diff options
| author | Jan Engelhardt <jengelh@inai.de> | 2013-02-21 13:12:25 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-02-26 17:16:58 +0100 |
| commit | 956309e24c32cd0886736bf065a27d5bdd200a77 (patch) | |
| tree | 4113b531aa9c3db1eef911a15d619e4a11aab2ab /src/providers/ldap | |
| parent | 24a913f47cc883903fbc71e180250da2530eba4a (diff) | |
| download | sssd-956309e24c32cd0886736bf065a27d5bdd200a77.tar.gz sssd-956309e24c32cd0886736bf065a27d5bdd200a77.tar.bz2 sssd-956309e24c32cd0886736bf065a27d5bdd200a77.zip | |
sysdb: try dealing with binary-content attributes
https://fedorahosted.org/sssd/ticket/1818
I have here a LDAP user entry which has this attribute
loginAllowedTimeMap::
AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA
In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)
Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
`id` or `getent ...` show incomplete information.
The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/sdap.c | 8 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async.c | 4 |
2 files changed, 5 insertions, 7 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 371121b2..dba4e41d 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -343,7 +343,6 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, const char **ocs; struct sdap_attr_map *map; int num_attrs; - struct ldb_val v; int ret, i, a, mi; const char *name; size_t len; @@ -474,10 +473,9 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx, for (i=0; dval->vals[i].bv_val; i++) { DEBUG(9, ("Dereferenced attribute value: %s\n", dval->vals[i].bv_val)); - v.data = (uint8_t *) dval->vals[i].bv_val; - v.length = dval->vals[i].bv_len; - - ret = sysdb_attrs_add_val(res[mi]->attrs, name, &v); + ret = sysdb_attrs_add_mem(res[mi]->attrs, name, + dval->vals[i].bv_val, + dval->vals[i].bv_len); if (ret) goto done; } } diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 84497b75..b7d98392 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -2226,8 +2226,8 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding %s [%s] to attributes " "of [%s].\n", desc, el->values[i].data, objname)); - ret = sysdb_attrs_add_string(attrs, attr_name, - (const char *) el->values[i].data); + ret = sysdb_attrs_add_mem(attrs, attr_name, el->values[i].data, + el->values[i].length); if (ret) { return ret; } |