s3:winbind:idmap_ldap: warn about duplicate SID->XID mappings (bug #6387)

[ira/wip.git] / source3 / winbindd / idmap_ldap.c

diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 7224589076e1157b5901c5dcea834f3d16e7c198..88ece8c7de4706d0eff30a38da73524a3165fec0 100644 (file)
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -892,6 +892,7 @@ static NTSTATUS idmap_ldap_unixids_to_sids(struct idmap_domain *dom,
        TALLOC_CTX *memctx;
        struct idmap_ldap_context *ctx;
        LDAPMessage *result = NULL;
+       LDAPMessage *entry = NULL;
        const char *uidNumber;
        const char *gidNumber;
        const char **attr_list;
@@ -979,7 +980,6 @@ again:
        }
 
        for (i = 0; i < count; i++) {
-               LDAPMessage *entry = NULL;
                char *sidstr = NULL;
                char *tmp = NULL;
                enum id_type type;
@@ -1055,6 +1055,14 @@ again:
                        TALLOC_FREE(sidstr);
                        continue;
                }
+
+               if (map->status == ID_MAPPED) {
+                       DEBUG(1, ("WARNING: duplicate %s mapping in LDAP. "
+                             "overwriting mapping %u -> %s with %u -> %s\n",
+                             (type == ID_TYPE_UID) ? "UID" : "GID",
+                             id, sid_string_dbg(map->sid), id, sidstr));
+               }
+
                TALLOC_FREE(sidstr);
 
                /* mapped */
@@ -1249,8 +1257,6 @@ again:
                        continue;
                }
 
-               TALLOC_FREE(sidstr);
-
                /* now try to see if it is a uid, if not try with a gid
                 * (gid is more common, but in case both uidNumber and
                 * gidNumber are returned the SID is mapped to the uid
@@ -1268,6 +1274,7 @@ again:
                if ( ! tmp) { /* no ids ?? */
                        DEBUG(5, ("no uidNumber, "
                                  "nor gidNumber attributes found\n"));
+                       TALLOC_FREE(sidstr);
                        continue;
                }
 
@@ -1278,11 +1285,21 @@ again:
                        DEBUG(5, ("Requested id (%u) out of range (%u - %u). "
                                  "Filtered!\n", id,
                                  ctx->filter_low_id, ctx->filter_high_id));
+                       TALLOC_FREE(sidstr);
                        TALLOC_FREE(tmp);
                        continue;
                }
                TALLOC_FREE(tmp);
 
+               if (map->status == ID_MAPPED) {
+                       DEBUG(1, ("WARNING: duplicate %s mapping in LDAP. "
+                             "overwriting mapping %s -> %u with %s -> %u\n",
+                             (type == ID_TYPE_UID) ? "UID" : "GID",
+                             sidstr, map->xid.id, sidstr, id));
+               }
+
+               TALLOC_FREE(sidstr);
+
                /* mapped */
                map->xid.type = type;
                map->xid.id = id;