-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We tried to be too clever and only requested the name of the group, but we require the objectClass to validate the results.
https://fedorahosted.org/sssd/ticket/622 This is rebased from the patches in the thread "Fix two serious issues with initgroups". The other two patches are unnecessary in sssd-1-2 (bug 620 does not exist there) - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyPkKQACgkQeiVVYja6o6Oz7QCdGqpJk4DdXhY98yQG+yyUDbeG /+QAnijrjOrBOHoBJra/ETAg2nhdjxPN =QCGD -----END PGP SIGNATURE-----
From e7d198d43bbd37d021f2dab7d6050654f98388d9 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher <[email protected]> Date: Mon, 13 Sep 2010 11:45:42 -0400 Subject: [PATCH] Request all group attributes during initgroups processing We tried to be too clever and only requested the name of the group, but we require the objectClass to validate the results. https://fedorahosted.org/sssd/ticket/622 --- src/providers/ldap/sdap_async_accounts.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index beab326a05fe429a56d4eee78590ed78a58279c8..d83a9dcf3a257ed442fee1aca5784de87925c9d6 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -1508,7 +1508,8 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, struct tevent_req *req, *subreq; struct sdap_initgr_rfc2307_state *state; const char *filter; - const char *attrs[2]; + const char **attrs; + errno_t ret; req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307_state); if (!req) return NULL; @@ -1525,12 +1526,12 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, return NULL; } - attrs[0] = talloc_strdup(state, opts->group_map[SDAP_AT_GROUP_NAME].name); - if (!attrs[0]) { - talloc_zfree(req); + ret = build_attrs_from_map(state, opts->group_map, + SDAP_OPTS_GROUP, &attrs); + if (ret != EOK) { + talloc_free(req); return NULL; } - attrs[1] = NULL; filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, -- 1.7.2.2
0001-Request-all-group-attributes-during-initgroups-proce.patch.sig
Description: PGP signature
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
