Hi, I have noticed that sssd does not trim whitespaces from strings while parsing netgroup triples. Comment inside code explains that it follow the nss_ldap implementation:
src/db/sysdb_search.c: 1687 /* This function splits a three-tuple into three strings 1688 * It assumes that any whitespace between the parentheses 1689 * and commas are intentional and does not attempt to 1690 * strip them out. Leading and trailing whitespace is 1691 * ignored. 1692 * 1693 * This behavior is compatible with nss_ldap's 1694 * implementation. 1695 */ 1696 static errno_t sysdb_netgr_split_triple(TALLOC_CTX *mem_ctx, Don't know which nss_ldap implementation is referenced, the one from PADL trim the spaces (and glibc too): https://github.com/PADL/nss_ldap/blob/154730b5a2b58a4212e419b498476fcb5 a60de7b/ldap-netgrp.c#L251 Is the difference intended? I run into it when LDAP server returns some of the host strings with spaces around which works with nss_ldap form PADL, but not with sssd. Fix is easy, but I'm afraid that it could break some other corner cases like netgroup rules for users with leading/trailing whitespaces in username. What's your opinion on it? Thanks
Index: sssd-1.13.4/src/db/sysdb_search.c =================================================================== --- sssd-1.13.4.orig/src/db/sysdb_search.c +++ sssd-1.13.4/src/db/sysdb_search.c @@ -1301,10 +1301,54 @@ done: return ret; } + +/* Get string until the first delimiter and strip out + * leading and trailing whitespaces. + */ +static errno_t sysdb_netgr_split_triple_string(TALLOC_CTX *mem_ctx, + const char **in, + const char delimiter, + char **out) +{ + size_t len; + const char *p = *in; + const char *begin; + + /* Remove any leading whitespace */ + while (*p && isspace(*p)) p++; + begin = p; + + /* Find the delimiter */ + while (*p && *p != delimiter) p++; + + if (!*p) { + /* No delimiter was found: parse error */ + return EINVAL; + } + + len = p - begin; + /* Remove trailing spaces */ + while (len > 0 && isspace(begin[len - 1])) len--; + + *out = NULL; + if (len > 0) { + /* Copy the output string */ + *out = talloc_strndup(mem_ctx, begin, len); + if (!*out) { + return ENOMEM; + } + } + p++; + + *in = p; + return EOK; +} + + + /* This function splits a three-tuple into three strings - * It assumes that any whitespace between the parentheses - * and commas are intentional and does not attempt to - * strip them out. Leading and trailing whitespace is + * It strips out any whitespace between the parentheses + * and commas. Leading and trailing whitespace is * ignored. * * This behavior is compatible with nss_ldap's @@ -1349,72 +1393,22 @@ static errno_t sysdb_netgr_split_triple( goto done; } p++; - p_host = p; - - /* Find the first comma */ - while (*p && *p != ',') p++; - if (!*p) { - /* No comma was found: parse error */ - ret = EINVAL; + ret = sysdb_netgr_split_triple_string(tmp_ctx, &p, ',', &host); + if (ret != EOK) { goto done; } - len = p - p_host; - - if (len > 0) { - /* Copy the host string */ - host = talloc_strndup(tmp_ctx, p_host, len); - if (!host) { - ret = ENOMEM; - goto done; - } - } - p++; - p_user = p; - - /* Find the second comma */ - while (*p && *p != ',') p++; - - if (!*p) { - /* No comma was found: parse error */ - ret = EINVAL; + ret = sysdb_netgr_split_triple_string(tmp_ctx, &p, ',', &user); + if (ret != EOK) { goto done; } - len = p - p_user; - - if (len > 0) { - /* Copy the user string */ - user = talloc_strndup(tmp_ctx, p_user, len); - if (!user) { - ret = ENOMEM; - goto done; - } - } - p++; - p_domain = p; - - /* Find the closing parenthesis */ - while (*p && *p != ')') p++; - if (*p != ')') { - /* No trailing parenthesis: parse error */ - ret = EINVAL; + ret = sysdb_netgr_split_triple_string(tmp_ctx, &p, ')', &domain); + if (ret != EOK) { goto done; } - len = p - p_domain; - - if (len > 0) { - /* Copy the domain string */ - domain = talloc_strndup(tmp_ctx, p_domain, len); - if (!domain) { - ret = ENOMEM; - goto done; - } - } - p++; - /* skip trailing whitespace */ while (*p && isspace(*p)) p++;
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org