rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0127-IPA-handle-searches-by-SID-in-apply_subdomain_homedi.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   7db20e1826c1f5453391ec7c6df07c123ea33711
  2.   SOURCES
  3.   0127-IPA-handle-searches-by-SID-in-apply_subdomain_homedi.patch
Blob History Raw
7db20e 
From 5ecab6dc08ac35a400e067af09b49e7fcb0f17c0 Mon Sep 17 00:00:00 2001
7db20e 
From: Jakub Hrozek <jhrozek@redhat.com>
7db20e 
Date: Tue, 12 Aug 2014 10:32:33 +0200
7db20e 
Subject: [PATCH 127/130] IPA: handle searches by SID in
7db20e 
 apply_subdomain_homedir
7db20e 
MIME-Version: 1.0
7db20e 
Content-Type: text/plain; charset=UTF-8
7db20e 
Content-Transfer-Encoding: 8bit
7db20e
7db20e 
https://fedorahosted.org/sssd/ticket/2391
7db20e
7db20e 
apply_subdomain_homedir() didn't handle the situation where an entity
7db20e 
that doesn't match was requested from the cache. For user and group
7db20e 
lookups this wasn't a problem because the negative match was caught
7db20e 
sooner.
7db20e
7db20e 
But SID lookups can match either user or group. When a group SID was
7db20e 
requested, the preceding LDAP request matched the SID and stored the
7db20e 
group in the cache. Then apply_subdomain_homedir() only tried to search
7db20e 
user by SID, didn't find the entry and accessed a NULL pointer.
7db20e
7db20e 
A simple reproducer is:
7db20e 
$ python
7db20e 
>>> import pysss_nss_idmap
7db20e 
>>> pysss_nss_idmap.getnamebysid(group_sid)
7db20e
7db20e 
The group_sid can be anything, including Domain Users (XXX-513)
7db20e
7db20e 
Reviewed-by: Michal Židek <mzidek@redhat.com>
7db20e 
(cherry picked from commit 82347f452febe3cbffc36b0a3308ffb462515442)
7db20e 
---
7db20e 
 src/providers/ipa/ipa_subdomains_id.c | 13 +++++++++----
7db20e 
 1 file changed, 9 insertions(+), 4 deletions(-)
7db20e
7db20e 
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
7db20e 
index d8922a461fc1cbbec4bb65b8cd6e6cf25f2dc605..5517602a6e9c7d56406e42aa3afbd2527e2df7ea 100644
7db20e 
--- a/src/providers/ipa/ipa_subdomains_id.c
7db20e 
+++ b/src/providers/ipa/ipa_subdomains_id.c
7db20e 
@@ -492,6 +492,9 @@ apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
7db20e
7db20e 
     if (filter_type == BE_FILTER_NAME) {
7db20e 
         ret = sysdb_getpwnam(mem_ctx, dom->sysdb, dom, filter_value, &res;;
7db20e 
+        if (res && res->count == 0) {
7db20e 
+            ret = ENOENT;
7db20e 
+        }
7db20e 
     } else if (filter_type == BE_FILTER_IDNUM) {
7db20e 
         errno = 0;
7db20e 
         uid = strtouint32(filter_value, NULL, 10);
7db20e 
@@ -500,6 +503,9 @@ apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
7db20e 
             goto done;
7db20e 
         }
7db20e 
         ret = sysdb_getpwuid(mem_ctx, dom->sysdb, dom, uid, &res;;
7db20e 
+        if (res && res->count == 0) {
7db20e 
+            ret = ENOENT;
7db20e 
+        }
7db20e 
     } else if (filter_type == BE_FILTER_SECID) {
7db20e 
         ret = sysdb_search_user_by_sid_str(mem_ctx, dom->sysdb, dom,
7db20e 
                                            filter_value, attrs, &msg;;
7db20e 
@@ -515,10 +521,9 @@ apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
7db20e 
               ("Failed to make request to our cache: [%d]: [%s]\n",
7db20e 
                ret, sss_strerror(ret)));
7db20e 
         goto done;
7db20e 
-    }
7db20e 
-
7db20e 
-    if ((res && res->count == 0) || (msg && msg->num_elements == 0)) {
7db20e 
-        ret = ENOENT;
7db20e 
+    } else if (ret == ENOENT) {
7db20e 
+        DEBUG(SSSDBG_TRACE_FUNC, ("Cannot find [%s] with search type [%d]\n",
7db20e 
+              filter_value, filter_type));
7db20e 
         goto done;
7db20e 
     }
7db20e
7db20e 
--
7db20e 
1.9.3
7db20e

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation