Bug 1429498

Summary: A filtered nsrole that specifies an empty nsrole in its nsRoleFilter will result in a segfault.
Product: Red Hat Enterprise Linux 7 Reporter: Jaroslav Reznik <jreznik>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: urgent Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: urgent    
Version: 7.3CC: jamespfinn, mreynolds, msauton, nhosoi, nkinder, rmeggins, sramling
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.5.10-19.el7_3 Doc Type: Bug Fix
Doc Text:
Previously, when adding a filtered role definition that uses the "nsrole" virtual attribute in the filter, Directory Server terminated unexpectedly. A patch has been applied, and now the roles plug-in ignores all virtual attributes. As a result, an error message is logged when an invalid filter is used. Additionally, the role is deactivated and Directory Server no longer fails.
 Story Points: ---
Clone Of: 1419162 Environment:
Last Closed: 2017-04-12 12:36:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1419162    
Bug Blocks:    

Description Jaroslav Reznik 2017-03-06 13:45:07 UTC 
This bug has been copied from bug #1419162 and has been proposed
to be backported to 7.3 z-stream (EUS).
Comment 4 Sankar Ramalingam 2017-03-09 12:25:09 UTC 
Executed upstream test ticket49122_test.py on the latest 389-ds-base-1.3.5.10-19 build and it PASSED. Hence, marking the bug as Verified.


[0 root@qeos-105 tickets]# py.test  -v ticket49122_test.py 

DS build: 1.3.5.10
389-ds-base: 1.3.5.10-19.el7_3
nss: 3.28.3-2.el7
nspr: 4.13.1-1.0.el7_3
openldap: 2.4.44-1.el7
svrcore: 4.1.2-1.el7

rootdir: /mnt/tests/rhds/tests/upstream/ds/dirsrvtests/tests/tickets, inifile: 
plugins: metadata-1.3.0, html-1.14.1, cov-2.4.0, beakerlib-0.7
collected 1 items 

ticket49122_test.py::test_ticket49122 PASSED

=========== 1 passed in 31.41 seconds =============
Comment 6 errata-xmlrpc 2017-04-12 12:36:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:0920