[SSSD] [PATCH] gpo: gPCMachineExtensionNames with just whitespaces

Fri, 29 Jul 2016 08:41:17 -0700 

Hi,

the attached patch fixes:
https://fedorahosted.org/sssd/ticket/3114

We have a user that can not login with
enforced GPO because of this. I do not
think it is a common issue, I could not
create groupPolicyContainer with gPCMachineExtensionNames
containing only whitespaces, but you can
create it with a script and the blank
value is not an error so we should handle it
properly (and maybe thre is a way in the
GUI maze to create such GPOs as well, I just
could not find it).

I was able to reproduce the same "sssd log path"
the user has and this patch fixed the issue.

Thanks.

Michal

>From b3e413e930aca78157fa137cee84af32a4262155 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzi...@redhat.com>
Date: Fri, 29 Jul 2016 16:09:16 +0200
Subject: [PATCH] gpo: gPCMachineExtensionNames with just whitespaces

Fixes:
https://fedorahosted.org/sssd/ticket/3114

We failed GPO procesing if the gPCMachineExtensionNames
attribute contained just whitespaces. This coused
failures in some server settings.
---
 src/providers/ad/ad_gpo.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
index f609d28..63c68ce 100644
--- a/src/providers/ad/ad_gpo.c
+++ b/src/providers/ad/ad_gpo.c
@@ -3765,6 +3765,24 @@ done:
    }
 }
 
+static bool machine_ext_names_is_blank(char *attr_value)
+{
+    char *ptr;
+
+    if (attr_value == NULL) {
+        return true;
+    }
+
+    ptr = attr_value;
+    for (; *ptr != '\0'; ptr++) {
+        if (!isspace(*ptr)) {
+            return false;
+        }
+    }
+
+    return true;
+}
+
 static errno_t
 ad_gpo_sd_process_attrs(struct tevent_req *req,
                         char *smb_host,
@@ -3880,7 +3898,8 @@ ad_gpo_sd_process_attrs(struct tevent_req *req,
         goto done;
     }
 
-    if ((ret == ENOENT) || (el->num_values == 0)) {
+    if ((ret == ENOENT) || (el->num_values == 0)
+            || machine_ext_names_is_blank((char *) el[0].values[0].data)) {
         /*
          * if gpo has no machine_ext_names (which is perfectly valid: it could
          * have only user_ext_names, for example), we continue to next gpo
-- 
2.5.0


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

Reply via email to