sssd/sssd-sysdb-binary-attrs.diff

103 lines
4.1 KiB
Diff
Raw Normal View History

From 3229c2107e4645240cfc4aa5d262e5330c356a49 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Thu, 21 Feb 2013 13:12:25 +0100
Subject: [PATCH] sysdb: try dealing with binary-content attributes
I have here a LDAP user entry which has this attribute
loginAllowedTimeMap::
AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA
In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)
Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
`id` or `getent ...` show incomplete information.
The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.
---
src/db/sysdb.c | 10 ++++++++++
src/db/sysdb.h | 2 ++
src/providers/ldap/sdap.c | 7 +++----
src/providers/ldap/sdap_async.c | 4 ++--
4 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index e7524f4..7c34791 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -512,6 +512,16 @@ int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
return sysdb_attrs_add_val(attrs, name, &v);
}
+int sysdb_attrs_add_mem(struct sysdb_attrs *attrs, const char *name,
+ const void *mem, size_t size)
+{
+ struct ldb_val v;
+
+ v.data = discard_const(mem);
+ v.length = size;
+ return sysdb_attrs_add_val(attrs, name, &v);
+}
+
int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
const char *name, bool value)
{
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index fff97a8..23cbbb0 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -250,6 +250,8 @@ int sysdb_attrs_add_val(struct sysdb_attrs *attrs,
const char *name, const struct ldb_val *val);
int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
const char *name, const char *str);
+int sysdb_attrs_add_mem(struct sysdb_attrs *, const char *,
+ const void *, size_t);
int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
const char *name, bool value);
int sysdb_attrs_add_long(struct sysdb_attrs *attrs,
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 371121b..988f27d 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -474,10 +474,9 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
for (i=0; dval->vals[i].bv_val; i++) {
DEBUG(9, ("Dereferenced attribute value: %s\n",
dval->vals[i].bv_val));
- v.data = (uint8_t *) dval->vals[i].bv_val;
- v.length = dval->vals[i].bv_len;
-
- ret = sysdb_attrs_add_val(res[mi]->attrs, name, &v);
+ ret = sysdb_attrs_add_mem(res[mi]->attrs, name,
+ dval->vals[i].bv_val,
+ dval->vals[i].bv_len);
if (ret) goto done;
}
}
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 84497b7..b7d9839 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -2226,8 +2226,8 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding %s [%s] to attributes "
"of [%s].\n", desc, el->values[i].data, objname));
- ret = sysdb_attrs_add_string(attrs, attr_name,
- (const char *) el->values[i].data);
+ ret = sysdb_attrs_add_mem(attrs, attr_name, el->values[i].data,
+ el->values[i].length);
if (ret) {
return ret;
}
--
1.7.10.4