summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-01-18 12:16:44 -0500
committerStephen Gallagher <sgallagh@redhat.com>2011-01-19 09:53:21 -0500
commit0c3bf8c92befdeb16c005cedc173422e1e9b71d3 (patch)
tree538dfc7ef3bd734a9b3f2fafa32e9ac40476fbf0 /src/providers/ldap
parente9691a80bc55e5545ab8cfe1103407d27c965db1 (diff)
downloadsssd-0c3bf8c92befdeb16c005cedc173422e1e9b71d3.tar.gz
sssd-0c3bf8c92befdeb16c005cedc173422e1e9b71d3.tar.bz2
sssd-0c3bf8c92befdeb16c005cedc173422e1e9b71d3.zip
Don't double-sanitize member DNs
After asking the cache for the list of member DNs for groups during an initgroups request, we were passing it through the sanitization function. Since this had already been done before they were saved to the cache, this meant that it was corrupting the results. It is safe to pass the returned DN directly into the sysdb_group_dn_name() function.
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/sdap_async_accounts.c16
1 files changed, 4 insertions, 12 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index 95ee59e8..98a2f0e5 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -2006,7 +2006,6 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq)
struct ldb_message_element *groups;
size_t count;
const char *attrs[2];
- char *clean_dn;
int ret;
int i;
@@ -2059,23 +2058,14 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq)
/* Get a list of the groups by groupname only */
for (i=0; i < groups->num_values; i++) {
- ret = sysdb_dn_sanitize(state,
- (const char *)groups->values[i].data,
- &clean_dn);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- return;
- }
-
ret = sysdb_group_dn_name(state->sysdb,
sysdb_grouplist,
- clean_dn,
+ (const char *)groups->values[i].data,
&sysdb_grouplist[i]);
if (ret != EOK) {
- tevent_req_error(req, ENOMEM);
+ tevent_req_error(req, ret);
return;
}
- talloc_zfree(clean_dn);
}
sysdb_grouplist[groups->num_values] = NULL;
}
@@ -2546,6 +2536,8 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
talloc_zfree(subreq);
if (ret) {
+ DEBUG(9, ("Error in initgroups: [%d][%s]\n",
+ ret, strerror(ret)));
tevent_req_error(req, ret);
return;
}