Learn more about these different git repos.
Other Git URLs
Added as part of the fastcache patches
1676static int fill_grent(struct sss_packet *packet, 1677 struct sss_domain_info *dom, 1678 struct nss_ctx *nctx, 1679 bool filter_groups, bool gr_mmap_cache, 1680 struct ldb_message **msgs, 1681 int *count) 1682{ 1683 struct ldb_message *msg; 1684 struct ldb_message_element *el; 1685 uint8_t *body; 1686 size_t blen; 1687 uint32_t gid; 1688 const char *tmpstr; 1689 const char *orig_name; 1690 struct sized_string name; 1691 struct sized_string pwfield; 1692 struct sized_string fullname; 1693 size_t delim; 1694 size_t dom_len; 1695 int i = 0; 1696 int j = 0; CID 12610: Uninitialized scalar variable (UNINIT)Declaring variable "memnum" without initializer. 1697 int ret, num, memnum; 1698 size_t rzero, rsize; 1699 bool add_domain = dom->fqnames; 1700 const char *domain = dom->name; 1701 const char *namefmt = nctx->rctx->names->fq_fmt; 1702 TALLOC_CTX *tmp_ctx = NULL; 1703 At conditional (1): "add_domain" taking the true branch. 1704 if (add_domain) { 1705 delim = 1; 1706 dom_len = strlen(domain); 1707 } else { 1708 delim = 0; 1709 dom_len = 0; 1710 } 1711 1712 to_sized_string(&pwfield, nctx->pwfield); 1713 1714 num = 0; 1715 1716 /* first 2 fields (len and reserved), filled up later */ 1717 ret = sss_packet_grow(packet, 2*sizeof(uint32_t)); At conditional (2): "ret != 0" taking the false branch. 1718 if (ret != EOK) { 1719 goto done; 1720 } 1721 sss_packet_get_body(packet, &body, &blen); 1722 rzero = 2*sizeof(uint32_t); 1723 rsize = 0; 1724 At conditional (3): "i < *count" taking the true branch. At conditional (8): "i < *count" taking the true branch. At conditional (13): "i < *count" taking the true branch. At conditional (20): "i < *count" taking the true branch. At conditional (29): "i < *count" taking the true branch. At conditional (38): "i < *count" taking the true branch. At conditional (48): "i < *count" taking the true branch. At conditional (65): "i < *count" taking the true branch. 1725 for (i = 0; i < *count; i++) { 1726 talloc_zfree(tmp_ctx); 1727 tmp_ctx = talloc_new(NULL); 1728 msg = msgs[i]; 1729 1730 /* new group */ At conditional (4): "!ldb_msg_check_string_attribute(msg, "objectClass", "group")" taking the true branch. At conditional (9): "!ldb_msg_check_string_attribute(msg, "objectClass", "group")" taking the true branch. At conditional (14): "!ldb_msg_check_string_attribute(msg, "objectClass", "group")" taking the false branch. At conditional (21): "!ldb_msg_check_string_attribute(msg, "objectClass", "group")" taking the false branch. At conditional (30): "!ldb_msg_check_string_attribute(msg, "objectClass", "group")" taking the false branch. At conditional (39): "!ldb_msg_check_string_attribute(msg, "objectClass", "group")" taking the false branch. At conditional (49): "!ldb_msg_check_string_attribute(msg, "objectClass", "group")" taking the false branch. At conditional (66): "!ldb_msg_check_string_attribute(msg, "objectClass", "group")" taking the false branch. 1731 if (!ldb_msg_check_string_attribute(msg, "objectClass", 1732 SYSDB_GROUP_CLASS)) { At conditional (5): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (6): "debug_timestamps" taking the true branch. At conditional (7): "debug_microseconds" taking the true branch. At conditional (10): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (11): "debug_timestamps" taking the true branch. At conditional (12): "debug_microseconds" taking the true branch. 1733 DEBUG(1, ("Wrong object (%s) found on stack!\n", 1734 ldb_dn_get_linearized(msg->dn))); 1735 continue; 1736 } 1737 1738 /* new result starts at end of previous result */ 1739 rzero += rsize; 1740 rsize = 0; 1741 1742 /* find group name/gid */ 1743 orig_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); 1744 gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); At conditional (15): "!orig_name" taking the true branch. At conditional (22): "!orig_name" taking the false branch. At conditional (23): "!gid" taking the false branch. At conditional (31): "!orig_name" taking the false branch. At conditional (32): "!gid" taking the false branch. At conditional (40): "!orig_name" taking the false branch. At conditional (41): "!gid" taking the false branch. At conditional (50): "!orig_name" taking the false branch. At conditional (51): "!gid" taking the false branch. At conditional (67): "!orig_name" taking the false branch. At conditional (68): "!gid" taking the false branch. 1745 if (!orig_name || !gid) { At conditional (16): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (17): "debug_timestamps" taking the true branch. At conditional (18): "debug_microseconds" taking the true branch. At conditional (19): "orig_name" taking the false branch. 1746 DEBUG(2, ("Incomplete group object for %s[%llu]! Skipping\n", 1747 orig_name?orig_name:"<NULL>", (unsigned long long int)gid)); 1748 continue; 1749 } 1750 At conditional (24): "filter_groups" taking the true branch. At conditional (33): "filter_groups" taking the true branch. At conditional (42): "filter_groups" taking the true branch. At conditional (52): "filter_groups" taking the true branch. At conditional (69): "filter_groups" taking the true branch. 1751 if (filter_groups) { 1752 ret = sss_ncache_check_group(nctx->ncache, 1753 nctx->neg_timeout, dom, orig_name); At conditional (25): "ret == 17" taking the true branch. At conditional (34): "ret == 17" taking the true branch. At conditional (43): "ret == 17" taking the false branch. At conditional (53): "ret == 17" taking the false branch. At conditional (70): "ret == 17" taking the false branch. 1754 if (ret == EEXIST) { At conditional (26): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (27): "debug_timestamps" taking the true branch. At conditional (28): "debug_microseconds" taking the true branch. At conditional (35): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (36): "debug_timestamps" taking the true branch. At conditional (37): "debug_microseconds" taking the true branch. 1755 DEBUG(4, ("Group [%s@%s] filtered out! (negative cache)\n", 1756 orig_name, domain)); 1757 continue; 1758 } 1759 } 1760 1761 tmpstr = sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive); At conditional (44): "tmpstr == NULL" taking the true branch. At conditional (54): "tmpstr == NULL" taking the false branch. At conditional (71): "tmpstr == NULL" taking the false branch. 1762 if (tmpstr == NULL) { At conditional (45): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (46): "debug_timestamps" taking the true branch. At conditional (47): "debug_microseconds" taking the true branch. 1763 DEBUG(SSSDBG_CRIT_FAILURE, 1764 ("sss_get_cased_name failed, skipping\n")); 1765 continue; 1766 } 1767 to_sized_string(&name, tmpstr); 1768 1769 /* fill in gid and name and set pointer for number of members */ 1770 rsize = STRS_ROFFSET + name.len + pwfield.len; /* name\0x\0 */ At conditional (55): "add_domain" taking the true branch. At conditional (72): "add_domain" taking the true branch. 1771 if (add_domain) rsize += delim + dom_len; 1772 1773 ret = sss_packet_grow(packet, rsize); At conditional (56): "ret != 0" taking the false branch. At conditional (73): "ret != 0" taking the false branch. 1774 if (ret != EOK) { 1775 num = 0; 1776 goto done; 1777 } 1778 sss_packet_get_body(packet, &body, &blen); 1779 1780 /* 0-3: 32bit number gid */ 1781 SAFEALIGN_SET_UINT32(&body[rzero+GID_ROFFSET], gid, NULL); 1782 1783 /* 4-7: 32bit unsigned number of members */ 1784 SAFEALIGN_SET_UINT32(&body[rzero+MNUM_ROFFSET], 0, NULL); 1785 1786 /* 8-X: sequence of strings (name, passwd, mem..) */ At conditional (57): "add_domain" taking the true branch. At conditional (74): "add_domain" taking the true branch. 1787 if (add_domain) { 1788 ret = snprintf((char *)&body[rzero+STRS_ROFFSET], 1789 name.len + delim + dom_len, 1790 namefmt, name.str, domain); At conditional (58): "ret >= name.len + delim + dom_len" taking the true branch. At conditional (75): "ret >= name.len + delim + dom_len" taking the true branch. 1791 if (ret >= (name.len + delim + dom_len)) { 1792 /* need more space, got creative with the print format ? */ 1793 int t = ret - (name.len + delim + dom_len) + 1; 1794 ret = sss_packet_grow(packet, t); At conditional (59): "ret != 0" taking the false branch. At conditional (76): "ret != 0" taking the false branch. 1795 if (ret != EOK) { 1796 num = 0; 1797 goto done; 1798 } 1799 sss_packet_get_body(packet, &body, &blen); 1800 rsize += t; 1801 delim += t; 1802 1803 /* retry */ 1804 ret = snprintf((char *)&body[rzero+STRS_ROFFSET], 1805 name.len + delim + dom_len, 1806 namefmt, name.str, domain); 1807 } 1808 At conditional (60): "ret != name.len + delim + dom_len - 1UL" taking the true branch. At conditional (77): "ret != name.len + delim + dom_len - 1UL" taking the false branch. 1809 if (ret != name.len + delim + dom_len - 1) { At conditional (61): "debug_level & __debug_macro_newlevel" taking the true branch. At conditional (62): "debug_timestamps" taking the true branch. At conditional (63): "debug_microseconds" taking the true branch. 1810 DEBUG(1, ("Failed to generate a fully qualified name for" 1811 " group [%s] in [%s]! Skipping\n", name.str, domain)); 1812 /* reclaim space */ 1813 ret = sss_packet_shrink(packet, rsize); At conditional (64): "ret != 0" taking the false branch. 1814 if (ret != EOK) { 1815 num = 0; 1816 goto done; 1817 } 1818 rsize = 0; 1819 continue; 1820 } 1821 } else { 1822 memcpy(&body[rzero+STRS_ROFFSET], name.str, name.len); 1823 } 1824 to_sized_string(&fullname, (const char *)&body[rzero+STRS_ROFFSET]); 1825 1826 /* group passwd field */ 1827 memcpy(&body[rzero+STRS_ROFFSET + fullname.len], 1828 pwfield.str, pwfield.len); 1829 1830 el = ldb_msg_find_element(msg, SYSDB_MEMBERUID); At conditional (78): "el" taking the false branch. 1831 if (el) { 1832 memnum = 0; 1833 1834 for (j = 0; j < el->num_values; j++) { 1835 tmpstr = (char *)el->values[j].data; 1836 1837 if (nctx->filter_users_in_groups) { 1838 ret = sss_ncache_check_user(nctx->ncache, 1839 nctx->neg_timeout, 1840 dom, tmpstr); 1841 if (ret == EEXIST) { 1842 DEBUG(6, ("Group [%s] member [%s@%s] filtered out!" 1843 " (negative cache)\n", 1844 (char *)&body[rzero+STRS_ROFFSET], 1845 tmpstr, domain)); 1846 continue; 1847 } 1848 } 1849 1850 to_sized_string(&name, tmpstr); 1851 1852 if (add_domain) { 1853 ret = sss_packet_grow(packet, name.len + delim + dom_len); 1854 } else { 1855 ret = sss_packet_grow(packet, name.len); 1856 } 1857 if (ret != EOK) { 1858 num = 0; 1859 goto done; 1860 } 1861 sss_packet_get_body(packet, &body, &blen); 1862 1863 if (add_domain) { 1864 ret = snprintf((char *)&body[rzero + rsize], 1865 name.len + delim + dom_len, 1866 namefmt, name, domain); 1867 if (ret >= (name.len + delim + dom_len)) { 1868 /* need more space, 1869 * got creative with the print format ? */ 1870 int t = ret - name.len + delim + dom_len + 1; 1871 ret = sss_packet_grow(packet, t); 1872 if (ret != EOK) { 1873 num = 0; 1874 goto done; 1875 } 1876 sss_packet_get_body(packet, &body, &blen); 1877 delim += t; 1878 1879 /* retry */ 1880 ret = snprintf((char *)&body[rzero + rsize], 1881 name.len + delim + dom_len, 1882 namefmt, name, domain); 1883 } 1884 1885 if (ret != name.len + delim + dom_len - 1) { 1886 DEBUG(1, ("Failed to generate a fully qualified name" 1887 " for member [%s@%s] of group [%s]!" 1888 " Skipping\n", name.str, domain, 1889 (char *)&body[rzero+STRS_ROFFSET])); 1890 /* reclaim space */ 1891 ret = sss_packet_shrink(packet, 1892 name.len + delim + dom_len); 1893 if (ret != EOK) { 1894 num = 0; 1895 goto done; 1896 } 1897 continue; 1898 } 1899 1900 } else { 1901 memcpy(&body[rzero + rsize], name.str, name.len); 1902 } 1903 1904 if (add_domain) { 1905 rsize += name.len + delim + dom_len; 1906 } else { 1907 rsize += name.len; 1908 } 1909 1910 memnum++; 1911 } 1912 1913 if (memnum) { 1914 /* set num of members */ 1915 SAFEALIGN_SET_UINT32(&body[rzero+MNUM_ROFFSET], memnum, NULL); 1916 } 1917 } 1918 1919 num++; 1920 At conditional (79): "gr_mmap_cache" taking the true branch. 1921 if (gr_mmap_cache) { Using uninitialized value "memnum" when calling "sss_mmap_cache_gr_store". [show details] 1922 ret = sss_mmap_cache_gr_store(nctx->grp_mc_ctx, 1923 &fullname, &pwfield, gid, memnum, 1924 (char *)&body[rzero] + STRS_ROFFSET + 1925 fullname.len + pwfield.len, 1926 rsize - STRS_ROFFSET - 1927 fullname.len - pwfield.len); 1928 } 1929 1930 continue; 1931 }
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.9.0 rhbz: => 0
This issue will be resolved once ghost users land in master branch (the code is slightly different in this part). Setting the dependency.
blockedby: => 1255 status: new => assigned
Fixed as a side effect of 9f26cae
resolution: => fixed status: assigned => closed
Metadata Update from @sgallagh: - Issue assigned to jzeleny - Issue marked as depending on: #1255 - Issue set to the milestone: SSSD 1.9.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2309
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.