|
 |
aa60fb |
From d9d27cae99fe6f71daf250bfff71ee406fa3d23c Mon Sep 17 00:00:00 2001
|
|
|
aa60fb |
From: Sumit Bose <sbose@redhat.com>
|
|
|
aa60fb |
Date: Wed, 16 Dec 2015 12:38:16 +0100
|
|
|
aa60fb |
Subject: [PATCH] ipa-kdb: map_groups() consider all results
|
|
|
aa60fb |
|
|
|
aa60fb |
Resolves https://fedorahosted.org/freeipa/ticket/5573
|
|
|
aa60fb |
|
|
|
aa60fb |
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
aa60fb |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
aa60fb |
---
|
|
|
aa60fb |
daemons/ipa-kdb/ipa_kdb_mspac.c | 108 +++++++++++++++++++++-------------------
|
|
|
aa60fb |
1 file changed, 56 insertions(+), 52 deletions(-)
|
|
|
aa60fb |
|
|
|
aa60fb |
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
|
|
|
aa60fb |
index 3c0dca839314273ae309b3b65ec7cf103e9c6da7..de40a145210c36ea0d35e0cc491fe9d3d76efea0 100644
|
|
|
aa60fb |
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
|
|
|
aa60fb |
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
|
|
|
aa60fb |
@@ -1082,68 +1082,72 @@ static int map_groups(TALLOC_CTX *memctx, krb5_context kcontext,
|
|
|
aa60fb |
continue;
|
|
|
aa60fb |
}
|
|
|
aa60fb |
|
|
|
aa60fb |
- ldap_derefresponse_free(deref_results);
|
|
|
aa60fb |
- ret = ipadb_ldap_deref_results(ipactx->lcontext, lentry, &deref_results);
|
|
|
aa60fb |
- switch (ret) {
|
|
|
aa60fb |
- case ENOENT:
|
|
|
aa60fb |
- /* No entry found, try next SID */
|
|
|
aa60fb |
- break;
|
|
|
aa60fb |
- case 0:
|
|
|
aa60fb |
- if (deref_results == NULL) {
|
|
|
aa60fb |
- krb5_klog_syslog(LOG_ERR, "No results.");
|
|
|
aa60fb |
+ do {
|
|
|
aa60fb |
+ ldap_derefresponse_free(deref_results);
|
|
|
aa60fb |
+ ret = ipadb_ldap_deref_results(ipactx->lcontext, lentry, &deref_results);
|
|
|
aa60fb |
+ switch (ret) {
|
|
|
aa60fb |
+ case ENOENT:
|
|
|
aa60fb |
+ /* No entry found, try next SID */
|
|
|
aa60fb |
break;
|
|
|
aa60fb |
- }
|
|
|
aa60fb |
+ case 0:
|
|
|
aa60fb |
+ if (deref_results == NULL) {
|
|
|
aa60fb |
+ krb5_klog_syslog(LOG_ERR, "No results.");
|
|
|
aa60fb |
+ break;
|
|
|
aa60fb |
+ }
|
|
|
aa60fb |
|
|
|
aa60fb |
- for (dres = deref_results; dres; dres = dres->next) {
|
|
|
aa60fb |
- count++;
|
|
|
aa60fb |
- }
|
|
|
aa60fb |
+ for (dres = deref_results; dres; dres = dres->next) {
|
|
|
aa60fb |
+ count++;
|
|
|
aa60fb |
+ }
|
|
|
aa60fb |
|
|
|
aa60fb |
- sids = talloc_realloc(memctx, sids, struct dom_sid, count);
|
|
|
aa60fb |
- if (sids == NULL) {
|
|
|
aa60fb |
- krb5_klog_syslog(LOG_ERR, "talloc_realloc failed.");
|
|
|
aa60fb |
- kerr = ENOMEM;
|
|
|
aa60fb |
- goto done;
|
|
|
aa60fb |
- }
|
|
|
aa60fb |
+ sids = talloc_realloc(memctx, sids, struct dom_sid, count);
|
|
|
aa60fb |
+ if (sids == NULL) {
|
|
|
aa60fb |
+ krb5_klog_syslog(LOG_ERR, "talloc_realloc failed.");
|
|
|
aa60fb |
+ kerr = ENOMEM;
|
|
|
aa60fb |
+ goto done;
|
|
|
aa60fb |
+ }
|
|
|
aa60fb |
|
|
|
aa60fb |
- for (dres = deref_results; dres; dres = dres->next) {
|
|
|
aa60fb |
- gid = 0;
|
|
|
aa60fb |
- memset(&sid, '\0', sizeof(struct dom_sid));
|
|
|
aa60fb |
- for (dval = dres->attrVals; dval; dval = dval->next) {
|
|
|
aa60fb |
- if (strcasecmp(dval->type, "gidNumber") == 0) {
|
|
|
aa60fb |
- errno = 0;
|
|
|
aa60fb |
- gid = strtoul((char *)dval->vals[0].bv_val,
|
|
|
aa60fb |
- &endptr,10);
|
|
|
aa60fb |
- if (gid == 0 || gid >= UINT32_MAX || errno != 0 ||
|
|
|
aa60fb |
- *endptr != '\0') {
|
|
|
aa60fb |
- continue;
|
|
|
aa60fb |
+ for (dres = deref_results; dres; dres = dres->next) {
|
|
|
aa60fb |
+ gid = 0;
|
|
|
aa60fb |
+ memset(&sid, '\0', sizeof(struct dom_sid));
|
|
|
aa60fb |
+ for (dval = dres->attrVals; dval; dval = dval->next) {
|
|
|
aa60fb |
+ if (strcasecmp(dval->type, "gidNumber") == 0) {
|
|
|
aa60fb |
+ errno = 0;
|
|
|
aa60fb |
+ gid = strtoul((char *)dval->vals[0].bv_val,
|
|
|
aa60fb |
+ &endptr,10);
|
|
|
aa60fb |
+ if (gid == 0 || gid >= UINT32_MAX || errno != 0 ||
|
|
|
aa60fb |
+ *endptr != '\0') {
|
|
|
aa60fb |
+ continue;
|
|
|
aa60fb |
+ }
|
|
|
aa60fb |
}
|
|
|
aa60fb |
- }
|
|
|
aa60fb |
- if (strcasecmp(dval->type,
|
|
|
aa60fb |
- "ipaNTSecurityIdentifier") == 0) {
|
|
|
aa60fb |
- kerr = string_to_sid((char *)dval->vals[0].bv_val, &sid;;
|
|
|
aa60fb |
- if (kerr != 0) {
|
|
|
aa60fb |
- continue;
|
|
|
aa60fb |
+ if (strcasecmp(dval->type,
|
|
|
aa60fb |
+ "ipaNTSecurityIdentifier") == 0) {
|
|
|
aa60fb |
+ kerr = string_to_sid((char *)dval->vals[0].bv_val, &sid;;
|
|
|
aa60fb |
+ if (kerr != 0) {
|
|
|
aa60fb |
+ continue;
|
|
|
aa60fb |
+ }
|
|
|
aa60fb |
}
|
|
|
aa60fb |
}
|
|
|
aa60fb |
- }
|
|
|
aa60fb |
- if (gid != 0 && sid.sid_rev_num != 0) {
|
|
|
aa60fb |
- /* TODO: check if gid maps to sid */
|
|
|
aa60fb |
- if (sid_index >= count) {
|
|
|
aa60fb |
- krb5_klog_syslog(LOG_ERR, "Index larger than "
|
|
|
aa60fb |
- "array, this shoould "
|
|
|
aa60fb |
- "never happen.");
|
|
|
aa60fb |
- kerr = EFAULT;
|
|
|
aa60fb |
- goto done;
|
|
|
aa60fb |
+ if (gid != 0 && sid.sid_rev_num != 0) {
|
|
|
aa60fb |
+ /* TODO: check if gid maps to sid */
|
|
|
aa60fb |
+ if (sid_index >= count) {
|
|
|
aa60fb |
+ krb5_klog_syslog(LOG_ERR, "Index larger than "
|
|
|
aa60fb |
+ "array, this shoould "
|
|
|
aa60fb |
+ "never happen.");
|
|
|
aa60fb |
+ kerr = EFAULT;
|
|
|
aa60fb |
+ goto done;
|
|
|
aa60fb |
+ }
|
|
|
aa60fb |
+ memcpy(&sids[sid_index], &sid, sizeof(struct dom_sid));
|
|
|
aa60fb |
+ sid_index++;
|
|
|
aa60fb |
}
|
|
|
aa60fb |
- memcpy(&sids[sid_index], &sid, sizeof(struct dom_sid));
|
|
|
aa60fb |
- sid_index++;
|
|
|
aa60fb |
}
|
|
|
aa60fb |
- }
|
|
|
aa60fb |
|
|
|
aa60fb |
- break;
|
|
|
aa60fb |
- default:
|
|
|
aa60fb |
- goto done;
|
|
|
aa60fb |
- }
|
|
|
aa60fb |
+ break;
|
|
|
aa60fb |
+ default:
|
|
|
aa60fb |
+ goto done;
|
|
|
aa60fb |
+ }
|
|
|
aa60fb |
+
|
|
|
aa60fb |
+ lentry = ldap_next_entry(ipactx->lcontext, lentry);
|
|
|
aa60fb |
+ } while (lentry != NULL);
|
|
|
aa60fb |
}
|
|
|
aa60fb |
|
|
|
aa60fb |
*_ipa_group_sids_count = sid_index;
|
|
|
aa60fb |
--
|
|
|
aa60fb |
2.7.1
|
|
|
aa60fb |
|