diff options
author | Simo Sorce <ssorce@redhat.com> | 2009-11-27 18:52:55 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-12-03 10:26:21 -0500 |
commit | 9e37ad98a9f2bbd1128ba73d0fee1af7b337ec59 (patch) | |
tree | 4ca0589527effce131264d12629a4cbabd62a28c /server/responder | |
parent | 9372f8c0cbe793567ec1b7115a9e3567fd23e7f6 (diff) | |
download | sssd-9e37ad98a9f2bbd1128ba73d0fee1af7b337ec59.tar.gz sssd-9e37ad98a9f2bbd1128ba73d0fee1af7b337ec59.tar.bz2 sssd-9e37ad98a9f2bbd1128ba73d0fee1af7b337ec59.zip |
Use memberuid and not member in group enumerations
This allows for correctly reporting nested group members, while at the same
time not paying a too high price for caluclating nested groups at runtime e
very time a search is made.
Diffstat (limited to 'server/responder')
-rw-r--r-- | server/responder/nss/nsssrv_cmd.c | 61 |
1 files changed, 8 insertions, 53 deletions
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c index 6be78900..1802dfea 100644 --- a/server/responder/nss/nsssrv_cmd.c +++ b/server/responder/nss/nsssrv_cmd.c @@ -1482,7 +1482,6 @@ static int fill_grent(struct sss_packet *packet, size_t dom_len; int i, j; int ret, num, memnum; - size_t sysnamelen, sysuserslen; size_t rzero, rsize; bool add_domain = dom->fqnames; const char *domain = dom->name; @@ -1496,9 +1495,6 @@ static int fill_grent(struct sss_packet *packet, dom_len = 0; } - sysnamelen = strlen(SYSDB_NAME); - sysuserslen = strlen(SYSDB_USERS_CONTAINER); - num = 0; /* first 2 fields (len and reserved), filled up later */ @@ -1609,61 +1605,27 @@ static int fill_grent(struct sss_packet *packet, body[rzero + rsize -2] = 'x'; /* group passwd field */ body[rzero + rsize -1] = '\0'; - el = ldb_msg_find_element(msg, SYSDB_MEMBER); + el = ldb_msg_find_element(msg, SYSDB_MEMBERUID); if (el) { memnum = 0; for (j = 0; j < el->num_values; j++) { - int nlen; - char *p; - - if (strncmp((const char *)el->values[j].data, - SYSDB_NAME, sysnamelen) != 0) { - DEBUG(1, ("Member [%.*s] not in the std format ?! " - "("SYSDB_NAME"=value,...)\n", - el->values[i].length, - (const char *)el->values[i].data)); - continue; - } - - name = &((const char *)el->values[j].data)[sysnamelen + 1]; - p = strchr(name, ','); - if (!p) { - DEBUG(1, ("Member [%.*s] not in the std format ?! " - "("SYSDB_NAME"=value,...)\n", - el->values[i].length, - (const char *)el->values[j].data)); - continue; - } - nlen = p - name; + name = (const char *)el->values[j].data; if (nctx->filter_users_in_groups) { - char t; - t = *p; - *p = '\0'; ret = nss_ncache_check_user(nctx->ncache, nctx->neg_timeout, domain, name); - *p = t; if (ret == EEXIST) { - DEBUG(6, ("Group [%s] member [%.*s@%s] filtered out!" + DEBUG(6, ("Group [%s] member [%s@%s] filtered out!" " (negative cache)\n", (char *)&body[rzero+STRS_ROFFSET], - nlen, name, domain)); + name, domain)); continue; } } - p++; - if (strncmp(p, SYSDB_USERS_CONTAINER, sysuserslen) != 0) { - DEBUG(1, ("Member [%.*s] not in the std format ?! " - "("SYSDB_NAME"=value,...)\n", - el->values[i].length, - (const char *)el->values[j].data)); - continue; - } - - nsize = nlen + 1; /* includes terminating \0 */ + nsize = strlen(name) + 1; /* includes terminating \0 */ if (add_domain) nsize += delim + dom_len; ret = sss_packet_grow(packet, nsize); @@ -1674,14 +1636,8 @@ static int fill_grent(struct sss_packet *packet, sss_packet_get_body(packet, &body, &blen); if (add_domain) { - char tmp[nlen+1]; - - memcpy(tmp, name, nlen); - tmp[nlen] = '\0'; - - ret = snprintf((char *)&body[rzero + rsize], - nsize, namefmt, tmp, domain); + nsize, namefmt, name, domain); if (ret >= nsize) { /* need more space, * got creative with the print format ? */ @@ -1697,7 +1653,7 @@ static int fill_grent(struct sss_packet *packet, /* retry */ ret = snprintf((char *)&body[rzero + rsize], - nsize, namefmt, tmp, domain); + nsize, namefmt, name, domain); } if (ret != nsize-1) { @@ -1715,8 +1671,7 @@ static int fill_grent(struct sss_packet *packet, } } else { - memcpy(&body[rzero + rsize], name, nlen); - body[rzero + rsize + nlen] = '\0'; + memcpy(&body[rzero + rsize], name, nsize); } rsize += nsize; |