From e834167206a4f770d1bc4f671df7de00245f4856 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 13 Sep 2010 11:45:42 -0400 Subject: [PATCH 2/2] Request all group attributes during initgroups processing We tried to be too clever and only requested the name of the group, but we require the objectClass to validate the results. https://fedorahosted.org/sssd/ticket/622 --- src/providers/ldap/ldap_id.c | 1 + src/providers/ldap/sdap_async_accounts.c | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index d52dcec5b081ccca44e3995a3f7672390df33e5d..0c90773a50fc8a2dbb1ed9ddb58c26b2d8291360 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -619,6 +619,7 @@ static void groups_by_user_done(struct tevent_req *subreq) return; } + state->dp_error = DP_ERR_OK; tevent_req_done(req); } diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 8999ba015fc8bf7c7884245cd055b10033b331f0..4db4a4ccd53a05670b63568ef504969a0d04a80a 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -1042,7 +1042,8 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, struct tevent_req *req, *subreq; struct sdap_initgr_rfc2307_state *state; const char *filter; - const char *attrs[2]; + const char **attrs; + errno_t ret; req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307_state); if (!req) return NULL; @@ -1059,12 +1060,12 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, return NULL; } - attrs[0] = talloc_strdup(state, opts->group_map[SDAP_AT_GROUP_NAME].name); - if (!attrs[0]) { - talloc_zfree(req); + ret = build_attrs_from_map(state, opts->group_map, + SDAP_OPTS_GROUP, &attrs); + if (ret != EOK) { + talloc_free(req); return NULL; } - attrs[1] = NULL; filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, -- 1.7.2.2