Fix bug 6157

This patch picks the alphabetically smallest one of the multi-value attribute
"uid". This fixes a regression against 3.0 and also becomes deterministic.

diff --git a/source/include/smbldap.h b/source/include/smbldap.h
index a2cb8c5eea4ac0f58f2d87ea3acb0e0181b571f9..e312bb2899e575c08bb767a63df5e613ab05fc1b 100644 (file)
--- a/source/include/smbldap.h
+++ b/source/include/smbldap.h
@@ -212,6 +212,9 @@ const char** get_userattr_list( TALLOC_CTX *mem_ctx, int schema_ver );
 char * smbldap_talloc_single_attribute(LDAP *ldap_struct, LDAPMessage *entry,
                                       const char *attribute,
                                       TALLOC_CTX *mem_ctx);
+char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry,
+                                        const char *attribute,
+                                        TALLOC_CTX *mem_ctx);
 void talloc_autofree_ldapmsg(TALLOC_CTX *mem_ctx, LDAPMessage *result);
 void talloc_autofree_ldapmod(TALLOC_CTX *mem_ctx, LDAPMod **mod);
 const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld,

diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c
index 7e9f1ac9158af5e7d6265a648f26fcfc4371b9c0..03c657356e2c7434175f480c24e05ef8aff48d4c 100644 (file)
--- a/source/lib/smbldap.c
+++ b/source/lib/smbldap.c
@@ -333,6 +333,62 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = {
        return result;
 }
 
+ char * smbldap_talloc_smallest_attribute(LDAP *ldap_struct, LDAPMessage *entry,
+                                         const char *attribute,
+                                         TALLOC_CTX *mem_ctx)
+{
+       char **values;
+       char *result;
+       size_t converted_size;
+       int i, num_values;
+
+       if (attribute == NULL) {
+               return NULL;
+       }
+
+       values = ldap_get_values(ldap_struct, entry, attribute);
+
+       if (values == NULL) {
+               DEBUG(10, ("attribute %s does not exist\n", attribute));
+               return NULL;
+       }
+
+       if (!pull_utf8_talloc(mem_ctx, &result, values[0], &converted_size)) {
+               DEBUG(10, ("pull_utf8_talloc failed\n"));
+               ldap_value_free(values);
+               return NULL;
+       }
+
+       num_values = ldap_count_values(values);
+
+       for (i=1; i<num_values; i++) {
+               char *tmp;
+
+               if (!pull_utf8_talloc(mem_ctx, &tmp, values[i],
+                                     &converted_size)) {
+                       DEBUG(10, ("pull_utf8_talloc failed\n"));
+                       TALLOC_FREE(result);
+                       ldap_value_free(values);
+                       return NULL;
+               }
+
+               if (StrCaseCmp(tmp, result) < 0) {
+                       TALLOC_FREE(result);
+                       result = tmp;
+               } else {
+                       TALLOC_FREE(tmp);
+               }
+       }
+
+       ldap_value_free(values);
+
+#ifdef DEBUG_PASSWORDS
+       DEBUG (100, ("smbldap_get_single_attribute: [%s] = [%s]\n",
+                    attribute, result));
+#endif
+       return result;
+}
+
  static int ldapmsg_destructor(LDAPMessage **result) {
        ldap_msgfree(*result);
        return 0;

diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 554eb6e9e34c183a01b3f45597ae35de06e416e5..bc485e384096759950dd57d185ff2034da4446d4 100644 (file)
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -559,7 +559,7 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
                goto fn_exit;
        }
 
-       if (!(username = smbldap_talloc_single_attribute(priv2ld(ldap_state),
+       if (!(username = smbldap_talloc_smallest_attribute(priv2ld(ldap_state),
                                        entry,
                                        "uid",
                                        ctx))) {