + len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn)); len += LDIF_SIZE_NEEDED(strlen (T_NEWRDNSTR), - strlen (op->p.p_modrdn.modrdn_newrdn)); + strlen (op->p.p_modrdn.modrdn_newrdn)); strDeleteOldRDN = (op->p.p_modrdn.modrdn_deloldrdn ? "true" : "false"); len += LDIF_SIZE_NEEDED(strlen (T_DRDNFLAGSTR), - strlen (strDeleteOldRDN)); + strlen (strDeleteOldRDN)); if (op->p.p_modrdn.modrdn_newsuperior_address.dn) len += LDIF_SIZE_NEEDED(strlen (T_NEWSUPERIORDNSTR), - strlen (op->p.p_modrdn.modrdn_newsuperior_address.dn)); + strlen (op->p.p_modrdn.modrdn_newsuperior_address.dn)); if (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid) len += LDIF_SIZE_NEEDED(strlen (T_NEWSUPERIORIDSTR), - strlen (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid)); + strlen (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid)); l = make_changes_string(op->p.p_modrdn.modrdn_mods, NULL); len += LDIF_SIZE_NEEDED(strlen (T_CHANGESTR), l->ls_len); break;
- case SLAPI_OPERATION_DELETE: len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn)); + case SLAPI_OPERATION_DELETE: if (NULL == op->target_address.dn) { + slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, + "_cl5Operation2LDIF(DELETE): target dn is NULL\n"); + return CL5_BAD_FORMAT; + } + len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn)); break; default: slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, diff --git a/ldap/servers/slapd/util.c b/ldap/servers/slapd/util.c index 37c6624..5cb2711 100644 --- a/ldap/servers/slapd/util.c +++ b/ldap/servers/slapd/util.c @@ -295,16 +295,24 @@ int slapi_mods2entry (Slapi_Entry **e, const char *idn, LDAPMod **iattrs) pw_encodevals(vals); }
- /* set entry uniqueid - also adds attribute to the list */ - if (strcasecmp(normtype, SLAPI_ATTR_UNIQUEID) == 0) - slapi_entry_set_uniqueid (*e, slapi_ch_strdup (slapi_value_get_string(vals[0]))); - else - rc = slapi_entry_add_values_sv(*e, normtype, vals); + /* set entry uniqueid - also adds attribute to the list */ + if (strcasecmp(normtype, SLAPI_ATTR_UNIQUEID) == 0) { + if (vals) { + slapi_entry_set_uniqueid (*e, + slapi_ch_strdup (slapi_value_get_string(vals[0]))); + } else { + rc = LDAP_NO_SUCH_ATTRIBUTE; + } + } else { + rc = slapi_entry_add_values_sv(*e, normtype, vals); + }
valuearray_free(&vals); if (rc != LDAP_SUCCESS) { - LDAPDebug(LDAP_DEBUG_ANY, "slapi_add_internal: add_values for type %s failed\n", normtype, 0, 0 ); + LDAPDebug2Args(LDAP_DEBUG_ANY, + "slapi_add_internal: add_values for type %s failed (rc: %d)\n", + normtype, rc ); slapi_entry_free (*e); *e = NULL; }
389-commits@lists.fedoraproject.org