From ca4b7b92738f3dd463914e3de5757cd98d37a983 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 8 May 2012 13:37:14 -0400 Subject: LDAP: Add attr_count return value to build_attrs_from_map() This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL. --- src/providers/ipa/ipa_hosts.c | 5 +++-- src/providers/ipa/ipa_id.c | 2 +- src/providers/ipa/ipa_netgroups.c | 2 +- src/providers/ipa/ipa_selinux_maps.c | 2 +- src/providers/ipa/ipa_subdomains_id.c | 4 ++-- src/providers/ldap/ldap_common.c | 5 +---- src/providers/ldap/ldap_id.c | 6 +++--- src/providers/ldap/ldap_id_enum.c | 4 ++-- src/providers/ldap/ldap_id_netgroup.c | 2 +- src/providers/ldap/ldap_id_services.c | 2 +- src/providers/ldap/sdap.c | 31 +++++++++++++++++++++++++----- src/providers/ldap/sdap.h | 4 +++- src/providers/ldap/sdap_async_autofs.c | 4 ++-- src/providers/ldap/sdap_async_groups.c | 14 ++++++++------ src/providers/ldap/sdap_async_initgroups.c | 10 +++++----- src/providers/ldap/sdap_async_services.c | 2 +- src/providers/ldap/sdap_sudo.c | 2 +- 17 files changed, 62 insertions(+), 39 deletions(-) diff --git a/src/providers/ipa/ipa_hosts.c b/src/providers/ipa/ipa_hosts.c index 300138648..09a5acaf8 100644 --- a/src/providers/ipa/ipa_hosts.c +++ b/src/providers/ipa/ipa_hosts.c @@ -102,7 +102,8 @@ ipa_host_info_send(TALLOC_CTX *mem_ctx, state->host_map = host_map; state->hostgroup_map = hostgroup_map; - ret = build_attrs_from_map(state, host_map, IPA_OPTS_HOST, &state->attrs); + ret = build_attrs_from_map(state, host_map, IPA_OPTS_HOST, + &state->attrs, NULL); if (ret != EOK) { goto immediate; } @@ -213,7 +214,7 @@ ipa_host_info_done(struct tevent_req *subreq) if (state->hostgroup_map) { talloc_free(state->attrs); ret = build_attrs_from_map(state, state->hostgroup_map, - IPA_OPTS_HOSTGROUP, &state->attrs); + IPA_OPTS_HOSTGROUP, &state->attrs, NULL); if (ret != EOK) { tevent_req_error(req, ret); return; diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index f2a27c74e..1f4347998 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -212,7 +212,7 @@ struct tevent_req *ipa_netgroup_get_send(TALLOC_CTX *memctx, talloc_zfree(clean_name); ret = build_attrs_from_map(state, ctx->opts->netgroup_map, - IPA_OPTS_NETGROUP, &state->attrs); + IPA_OPTS_NETGROUP, &state->attrs, NULL); if (ret != EOK) goto fail; ret = ipa_netgroup_get_retry(req); diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 3aedf5310..881eeb865 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -528,7 +528,7 @@ static int ipa_netgr_fetch_hosts(struct ipa_get_netgroups_state *state, return ENOMEM; ret = build_attrs_from_map(state, state->ipa_opts->host_map, - IPA_OPTS_HOST, &attrs); + IPA_OPTS_HOST, &attrs, NULL); if (ret != EOK) { talloc_free(filter); return ret; diff --git a/src/providers/ipa/ipa_selinux_maps.c b/src/providers/ipa/ipa_selinux_maps.c index 711274b1b..28923cee1 100644 --- a/src/providers/ipa/ipa_selinux_maps.c +++ b/src/providers/ipa/ipa_selinux_maps.c @@ -77,7 +77,7 @@ struct tevent_req *ipa_selinux_get_maps_send(TALLOC_CTX *mem_ctx, state->maps = NULL; ret = build_attrs_from_map(state, ipa_opts->selinuxuser_map, - IPA_OPTS_SELINUX_USERMAP, &state->attrs); + IPA_OPTS_SELINUX_USERMAP, &state->attrs, NULL); if (ret != EOK) goto fail; state->cur_filter = NULL; diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index a4558e684..39f076cdb 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -89,11 +89,11 @@ struct tevent_req *ipa_get_subdomain_account_info_send(TALLOC_CTX *memctx, switch (state->entry_type) { case BE_REQ_USER: ret = build_attrs_from_map(state, ctx->opts->user_map, - SDAP_OPTS_USER, &state->attrs); + SDAP_OPTS_USER, &state->attrs, NULL); break; case BE_REQ_GROUP: ret = build_attrs_from_map(state, ctx->opts->group_map, - SDAP_OPTS_GROUP, &state->attrs); + SDAP_OPTS_GROUP, &state->attrs, NULL); break; default: ret = EINVAL; diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 8e117d267..dd7828152 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -1303,14 +1303,11 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = build_attrs_from_map(tmp_ctx, map, map_size, &expected_attrs); + ret = build_attrs_from_map(tmp_ctx, map, map_size, &expected_attrs, &attr_count); if (ret != EOK) { goto done; } - /* Count the expected attrs */ - while(expected_attrs[attr_count]) attr_count++; - /* Allocate the maximum possible values for missing_attrs, to * be on the safe side */ diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 186358691..bdd640a94 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -152,7 +152,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->user_map, - SDAP_OPTS_USER, &state->attrs); + SDAP_OPTS_USER, &state->attrs, NULL); if (ret != EOK) goto fail; ret = users_get_retry(req); @@ -440,7 +440,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->group_map, - SDAP_OPTS_GROUP, &state->attrs); + SDAP_OPTS_GROUP, &state->attrs, NULL); if (ret != EOK) goto fail; ret = groups_get_retry(req); @@ -632,7 +632,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->name = name; ret = build_attrs_from_map(state, ctx->opts->group_map, - SDAP_OPTS_GROUP, &state->attrs); + SDAP_OPTS_GROUP, &state->attrs, NULL); if (ret != EOK) goto fail; ret = groups_by_user_retry(req); diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index ef8f69133..107ab23fa 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -558,7 +558,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->user_map, - SDAP_OPTS_USER, &state->attrs); + SDAP_OPTS_USER, &state->attrs, NULL); if (ret != EOK) goto fail; /* TODO: restrict the enumerations to using a single @@ -717,7 +717,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, ctx->opts->group_map, - SDAP_OPTS_GROUP, &state->attrs); + SDAP_OPTS_GROUP, &state->attrs, NULL); if (ret != EOK) goto fail; /* TODO: restrict the enumerations to using a single diff --git a/src/providers/ldap/ldap_id_netgroup.c b/src/providers/ldap/ldap_id_netgroup.c index 2432f9c4f..7fe7543f8 100644 --- a/src/providers/ldap/ldap_id_netgroup.c +++ b/src/providers/ldap/ldap_id_netgroup.c @@ -99,7 +99,7 @@ struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, talloc_zfree(clean_name); ret = build_attrs_from_map(state, ctx->opts->netgroup_map, - SDAP_OPTS_NETGROUP, &state->attrs); + SDAP_OPTS_NETGROUP, &state->attrs, NULL); if (ret != EOK) goto fail; ret = ldap_netgroup_get_retry(req); diff --git a/src/providers/ldap/ldap_id_services.c b/src/providers/ldap/ldap_id_services.c index c1ee28e03..16d696af4 100644 --- a/src/providers/ldap/ldap_id_services.c +++ b/src/providers/ldap/ldap_id_services.c @@ -135,7 +135,7 @@ services_get_send(TALLOC_CTX *mem_ctx, state->filter)); ret = build_attrs_from_map(state, id_ctx->opts->service_map, - SDAP_OPTS_SERVICES, &state->attrs); + SDAP_OPTS_SERVICES, &state->attrs, NULL); if (ret != EOK) goto error; ret = services_get_retry(req); diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 616e7cba5..e4d3aa9bc 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -999,13 +999,22 @@ void sdap_steal_server_opts(struct sdap_id_ctx *id_ctx, int build_attrs_from_map(TALLOC_CTX *memctx, struct sdap_attr_map *map, - size_t size, const char ***_attrs) + size_t size, + const char ***_attrs, + size_t *attr_count) { + errno_t ret; const char **attrs; int i, j; + TALLOC_CTX *tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) return ENOMEM; - attrs = talloc_array(memctx, const char *, size + 1); - if (!attrs) return ENOMEM; + /* Assume that all entries in the map have values */ + attrs = talloc_zero_array(tmp_ctx, const char *, size + 1); + if (!attrs) { + ret = ENOMEM; + goto done; + } /* first attribute is "objectclass" not the specifc one */ attrs[0] = talloc_strdup(memctx, "objectClass"); @@ -1020,9 +1029,21 @@ int build_attrs_from_map(TALLOC_CTX *memctx, } attrs[j] = NULL; - *_attrs = attrs; + /* Trim down the used memory if some attributes were NULL */ + attrs = talloc_realloc(tmp_ctx, attrs, const char *, j + 1); + if (!attrs) { + ret = ENOMEM; + goto done; + } - return EOK; + *_attrs = talloc_steal(memctx, attrs); + if (attr_count) *attr_count = j; + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; } int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index ba19cbabe..61f899f31 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -453,7 +453,9 @@ bool sdap_check_sup_list(struct sup_list *l, const char *val); int build_attrs_from_map(TALLOC_CTX *memctx, struct sdap_attr_map *map, - size_t size, const char ***_attrs); + size_t size, + const char ***_attrs, + size_t *attr_count); int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, struct berval *value, int dupval, LDAPControl **ctrlp); diff --git a/src/providers/ldap/sdap_async_autofs.c b/src/providers/ldap/sdap_async_autofs.c index 528e8b73a..3140596ef 100644 --- a/src/providers/ldap/sdap_async_autofs.c +++ b/src/providers/ldap/sdap_async_autofs.c @@ -242,7 +242,7 @@ automntmaps_process_members_send(TALLOC_CTX *mem_ctx, } ret = build_attrs_from_map(state, opts->autofs_entry_map, - SDAP_OPTS_AUTOFS_ENTRY, &state->attrs); + SDAP_OPTS_AUTOFS_ENTRY, &state->attrs, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build attributes from map\n")); ret = ENOMEM; @@ -674,7 +674,7 @@ sdap_autofs_setautomntent_send(TALLOC_CTX *memctx, talloc_free(clean_mapname); ret = build_attrs_from_map(state, state->opts->autofs_mobject_map, - SDAP_OPTS_AUTOFS_MAP, &state->attrs); + SDAP_OPTS_AUTOFS_MAP, &state->attrs, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build attributes from map\n")); ret = ENOMEM; diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 54fe5a7ae..fb6a85e22 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -600,7 +600,8 @@ struct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx, struct sdap_process_group_state); if (!req) return NULL; - ret = build_attrs_from_map(grp_state, opts->user_map, SDAP_OPTS_USER, &attrs); + ret = build_attrs_from_map(grp_state, opts->user_map, SDAP_OPTS_USER, + &attrs, NULL); if (ret) { goto done; } @@ -2367,6 +2368,7 @@ sdap_nested_group_process_deref_call(struct tevent_req *req) const char **sdap_attrs; int ret; int timeout; + size_t attr_count; const int num_maps = 2; struct sdap_nested_group_ctx *state = tevent_req_data(req, struct sdap_nested_group_ctx); @@ -2383,19 +2385,19 @@ sdap_nested_group_process_deref_call(struct tevent_req *req) /* Pull down the whole group map, but only pull down username * and originalDN for users. */ ret = build_attrs_from_map(state, state->opts->group_map, - SDAP_OPTS_GROUP, &sdap_attrs); + SDAP_OPTS_GROUP, &sdap_attrs, &attr_count); if (ret != EOK) goto fail; sdap_attrs = talloc_realloc(NULL, sdap_attrs, const char *, - SDAP_OPTS_GROUP + 2); + attr_count + 2); if (!sdap_attrs) { ret = ENOMEM; goto fail; } - sdap_attrs[SDAP_OPTS_GROUP] = \ + sdap_attrs[attr_count] = \ state->opts->user_map[SDAP_AT_USER_NAME].name; - sdap_attrs[SDAP_OPTS_GROUP + 1] = NULL; + sdap_attrs[attr_count + 1] = NULL; timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); @@ -2588,7 +2590,7 @@ static errno_t sdap_nested_group_lookup_group(struct tevent_req *req) } ret = build_attrs_from_map(state, state->opts->group_map, - SDAP_OPTS_GROUP, &sdap_attrs); + SDAP_OPTS_GROUP, &sdap_attrs, NULL); if (ret != EOK) { return ret; } diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 8ca738782..b883ccf93 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -354,7 +354,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, } ret = build_attrs_from_map(state, opts->group_map, - SDAP_OPTS_GROUP, &state->attrs); + SDAP_OPTS_GROUP, &state->attrs, NULL); if (ret != EOK) { talloc_free(req); return NULL; @@ -844,7 +844,7 @@ static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req) maps[1].map = NULL; ret = build_attrs_from_map(state, state->opts->group_map, - SDAP_OPTS_GROUP, &sdap_attrs); + SDAP_OPTS_GROUP, &sdap_attrs, NULL); if (ret != EOK) goto fail; timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT); @@ -1496,7 +1496,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( } ret = build_attrs_from_map(state, opts->group_map, - SDAP_OPTS_GROUP, &state->attrs); + SDAP_OPTS_GROUP, &state->attrs, NULL); if (ret != EOK) goto done; ret = sss_filter_sanitize(state, orig_dn, &clean_orig_dn); @@ -2169,7 +2169,7 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) } ret = build_attrs_from_map(state, state->opts->group_map, - SDAP_OPTS_GROUP, &state->attrs); + SDAP_OPTS_GROUP, &state->attrs, NULL); if (ret != EOK) { goto done; } @@ -2505,7 +2505,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, } ret = build_attrs_from_map(state, state->opts->user_map, - SDAP_OPTS_USER, &state->user_attrs); + SDAP_OPTS_USER, &state->user_attrs, NULL); if (ret) { talloc_zfree(req); return NULL; diff --git a/src/providers/ldap/sdap_async_services.c b/src/providers/ldap/sdap_async_services.c index c87d07c44..895ea7e7b 100644 --- a/src/providers/ldap/sdap_async_services.c +++ b/src/providers/ldap/sdap_async_services.c @@ -572,7 +572,7 @@ enum_services_send(TALLOC_CTX *memctx, /* TODO: handle attrs_type */ ret = build_attrs_from_map(state, id_ctx->opts->service_map, - SDAP_OPTS_SERVICES, &state->attrs); + SDAP_OPTS_SERVICES, &state->attrs, NULL); if (ret != EOK) goto fail; subreq = sdap_get_services_send(state, state->ev, diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index 02d4f17bc..23fd062cc 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -456,7 +456,7 @@ struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx, /* create attrs from map */ ret = build_attrs_from_map(state, opts->sudorule_map, SDAP_OPTS_SUDO, - &state->attrs); + &state->attrs, NULL); if (ret != EOK) { goto fail; } -- cgit