389-ds-base

Clone
Source Code
GIT

#47640 Linked attributes betxnpreoperation - transaction not aborted when linked entry does not exit
Closed: wontfix None Opened 10 years ago by nkinder.

Closed: wontfix
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1034325

Description of problem:
From RHEL 7 most DS plugins are converted to be betxn - if their operation
fails, whole transaction should fail and not be comitted to database. In case
of Linked Attributes plugin, we can create a situation where plugin fails to
create linked attribute in managed entry, e.g. due to non-existent managed
entry.

Version-Release number of selected component (if applicable):
389-ds-base-1.3.1.6-8.el7.x86_64

How reproducible:
always

Steps to Reproduce:

# Enable plugin
[jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory
manager" -w Secret123 -a <<EOF
> dn: cn=Linked Attributes,cn=plugins,cn=config
> changetype: modify
> replace: nsslapd-pluginEnabled
> nsslapd-pluginEnabled: on
> EOF
modifying entry "cn=Linked Attributes,cn=plugins,cn=config"

# Set up new linked attribute seeAlso
[jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory
manager" -w Secret123 -a <<EOF
> dn: cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config
> changetype: add
> objectClass: top
> objectClass: extensibleObject
> cn: Manager Link
> linkType: seeAlso
> managedType: seeAlso
> EOF
adding new entry "cn=Manager Link,cn=Linked Attributes,cn=plugins,cn=config"

# Restart DS to apply changes
[jrusnack@localhost slapd-dstet]$ sudo systemctl restart dirsrv.target

# Add manager entry, which links to non-existent uid=user
[jrusnack@localhost slapd-dstet]$ ldapmodify -h $HOST -p $PORT -D "cn=directory
manager" -w Secret123 -a <<EOF
> dn: uid=manager,ou=people,dc=example,dc=com
> objectclass: person
> objectclass: inetOrgPerson
> objectclass: top
> cn: manager
> sn: manager
> uid: manager
> seeAlso: uid=user,ou=people,dc=example,dc=com
> EOF
adding new entry "uid=manager,ou=people,dc=example,dc=com"

[jrusnack@localhost slapd-dstet]$ ldapsearch -h $HOST -p $PORT -D "cn=directory
manager" -w Secret123 -b "uid=manager,ou=people,dc=example,dc=com" -LLL
dn: uid=manager,ou=People,dc=example,dc=com
objectClass: person
objectClass: inetOrgPerson
objectClass: top
objectClass: organizationalPerson
cn: manager
sn: manager
uid: manager
seeAlso: uid=user,ou=people,dc=example,dc=com
[jrusnack@localhost slapd-dstet]$ ldapsearch -h $HOST -p $PORT -D "cn=directory
manager" -w Secret123 -b "uid=user,ou=people,dc=example,dc=com" -LLL
No such object (32)
Matched DN: ou=people,dc=example,dc=com


Actual results:
Manager entry is created even though creating linked attribute in entry
uid=user failed (uid=user does not exist).

Reproduced issue on master branch, investigating...

Looks good. One question... slapi_pblock_set is setting the given value duplicated.

{{{
1977 int
1978 slapi_pblock_set( Slapi_PBlock pblock, int arg, void value )
1979 {
...
3398 case SLAPI_PB_RESULT_TEXT:
3399 slapi_ch_free((void)&(pblock->pb_result_text));
3400 pblock->pb_result_text = slapi_ch_strdup ((char ) value);
3401 break;
}}}
The err_msg string can be freed once it's set to the pblock?
{{{
1495 if(rc != LDAP_SUCCESS){
1496 char err_msg = NULL;
1497
1498 err_msg = PR_smprintf("Linked Attrs Plugin: Failed to update "
1499 "link to target entry (%s) error %d",
1500 targetdn, rc);
1501 slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM, "%s\n", err_msg);
1502 slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, err_msg);
1503 slapi_sdn_free(&targetsdn);
1504 rc = LDAP_UNWILLING_TO_PERFORM;
1505 break;
}}}

Replying to [comment:8 nhosoi]:

Looks good. One question... slapi_pblock_set is setting the given value duplicated.

{{{
1977 int
1978 slapi_pblock_set( Slapi_PBlock pblock, int arg, void value )
1979 {
...
3398 case SLAPI_PB_RESULT_TEXT:
3399 slapi_ch_free((void)&(pblock->pb_result_text));
3400 pblock->pb_result_text = slapi_ch_strdup ((char ) value);
3401 break;
}}}
The err_msg string can be freed once it's set to the pblock?
{{{
1495 if(rc != LDAP_SUCCESS){
1496 char err_msg = NULL;
1497
1498 err_msg = PR_smprintf("Linked Attrs Plugin: Failed to update "
1499 "link to target entry (%s) error %d",
1500 targetdn, rc);
1501 slapi_log_error(SLAPI_LOG_PLUGIN, LINK_PLUGIN_SUBSYSTEM, "%s\n", err_msg);
1502 slapi_pblock_set(pb, SLAPI_PB_RESULT_TEXT, err_msg);
1503 slapi_sdn_free(&targetsdn);
1504 rc = LDAP_UNWILLING_TO_PERFORM;
1505 break;
}}}

Yes it can, nice catch! New patch attached...

Thanks, Mark! ack.

afd7699..cdb83c4 master -> master
commit cdb83c4
Author: Mark Reynolds mreynolds@redhat.com
Date: Tue Jun 9 15:32:57 2015 -0400

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.4.0
7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/977

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
ack
QE
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.