diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-18 12:16:44 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-19 09:53:21 -0500 |
commit | 0c3bf8c92befdeb16c005cedc173422e1e9b71d3 (patch) | |
tree | 538dfc7ef3bd734a9b3f2fafa32e9ac40476fbf0 | |
parent | e9691a80bc55e5545ab8cfe1103407d27c965db1 (diff) | |
download | sssd-0c3bf8c92befdeb16c005cedc173422e1e9b71d3.tar.gz sssd-0c3bf8c92befdeb16c005cedc173422e1e9b71d3.tar.bz2 sssd-0c3bf8c92befdeb16c005cedc173422e1e9b71d3.zip |
Don't double-sanitize member DNs
After asking the cache for the list of member DNs for groups
during an initgroups request, we were passing it through the
sanitization function. Since this had already been done before
they were saved to the cache, this meant that it was corrupting
the results. It is safe to pass the returned DN directly into the
sysdb_group_dn_name() function.
-rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 95ee59e8..98a2f0e5 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -2006,7 +2006,6 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq) struct ldb_message_element *groups; size_t count; const char *attrs[2]; - char *clean_dn; int ret; int i; @@ -2059,23 +2058,14 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq) /* Get a list of the groups by groupname only */ for (i=0; i < groups->num_values; i++) { - ret = sysdb_dn_sanitize(state, - (const char *)groups->values[i].data, - &clean_dn); - if (ret != EOK) { - tevent_req_error(req, ret); - return; - } - ret = sysdb_group_dn_name(state->sysdb, sysdb_grouplist, - clean_dn, + (const char *)groups->values[i].data, &sysdb_grouplist[i]); if (ret != EOK) { - tevent_req_error(req, ENOMEM); + tevent_req_error(req, ret); return; } - talloc_zfree(clean_dn); } sysdb_grouplist[groups->num_values] = NULL; } @@ -2546,6 +2536,8 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret) { + DEBUG(9, ("Error in initgroups: [%d][%s]\n", + ret, strerror(ret))); tevent_req_error(req, ret); return; } |