summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2013-09-06 13:13:04 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-09-26 21:11:52 +0200
commit9cc66028cb6e497588a088ff2953e2ca7ed6ca6d (patch)
tree5b4d5bf7c5b77c3a04939a2e3f47cf2e4ee4e762
parentcf1a8af5556b1d8eab68802918c881ae1a0b89eb (diff)
downloadsssd-9cc66028cb6e497588a088ff2953e2ca7ed6ca6d.tar.gz
sssd-9cc66028cb6e497588a088ff2953e2ca7ed6ca6d.tar.bz2
sssd-9cc66028cb6e497588a088ff2953e2ca7ed6ca6d.zip
sysdb: get_sysdb_grouplist() can return either names or dn
We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c65
-rw-r--r--src/providers/ldap/sdap_async_private.h6
2 files changed, 55 insertions, 16 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index a0df82ca..e645067b 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -3035,11 +3035,12 @@ int sdap_get_initgr_recv(struct tevent_req *req)
return EOK;
}
-errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
- const char *name,
- char ***grouplist)
+static errno_t get_sysdb_grouplist_ex(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *name,
+ char ***grouplist,
+ bool get_dn)
{
errno_t ret;
const char *attrs[2];
@@ -3075,19 +3076,32 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx,
goto done;
}
- /* Get a list of the groups by groupname only */
- for (i=0; i < groups->num_values; i++) {
- ret = sysdb_group_dn_name(sysdb,
- sysdb_grouplist,
- (const char *)groups->values[i].data,
- &sysdb_grouplist[i]);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Could not determine group name from [%s]: [%s]\n",
- (const char *)groups->values[i].data, strerror(ret)));
- goto done;
+ if (get_dn) {
+ /* Get distinguish name */
+ for (i=0; i < groups->num_values; i++) {
+ sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist,
+ (const char *)groups->values[i].data);
+ if (sysdb_grouplist[i] == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+ } else {
+ /* Get a list of the groups by groupname only */
+ for (i=0; i < groups->num_values; i++) {
+ ret = sysdb_group_dn_name(sysdb,
+ sysdb_grouplist,
+ (const char *)groups->values[i].data,
+ &sysdb_grouplist[i]);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Could not determine group name from [%s]: [%s]\n",
+ (const char *)groups->values[i].data, strerror(ret)));
+ goto done;
+ }
}
}
+
sysdb_grouplist[groups->num_values] = NULL;
}
@@ -3098,3 +3112,22 @@ done:
return ret;
}
+errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *name,
+ char ***grouplist)
+{
+ return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain,
+ name, grouplist, false);
+}
+
+errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *name,
+ char ***grouplist)
+{
+ return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain,
+ name, grouplist, true);
+}
diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h
index 944c8a82..364c809a 100644
--- a/src/providers/ldap/sdap_async_private.h
+++ b/src/providers/ldap/sdap_async_private.h
@@ -112,6 +112,12 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx,
const char *name,
char ***grouplist);
+errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *name,
+ char ***grouplist);
+
/* from sdap_async_nested_groups.c */
struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,