diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2013-05-29 10:28:00 +0300 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-05-30 12:39:45 +0200 |
commit | b21abc76caac8b251f708e77da7c8c7046fa22a7 (patch) | |
tree | d16cc47d3415153a49290420a24ef1bbf50a46bd | |
parent | 7310395047aa1e21feccc205153b55f2100bdb6c (diff) | |
download | freeipa-b21abc76caac8b251f708e77da7c8c7046fa22a7.tar.gz freeipa-b21abc76caac8b251f708e77da7c8c7046fa22a7.tar.xz freeipa-b21abc76caac8b251f708e77da7c8c7046fa22a7.zip |
Fix cldap parser to work with a single equality filter (NtVer=...)
https://fedorahosted.org/freeipa/ticket/3639
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c b/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c index 468b92bba..37de78689 100644 --- a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c +++ b/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_worker.c @@ -98,6 +98,15 @@ static int ipa_cldap_get_tree(BerElement *be, struct kvp_list *kvps) char *cookie; int ret; + tag = ber_peek_tag(be, &len); + if (tag == LDAP_FILTER_EQUALITY) { + /* Special case of a single clause filter, eg. (NtVer=\06\00\00\00) */ + ret = ipa_cldap_get_kvp(be, kvps); + if (ret == 0) { + return 0; + } + } + tag = ber_first_element(be, &len, &cookie); while (tag != LBER_DEFAULT) { tag = ber_peek_tag(be, &len); @@ -228,6 +237,7 @@ static void ipa_cldap_respond(struct ipa_cldap_ctx *ctx, } } /* done */ + /* As per MS-ADTS 6.3.3.3 always return SUCCESS even for invalid filters */ ret = ber_printf(be, "{it{ess}}", req->id, LDAP_RES_SEARCH_RESULT, 0, "", ""); if (ret == LBER_ERROR) { @@ -266,23 +276,15 @@ static void ipa_cldap_process(struct ipa_cldap_ctx *ctx, LOG_TRACE("CLDAP Request received"); ret = ipa_cldap_netlogon(ctx, req, &reply); - switch (ret) { - case 0: - /* all fine */ - break; - case EINVAL: - case ENOENT: - /* bad request, return empty reply as windows does */ + if (ret != 0) { + /* bad request, or internal error, return empty reply */ + /* as Windows does per MS-ADTS 6.3.3.3 */ memset(&reply, 0, sizeof(struct berval)); - break; - default: - /* internal error, just get out */ - goto done; } +done: ipa_cldap_respond(ctx, req, &reply); -done: ipa_cldap_free_kvps(&req->kvps); free(req); return; |