summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-02-01 14:03:36 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-02-04 08:27:16 -0500
commit169fa5bd3edd34aa0db35681832bd7406e423c1b (patch)
tree10571e2eedf792bc94d4da77a128843d78e56d3a
parent9264332df73311e2ed244b37b470cac74a784f4a (diff)
downloadsssd-169fa5bd3edd34aa0db35681832bd7406e423c1b.tar.gz
sssd-169fa5bd3edd34aa0db35681832bd7406e423c1b.tar.xz
sssd-169fa5bd3edd34aa0db35681832bd7406e423c1b.zip
LDAP: Do not fail if RootDSE check cannot determine search bases
https://fedorahosted.org/sssd/ticket/1152
-rw-r--r--src/providers/ipa/ipa_netgroups.c7
-rw-r--r--src/providers/ldap/ldap_common.c5
-rw-r--r--src/providers/ldap/sdap.c7
-rw-r--r--src/providers/ldap/sdap_async_groups.c9
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c35
-rw-r--r--src/providers/ldap/sdap_async_netgroups.c10
-rw-r--r--src/providers/ldap/sdap_async_services.c9
-rw-r--r--src/providers/ldap/sdap_async_users.c9
-rw-r--r--src/providers/ldap/sdap_sudo.c9
9 files changed, 95 insertions, 5 deletions
diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c
index d61728f57..620f03cc8 100644
--- a/src/providers/ipa/ipa_netgroups.c
+++ b/src/providers/ipa/ipa_netgroups.c
@@ -209,6 +209,13 @@ struct tevent_req *ipa_get_netgroups_send(TALLOC_CTX *memctx,
state->base_filter = filter;
state->netgr_base_iter = 0;
+ if (!ipa_options->id->netgroup_search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Netgroup lookup request without a search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
ret = sss_hash_create(state, 32, &state->new_netgroups);
if (ret != EOK) goto done;
ret = sss_hash_create(state, 32, &state->new_users);
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 786e06b3d..38bd1b4f3 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -572,9 +572,8 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx,
dp_opt_get_string(opts->basic, SDAP_SUDO_SEARCH_BASE)));
}
} else {
- /* FIXME: try to discover it later */
- DEBUG(SSSDBG_OP_FAILURE, ("Error: no SUDO search base set\n"));
- return ENOENT;
+ DEBUG(SSSDBG_TRACE_FUNC, ("Search base not set, trying to discover it later "
+ "connecting to the LDAP server.\n"));
}
ret = sdap_parse_search_base(opts, opts->basic,
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 8a118150b..27cffd79a 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -754,7 +754,12 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse,
naming_context = get_naming_context(opts->basic, rootdse);
if (naming_context == NULL) {
DEBUG(1, ("get_naming_context failed.\n"));
- ret = EINVAL;
+
+ /* This has to be non-fatal, since some servers offer
+ * multiple namingContexts entries. We will just
+ * add NULL checks for the search bases in the lookups.
+ */
+ ret = EOK;
goto done;
}
}
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index e59640997..fe5dbd49a 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1217,7 +1217,16 @@ struct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
state->base_iter = 0;
state->search_bases = search_bases;
+ if (!search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Group lookup request without a search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
ret = sdap_get_groups_next_base(req);
+
+done:
if (ret != EOK) {
tevent_req_error(req, ret);
tevent_req_post(req, ev);
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 73ab25ea7..a769b1005 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -303,6 +303,13 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
state->base_iter = 0;
state->search_bases = opts->group_search_bases;
+ if (!state->search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Initgroups lookup request without a group search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
state->name = talloc_strdup(state, name);
if (!state->name) {
talloc_zfree(req);
@@ -337,6 +344,8 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
talloc_zfree(clean_name);
ret = sdap_initgr_rfc2307_next_base(req);
+
+done:
if (ret != EOK) {
tevent_req_error(req, ret);
tevent_req_post(req, ev);
@@ -1432,6 +1441,13 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send(
state->base_iter = 0;
state->search_bases = opts->group_search_bases;
+ if (!state->search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Initgroups lookup request without a group search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
ret = sss_hash_create(state, 32, &state->group_hash);
if (ret != EOK) {
talloc_free(req);
@@ -2006,9 +2022,17 @@ struct tevent_req *rfc2307bis_nested_groups_send(
SDAP_SEARCH_TIMEOUT);
state->base_iter = 0;
state->search_bases = opts->group_search_bases;
-
+ if (!state->search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Initgroups nested lookup request "
+ "without a group search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
ret = rfc2307bis_nested_groups_step(req);
+
+done:
if (ret == EOK) {
/* All parent groups were already processed */
tevent_req_done(req);
@@ -2378,9 +2402,16 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
state->user_base_iter = 0;
state->user_search_bases = id_ctx->opts->user_search_bases;
+ if (!state->user_search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Initgroups lookup request without a user search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
ret = sss_filter_sanitize(state, name, &clean_name);
if (ret != EOK) {
+ talloc_zfree(req);
return NULL;
}
@@ -2402,6 +2433,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
}
ret = sdap_get_initgr_next_base(req);
+
+done:
if (ret != EOK) {
tevent_req_error(req, ret);
tevent_req_post(req, ev);
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index 0888c7e2f..f3a378f64 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -579,7 +579,17 @@ struct tevent_req *sdap_get_netgroups_send(TALLOC_CTX *memctx,
state->base_iter = 0;
state->search_bases = search_bases;
+ if (!state->search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Netgroup lookup request without a netgroup search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
+
ret = sdap_get_netgroups_next_base(req);
+
+done:
if (ret != EOK) {
tevent_req_error(req, ret);
tevent_req_post(req, state->ev);
diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c
index e4371f58e..f414040bc 100644
--- a/src/providers/ldap/sdap_async_services.c
+++ b/src/providers/ldap/sdap_async_services.c
@@ -104,7 +104,16 @@ sdap_get_services_send(TALLOC_CTX *memctx,
state->search_bases = search_bases;
state->enumeration = enumeration;
+ if (!state->search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("Services lookup request without a search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
ret = sdap_get_services_next_base(req);
+
+done:
if (ret != EOK) {
tevent_req_error(req, ret);
tevent_req_post(req, state->ev);
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index ac856a642..011683219 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -434,7 +434,16 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
state->search_bases = search_bases;
state->enumeration = enumeration;
+ if (!state->search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("User lookup request without a search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
ret = sdap_get_users_next_base(req);
+
+done:
if (ret != EOK) {
tevent_req_error(req, ret);
tevent_req_post(req, state->ev);
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index aed937f9f..30afcddfe 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -340,6 +340,13 @@ struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx,
state->ldap_rules = NULL;
state->ldap_rules_count = 0;
+ if (!state->search_bases) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("SUDOERS lookup request without a search base\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
/* create filter */
state->filter = sdap_sudo_build_filter(state, opts->sudorule_map, sudo_req);
if (state->filter == NULL) {
@@ -355,6 +362,8 @@ struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx,
/* begin search */
ret = sdap_sudo_load_sudoers_next_base(req);
+
+done:
if (ret != EOK) {
tevent_req_error(req, ret);
tevent_req_post(req, ev);