From 8859a59bf9d8d513f4c5fdd09bc689f3ca344b6b Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 28 Oct 2011 17:03:03 +0200
Subject: RFC2307bis initgroups: fix nested groups processing

Due to incorrectly written loop, SSSD would go into infitite loop if it
processed the same group on two different levels of membership.
---
 src/providers/ldap/sdap_async_accounts.c | 53 ++++++++++++++++++++------------
 1 file changed, 33 insertions(+), 20 deletions(-)

diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index edd4f68c..0fad83c5 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -4881,17 +4881,23 @@ static void rfc2307bis_nested_groups_process(struct tevent_req *subreq)
          * Move on to the next group
          */
         state->group_iter++;
-        if (state->group_iter < state->num_groups) {
-            do {
-                ret = rfc2307bis_nested_groups_step(req);
-                if (ret != EOK && ret != EAGAIN) {
-                    tevent_req_error(req, ret);
-                    return;
-                }
-            } while (ret == EOK);
+        while (state->group_iter < state->num_groups) {
+            ret = rfc2307bis_nested_groups_step(req);
+            if (ret == EAGAIN) {
+                /* Looking up parent groups.. */
+                return;
+            } else if (ret != EOK) {
+                tevent_req_error(req, ret);
+                return;
+            }
+
             /* EOK means this group has already been processed
-             * in another level */
-        } else {
+             * in another nesting level */
+            state->group_iter++;
+        }
+
+        if (state->group_iter == state->num_groups) {
+            /* All groups processed. Done. */
             tevent_req_done(req);
         }
         return;
@@ -4936,18 +4942,25 @@ static void rfc2307bis_nested_groups_done(struct tevent_req *subreq)
     }
 
     state->group_iter++;
-    if (state->group_iter < state->num_groups) {
-        do {
-            ret = rfc2307bis_nested_groups_step(req);
-            if (ret != EOK && ret != EAGAIN) {
-                tevent_req_error(req, ret);
-                return;
-            }
-        } while (ret == EOK);
+    while (state->group_iter < state->num_groups) {
+        ret = rfc2307bis_nested_groups_step(req);
+        if (ret == EAGAIN) {
+            /* Looking up parent groups.. */
+            return;
+        } else if (ret != EOK) {
+            tevent_req_error(req, ret);
+            return;
+        }
+
         /* EOK means this group has already been processed
-         * in another level */
-    } else {
+         * in another nesting level */
+        state->group_iter++;
+    }
+
+    if (state->group_iter == state->num_groups) {
+        /* All groups processed. Done. */
         tevent_req_done(req);
+        return;
     }
 }
 
-- 
cgit