summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Zeleny <jzeleny@redhat.com>2012-04-23 05:13:48 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-05-31 15:46:27 -0400
commitf56e704cf0b3b0e9e997e96221fa82d488ee8ca7 (patch)
treeaab013d172e625a49c8f59a919dded1dd6dc1214
parent9f26cae5ae716a0542261167b5a91d7d2e1763e7 (diff)
downloadsssd-f56e704cf0b3b0e9e997e96221fa82d488ee8ca7.tar.gz
sssd-f56e704cf0b3b0e9e997e96221fa82d488ee8ca7.tar.bz2
sssd-f56e704cf0b3b0e9e997e96221fa82d488ee8ca7.zip
Ghost members - removed sdap_check_aliases()
This function is no longer necessary because we don't have fake user entries any more. The original purpose of this function was to check if there are fake user entries for particular user and, if yes, to update its membership.
-rw-r--r--src/providers/ldap/sdap_async.c108
-rw-r--r--src/providers/ldap/sdap_async.h6
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c7
-rw-r--r--src/providers/ldap/sdap_async_users.c6
4 files changed, 0 insertions, 127 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 14a27bcb..46f0215a 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -2100,114 +2100,6 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
return false;
}
-errno_t sdap_check_aliases(struct sysdb_ctx *sysdb,
- struct sysdb_attrs *user_attrs,
- struct sss_domain_info *dom,
- struct sdap_options *opts,
- bool steal_memberships)
-{
- errno_t ret;
- const char **aliases = NULL;
- const char *name = NULL;
- struct ldb_message *msg;
- TALLOC_CTX *tmp_ctx = NULL;
- char **parents;
- uid_t alias_uid, uid;
- int i;
-
- tmp_ctx = talloc_new(NULL);
- if (!tmp_ctx) return ENOMEM;
-
- ret = sysdb_attrs_primary_name(sysdb, user_attrs,
- opts->user_map[SDAP_AT_USER_NAME].sys_name,
- &name);
- if (ret != EOK) {
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Could not get the primary name\n"));
- goto done;
- }
-
- ret = sysdb_attrs_get_uint32_t(user_attrs,
- opts->user_map[SDAP_AT_USER_UID].sys_name,
- &uid);
- if (ret != EOK) {
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Could not get UID\n"));
- goto done;
- }
-
- ret = sysdb_attrs_get_aliases(tmp_ctx, user_attrs, name,
- !dom->case_sensitive, &aliases);
- if (ret != EOK) {
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Failed to get the alias list\n"));
- goto done;
- }
-
- for (i = 0; aliases[i]; i++) {
- /* In RFC2307 schema, another group might be referencing user
- * using secondary name, so there might be fake users in the cache
- * from a previous getgr call */
- ret = sysdb_search_user_by_name(tmp_ctx, sysdb,
- aliases[i], NULL, &msg);
- if (ret && ret != ENOENT) {
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Error searching the cache\n"));
- goto done;
- } else if (ret == ENOENT) {
- DEBUG(SSSDBG_TRACE_INTERNAL,
- ("No user with primary name same as alias %s\n", aliases[i]));
- continue;
- }
-
- alias_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
- if (alias_uid) {
- if (alias_uid == uid) {
- DEBUG(SSSDBG_TRACE_INTERNAL,
- ("User already cached, skipping\n"));
- continue;
- }
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Cache contains non-fake user with same name "
- "as alias %s\n", aliases[i]));
- ret = EIO;
- goto done;
- }
- DEBUG(SSSDBG_TRACE_FUNC, ("%s is a fake user\n", aliases[i]));
-
- if (steal_memberships) {
- /* Get direct sysdb parents */
- ret = sysdb_get_direct_parents(tmp_ctx, sysdb, dom,
- SYSDB_MEMBER_USER,
- aliases[i], &parents);
- if (ret) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Could not get direct parents for %s: %d [%s]\n",
- aliases[i], ret, strerror(ret)));
- goto done;
- }
-
- ret = sysdb_update_members(sysdb, name, SYSDB_MEMBER_USER,
- (const char *const *) parents,
- NULL);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Membership update failed [%d]: %s\n",
- ret, strerror(ret)));
- goto done;
- }
- }
-
- ret = sysdb_delete_user(sysdb, aliases[i], alias_uid);
- if (ret) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Error deleting fake user %s\n", aliases[i]));
- goto done;
- }
- }
-
- ret = EOK;
-done:
- talloc_free(tmp_ctx);
- return ret;
-}
-
errno_t
sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
const char *attr_name,
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 870f1531..34fb40da 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -195,12 +195,6 @@ int sdap_deref_search_recv(struct tevent_req *req,
size_t *reply_count,
struct sdap_deref_attrs ***reply);
-errno_t sdap_check_aliases(struct sysdb_ctx *sysdb,
- struct sysdb_attrs *user_attrs,
- struct sss_domain_info *dom,
- struct sdap_options *opts,
- bool steal_memberships);
-
errno_t
sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
const char *attr_name,
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index b883ccf9..86117600 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -2646,13 +2646,6 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
switch (state->opts->schema_type) {
case SDAP_SCHEMA_RFC2307:
- ret = sdap_check_aliases(state->sysdb, state->orig_user, state->dom,
- state->opts, false);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- return;
- }
-
subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts,
state->sysdb, state->sh,
cname);
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index bc9e5551..dfce319b 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -411,12 +411,6 @@ int sdap_save_users(TALLOC_CTX *memctx,
DEBUG(9, ("User %d processed!\n", i));
}
- ret = sdap_check_aliases(sysdb, users[i], dom,
- opts, true);
- if (ret) {
- DEBUG(2, ("Failed to check aliases for user %d. Ignoring.\n", i));
- }
-
if (usn_value) {
if (higher_usn) {
if ((strlen(usn_value) > strlen(higher_usn)) ||