On (02/08/16 15:54), Lukas Slebodnik wrote:
>ehlo,
>
>attached two patches fix a crash in nss responder,
>which was caused by recent Sumit's patches.
>
>The 1st patch cannot be applied to master because
>I plan do do some changes in ldap integration tests in different thread.
>But the patch with test is attached. So there will not be a such regressions
>in future
>
Fabiano asked me to add valgring message from crash to the commit message.
And I found another small valgrind issue in back-end
Updated patch is attached.
LS
>From 150430b5c8a6de8aec1c96647dc0c84aebc7b9af Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Tue, 2 Aug 2016 14:35:23 +0200
Subject: [PATCH 1/4] test_ldap: test resolving of names with special
characters
---
src/tests/intg/test_ldap.py | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index
49c1e73d6d69d25799af092103b2aa3826b22776..d8d721ea0b52e59af59b2a1ac8a31e949164167b
100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -237,6 +237,9 @@ def sanity_rfc2307(request, ldap_conn):
ent_list.add_group("empty_group", 2010)
ent_list.add_group("two_user_group", 2012, ["user1", "user2"])
+
+ ent_list.add_user("t(u)ser", 5000, 5001)
+ ent_list.add_group("group(_u)ser1", 5001, ["t(u)ser"])
create_ldap_fixture(request, ldap_conn, ent_list)
conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307)
@@ -837,3 +840,14 @@ def test_user_2307bis_nested_groups(ldap_conn,
", ".join(["%s" % s for s in sorted(gids)]),
", ".join(["%s" % s for s in sorted(expected_gids)])
)
+
+def test_special_characters_in_names(ldap_conn, sanity_rfc2307):
+ ent.assert_passwd_by_name(
+ "t(u)ser",
+ dict(name="t(u)ser", passwd="*", uid=5000, gid=5001,
+ gecos="5000", shell="/bin/bash"))
+
+ ent.assert_group_by_name(
+ "group(_u)ser1",
+ dict(name="group(_u)ser1", passwd="*", gid=5001,
+ mem=ent.contains_only("t(u)ser")))
--
2.9.2
>From 4b43253b8e9f1c76cf5835b3d3d45423af6f9178 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Tue, 2 Aug 2016 15:20:35 +0200
Subject: [PATCH 2/4] SDAP: sanitize member name before using in filter
It caused an errors.
(Tue Aug 2 06:29:39 2016) [sssd[be[LDAP]]] [sysdb_cache_search_users]
(0x2000): Search users with filter:
(&(objectclass=user)(nameAlias=t(u)ser@ldap))
(Tue Aug 2 06:29:39 2016) [sssd[be[LDAP]]] [sysdb_cache_search_users]
(0x0080): Error: 5 (Input/output error)
---
src/providers/ldap/sdap_async_groups.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/providers/ldap/sdap_async_groups.c
b/src/providers/ldap/sdap_async_groups.c
index
102c1c0384be6da8732d56b7a318ded5a5132360..f19b68b8c403734f88b51a411ba0d009977d3491
100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1501,6 +1501,7 @@ sdap_process_missing_member_2307(struct
sdap_process_group_state *state,
const char *filter;
const char *username;
const char *user_dn;
+ char *sanitized_name;
size_t count;
struct ldb_message **msgs = NULL;
static const char *attrs[] = { SYSDB_NAME, NULL };
@@ -1508,8 +1509,16 @@ sdap_process_missing_member_2307(struct
sdap_process_group_state *state,
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return ENOMEM;
+ ret = sss_filter_sanitize(tmp_ctx, member_name, &sanitized_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to sanitize the given name:'%s'.\n", member_name);
+ goto done;
+ }
+
/* Check for the alias in the sysdb */
- filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME_ALIAS,
member_name);
+ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME_ALIAS,
+ sanitized_name);
if (!filter) {
ret = ENOMEM;
goto done;
--
2.9.2
>From 70f10ace1b790620907d91785a639aa804cab76c Mon Sep 17 00:00:00 2001
From: root <r...@hp-dl380pgen8-02-vm-9.lab.bos.redhat.com>
Date: Tue, 2 Aug 2016 11:23:22 -0400
Subject: [PATCH 3/4] SDAP: sysdb_search_users does not set users_count for
failures
==32577== Conditional jump or move depends on uninitialised value(s)
==32577== at 0x140DCE10: sdap_process_missing_member_2307
(sdap_async_groups.c:1556)
==32577== by 0x140DCE10: sdap_process_group_members_2307
(sdap_async_groups.c:1625)
==32577== by 0x140DCE10: sdap_process_group_send (sdap_async_groups.c:1298)
==32577== by 0x140DCE10: sdap_get_groups_process (sdap_async_groups.c:2130)
==32577== by 0x140CFDA8: generic_ext_search_handler.isra.3
(sdap_async.c:1688)
==32577== by 0x140D2416: sdap_get_generic_op_finished (sdap_async.c:1578)
==32577== by 0x140D0DFC: sdap_process_message (sdap_async.c:353)
==32577== by 0x140D0DFC: sdap_process_result (sdap_async.c:197)
==32577== by 0x8BF1B4E: tevent_common_loop_timer_delay (tevent_timed.c:341)
==32577== by 0x8BF2B59: epoll_event_loop_once (tevent_epoll.c:911)
==32577== by 0x8BF1256: std_event_loop_once (tevent_standard.c:114)
==32577== by 0x8BED40C: _tevent_loop_once (tevent.c:533)
==32577== by 0x8BED5AA: tevent_common_loop_wait (tevent.c:637)
==32577== by 0x8BF11F6: std_event_loop_wait (tevent_standard.c:140)
==32577== by 0x529DD02: server_loop (server.c:702)
==32577== by 0x110951: main (data_provider_be.c:587)
---
src/providers/ldap/sdap_async_groups.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/providers/ldap/sdap_async_groups.c
b/src/providers/ldap/sdap_async_groups.c
index
f19b68b8c403734f88b51a411ba0d009977d3491..72760b75acae4cb6ce15c72f16dae8e859d89847
100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1553,7 +1553,7 @@ sdap_process_missing_member_2307(struct
sdap_process_group_state *state,
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Could not add group member %s\n",
username);
}
- } else if (ret == ENOENT || count == 0) {
+ } else if (ret == ENOENT) {
/* The entry really does not exist, add a ghost */
DEBUG(SSSDBG_TRACE_FUNC, "Adding a ghost entry\n");
ret = sdap_add_group_member_2307(state->ghost_dns, member_name);
--
2.9.2
>From 4c94698fd55603e10175306306d90cb8ad6dd768 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Tue, 2 Aug 2016 15:20:19 +0200
Subject: [PATCH 4/4] SYSDB: Sanitize dn in sysdb_get_user_members_recursively
There was a crash in nss responder when a group contained
a user with special charactes which shoudl be sanitized before
using in filter.
==31651== Conditional jump or move depends on uninitialised value(s)
==31651== at 0x8BEA7DE: _talloc_steal_loc (talloc.c:1215)
==31651== by 0x5264889: sysdb_get_user_members_recursively (sysdb_ops.c:4759)
==31651== by 0x5278F61: sysdb_add_group_member_overrides (sysdb_views.c:1375)
==31651== by 0x526677C: sysdb_getgrnam_with_views (sysdb_search.c:799)
==31651== by 0x1172F6: nss_cmd_getgrnam_search (nsssrv_cmd.c:3168)
==31651== by 0x119C67: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1382)
==31651== by 0x10FD14: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:916)
==31651== by 0x12898B: sss_dp_internal_get_done (responder_dp.c:791)
==31651== by 0x58FF861: complete_pending_call_and_unlock
(dbus-connection.c:2314)
==31651== by 0x5902B50: dbus_connection_dispatch (dbus-connection.c:4580)
==31651== by 0x527F261: sbus_dispatch (sssd_dbus_connection.c:96)
==31651== by 0x89D8B4E: tevent_common_loop_timer_delay (tevent_timed.c:341)
---
src/db/sysdb_ops.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index
ed177d1730723a61e01167a75a0baca6d81252f8..342e16fb20e2c418745b137162425509ca1fd0cb
100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -4722,6 +4722,7 @@ errno_t sysdb_get_user_members_recursively(TALLOC_CTX
*mem_ctx,
struct ldb_result *res;
struct ldb_dn *base_dn;
char *filter;
+ char *sanitized_name;
const char *attrs[] = SYSDB_PW_ATTRS;
struct ldb_message **msgs;
@@ -4737,8 +4738,17 @@ errno_t sysdb_get_user_members_recursively(TALLOC_CTX
*mem_ctx,
goto done;
}
+ ret = sss_filter_sanitize(tmp_ctx, ldb_dn_get_linearized(group_dn),
+ &sanitized_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to sanitize the given name:'%s'.\n",
+ ldb_dn_get_linearized(group_dn));
+ goto done;
+ }
+
filter = talloc_asprintf(tmp_ctx, "(&("SYSDB_UC")("SYSDB_MEMBEROF"=%s))",
- ldb_dn_get_linearized(group_dn));
+ sanitized_name);
if (filter == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
--
2.9.2
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
