Print this page
12236 getmembers_DN doesn't properly handle errors from __ns_ldap_dn2uid
12240 nss_ldap does not properly look up group members by distinguished name

@@ -20,10 +20,11 @@
  */
 
 /*
  * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved.
  * Copyright 2017 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright 2020 Joyent, Inc.
  */
 
 
 #ifndef _NS_INTERNAL_H
 #define _NS_INTERNAL_H

@@ -65,12 +66,11 @@
 #define CONFIGFILE              1
 #define UIDNUMFILTER            "(&(objectclass=posixAccount)(uidnumber=%s))"
 #define UIDNUMFILTER_SSD        "(&(%%s)(uidnumber=%s))"
 #define UIDFILTER               "(&(objectclass=posixAccount)(uid=%s))"
 #define UIDFILTER_SSD           "(&(%%s)(uid=%s))"
-#define UIDDNFILTER     "(&(objectclass=posixAccount)(distinguishedName=%s))"
-#define UIDDNFILTER_SSD         "(&(%%s)(distinguishedName=%s))"
+#define UIDDNFILTER             "(objectclass=posixAccount)"
 
 #define HOSTFILTER              "(&(objectclass=ipHost)(cn=%s))"
 #define HOSTFILTER_SSD          "(&(%%s)(cn=%s))"
 
 #define SIMPLEPAGECTRLFLAG      1

@@ -763,10 +763,11 @@
         ns_server_info_t *ret, ns_ldap_error_t **error,  const char *addrType);
 
 
 /* ************ internal sldap-api functions *********** */
 void    __ns_ldap_freeEntry(ns_ldap_entry_t *ep);
+void    __ns_ldap_freeASearchDesc(ns_ldap_search_desc_t *);
 void    __s_api_split_key_value(char *buffer, char **name, char **value);
 int     __s_api_printResult(ns_ldap_result_t *);
 int     __s_api_getSearchScope(int *, ns_ldap_error_t **);
 int     __s_api_getDNs(char ***, const char *,
         ns_ldap_error_t **);

@@ -854,30 +855,21 @@
 int             __ns_ldap_cache_ping();
 ns_ldap_error_t *__ns_ldap_print_config(int);
 void            __ns_ldap_default_config();
 int             __ns_ldap_download(const char *, char *, char *,
                                 ns_ldap_error_t **);
-int
-__ns_ldap_check_dns_preq(int foreground,
-                int mode_verbose,
-                int mode_quiet,
-                const char *fname,
-                ns_ldap_self_gssapi_config_t config,
+int __ns_ldap_check_dns_preq(int foreground, int mode_verbose, int mode_quiet,
+    const char *fname, ns_ldap_self_gssapi_config_t config,
                 ns_ldap_error_t **errpp);
-int
-__ns_ldap_check_gssapi_preq(int foreground,
-                int mode_verbose,
-                int mode_quiet,
-                ns_ldap_self_gssapi_config_t config,
+
+int __ns_ldap_check_gssapi_preq(int foreground, int mode_verbose,
+    int mode_quiet, ns_ldap_self_gssapi_config_t config,
                 ns_ldap_error_t **errpp);
-int
-__ns_ldap_check_all_preq(int foreground,
-                int mode_verbose,
-                int mode_quiet,
-                ns_ldap_self_gssapi_config_t config,
-                ns_ldap_error_t **errpp);
 
+int __ns_ldap_check_all_preq(int foreground, int mode_verbose, int mode_quiet,
+    ns_ldap_self_gssapi_config_t config, ns_ldap_error_t **errpp);
+
 /* internal un-exposed APIs */
 ns_cred_t       *__ns_ldap_dupAuth(const ns_cred_t *authp);
 boolean_t       __s_api_is_auth_matched(const ns_cred_t *auth1,
                     const ns_cred_t *auth2);
 int             __s_api_get_SSD_from_SSDtoUse_service(const char *service,