diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-12 10:32:33 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-19 14:28:44 +0200 |
commit | 82347f452febe3cbffc36b0a3308ffb462515442 (patch) | |
tree | b285161a36ee3fa0def0cbf6766d0896adc7d067 /src/providers/ldap | |
parent | a8e9aedbf7f6ada4e9f505da5fad8a61e4066684 (diff) | |
download | sssd-82347f452febe3cbffc36b0a3308ffb462515442.tar.gz sssd-82347f452febe3cbffc36b0a3308ffb462515442.tar.xz sssd-82347f452febe3cbffc36b0a3308ffb462515442.zip |
IPA: handle searches by SID in apply_subdomain_homedir
https://fedorahosted.org/sssd/ticket/2391
apply_subdomain_homedir() didn't handle the situation where an entity
that doesn't match was requested from the cache. For user and group
lookups this wasn't a problem because the negative match was caught
sooner.
But SID lookups can match either user or group. When a group SID was
requested, the preceding LDAP request matched the SID and stored the
group in the cache. Then apply_subdomain_homedir() only tried to search
user by SID, didn't find the entry and accessed a NULL pointer.
A simple reproducer is:
$ python
>>> import pysss_nss_idmap
>>> pysss_nss_idmap.getnamebysid(group_sid)
The group_sid can be anything, including Domain Users (XXX-513)
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ldap')
0 files changed, 0 insertions, 0 deletions