[Freeipa-devel] [PATCH 0057] Fix LDAP operation selection logic in ldap_modify_do()

Fri Sep 14 13:23:34 UTC 2012

On Wed, Sep 12, 2012 at 12:35:25PM +0200, Petr Spacek wrote:
> Hello,
> 
>     There is a fix for LDAP operation selection logic in ldap_modify_do().
> 
>     Each operation code in LDAPMod structure can be ORed
>     with LDAP_MOD_BVALUES.

Ack

> From ab11e62ec2496f2c7245c4d8d80c2fd189b68aa9 Mon Sep 17 00:00:00 2001
> From: Petr Spacek <pspacek at redhat.com>
> Date: Tue, 11 Sep 2012 16:23:18 +0200
> Subject: [PATCH] Fix LDAP operation selection logic in ldap_modify_do().
> 
> Each operation code in LDAPMod structure can be ORed
> with LDAP_MOD_BVALUES.
> 
> Signed-off-by: Petr Spacek <pspacek at redhat.com>
> ---
>  src/ldap_helper.c | 29 +++++++++++++++++------------
>  1 file changed, 17 insertions(+), 12 deletions(-)
> 
> diff --git a/src/ldap_helper.c b/src/ldap_helper.c
> index 058048f41485999be0d8ffeadea02f2e25879370..d9c7ce5d84c3944a86ff1865ff6be073ddc294c8 100644
> --- a/src/ldap_helper.c
> +++ b/src/ldap_helper.c
> @@ -2149,33 +2149,38 @@ ldap_modify_do(ldap_instance_t *ldap_inst, ldap_connection_t *ldap_conn,
>  		CHECK(ldap_connect(ldap_inst, ldap_conn, ISC_FALSE));
>  	}
>  
> +	/* Any mod_op can be ORed with LDAP_MOD_BVALUES. */
> +	if ((mods[0]->mod_op & ~LDAP_MOD_BVALUES) == LDAP_MOD_ADD)
> +		operation_str = "modifying(add)";
> +	else if ((mods[0]->mod_op & ~LDAP_MOD_BVALUES) == LDAP_MOD_DELETE)
> +		operation_str = "modifying(del)";
> +	else if ((mods[0]->mod_op & ~LDAP_MOD_BVALUES) == LDAP_MOD_REPLACE)
> +		operation_str = "modifying(replace)";
> +	else {
> +		operation_str = "modifying(unknown operation)";
> +		log_bug("%s: 0x%x", operation_str, mods[0]->mod_op);
> +		CHECK(ISC_R_NOTIMPLEMENTED);
> +	}
> +
>  	if (delete_node) {
>  		log_debug(2, "deleting whole node: '%s'", dn);
>  		ret = ldap_delete_ext_s(ldap_conn->handle, dn, NULL, NULL);
>  	} else {
> -		log_debug(2, "writing to '%s'", dn);
> +		log_debug(2, "writing to '%s': %s", dn, operation_str);
>  		ret = ldap_modify_ext_s(ldap_conn->handle, dn, mods, NULL, NULL);
>  	}
>  
>  	result = (ret == LDAP_SUCCESS) ? ISC_R_SUCCESS : ISC_R_FAILURE;
>  	if (ret == LDAP_SUCCESS)
>  		goto cleanup;
>  
> -	if (mods[0]->mod_op == LDAP_MOD_ADD)
> -		operation_str = "modifying(add)";
> -	else if (mods[0]->mod_op == LDAP_MOD_DELETE)
> -		operation_str = "modifying(del)";
> -	else {
> -		operation_str = "modifying(unknown operation)";
> -		CHECK(ISC_R_NOTIMPLEMENTED);
> -	}
> -
>  	LDAP_OPT_CHECK(ldap_get_option(ldap_conn->handle, LDAP_OPT_RESULT_CODE,
>  			&err_code), "ldap_modify_do(%s) failed to obtain ldap error code",
>  			operation_str);
>  
>  	/* If there is no object yet, create it with an ldap add operation. */
> -	if (mods[0]->mod_op == LDAP_MOD_ADD && err_code == LDAP_NO_SUCH_OBJECT) {
> +	if ((mods[0]->mod_op & ~LDAP_MOD_BVALUES) == LDAP_MOD_ADD &&
> +	     err_code == LDAP_NO_SUCH_OBJECT) {
>  		int i;
>  		LDAPMod **new_mods;
>  		char *obj_str[] = { "idnsRecord", NULL };
> @@ -2211,7 +2216,7 @@ ldap_modify_do(ldap_instance_t *ldap_inst, ldap_connection_t *ldap_conn,
>  
>  	/* do not error out if we are trying to delete an
>  	 * unexisting attribute */
> -	if (mods[0]->mod_op != LDAP_MOD_DELETE ||
> +	if ((mods[0]->mod_op & ~LDAP_MOD_BVALUES) != LDAP_MOD_DELETE ||
>  	    err_code != LDAP_NO_SUCH_ATTRIBUTE) {
>  		result = ISC_R_FAILURE;
>  	}
> -- 
> 1.7.11.4
> 


-- 
Adam Tkac, Red Hat, Inc.