summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2014-12-12 13:56:51 -0500
committerMartin Kosek <mkosek@redhat.com>2015-01-08 11:55:25 +0100
commit730b472db123e97a0c158b626e9f7c3f0b13e2ca (patch)
tree218a15346b30d721af0467e0e846d7b74d26930d
parent3c69435c1b18ad9827f53d31e97ee88fa0eb9370 (diff)
downloadfreeipa-730b472db123e97a0c158b626e9f7c3f0b13e2ca.tar.gz
freeipa-730b472db123e97a0c158b626e9f7c3f0b13e2ca.tar.xz
freeipa-730b472db123e97a0c158b626e9f7c3f0b13e2ca.zip
Avoid calling ldap functions without a context
We need to make sure we have a ld context before we can load the configuration, otherwise ldap APIs will abort crashing the KDC. If we have an issue connecting to LDAP the lcontext will be NULL, but we are not checking that condition when we try to refresh the global configuration. https://fedorahosted.org/freeipa/ticket/4810 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
-rw-r--r--daemons/ipa-kdb/ipa_kdb.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c
index e5101bdd0..d20b6a1f4 100644
--- a/daemons/ipa-kdb/ipa_kdb.c
+++ b/daemons/ipa-kdb/ipa_kdb.c
@@ -224,6 +224,10 @@ static int ipadb_load_global_config(struct ipadb_context *ipactx)
int ret;
char **authz_data_list;
+ if (!ipactx || !ipactx->lcontext) {
+ return EINVAL;
+ }
+
ret = asprintf(&base, "cn=ipaConfig,cn=etc,%s", ipactx->base);
if (ret == -1) {
ret = ENOMEM;
@@ -295,10 +299,19 @@ const struct ipadb_global_config *
ipadb_get_global_config(struct ipadb_context *ipactx)
{
time_t now = 0;
+ int ret;
- if (time(&now) != (time_t)-1
- && now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME)
- ipadb_load_global_config(ipactx);
+ if (time(&now) != (time_t)-1 &&
+ now - ipactx->config.last_update > IPADB_GLOBAL_CONFIG_CACHE_TIME) {
+ if (!ipactx->lcontext) {
+ ret = ipadb_get_connection(ipactx);
+ if (ret != 0)
+ return NULL;
+ }
+ ret = ipadb_load_global_config(ipactx);
+ if (ret != 0)
+ return NULL;
+ }
return &ipactx->config;
}