[SSSD] Re: [PATCH] libwbclient: wbcSidsToUnixIds() don't fail on errors

Sun, 05 Jun 2016 12:38:12 -0700 

On Fri, 03 Jun 2016, Sumit Bose wrote:

Hi,

this patch fixes an issue in SSSD's implementation of libwbclient.
wbcSidsToUnixIds() translates a list of SID to POSIX IDs and it is
expected that if one SID cannot be mapped the related output entry
should just get type WBC_ID_TYPE_NOT_SPECIFIED. Currently the request
fail completely if one SID cannot be mapped.

To test, use 'wbinfo --sids-to-unix-ids' with an invalid SID.

Without fix:

   $ wbinfo 
--sids-to-unix-ids=S-1-5-21-3692237560-1981608775-3610128199-1104,S-1-5-21-3692237560-1981608775-3610128199-5
   wbcSidsToUnixIds failed: WBC_ERR_UNKNOWN_FAILURE
   wbinfo_sids_to_unix_ids failed

With fix:

   $ wbinfo 
--sids-to-unix-ids=S-1-5-21-3692237560-1981608775-3610128199-1104,S-1-5-21-3692237560-1981608775-3610128199-5
   S-1-5-21-3692237560-1981608775-3610128199-1104 -> uid 700201104
   S-1-5-21-3692237560-1981608775-3610128199-5 -> unmapped

Even with completely random SIDs you should see a proper output:

   $ wbinfo --sids-to-unix-ids=S-2-3-4,S-5-6-7
   S-2-3-4 -> unmapped
   S-5-6-7 -> unmapped

bye,
Sumit



From 52de39e45829ffd1bd18b3f83310066f97a38397 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Thu, 2 Jun 2016 21:01:11 +0200
Subject: [PATCH] libwbclient: wbcSidsToUnixIds() don't fail on errors

Resolves: https://fedorahosted.org/sssd/ticket/3028
---
src/sss_client/libwbclient/wbc_idmap_sssd.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/sss_client/libwbclient/wbc_idmap_sssd.c 
b/src/sss_client/libwbclient/wbc_idmap_sssd.c
index 
1b0e2e10a5ce1a0c7577d391b740ff988f920903..b3e292217e056dde323c82f1303b49a058933dab
 100644
--- a/src/sss_client/libwbclient/wbc_idmap_sssd.c
+++ b/src/sss_client/libwbclient/wbc_idmap_sssd.c
@@ -173,14 +173,12 @@ wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, 
uint32_t num_sids,

    for (c = 0; c < num_sids; c++) {
        wbc_status = wbcSidToString(&sids[c], &sid_str);
-        if (!WBC_ERROR_IS_OK(wbc_status)) {
-            return wbc_status;
-        }
-
-        ret = sss_nss_getidbysid(sid_str, &id, &type);
-        wbcFreeMemory(sid_str);
-        if (ret != 0) {
-            return WBC_ERR_UNKNOWN_FAILURE;
+        if (WBC_ERROR_IS_OK(wbc_status)) {
+            ret = sss_nss_getidbysid(sid_str, &id, &type);
+            wbcFreeMemory(sid_str);
+            if (ret != 0) {
+                type = SSS_ID_TYPE_NOT_SPECIFIED;
+            }
        }

        switch (type) {

With this change 'type' variable will become undefined if wbcSidToString() 
failed.
Perhaps, it could be set to 'type = SSS_ID_TYPE_NOT_SPECIFIED;' at the
beginning of the for() loop?


--
/ Alexander Bokovoy
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

Reply via email to