summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async_initgroups.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c50
1 files changed, 47 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 1b865af0a..aba7ba42d 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -2749,6 +2749,10 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
const char *orig_dn;
const char *cname;
bool in_transaction = false;
+ char *expected_basedn;
+ size_t expected_basedn_len;
+ size_t dn_len;
+ size_t c = 0;
DEBUG(9, ("Receiving info for the user\n"));
@@ -2788,11 +2792,50 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
} else if (count != 1) {
DEBUG(SSSDBG_OP_FAILURE,
("Expected one user entry and got %zu\n", count));
- tevent_req_error(req, EINVAL);
- return;
+
+ ret = domain_to_basedn(state, state->dom->name, &expected_basedn);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("domain_to_basedn failed.\n"));
+ tevent_req_error(req, ret);
+ return;
+ }
+ expected_basedn = talloc_asprintf(state, "%s%s",
+ "cn=users,", expected_basedn);
+ if (expected_basedn == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_append failed.\n"));
+ tevent_req_error(req, ENOMEM);
+ return;
+ }
+
+ DEBUG(SSSDBG_TRACE_ALL, ("Expected BaseDN is [%s].\n", expected_basedn));
+ expected_basedn_len = strlen(expected_basedn);
+
+ for (c = 0; c < count; c++) {
+ ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
+ tevent_req_error(req, ret);
+ return;
+ }
+ dn_len = strlen(orig_dn);
+
+ if (dn_len > expected_basedn_len
+ && strcasecmp(orig_dn + (dn_len - expected_basedn_len),
+ expected_basedn) == 0) {
+ DEBUG(SSSDBG_TRACE_ALL,
+ ("Found matching dn [%s].\n", orig_dn));
+ break;
+ }
+ }
+
+ if (c == count) {
+ DEBUG(SSSDBG_OP_FAILURE, ("No matching DN found.\n"));
+ tevent_req_error(req, EINVAL);
+ return;
+ }
}
- state->orig_user = usr_attrs[0];
+ state->orig_user = usr_attrs[c];
ret = sysdb_transaction_start(state->sysdb);
if (ret) {
@@ -2858,6 +2901,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
*/
subreq = sdap_ad_tokengroups_initgroups_send(state, state->ev,
state->id_ctx,
+ state->conn,
state->opts,
state->sysdb,
state->dom,
generated by cgit (git 2.34.1) at 2024-04-16 08:12:26 +0000