From 1bfd0f87917cfcab206c6d7da32ce507ef1d7eea Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 26 Oct 2010 18:28:01 -0400 Subject: ipa_uuid: prevent false positives on modifies If a modify operation does not specify our attribute then we need to short circuit the loop, otherwise on enforcing we will return an error by mistake if we are not Directory Manager because generate is false if the attr is not found. --- daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'daemons/ipa-slapi-plugins') diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c index c0fde90fd..e47151aea 100644 --- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c +++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c @@ -784,6 +784,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) bool generate; int ret = LDAP_SUCCESS; bool locked = false; + bool set_attr; LOG_TRACE("--in-->\n"); @@ -891,6 +892,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) cfgentry = (struct configEntry *) list; generate = false; + set_attr = false; /* Did we already service this attr? */ if (ipauuid_list_contains_attr(generated_attrs, @@ -936,6 +938,9 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) } slapi_ch_free_string(&value); + + /* always true on add if we match the scope */ + set_attr = true; break; case LDAP_CHANGETYPE_MODIFY: @@ -952,6 +957,9 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) continue; } + /* ok we found the attr so that means we are going to set it */ + set_attr = true; + /* If all values are being deleted, we need to * generate a new value. */ if (SLAPI_IS_MOD_DELETE(slapi_mod_get_operation(smod))) { @@ -1026,9 +1034,15 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) if (slapi_entry_attr_find(resulting_e, cfgentry->attr, &attr) != 0) { generate = true; + set_attr = true; } } + /* nothing to do keep looping */ + if (!set_attr) { + continue; + } + if (generate) { char *new_value; -- cgit