diff options
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 50 |
1 files changed, 47 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 1b865af0a..aba7ba42d 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2749,6 +2749,10 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) const char *orig_dn; const char *cname; bool in_transaction = false; + char *expected_basedn; + size_t expected_basedn_len; + size_t dn_len; + size_t c = 0; DEBUG(9, ("Receiving info for the user\n")); @@ -2788,11 +2792,50 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) } else if (count != 1) { DEBUG(SSSDBG_OP_FAILURE, ("Expected one user entry and got %zu\n", count)); - tevent_req_error(req, EINVAL); - return; + + ret = domain_to_basedn(state, state->dom->name, &expected_basedn); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("domain_to_basedn failed.\n")); + tevent_req_error(req, ret); + return; + } + expected_basedn = talloc_asprintf(state, "%s%s", + "cn=users,", expected_basedn); + if (expected_basedn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("talloc_append failed.\n")); + tevent_req_error(req, ENOMEM); + return; + } + + DEBUG(SSSDBG_TRACE_ALL, ("Expected BaseDN is [%s].\n", expected_basedn)); + expected_basedn_len = strlen(expected_basedn); + + for (c = 0; c < count; c++) { + ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n")); + tevent_req_error(req, ret); + return; + } + dn_len = strlen(orig_dn); + + if (dn_len > expected_basedn_len + && strcasecmp(orig_dn + (dn_len - expected_basedn_len), + expected_basedn) == 0) { + DEBUG(SSSDBG_TRACE_ALL, + ("Found matching dn [%s].\n", orig_dn)); + break; + } + } + + if (c == count) { + DEBUG(SSSDBG_OP_FAILURE, ("No matching DN found.\n")); + tevent_req_error(req, EINVAL); + return; + } } - state->orig_user = usr_attrs[0]; + state->orig_user = usr_attrs[c]; ret = sysdb_transaction_start(state->sysdb); if (ret) { @@ -2858,6 +2901,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) */ subreq = sdap_ad_tokengroups_initgroups_send(state, state->ev, state->id_ctx, + state->conn, state->opts, state->sysdb, state->dom, |