-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags #4797
Comments
@aivanov389 , @progier389 (very) nice finding !!! This current ticket applies to all the versions where #3764 was committed. Then milestone is 1.3.10. |
…ssion connection flags Bug description: The fix for ticket 389ds#3764 was broken with a missing break in a switch. The consequence is that while setting the client IP address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the connection is erroneously set as replication connection. This can lead to crash or failure of testcase test_access_from_certain_network_only_ip. This bug was quite hidden until the fix for 389ds#4764 is showing it more frequently Fix description: Add the missing break relates: 389ds#4797 Reviewed by: Mark Reynolds Platforms tested: F33
Fix verified. Had to install perl-LDAP and update SimpleBindSeveralOps (use ldap rather that ldaps (line66) and supplier port) |
…ssion connection flags (#4799) Bug description: The fix for ticket #3764 was broken with a missing break in a switch. The consequence is that while setting the client IP address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the connection is erroneously set as replication connection. This can lead to crash or failure of testcase test_access_from_certain_network_only_ip. This bug was quite hidden until the fix for #4764 is showing it more frequently Fix description: Add the missing break relates: #4797 Reviewed by: Mark Reynolds Platforms tested: F33
@progier389, sorry for having "stolen" that ticket after you did all the hard work. I had to fix it rapidly for a release. |
…ssion connection flags (#4799) Bug description: The fix for ticket #3764 was broken with a missing break in a switch. The consequence is that while setting the client IP address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the connection is erroneously set as replication connection. This can lead to crash or failure of testcase test_access_from_certain_network_only_ip. This bug was quite hidden until the fix for #4764 is showing it more frequently Fix description: Add the missing break relates: #4797 Reviewed by: Mark Reynolds Platforms tested: F33
…ssion connection flags (#4799) Bug description: The fix for ticket #3764 was broken with a missing break in a switch. The consequence is that while setting the client IP address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the connection is erroneously set as replication connection. This can lead to crash or failure of testcase test_access_from_certain_network_only_ip. This bug was quite hidden until the fix for #4764 is showing it more frequently Fix description: Add the missing break relates: #4797 Reviewed by: Mark Reynolds Platforms tested: F33
…ssion connection flags (#4799) Bug description: The fix for ticket #3764 was broken with a missing break in a switch. The consequence is that while setting the client IP address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the connection is erroneously set as replication connection. This can lead to crash or failure of testcase test_access_from_certain_network_only_ip. This bug was quite hidden until the fix for #4764 is showing it more frequently Fix description: Add the missing break relates: #4797 Reviewed by: Mark Reynolds Platforms tested: F33
…ssion connection flags (#4799) Bug description: The fix for ticket #3764 was broken with a missing break in a switch. The consequence is that while setting the client IP address in the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP), the connection is erroneously set as replication connection. This can lead to crash or failure of testcase test_access_from_certain_network_only_ip. This bug was quite hidden until the fix for #4764 is showing it more frequently Fix description: Add the missing break relates: #4797 Reviewed by: Mark Reynolds Platforms tested: F33
Issue Description
fix about 4764 issue revealed this issue
break is missing in slapi_pblock_set function between
case SLAPI_CONN_CLIENTNETADDR_ACLIP and
case SLAPI_CONN_IS_REPLICATION_SESSION
Although usually undetected this issue may generates unexpected behavior (operation may be seen as replicated while it should not) because of that for some people, fix 4764 (which is correct) may lead to crash
Package Version and Platform:
Steps to Reproduce
Steps to reproduce the behavior:
tc.zip
Note: for writing a nice test in pytest:
The perl just bind that perform a search then modify the found entry description
(The search trigger the aci evaluation and mark the connection as replicated then the modify is seen as a replicated operation
and since the csn is missing it ended to untested error handling which leads to a crash)
Note: I suspect we may hit the same issue without 4764 issue fix (but we should probably do several modify operation in the same connection )
The text was updated successfully, but these errors were encountered: