diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-12-16 12:38:16 +0100 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2016-02-02 18:15:19 +0100 |
| commit | 348c400484cafe4969c3fa0c9f0c6f6e150df821 (patch) | |
| tree | 3900571a5dafc3957cd012b45536d8680d3a6351 /daemons/ipa-kdb | |
| parent | d85d70947361abd3822b8f42fa3de16e26e87d57 (diff) | |
| download | freeipa-348c400484cafe4969c3fa0c9f0c6f6e150df821.tar.gz freeipa-348c400484cafe4969c3fa0c9f0c6f6e150df821.tar.xz freeipa-348c400484cafe4969c3fa0c9f0c6f6e150df821.zip | |
ipa-kdb: map_groups() consider all results
Resolves https://fedorahosted.org/freeipa/ticket/5573
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons/ipa-kdb')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_mspac.c | 108 |
1 files changed, 56 insertions, 52 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index daa42e369..45721f0dc 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -1082,68 +1082,72 @@ static int map_groups(TALLOC_CTX *memctx, krb5_context kcontext, continue; } - ldap_derefresponse_free(deref_results); - ret = ipadb_ldap_deref_results(ipactx->lcontext, lentry, &deref_results); - switch (ret) { - case ENOENT: - /* No entry found, try next SID */ - break; - case 0: - if (deref_results == NULL) { - krb5_klog_syslog(LOG_ERR, "No results."); + do { + ldap_derefresponse_free(deref_results); + ret = ipadb_ldap_deref_results(ipactx->lcontext, lentry, &deref_results); + switch (ret) { + case ENOENT: + /* No entry found, try next SID */ break; - } + case 0: + if (deref_results == NULL) { + krb5_klog_syslog(LOG_ERR, "No results."); + break; + } - for (dres = deref_results; dres; dres = dres->next) { - count++; - } + for (dres = deref_results; dres; dres = dres->next) { + count++; + } - sids = talloc_realloc(memctx, sids, struct dom_sid, count); - if (sids == NULL) { - krb5_klog_syslog(LOG_ERR, "talloc_realloc failed."); - kerr = ENOMEM; - goto done; - } + sids = talloc_realloc(memctx, sids, struct dom_sid, count); + if (sids == NULL) { + krb5_klog_syslog(LOG_ERR, "talloc_realloc failed."); + kerr = ENOMEM; + goto done; + } - for (dres = deref_results; dres; dres = dres->next) { - gid = 0; - memset(&sid, '\0', sizeof(struct dom_sid)); - for (dval = dres->attrVals; dval; dval = dval->next) { - if (strcasecmp(dval->type, "gidNumber") == 0) { - errno = 0; - gid = strtoul((char *)dval->vals[0].bv_val, - &endptr,10); - if (gid == 0 || gid >= UINT32_MAX || errno != 0 || - *endptr != '\0') { - continue; + for (dres = deref_results; dres; dres = dres->next) { + gid = 0; + memset(&sid, '\0', sizeof(struct dom_sid)); + for (dval = dres->attrVals; dval; dval = dval->next) { + if (strcasecmp(dval->type, "gidNumber") == 0) { + errno = 0; + gid = strtoul((char *)dval->vals[0].bv_val, + &endptr,10); + if (gid == 0 || gid >= UINT32_MAX || errno != 0 || + *endptr != '\0') { + continue; + } } - } - if (strcasecmp(dval->type, - "ipaNTSecurityIdentifier") == 0) { - kerr = string_to_sid((char *)dval->vals[0].bv_val, &sid); - if (kerr != 0) { - continue; + if (strcasecmp(dval->type, + "ipaNTSecurityIdentifier") == 0) { + kerr = string_to_sid((char *)dval->vals[0].bv_val, &sid); + if (kerr != 0) { + continue; + } } } - } - if (gid != 0 && sid.sid_rev_num != 0) { - /* TODO: check if gid maps to sid */ - if (sid_index >= count) { - krb5_klog_syslog(LOG_ERR, "Index larger than " - "array, this shoould " - "never happen."); - kerr = EFAULT; - goto done; + if (gid != 0 && sid.sid_rev_num != 0) { + /* TODO: check if gid maps to sid */ + if (sid_index >= count) { + krb5_klog_syslog(LOG_ERR, "Index larger than " + "array, this shoould " + "never happen."); + kerr = EFAULT; + goto done; + } + memcpy(&sids[sid_index], &sid, sizeof(struct dom_sid)); + sid_index++; } - memcpy(&sids[sid_index], &sid, sizeof(struct dom_sid)); - sid_index++; } - } - break; - default: - goto done; - } + break; + default: + goto done; + } + + lentry = ldap_next_entry(ipactx->lcontext, lentry); + } while (lentry != NULL); } *_ipa_group_sids_count = sid_index; |