diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-02-01 06:13:33 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-01 06:13:33 +0000 |
commit | 21da8c3bb39c507eb90865549c3bb3538dcea138 (patch) | |
tree | 5c85d2ad405c775f51d624558318dcb2edf9cd3f /source/passdb | |
parent | 34b2e558a4b3cfd753339bb228a9799e27ed8170 (diff) | |
download | samba-21da8c3bb39c507eb90865549c3bb3538dcea138.tar.gz samba-21da8c3bb39c507eb90865549c3bb3538dcea138.tar.xz samba-21da8c3bb39c507eb90865549c3bb3538dcea138.zip |
More ldap parinoia - if we ever get more than one result, bail. The order we
get them in should be indeterminate, so just picking the first one would be
bad...
Andrew Bartlett
Diffstat (limited to 'source/passdb')
-rw-r--r-- | source/passdb/pdb_ldap.c | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index 6f46201d8dd..e058d2d1084 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -1581,16 +1581,26 @@ static NTSTATUS ldapsam_getsampwnam(struct pdb_methods *my_methods, SAM_ACCOUNT struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; LDAPMessage *result; LDAPMessage *entry; - + int count; + if (ldapsam_search_one_user_by_name(ldap_state, sname, &result) != LDAP_SUCCESS) { return NT_STATUS_NO_SUCH_USER; } - if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) { + + count = ldap_count_entries(ldap_state->ldap_struct, result); + + if (count < 1) { DEBUG(4, ("We don't find this user [%s] count=%d\n", sname, - ldap_count_entries(ldap_state->ldap_struct, result))); + count)); + return NT_STATUS_NO_SUCH_USER; + } else if (count > 1) { + DEBUG(1, + ("Duplicate entries for this user [%s] Failing. count=%d\n", sname, + count)); return NT_STATUS_NO_SUCH_USER; } + entry = ldap_first_entry(ldap_state->ldap_struct, result); if (entry) { if (!init_sam_from_ldap(ldap_state, user, entry)) { @@ -1616,15 +1626,23 @@ static NTSTATUS ldapsam_getsampwrid(struct pdb_methods *my_methods, SAM_ACCOUNT (struct ldapsam_privates *)my_methods->private_data; LDAPMessage *result; LDAPMessage *entry; + int count; if (ldapsam_search_one_user_by_rid(ldap_state, rid, &result) != LDAP_SUCCESS) { return NT_STATUS_NO_SUCH_USER; } - if (ldap_count_entries(ldap_state->ldap_struct, result) < 1) { + count = ldap_count_entries(ldap_state->ldap_struct, result); + + if (count < 1) { DEBUG(4, ("We don't find this rid [%i] count=%d\n", rid, - ldap_count_entries(ldap_state->ldap_struct, result))); + count)); + return NT_STATUS_NO_SUCH_USER; + } else if (count > 1) { + DEBUG(1, + ("More than one user with rid [%i]. Failing. count=%d\n", rid, + count)); return NT_STATUS_NO_SUCH_USER; } |