ipa-kdb: use proper memory chunk size when moving sids

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1222475 Reviewed-By: Tomas Babej <tbabej@redhat.com>
author: Alexander Bokovoy <abokovoy@redhat.com> 2015-05-20 18:24:52 +0300
committer: Tomas Babej <tbabej@redhat.com> 2015-07-08 01:56:52 +0200
commit: 88c10dd9750516f49e6bbfa0246d390b3a10fc91 (patch)
tree: d87b9ece4b0d69025e6b8b851cd41be8c3cac778 /daemons
parent: e8ff6a3ef689e897a4b4bd0ceb1d84c4da82bbc6 (diff)
download: freeipa-88c10dd9750516f49e6bbfa0246d390b3a10fc91.tar.gz
freeipa-88c10dd9750516f49e6bbfa0246d390b3a10fc91.tar.xz
freeipa-88c10dd9750516f49e6bbfa0246d390b3a10fc91.zip
1 files changed, 17 insertions, 3 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 0e53a8099..390111f7d 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -1394,7 +1394,15 @@ static krb5_error_code filter_logon_info(krb5_context context,
             if (result) {
                 filter_logon_info_log_message(info->info->info3.sids[i].sid);
             } else {
+                /* Go over incoming SID blacklist */
                 for(k = 0; k < domain->len_sid_blacklist_incoming; k++) {
+                    /* if SID is an exact match, filter it out */
+                    result = dom_sid_check(&domain->sid_blacklist_incoming[k], info->info->info3.sids[i].sid, true);
+                    if (result) {
+                        filter_logon_info_log_message(info->info->info3.sids[i].sid);
+                        break;
+                    }
+                    /* if SID is a suffix of the blacklist element, filter it out*/
                     result = dom_sid_is_prefix(&domain->sid_blacklist_incoming[k], info->info->info3.sids[i].sid);
                     if (result) {
                         filter_logon_info_log_message(info->info->info3.sids[i].sid);
@@ -1403,11 +1411,17 @@ static krb5_error_code filter_logon_info(krb5_context context,
                 }
             }
             if (result) {
+                k = count - i - j - 1;
+                if (k != 0) {
+                    memmove(info->info->info3.sids+i,
+                            info->info->info3.sids+i+1,
+                            sizeof(struct netr_SidAttr)*k);
+                }
                 j++;
-                memmove(info->info->info3.sids+i, info->info->info3.sids+i+1, count-i-1);
+            } else {
+                i++;
             }
-            i++;
-        } while (i < count);
+        } while ((i + j) < count);
 
         if (j != 0) {
             count = count-j;
author	Alexander Bokovoy <abokovoy@redhat.com>	2015-05-20 18:24:52 +0300
committer	Tomas Babej <tbabej@redhat.com>	2015-07-08 01:56:52 +0200
commit	88c10dd9750516f49e6bbfa0246d390b3a10fc91 (patch)
tree	d87b9ece4b0d69025e6b8b851cd41be8c3cac778 /daemons
parent	e8ff6a3ef689e897a4b4bd0ceb1d84c4da82bbc6 (diff)
download	freeipa-88c10dd9750516f49e6bbfa0246d390b3a10fc91.tar.gz freeipa-88c10dd9750516f49e6bbfa0246d390b3a10fc91.tar.xz freeipa-88c10dd9750516f49e6bbfa0246d390b3a10fc91.zip