Hello, please see first attempt of patch for: https://fedorahosted.org/sssd/ticket/2747
Regards Petr PS: # reproducer getent services -s sss l...@cygnus.dev
>From 64d952f188e86a00c26ccbe26ad09231e6b6de2b Mon Sep 17 00:00:00 2001 From: Petr Cech <pc...@redhat.com> Date: Mon, 9 Nov 2015 09:51:05 -0500 Subject: [PATCH] IPA_PROVIDER: Explicit no handle of services FreeIPA can't handle services, so we can say explicitly there is no services in get_object_from_cache() function. And we return EINVAL if somebody tries to find services in IPA. Resolves: https://fedorahosted.org/sssd/ticket/2747 --- src/providers/ipa/ipa_subdomains_id.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 472985d4ab4f785aa9c4af94bf8021829ca1c3c8..be050cc39c8446b2a92207ee2dad12f66032244f 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -915,6 +915,11 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, NULL }; char *name; + if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_SERVICES) { + ret = EINVAL; + goto done; + } + if (ar->filter_type == BE_FILTER_SECID) { ret = sysdb_search_object_by_sid(mem_ctx, dom, ar->filter_value, attrs, &res); -- 2.4.3
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
