Handle SID strings in sdap_attrs_get_sid_str() as well

This patch add a basic check if the SID returned by the LDAP server is
in a string representation. If not it is assumed that a binary SID was
returned by the LDAP server which is converted into a string
representation which is returned to the caller.

1 files changed, 20 insertions, 9 deletions

diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index ddc88ab5f..acb24b190 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -1583,15 +1583,26 @@ sdap_attrs_get_sid_str(TALLOC_CTX *mem_ctx,
         return ENOENT;
     }
 
-    err = sss_idmap_bin_sid_to_sid(idmap_ctx->map,
-                                   el->values[0].data,
-                                   el->values[0].length,
-                                   &sid_str);
-    if (err != IDMAP_SUCCESS) {
-        DEBUG(SSSDBG_MINOR_FAILURE,
-              ("Could not convert SID: [%s]\n",
-               idmap_error_string(err)));
-        return EIO;
+    if (el->values[0].length > 2 &&
+        el->values[0].data[0] == 'S' &&
+        el->values[0].data[1] == '-') {
+        sid_str = talloc_strndup(mem_ctx, (char *) el->values[0].data,
+                                 el->values[0].length);
+        if (sid_str == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed.\n"));
+            return ENOMEM;
+        }
+    } else {
+        err = sss_idmap_bin_sid_to_sid(idmap_ctx->map,
+                                       el->values[0].data,
+                                       el->values[0].length,
+                                       &sid_str);
+        if (err != IDMAP_SUCCESS) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  ("Could not convert SID: [%s]\n",
+                   idmap_error_string(err)));
+            return EIO;
+        }
     }
 
     *_sid_str = talloc_steal(mem_ctx, sid_str);