diff options
| author | Simo Sorce <ssorce@redhat.com> | 2010-10-26 18:28:01 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2010-10-28 07:58:31 -0400 |
| commit | 1bfd0f87917cfcab206c6d7da32ce507ef1d7eea (patch) | |
| tree | 142e418867c83c122cd27b835df9ff2806854320 | |
| parent | 99a7f83c3c123554ca7279ec97abddd717f5ee70 (diff) | |
| download | freeipa-1bfd0f87917cfcab206c6d7da32ce507ef1d7eea.tar.gz freeipa-1bfd0f87917cfcab206c6d7da32ce507ef1d7eea.tar.xz freeipa-1bfd0f87917cfcab206c6d7da32ce507ef1d7eea.zip | |
ipa_uuid: prevent false positives on modifies
If a modify operation does not specify our attribute then we need to short
circuit the loop, otherwise on enforcing we will return an error by mistake if
we are not Directory Manager because generate is false if the attr is not
found.
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c index c0fde90fd..e47151aea 100644 --- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c +++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c @@ -784,6 +784,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) bool generate; int ret = LDAP_SUCCESS; bool locked = false; + bool set_attr; LOG_TRACE("--in-->\n"); @@ -891,6 +892,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) cfgentry = (struct configEntry *) list; generate = false; + set_attr = false; /* Did we already service this attr? */ if (ipauuid_list_contains_attr(generated_attrs, @@ -936,6 +938,9 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) } slapi_ch_free_string(&value); + + /* always true on add if we match the scope */ + set_attr = true; break; case LDAP_CHANGETYPE_MODIFY: @@ -952,6 +957,9 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) continue; } + /* ok we found the attr so that means we are going to set it */ + set_attr = true; + /* If all values are being deleted, we need to * generate a new value. */ if (SLAPI_IS_MOD_DELETE(slapi_mod_get_operation(smod))) { @@ -1026,9 +1034,15 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) if (slapi_entry_attr_find(resulting_e, cfgentry->attr, &attr) != 0) { generate = true; + set_attr = true; } } + /* nothing to do keep looping */ + if (!set_attr) { + continue; + } + if (generate) { char *new_value; |