s3:winbind:idmap_ldap: fix a crash bug in idmap_ldap_unixids_to_sids (#6387)

This fixes a crash bug hit when multiple mappings were found by
the ldap search. This crash was caused by an ldap asssertion
in ldap_next_entry because was set to NULL in each iteration.

The corresponding fix was applied to the idmap_ldap_sids_to_unixids()
by Jerry in 2007 (b066668b74768d9ed547f16bf7b6ba6aea5df20a).

This fixes the crash part of bug #6387.

There is a logic part, too:
The problem currently only occurs when multiple mappings are found
for one given unixid. Now winbindd does not crash any more but
it does not correctly handle this situation. It just returns the
last mapping from the ldap search results.
This needs fixing.

Michael

diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 7224589076e1157b5901c5dcea834f3d16e7c198..854fd21df8ef918f0caf7ba0b2a88b29de925a8d 100644 (file)
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -892,6 +892,7 @@ static NTSTATUS idmap_ldap_unixids_to_sids(struct idmap_domain *dom,
        TALLOC_CTX *memctx;
        struct idmap_ldap_context *ctx;
        LDAPMessage *result = NULL;
        TALLOC_CTX *memctx;
        struct idmap_ldap_context *ctx;
        LDAPMessage *result = NULL;

+       LDAPMessage *entry = NULL;

        const char *uidNumber;
        const char *gidNumber;
        const char **attr_list;
        const char *uidNumber;
        const char *gidNumber;
        const char **attr_list;


@@ -979,7 +980,6 @@ again:
        }
 
        for (i = 0; i < count; i++) {
        }
 
        for (i = 0; i < count; i++) {

-               LDAPMessage *entry = NULL;

                char *sidstr = NULL;
                char *tmp = NULL;
                enum id_type type;
                char *sidstr = NULL;
                char *tmp = NULL;
                enum id_type type;