rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0009-extdom-return-LDAP_NO_SUCH_OBJECT-if-domains-differ_rhbz#2000263.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   2b37c045bfb0f33e88841433125c160578363ab8
  2.   SOURCES
  3.   0009-extdom-return-LDAP_NO_SUCH_OBJECT-if-domains-differ_rhbz#2000263.patch
Blob History Raw
c14a06 
From 4fca95751ca32a1ed16a6d8a4e557c5799ec5c78 Mon Sep 17 00:00:00 2001
c14a06 
From: Sumit Bose <sbose@redhat.com>
c14a06 
Date: Wed, 25 Aug 2021 17:10:29 +0200
c14a06 
Subject: [PATCH] extdom: return LDAP_NO_SUCH_OBJECT if domains differ
c14a06
c14a06 
If a client sends a request to lookup an object from a given trusted
c14a06 
domain by UID or GID and an object with matching ID is only found in a
c14a06 
different domain the extdom should return LDAP_NO_SUCH_OBJECT to
c14a06 
indicate to the client that the requested ID does not exists in the
c14a06 
given domain.
c14a06
c14a06 
Resolves: https://pagure.io/freeipa/issue/8965
c14a06 
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
c14a06 
---
c14a06 
 .../ipa-extdom-extop/ipa_extdom_common.c                  | 8 ++++++--
c14a06 
 1 file changed, 6 insertions(+), 2 deletions(-)
c14a06
c14a06 
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
c14a06 
index 5d97ff613..6f646b9f4 100644
c14a06 
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
c14a06 
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
c14a06 
@@ -542,7 +542,9 @@ int pack_ber_user(struct ipa_extdom_ctx *ctx,
c14a06 
         if (strcasecmp(locat+1, domain_name) == 0  ) {
c14a06 
             locat[0] = '\0';
c14a06 
         } else {
c14a06 
-            ret = LDAP_INVALID_SYNTAX;
c14a06 
+            /* The found object is from a different domain than requested,
c14a06 
+             * that means it does not exist in the requested domain */
c14a06 
+            ret = LDAP_NO_SUCH_OBJECT;
c14a06 
             goto done;
c14a06 
         }
c14a06 
     }
c14a06 
@@ -655,7 +657,9 @@ int pack_ber_group(enum response_types response_type,
c14a06 
         if (strcasecmp(locat+1, domain_name) == 0  ) {
c14a06 
             locat[0] = '\0';
c14a06 
         } else {
c14a06 
-            ret = LDAP_INVALID_SYNTAX;
c14a06 
+            /* The found object is from a different domain than requested,
c14a06 
+             * that means it does not exist in the requested domain */
c14a06 
+            ret = LDAP_NO_SUCH_OBJECT;
c14a06 
             goto done;
c14a06 
         }
c14a06 
     }
c14a06 
--
c14a06 
2.31.1
c14a06

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation