Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Bug 663752 - Cert renewal for attrcrypt and encchangelog

https://bugzilla.redhat.com/show_bug.cgi?id=663752

Description: When changelog is encrypted and the certificate
used for the encryption has a problem (e.g., expired, renewed,
etc.), running the CL2LDIF task could crash the server.  This
patch is adding more error checks for the decrypted result.
If a problem is found, it skips the change.
Noriko Hosoi 14 years ago
parent
9cd075204d
commit
c35e240ff8
2 changed files with 42 additions and 14 deletions
Split View Show Diff Stats
  1. 28 8
      ldap/servers/plugins/replication/cl5_api.c
  2. 14 6
      ldap/servers/slapd/util.c

+ 28 - 8
ldap/servers/plugins/replication/cl5_api.c
View File 

@@ -4159,7 +4159,12 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char
 
 
 	switch (op->operation_type)
 
 	{
 
-		case SLAPI_OPERATION_ADD:	if (op->p.p_add.parentuniqueid)
 
+		case SLAPI_OPERATION_ADD:	if (NULL == op->p.p_add.target_entry) {
 
+										slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
+											"_cl5Operation2LDIF(ADD): entry is NULL\n");
 
+										return CL5_BAD_FORMAT;
 
+									}
 
+									if (op->p.p_add.parentuniqueid)
 
 										len += LDIF_SIZE_NEEDED(strlen (T_PARENTIDSTR), 
 																strlen (op->p.p_add.parentuniqueid));
 
 									slapi_entry2mods (op->p.p_add.target_entry, &rawDN, &add_mods);				
@@ -4169,28 +4174,43 @@ static int _cl5Operation2LDIF (const slapi_operation_parameters *op, const char
 
 									ldap_mods_free (add_mods, 1);
 
 									break;
 
 
-		case SLAPI_OPERATION_MODIFY: len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn));
 
+		case SLAPI_OPERATION_MODIFY: if (NULL == op->p.p_modify.modify_mods) {
 
+										slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
+											"_cl5Operation2LDIF(MODIFY): mods are NULL\n");
 
+										return CL5_BAD_FORMAT;
 
+									 }
 
+									 len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn));
 
 									 l = make_changes_string(op->p.p_modify.modify_mods, NULL);
 
 									 len += LDIF_SIZE_NEEDED(strlen (T_CHANGESTR), l->ls_len);
 
 									 break;
 
 
-		case SLAPI_OPERATION_MODRDN: len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn));
 
+		case SLAPI_OPERATION_MODRDN: if (NULL == op->p.p_modrdn.modrdn_mods) {
 
+										slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
+											"_cl5Operation2LDIF(MODRDN): mods are NULL\n");
 
+										return CL5_BAD_FORMAT;
 
+									 }
 
+									 len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn));
 
 									 len += LDIF_SIZE_NEEDED(strlen (T_NEWRDNSTR), 
-						 				  					 strlen (op->p.p_modrdn.modrdn_newrdn));
 
+															 strlen (op->p.p_modrdn.modrdn_newrdn));
 
 									 strDeleteOldRDN = (op->p.p_modrdn.modrdn_deloldrdn ? "true" : "false");
 
 									 len += LDIF_SIZE_NEEDED(strlen (T_DRDNFLAGSTR),
 
-						 									 strlen (strDeleteOldRDN));
 
+															 strlen (strDeleteOldRDN));
 
 									 if (op->p.p_modrdn.modrdn_newsuperior_address.dn)
 
 										len += LDIF_SIZE_NEEDED(strlen (T_NEWSUPERIORDNSTR),
 
-						 							strlen (op->p.p_modrdn.modrdn_newsuperior_address.dn));
 
+													strlen (op->p.p_modrdn.modrdn_newsuperior_address.dn));
 
 									 if (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid)
 
 										len += LDIF_SIZE_NEEDED(strlen (T_NEWSUPERIORIDSTR),
 
-						 							strlen (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid));
 
+													strlen (op->p.p_modrdn.modrdn_newsuperior_address.uniqueid));
 
 									 l = make_changes_string(op->p.p_modrdn.modrdn_mods, NULL);
 
 									 len += LDIF_SIZE_NEEDED(strlen (T_CHANGESTR), l->ls_len);
 
 									 break;		  
 
-		case SLAPI_OPERATION_DELETE: len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn));
 
+		case SLAPI_OPERATION_DELETE: if (NULL == op->target_address.dn) {
 
+										slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl, 
+											"_cl5Operation2LDIF(DELETE): target dn is NULL\n");
 
+										return CL5_BAD_FORMAT;
 
+									 }
 
+									 len += LDIF_SIZE_NEEDED(strlen (T_DNSTR), strlen (op->target_address.dn));
 
 									 break;	
 		
 		default:					 slapi_log_error(SLAPI_LOG_FATAL, repl_plugin_name_cl,

+ 14 - 6
ldap/servers/slapd/util.c
View File 

@@ -295,16 +295,24 @@ int slapi_mods2entry (Slapi_Entry **e, const char *idn, LDAPMod **iattrs)
 
             pw_encodevals(vals);
 
         }
 
 
-		/* set entry uniqueid - also adds attribute to the list */
 
-		if (strcasecmp(normtype, SLAPI_ATTR_UNIQUEID) == 0)
 
-			slapi_entry_set_uniqueid (*e, slapi_ch_strdup (slapi_value_get_string(vals[0])));
 
-		else
 
-			rc = slapi_entry_add_values_sv(*e, normtype, vals);
 
+        /* set entry uniqueid - also adds attribute to the list */
 
+        if (strcasecmp(normtype, SLAPI_ATTR_UNIQUEID) == 0) {
 
+            if (vals) {
 
+                slapi_entry_set_uniqueid (*e,
 
+                            slapi_ch_strdup (slapi_value_get_string(vals[0])));
 
+            } else {
 
+                rc = LDAP_NO_SUCH_ATTRIBUTE;
 
+            }
 
+        } else {
 
+            rc = slapi_entry_add_values_sv(*e, normtype, vals);
 
+        }
 
 
         valuearray_free(&vals);
 
         if (rc != LDAP_SUCCESS)
 
         {
 
-            LDAPDebug(LDAP_DEBUG_ANY, "slapi_add_internal: add_values for type %s failed\n", normtype, 0, 0 );
 
+            LDAPDebug2Args(LDAP_DEBUG_ANY,
 
+                "slapi_add_internal: add_values for type %s failed (rc: %d)\n",
 
+                normtype, rc );
 
             slapi_entry_free (*e);
 
             *e = NULL;
 
         }