[Freeipa-devel] [PATCH] extdom: do not return results from the wrong domain

Sumit Bose sbose at redhat.com
Tue Mar 25 10:47:25 UTC 2014


Hi,

since get{grg|pwu}id() cannot be restricted to a certain domain we have
to filter results from other domains after the call based on the
full-qualified name of the returned object. This patch should fix
https://fedorahosted.org/freeipa/ticket/4264 .

bye,
Sumit
-------------- next part --------------
From 1d53cd249b6e1d80770d135190ff9845dad10cf2 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Tue, 25 Mar 2014 11:29:58 +0100
Subject: [PATCH] extdom: do not return results from the wrong domain

Resolves: https://fedorahosted.org/freeipa/ticket/4264
---
 .../ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c   | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
index 675fc368042373314e9416dcf7d5866cb8c9871e..025d37dc5eda05c8db43d4e8176fd7898ed32fe7 100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
@@ -359,6 +359,9 @@ int create_response(struct extdom_req *req, struct pwd_grp *pg_data,
                         if ((locat = strchr(pg_data->data.pwd.pw_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
                             if (strcasecmp(locat+1, domain_name) == 0  ) {
                                 locat[0] = 0;
+                            } else {
+                                ret = LDAP_NO_SUCH_OBJECT;
+                                goto done;
                             }
                         }
                         res->data.name.object_name =
@@ -368,6 +371,9 @@ int create_response(struct extdom_req *req, struct pwd_grp *pg_data,
                         if ((locat = strchr(pg_data->data.grp.gr_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
                             if (strcasecmp(locat+1, domain_name) == 0) {
                                 locat[0] = 0;
+                            } else {
+                                ret = LDAP_NO_SUCH_OBJECT;
+                                goto done;
                             }
                         }
                         res->data.name.object_name =
@@ -408,6 +414,9 @@ int create_response(struct extdom_req *req, struct pwd_grp *pg_data,
                     if ((locat = strchr(pg_data->data.pwd.pw_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
                         if (strcasecmp(locat+1, domain_name) == 0) {
                             locat[0] = 0;
+                        } else {
+                            ret = LDAP_NO_SUCH_OBJECT;
+                            goto done;
                         }
                     }
                     res->data.user.user_name =
@@ -428,6 +437,9 @@ int create_response(struct extdom_req *req, struct pwd_grp *pg_data,
                     if ((locat = strchr(pg_data->data.grp.gr_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
                         if (strcasecmp(locat+1, domain_name) == 0) {
                             locat[0] = 0;
+                        } else {
+                            ret = LDAP_NO_SUCH_OBJECT;
+                            goto done;
                         }
                     }
                     res->data.group.group_name =
-- 
1.8.5.3



More information about the Freeipa-devel mailing list