summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-04-11 18:23:27 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-05-02 19:33:56 +0200
commit206329d3901738036352f2ac1e8d7804f728861d (patch)
tree199e9c2e2675e69fa9b10af9de9ae05f56a62a5d
parent1ae6d34788fd6ac2278be52b60d77c77073d98f3 (diff)
downloadsssd-206329d3901738036352f2ac1e8d7804f728861d.tar.gz
sssd-206329d3901738036352f2ac1e8d7804f728861d.tar.bz2
sssd-206329d3901738036352f2ac1e8d7804f728861d.zip
Add secid filter to responder-dp protocol
This patch add a new filter type to the data-provider interface which can be used for SID-based lookups.
-rw-r--r--src/providers/data_provider.h6
-rw-r--r--src/providers/data_provider_be.c5
-rw-r--r--src/providers/ldap/ldap_id.c6
-rw-r--r--src/providers/proxy/proxy_id.c6
-rw-r--r--src/responder/common/responder_dp.c18
5 files changed, 37 insertions, 4 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index 256e6089..31368144 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -140,6 +140,7 @@
#define BE_FILTER_NAME 1
#define BE_FILTER_IDNUM 2
#define BE_FILTER_ENUM 3
+#define BE_FILTER_SECID 4
#define BE_REQ_USER 0x0001
#define BE_REQ_GROUP 0x0002
@@ -153,6 +154,11 @@
#define BE_REQ_TYPE_MASK 0x00FF
#define BE_REQ_FAST 0x1000
+#define DP_SEC_ID "secid"
+/* sizeof() counts the trailing \0 so we must substract 1 for the string
+ * length */
+#define DP_SEC_ID_LEN (sizeof(DP_SEC_ID) - 1)
+
/* AUTH related common data and functions */
#define DEBUG_PAM_DATA(level, pd) do { \
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 823dc00e..cd671568 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -1043,6 +1043,11 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con
ret = split_name_extended(req, &filter[9],
&req->filter_value,
&req->extra_value);
+ } else if (strncmp(filter, DP_SEC_ID"=", DP_SEC_ID_LEN + 1) == 0) {
+ req->filter_type = BE_FILTER_SECID;
+ ret = split_name_extended(req, &filter[DP_SEC_ID_LEN + 1],
+ &req->filter_value,
+ &req->extra_value);
} else if (strcmp(filter, ENUM_INDICATOR) == 0) {
req->filter_type = BE_FILTER_ENUM;
req->filter_value = NULL;
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 073f6869..4d373a49 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -1058,6 +1058,12 @@ void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx)
return sdap_handler_done(breq, DP_ERR_OK, EOK, "Success");
}
+ if (ar->filter_type == BE_FILTER_SECID) {
+ ret = EINVAL;
+ err = "Invalid filter type";
+ break;
+ }
+
req = services_get_send(breq, be_ctx->ev, ctx,
ar->filter_value,
ar->extra_value,
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index 7d7fab20..aae3ee8f 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -1364,6 +1364,12 @@ void proxy_get_account_info(struct be_req *breq)
return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid attr type");
}
+ /* proxy provider does not support security ID lookups */
+ if (ar->filter_type == BE_FILTER_SECID) {
+ return be_req_terminate(breq, DP_ERR_FATAL, ENOSYS,
+ "Invalid filter type");
+ }
+
switch (ar->entry_type & BE_REQ_TYPE_MASK) {
case BE_REQ_USER: /* user */
switch (ar->filter_type) {
diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c
index d23075d6..53826b0f 100644
--- a/src/responder/common/responder_dp.c
+++ b/src/responder/common/responder_dp.c
@@ -548,11 +548,21 @@ sss_dp_get_account_msg(void *pvt)
}
if (info->opt_name) {
- if (info->extra) {
- filter = talloc_asprintf(info, "name=%s:%s",
- info->opt_name, info->extra);
+ if (info->type == SSS_DP_SECID) {
+ if (info->extra) {
+ filter = talloc_asprintf(info, "%s=%s:%s", DP_SEC_ID,
+ info->opt_name, info->extra);
+ } else {
+ filter = talloc_asprintf(info, "%s=%s", DP_SEC_ID,
+ info->opt_name);
+ }
} else {
- filter = talloc_asprintf(info, "name=%s", info->opt_name);
+ if (info->extra) {
+ filter = talloc_asprintf(info, "name=%s:%s",
+ info->opt_name, info->extra);
+ } else {
+ filter = talloc_asprintf(info, "name=%s", info->opt_name);
+ }
}
} else if (info->opt_id) {
if (info->extra) {