diff options
| author | Simo Sorce <simo@redhat.com> | 2016-01-05 16:04:49 -0500 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-01-13 16:09:38 +0100 |
| commit | 2144b1eeb789639b8a3df287b580aeb6196188a8 (patch) | |
| tree | 16891c12172f0bafc6ba21ae915e939bf3ab9a43 /daemons | |
| parent | 58ab032f1ae20454d4b9d760c7601fd8b44045f5 (diff) | |
| download | freeipa-2144b1eeb789639b8a3df287b580aeb6196188a8.tar.gz freeipa-2144b1eeb789639b8a3df287b580aeb6196188a8.tar.xz freeipa-2144b1eeb789639b8a3df287b580aeb6196188a8.zip | |
Always verify we have a valid ldap context.
LDAP calls just assert if an invalid (NULL) context is passed in,
so we need to be sure we have a valid connection context before
calling into LDAP APIs and fail outright if a context can't be obtained.
https://fedorahosted.org/freeipa/ticket/5577
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_common.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c index 112086b57..7438f3504 100644 --- a/daemons/ipa-kdb/ipa_kdb_common.c +++ b/daemons/ipa-kdb/ipa_kdb_common.c @@ -158,6 +158,14 @@ static bool ipadb_need_retry(struct ipadb_context *ipactx, int error) return false; } +static int ipadb_check_connection(struct ipadb_context *ipactx) +{ + if (ipactx->lcontext == NULL) { + return ipadb_get_connection(ipactx); + } + return 0; +} + krb5_error_code ipadb_simple_search(struct ipadb_context *ipactx, char *basedn, int scope, char *filter, char **attrs, @@ -165,6 +173,10 @@ krb5_error_code ipadb_simple_search(struct ipadb_context *ipactx, { int ret; + ret = ipadb_check_connection(ipactx); + if (ret != 0) + return ipadb_simple_ldap_to_kerr(ret); + ret = ldap_search_ext_s(ipactx->lcontext, basedn, scope, filter, attrs, 0, NULL, NULL, &std_timeout, LDAP_NO_LIMIT, @@ -187,6 +199,10 @@ krb5_error_code ipadb_simple_delete(struct ipadb_context *ipactx, char *dn) { int ret; + ret = ipadb_check_connection(ipactx); + if (ret != 0) + return ipadb_simple_ldap_to_kerr(ret); + ret = ldap_delete_ext_s(ipactx->lcontext, dn, NULL, NULL); /* first test if we need to retry to connect */ @@ -204,6 +220,10 @@ krb5_error_code ipadb_simple_add(struct ipadb_context *ipactx, { int ret; + ret = ipadb_check_connection(ipactx); + if (ret != 0) + return ipadb_simple_ldap_to_kerr(ret); + ret = ldap_add_ext_s(ipactx->lcontext, dn, mods, NULL, NULL); /* first test if we need to retry to connect */ @@ -221,6 +241,10 @@ krb5_error_code ipadb_simple_modify(struct ipadb_context *ipactx, { int ret; + ret = ipadb_check_connection(ipactx); + if (ret != 0) + return ipadb_simple_ldap_to_kerr(ret); + ret = ldap_modify_ext_s(ipactx->lcontext, dn, mods, NULL, NULL); /* first test if we need to retry to connect */ @@ -320,6 +344,11 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, retry = true; while (retry) { times--; + + ret = ipadb_check_connection(ipactx); + if (ret != 0) + break; + ret = ldap_search_ext_s(ipactx->lcontext, base_dn, scope, filter, entry_attrs, 0, |