From d9d27cae99fe6f71daf250bfff71ee406fa3d23c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 16 Dec 2015 12:38:16 +0100 Subject: [PATCH] ipa-kdb: map_groups() consider all results Resolves https://fedorahosted.org/freeipa/ticket/5573 Reviewed-By: Jakub Hrozek Reviewed-By: Alexander Bokovoy --- daemons/ipa-kdb/ipa_kdb_mspac.c | 108 +++++++++++++++++++++------------------- 1 file changed, 56 insertions(+), 52 deletions(-) diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 3c0dca839314273ae309b3b65ec7cf103e9c6da7..de40a145210c36ea0d35e0cc491fe9d3d76efea0 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -1082,68 +1082,72 @@ static int map_groups(TALLOC_CTX *memctx, krb5_context kcontext, continue; } - ldap_derefresponse_free(deref_results); - ret = ipadb_ldap_deref_results(ipactx->lcontext, lentry, &deref_results); - switch (ret) { - case ENOENT: - /* No entry found, try next SID */ - break; - case 0: - if (deref_results == NULL) { - krb5_klog_syslog(LOG_ERR, "No results."); + do { + ldap_derefresponse_free(deref_results); + ret = ipadb_ldap_deref_results(ipactx->lcontext, lentry, &deref_results); + switch (ret) { + case ENOENT: + /* No entry found, try next SID */ break; - } + case 0: + if (deref_results == NULL) { + krb5_klog_syslog(LOG_ERR, "No results."); + break; + } - for (dres = deref_results; dres; dres = dres->next) { - count++; - } + for (dres = deref_results; dres; dres = dres->next) { + count++; + } - sids = talloc_realloc(memctx, sids, struct dom_sid, count); - if (sids == NULL) { - krb5_klog_syslog(LOG_ERR, "talloc_realloc failed."); - kerr = ENOMEM; - goto done; - } + sids = talloc_realloc(memctx, sids, struct dom_sid, count); + if (sids == NULL) { + krb5_klog_syslog(LOG_ERR, "talloc_realloc failed."); + kerr = ENOMEM; + goto done; + } - for (dres = deref_results; dres; dres = dres->next) { - gid = 0; - memset(&sid, '\0', sizeof(struct dom_sid)); - for (dval = dres->attrVals; dval; dval = dval->next) { - if (strcasecmp(dval->type, "gidNumber") == 0) { - errno = 0; - gid = strtoul((char *)dval->vals[0].bv_val, - &endptr,10); - if (gid == 0 || gid >= UINT32_MAX || errno != 0 || - *endptr != '\0') { - continue; + for (dres = deref_results; dres; dres = dres->next) { + gid = 0; + memset(&sid, '\0', sizeof(struct dom_sid)); + for (dval = dres->attrVals; dval; dval = dval->next) { + if (strcasecmp(dval->type, "gidNumber") == 0) { + errno = 0; + gid = strtoul((char *)dval->vals[0].bv_val, + &endptr,10); + if (gid == 0 || gid >= UINT32_MAX || errno != 0 || + *endptr != '\0') { + continue; + } } - } - if (strcasecmp(dval->type, - "ipaNTSecurityIdentifier") == 0) { - kerr = string_to_sid((char *)dval->vals[0].bv_val, &sid); - if (kerr != 0) { - continue; + if (strcasecmp(dval->type, + "ipaNTSecurityIdentifier") == 0) { + kerr = string_to_sid((char *)dval->vals[0].bv_val, &sid); + if (kerr != 0) { + continue; + } } } - } - if (gid != 0 && sid.sid_rev_num != 0) { - /* TODO: check if gid maps to sid */ - if (sid_index >= count) { - krb5_klog_syslog(LOG_ERR, "Index larger than " - "array, this shoould " - "never happen."); - kerr = EFAULT; - goto done; + if (gid != 0 && sid.sid_rev_num != 0) { + /* TODO: check if gid maps to sid */ + if (sid_index >= count) { + krb5_klog_syslog(LOG_ERR, "Index larger than " + "array, this shoould " + "never happen."); + kerr = EFAULT; + goto done; + } + memcpy(&sids[sid_index], &sid, sizeof(struct dom_sid)); + sid_index++; } - memcpy(&sids[sid_index], &sid, sizeof(struct dom_sid)); - sid_index++; } - } - break; - default: - goto done; - } + break; + default: + goto done; + } + + lentry = ldap_next_entry(ipactx->lcontext, lentry); + } while (lentry != NULL); } *_ipa_group_sids_count = sid_index; -- 2.7.1