Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 705198 Details for
Bug 910938
CVE-2013-0287 sssd: simple access provider flaw prevents intended ACL use when client to an AD provider
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
[PATCH 1/4] Provide a be_get_account_info_send function
0001-Provide-a-be_get_account_info_send-function.patch (text/plain), 6.55 KB, created by
Jakub Hrozek
on 2013-03-04 22:18:38 UTC
(
hide
)
Description:
[PATCH 1/4] Provide a be_get_account_info_send function
Filename:
MIME Type:
Creator:
Jakub Hrozek
Created:
2013-03-04 22:18:38 UTC
Size:
6.55 KB
patch
obsolete
>From 64a20898cdea11dda0126ec93a9ecb6e73f7f784 Mon Sep 17 00:00:00 2001 >From: Jakub Hrozek <jhrozek@redhat.com> >Date: Fri, 22 Feb 2013 11:01:38 +0100 >Subject: [PATCH 1/4] Provide a be_get_account_info_send function > >--- > src/providers/data_provider_be.c | 149 ++++++++++++++++++++++++++++++++++----- > src/providers/dp_backend.h | 14 ++++ > 2 files changed, 144 insertions(+), 19 deletions(-) > >diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c >index 08fa9bf032ba2a5531c71d8c653222478a0014e8..32548b6bef62d855ce3a52994b1bb5cedb9cd5f6 100644 >--- a/src/providers/data_provider_be.c >+++ b/src/providers/data_provider_be.c >@@ -768,6 +768,34 @@ static errno_t be_initgroups_prereq(struct be_req *be_req) > } > > static errno_t >+be_file_account_request(struct be_req *be_req, struct be_acct_req *ar) >+{ >+ errno_t ret; >+ struct be_ctx *be_ctx = be_req->be_ctx; >+ >+ be_req->req_data = ar; >+ >+ /* see if we need a pre request call, only done for initgroups for now */ >+ if ((ar->entry_type & 0xFF) == BE_REQ_INITGROUPS) { >+ ret = be_initgroups_prereq(be_req); >+ if (ret) { >+ DEBUG(SSSDBG_CRIT_FAILURE, ("Prerequest failed")); >+ return ret; >+ } >+ } >+ >+ /* process request */ >+ ret = be_file_request(be_ctx, be_req, >+ be_ctx->bet_info[BET_ID].bet_ops->handler); >+ if (ret != EOK) { >+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to file request")); >+ return ret; >+ } >+ >+ return EOK; >+} >+ >+static errno_t > split_name_extended(TALLOC_CTX *mem_ctx, > const char *filter, > char **name, >@@ -793,6 +821,106 @@ split_name_extended(TALLOC_CTX *mem_ctx, > return EOK; > } > >+static void >+be_get_account_info_done(struct be_req *be_req, >+ int dp_err, int dp_ret, >+ const char *errstr); >+ >+struct be_get_account_info_state { >+ int err_maj; >+ int err_min; >+ const char *err_msg; >+}; >+ >+struct tevent_req * >+be_get_account_info_send(TALLOC_CTX *mem_ctx, >+ struct tevent_context *ev, >+ struct be_client *becli, >+ struct be_ctx *be_ctx, >+ struct be_acct_req *ar) >+{ >+ struct tevent_req *req; >+ struct be_get_account_info_state *state; >+ struct be_req *be_req; >+ errno_t ret; >+ >+ req = tevent_req_create(mem_ctx, &state, >+ struct be_get_account_info_state); >+ if (!req) return NULL; >+ >+ be_req = be_req_create(state, becli, be_ctx, >+ be_get_account_info_done, req); >+ if (!be_req) { >+ ret = ENOMEM; >+ goto done; >+ } >+ >+ ret = be_file_account_request(be_req, ar); >+ if (ret != EOK) { >+ goto done; >+ } >+ >+ return req; >+ >+done: >+ tevent_req_error(req, ret); >+ tevent_req_post(req, ev); >+ return req; >+} >+ >+static void >+be_get_account_info_done(struct be_req *be_req, >+ int dp_err, int dp_ret, >+ const char *errstr) >+{ >+ struct tevent_req *req; >+ struct be_get_account_info_state *state; >+ >+ req = talloc_get_type(be_req->pvt, struct tevent_req); >+ state = tevent_req_data(req, struct be_get_account_info_state); >+ >+ state->err_maj = dp_err; >+ state->err_min = dp_ret; >+ if (errstr) { >+ state->err_msg = talloc_strdup(state, errstr); >+ if (state->err_msg == NULL) { >+ talloc_free(be_req); >+ tevent_req_error(req, ENOMEM); >+ return; >+ } >+ } >+ >+ talloc_free(be_req); >+ tevent_req_done(req); >+} >+ >+errno_t be_get_account_info_recv(struct tevent_req *req, >+ TALLOC_CTX *mem_ctx, >+ int *_err_maj, >+ int *_err_min, >+ const char **_err_msg) >+{ >+ struct be_get_account_info_state *state; >+ >+ state = tevent_req_data(req, struct be_get_account_info_state); >+ >+ TEVENT_REQ_RETURN_ON_ERROR(req); >+ >+ if (_err_maj) { >+ *_err_maj = state->err_maj; >+ } >+ >+ if (_err_min) { >+ *_err_min = state->err_min; >+ } >+ >+ if (_err_msg) { >+ *_err_msg = talloc_steal(mem_ctx, state->err_msg); >+ } >+ >+ return EOK; >+} >+ > static int be_get_account_info(DBusMessage *message, struct sbus_connection *conn) > { > struct be_acct_req *req; >@@ -893,8 +1021,6 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con > goto done; > } > >- be_req->req_data = req; >- > if ((attr_type != BE_ATTR_CORE) && > (attr_type != BE_ATTR_MEM) && > (attr_type != BE_ATTR_ALL)) { >@@ -941,26 +1067,11 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con > goto done; > } > >- /* see if we need a pre request call, only done for initgroups for now */ >- if ((type & 0xFF) == BE_REQ_INITGROUPS) { >- ret = be_initgroups_prereq(be_req); >- if (ret) { >- err_maj = DP_ERR_FATAL; >- err_min = ret; >- err_msg = "Prerequest failed"; >- goto done; >- } >- } >- >- /* process request */ >- >- ret = be_file_request(becli->bectx->bet_info[BET_ID].pvt_bet_data, >- be_req, >- becli->bectx->bet_info[BET_ID].bet_ops->handler); >+ ret = be_file_account_request(be_req, req); > if (ret != EOK) { > err_maj = DP_ERR_FATAL; > err_min = ret; >- err_msg = "Failed to file request"; >+ err_msg = "Cannot file account request"; > goto done; > } > >diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h >index 28fb4a22a581e2cfbc2b916026dea2ab35371d76..1a546a858999af9a7179e5366afd61e052b07ef4 100644 >--- a/src/providers/dp_backend.h >+++ b/src/providers/dp_backend.h >@@ -249,4 +249,18 @@ void *be_req_get_data(struct be_req *be_req); > void be_req_terminate(struct be_req *be_req, > int dp_err_type, int errnum, const char *errstr); > >+/* Request account information */ >+struct tevent_req * >+be_get_account_info_send(TALLOC_CTX *mem_ctx, >+ struct tevent_context *ev, >+ struct be_client *becli, >+ struct be_ctx *be_ctx, >+ struct be_acct_req *ar); >+ >+errno_t be_get_account_info_recv(struct tevent_req *req, >+ TALLOC_CTX *mem_ctx, >+ int *_err_maj, >+ int *_err_min, >+ const char **_err_msg); >+ > #endif /* __DP_BACKEND_H___ */ >-- >1.8.1.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=705198">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
jhrozek
: review?
Actions:
View
|
Diff
Attachments on
bug 910938
:
704993
|
704995
|
704996
|
704997
|
704998
| 705198 |
705200
|
705201
|
705202