diff options
| author | Sumit Bose <sbose@redhat.com> | 2017-03-01 17:07:12 +0100 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-03-10 22:20:14 +0100 |
| commit | 7aadfa5454e436e4c36ede00434ff9687a6c48e2 (patch) | |
| tree | 917e37b57bce77601bbad846bf8aaf6b8245df66 | |
| parent | 16c9d63d96ce8dc7517ae16502e9ec72d6a58d6c (diff) | |
| download | sssd-7aadfa5454e436e4c36ede00434ff9687a6c48e2.tar.gz sssd-7aadfa5454e436e4c36ede00434ff9687a6c48e2.tar.xz sssd-7aadfa5454e436e4c36ede00434ff9687a6c48e2.zip | |
nss: ensure that SSS_NSS_GETNAMEBYCERT only returns a unique match
Related to https://pagure.io/SSSD/sssd/issue/3050
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | src/responder/nss/nss_cmd.c | 2 | ||||
| -rw-r--r-- | src/responder/nss/nss_protocol.h | 6 | ||||
| -rw-r--r-- | src/responder/nss/nss_protocol_sid.c | 15 |
3 files changed, 22 insertions, 1 deletions
diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c index 84bb60f59..08b3d32f2 100644 --- a/src/responder/nss/nss_cmd.c +++ b/src/responder/nss/nss_cmd.c @@ -929,7 +929,7 @@ static errno_t nss_cmd_getorigbyname(struct cli_ctx *cli_ctx) static errno_t nss_cmd_getnamebycert(struct cli_ctx *cli_ctx) { return nss_getby_cert(cli_ctx, CACHE_REQ_USER_BY_CERT, - nss_protocol_fill_name); + nss_protocol_fill_single_name); } struct sss_cmd_table *get_nss_cmds(void) diff --git a/src/responder/nss/nss_protocol.h b/src/responder/nss/nss_protocol.h index 40552dc99..c94e7b911 100644 --- a/src/responder/nss/nss_protocol.h +++ b/src/responder/nss/nss_protocol.h @@ -169,6 +169,12 @@ nss_protocol_fill_name(struct nss_ctx *nss_ctx, struct cache_req_result *result); errno_t +nss_protocol_fill_single_name(struct nss_ctx *nss_ctx, + struct nss_cmd_ctx *cmd_ctx, + struct sss_packet *packet, + struct cache_req_result *result); + +errno_t nss_protocol_fill_id(struct nss_ctx *nss_ctx, struct nss_cmd_ctx *cmd_ctx, struct sss_packet *packet, diff --git a/src/responder/nss/nss_protocol_sid.c b/src/responder/nss/nss_protocol_sid.c index 40fbc5dd1..0b97e65f7 100644 --- a/src/responder/nss/nss_protocol_sid.c +++ b/src/responder/nss/nss_protocol_sid.c @@ -389,6 +389,21 @@ nss_get_ad_name(TALLOC_CTX *mem_ctx, } errno_t +nss_protocol_fill_single_name(struct nss_ctx *nss_ctx, + struct nss_cmd_ctx *cmd_ctx, + struct sss_packet *packet, + struct cache_req_result *result) +{ + if (result->ldb_result->count > 1) { + DEBUG(SSSDBG_TRACE_FUNC, "Lookup returned more than one result " + "but only one was expected.\n"); + return EEXIST; + } + + return nss_protocol_fill_name(nss_ctx, cmd_ctx, packet, result); +} + +errno_t nss_protocol_fill_name(struct nss_ctx *nss_ctx, struct nss_cmd_ctx *cmd_ctx, struct sss_packet *packet, |