summaryrefslogtreecommitdiff
path: root/server/responder
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-11-27 18:52:55 -0500
committerStephen Gallagher <sgallagh@redhat.com>2009-12-03 10:26:21 -0500
commit9e37ad98a9f2bbd1128ba73d0fee1af7b337ec59 (patch)
tree4ca0589527effce131264d12629a4cbabd62a28c /server/responder
parent9372f8c0cbe793567ec1b7115a9e3567fd23e7f6 (diff)
downloadsssd-9e37ad98a9f2bbd1128ba73d0fee1af7b337ec59.tar.gz
sssd-9e37ad98a9f2bbd1128ba73d0fee1af7b337ec59.tar.bz2
sssd-9e37ad98a9f2bbd1128ba73d0fee1af7b337ec59.zip
Use memberuid and not member in group enumerations
This allows for correctly reporting nested group members, while at the same time not paying a too high price for caluclating nested groups at runtime e very time a search is made.
Diffstat (limited to 'server/responder')
-rw-r--r--server/responder/nss/nsssrv_cmd.c61
1 files changed, 8 insertions, 53 deletions
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
index 6be78900..1802dfea 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -1482,7 +1482,6 @@ static int fill_grent(struct sss_packet *packet,
size_t dom_len;
int i, j;
int ret, num, memnum;
- size_t sysnamelen, sysuserslen;
size_t rzero, rsize;
bool add_domain = dom->fqnames;
const char *domain = dom->name;
@@ -1496,9 +1495,6 @@ static int fill_grent(struct sss_packet *packet,
dom_len = 0;
}
- sysnamelen = strlen(SYSDB_NAME);
- sysuserslen = strlen(SYSDB_USERS_CONTAINER);
-
num = 0;
/* first 2 fields (len and reserved), filled up later */
@@ -1609,61 +1605,27 @@ static int fill_grent(struct sss_packet *packet,
body[rzero + rsize -2] = 'x'; /* group passwd field */
body[rzero + rsize -1] = '\0';
- el = ldb_msg_find_element(msg, SYSDB_MEMBER);
+ el = ldb_msg_find_element(msg, SYSDB_MEMBERUID);
if (el) {
memnum = 0;
for (j = 0; j < el->num_values; j++) {
- int nlen;
- char *p;
-
- if (strncmp((const char *)el->values[j].data,
- SYSDB_NAME, sysnamelen) != 0) {
- DEBUG(1, ("Member [%.*s] not in the std format ?! "
- "("SYSDB_NAME"=value,...)\n",
- el->values[i].length,
- (const char *)el->values[i].data));
- continue;
- }
-
- name = &((const char *)el->values[j].data)[sysnamelen + 1];
- p = strchr(name, ',');
- if (!p) {
- DEBUG(1, ("Member [%.*s] not in the std format ?! "
- "("SYSDB_NAME"=value,...)\n",
- el->values[i].length,
- (const char *)el->values[j].data));
- continue;
- }
- nlen = p - name;
+ name = (const char *)el->values[j].data;
if (nctx->filter_users_in_groups) {
- char t;
- t = *p;
- *p = '\0';
ret = nss_ncache_check_user(nctx->ncache,
nctx->neg_timeout,
domain, name);
- *p = t;
if (ret == EEXIST) {
- DEBUG(6, ("Group [%s] member [%.*s@%s] filtered out!"
+ DEBUG(6, ("Group [%s] member [%s@%s] filtered out!"
" (negative cache)\n",
(char *)&body[rzero+STRS_ROFFSET],
- nlen, name, domain));
+ name, domain));
continue;
}
}
- p++;
- if (strncmp(p, SYSDB_USERS_CONTAINER, sysuserslen) != 0) {
- DEBUG(1, ("Member [%.*s] not in the std format ?! "
- "("SYSDB_NAME"=value,...)\n",
- el->values[i].length,
- (const char *)el->values[j].data));
- continue;
- }
-
- nsize = nlen + 1; /* includes terminating \0 */
+ nsize = strlen(name) + 1; /* includes terminating \0 */
if (add_domain) nsize += delim + dom_len;
ret = sss_packet_grow(packet, nsize);
@@ -1674,14 +1636,8 @@ static int fill_grent(struct sss_packet *packet,
sss_packet_get_body(packet, &body, &blen);
if (add_domain) {
- char tmp[nlen+1];
-
- memcpy(tmp, name, nlen);
- tmp[nlen] = '\0';
-
-
ret = snprintf((char *)&body[rzero + rsize],
- nsize, namefmt, tmp, domain);
+ nsize, namefmt, name, domain);
if (ret >= nsize) {
/* need more space,
* got creative with the print format ? */
@@ -1697,7 +1653,7 @@ static int fill_grent(struct sss_packet *packet,
/* retry */
ret = snprintf((char *)&body[rzero + rsize],
- nsize, namefmt, tmp, domain);
+ nsize, namefmt, name, domain);
}
if (ret != nsize-1) {
@@ -1715,8 +1671,7 @@ static int fill_grent(struct sss_packet *packet,
}
} else {
- memcpy(&body[rzero + rsize], name, nlen);
- body[rzero + rsize + nlen] = '\0';
+ memcpy(&body[rzero + rsize], name, nsize);
}
rsize += nsize;