summaryrefslogtreecommitdiff
path: root/server/providers/ldap
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-11-18 12:05:27 -0500
committerStephen Gallagher <sgallagh@redhat.com>2009-11-20 16:46:47 -0500
commitc84fe85f9e2f778c6575afb9efeda970aabf400c (patch)
tree4be8678a70bf0360d408fd1448f3d26b849b748d /server/providers/ldap
parent7e4bf8856e9b65e612ca195a3b4f10bfb53a8259 (diff)
downloadsssd-c84fe85f9e2f778c6575afb9efeda970aabf400c.tar.gz
sssd-c84fe85f9e2f778c6575afb9efeda970aabf400c.tar.bz2
sssd-c84fe85f9e2f778c6575afb9efeda970aabf400c.zip
Filter by id range before actually storing entries.
This way we do not need to check for id ranges on every search.
Diffstat (limited to 'server/providers/ldap')
-rw-r--r--server/providers/ldap/sdap_async_accounts.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/server/providers/ldap/sdap_async_accounts.c b/server/providers/ldap/sdap_async_accounts.c
index 292c85f0..07e165f0 100644
--- a/server/providers/ldap/sdap_async_accounts.c
+++ b/server/providers/ldap/sdap_async_accounts.c
@@ -128,6 +128,14 @@ static struct tevent_req *sdap_save_user_send(TALLOC_CTX *memctx,
}
uid = l;
+ /* check that the uid is valid for this domain */
+ if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) {
+ DEBUG(2, ("User [%s] filtered out! (id out of range)\n",
+ state->name));
+ ret = EINVAL;
+ goto fail;
+ }
+
ret = sysdb_attrs_get_el(state->attrs,
opts->user_map[SDAP_AT_USER_GID].sys_name, &el);
if (ret) goto fail;
@@ -145,6 +153,14 @@ static struct tevent_req *sdap_save_user_send(TALLOC_CTX *memctx,
}
gid = l;
+ /* check that the gid is valid for this domain */
+ if (OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) {
+ DEBUG(2, ("User [%s] filtered out! (id out of range)\n",
+ state->name));
+ ret = EINVAL;
+ goto fail;
+ }
+
user_attrs = sysdb_new_attrs(state);
if (user_attrs == NULL) {
ret = ENOMEM;
@@ -903,6 +919,14 @@ static struct tevent_req *sdap_save_group_send(TALLOC_CTX *memctx,
}
gid = l;
+ /* check that the gid is valid for this domain */
+ if (OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) {
+ DEBUG(2, ("Group [%s] filtered out! (id out of range)\n",
+ state->name));
+ ret = EINVAL;
+ goto fail;
+ }
+
group_attrs = sysdb_new_attrs(state);
if (!group_attrs) {
ret = ENOMEM;