From 0c3bf8c92befdeb16c005cedc173422e1e9b71d3 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 18 Jan 2011 12:16:44 -0500 Subject: Don't double-sanitize member DNs After asking the cache for the list of member DNs for groups during an initgroups request, we were passing it through the sanitization function. Since this had already been done before they were saved to the cache, this meant that it was corrupting the results. It is safe to pass the returned DN directly into the sysdb_group_dn_name() function. --- src/providers/ldap/sdap_async_accounts.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) (limited to 'src/providers/ldap') diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 95ee59e8..98a2f0e5 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -2006,7 +2006,6 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq) struct ldb_message_element *groups; size_t count; const char *attrs[2]; - char *clean_dn; int ret; int i; @@ -2059,23 +2058,14 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq) /* Get a list of the groups by groupname only */ for (i=0; i < groups->num_values; i++) { - ret = sysdb_dn_sanitize(state, - (const char *)groups->values[i].data, - &clean_dn); - if (ret != EOK) { - tevent_req_error(req, ret); - return; - } - ret = sysdb_group_dn_name(state->sysdb, sysdb_grouplist, - clean_dn, + (const char *)groups->values[i].data, &sysdb_grouplist[i]); if (ret != EOK) { - tevent_req_error(req, ENOMEM); + tevent_req_error(req, ret); return; } - talloc_zfree(clean_dn); } sysdb_grouplist[groups->num_values] = NULL; } @@ -2546,6 +2536,8 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret) { + DEBUG(9, ("Error in initgroups: [%d][%s]\n", + ret, strerror(ret))); tevent_req_error(req, ret); return; } -- cgit