Store name aliases for users, groups

Also checks fake users for aliases when storing a real users so that
getgrnam for a RFC2307 group that references a user by his secondary
name followed by getpwnam for this user by his primary name works

1 files changed, 92 insertions, 37 deletions

diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index f887651d..2b48af92 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -222,9 +222,11 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     const char *name = NULL;
     gid_t gid;
     int ret;
+    int i;
     char *usn_value = NULL;
     TALLOC_CTX *tmpctx = NULL;
     bool posix_group;
+    const char **aliases = NULL;
 
     tmpctx = talloc_new(memctx);
     if (!tmpctx) {
@@ -367,6 +369,20 @@ static int sdap_save_group(TALLOC_CTX *memctx,
         }
     }
 
+    ret = sysdb_attrs_get_aliases(tmpctx, attrs, name, &aliases);
+    if (ret != EOK) {
+        DEBUG(1, ("Failed to get the alias list\n"));
+        goto fail;
+    }
+
+    for (i = 0; aliases[i]; i++) {
+        ret = sysdb_attrs_add_string(group_attrs, SYSDB_NAME_ALIAS,
+                                        aliases[i]);
+        if (ret) {
+            goto fail;
+        }
+    }
+
     DEBUG(6, ("Storing info for group %s\n", name));
 
     ret = sdap_store_group_with_gid(group_attrs, ctx, dom,
@@ -853,17 +869,73 @@ sdap_process_group_members_2307bis(struct tevent_req *req,
 }
 
 static int
+sdap_add_group_member_2307(struct sdap_process_group_state *state,
+                           const char *username)
+{
+    char *strdn;
+
+    strdn = sysdb_user_strdn(state->sysdb_dns->values,
+                             state->dom->name, username);
+    if (!strdn) {
+        return ENOMEM;
+    }
+
+    state->sysdb_dns->values[state->sysdb_dns->num_values].data =
+            (uint8_t *) strdn;
+    state->sysdb_dns->values[state->sysdb_dns->num_values].length =
+            strlen(strdn);
+    state->sysdb_dns->num_values++;
+
+    return EOK;
+}
+
+static int
 sdap_process_missing_member_2307(struct sdap_process_group_state *state,
-                                 char *username, bool *in_transaction)
+                                 char *member_name, bool *in_transaction)
 {
     int ret, sret;
-    struct ldb_dn *dn;
-    char* dn_string;
-
-    DEBUG(7, ("Adding a dummy entry\n"));
+    TALLOC_CTX *tmp_ctx;
+    const char *filter;
+    const char *username;
+    size_t count;
+    struct ldb_message **msgs = NULL;
+    static const char *attrs[] = { SYSDB_NAME, NULL };
 
     if (!in_transaction) return EINVAL;
 
+    tmp_ctx = talloc_new(NULL);
+    if (!tmp_ctx) return ENOMEM;
+
+    /* Check for the alias in the sysdb */
+    filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME_ALIAS, member_name);
+    if (!filter) {
+        ret = ENOMEM;
+        goto fail;
+    }
+
+    ret = sysdb_search_users(tmp_ctx, state->sysdb, filter,
+                             attrs, &count, &msgs);
+    if (ret == EOK && count > 0) {
+        /* Entry exists but the group references it with an alias. */
+
+        if (count != 1) {
+            DEBUG(1, ("More than one entry with this alias?\n"));
+            ret = EIO;
+            goto fail;
+        }
+
+        /* fill username with primary name */
+        username = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
+        goto done;
+    } else if (ret != EOK && ret != ENOENT) {
+        ret = EIO;
+        goto fail;
+    }
+
+    username = member_name;
+    /* The entry really does not exist, add a fake entry */
+    DEBUG(7, ("Adding a dummy entry\n"));
+
     if (!*in_transaction) {
         ret = sysdb_transaction_start(state->sysdb);
         if (ret != EOK) {
@@ -885,27 +957,17 @@ sdap_process_missing_member_2307(struct sdap_process_group_state *state,
      * Convert the just received DN into the corresponding sysdb DN
      * for saving into member attribute of the group
      */
-    dn = sysdb_user_dn(state->sysdb, state, state->dom->name,
-                       (char*) username);
-    if (!dn) {
-        ret = ENOMEM;
-        goto fail;
-    }
-
-    dn_string = ldb_dn_alloc_linearized(state->sysdb_dns->values, dn);
-    if (!dn_string) {
-        ret = ENOMEM;
+done:
+    ret = sdap_add_group_member_2307(state, username);
+    if (ret != EOK) {
+        DEBUG(1, ("Could not add group member %s\n", username));
         goto fail;
     }
 
-    state->sysdb_dns->values[state->sysdb_dns->num_values].data =
-            (uint8_t *) dn_string;
-    state->sysdb_dns->values[state->sysdb_dns->num_values].length =
-            strlen(dn_string);
-    state->sysdb_dns->num_values++;
-
+    talloc_free(tmp_ctx);
     return EOK;
 fail:
+    talloc_free(tmp_ctx);
     if (*in_transaction) {
         sret = sysdb_transaction_cancel(state->sysdb);
         if (sret == EOK) {
@@ -925,7 +987,6 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state,
     struct ldb_message *msg;
     bool in_transaction = false;
     char *member_name;
-    char *strdn;
     int ret;
     errno_t sret;
     int i;
@@ -939,23 +1000,17 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state,
         ret = sysdb_search_user_by_name(state, state->sysdb,
                                         member_name, NULL, &msg);
         if (ret == EOK) {
-            strdn = sysdb_user_strdn(state->sysdb_dns->values,
-                                     state->dom->name,
-                                     member_name);
-            if (!strdn) {
-                ret = ENOMEM;
+            /*
+             * User already cached in sysdb. Remember the sysdb DN for later
+             * use by sdap_save_groups()
+             */
+            DEBUG(7, ("Member already cached in sysdb: %s\n", member_name));
+
+            ret = sdap_add_group_member_2307(state, member_name);
+            if (ret != EOK) {
+                DEBUG(1, ("Could not add member %s into sysdb\n", member_name));
                 goto done;
             }
-            /*
-            * User already cached in sysdb. Remember the sysdb DN for later
-            * use by sdap_save_groups()
-            */
-            DEBUG(7,("Member already cached in sysdb: %s\n", strdn));
-            state->sysdb_dns->values[state->sysdb_dns->num_values].data =
-                    (uint8_t *) strdn;
-            state->sysdb_dns->values[state->sysdb_dns->num_values].length =
-                    strlen(strdn);
-            state->sysdb_dns->num_values++;
         } else if (ret == ENOENT) {
             /* The user is not in sysdb, need to add it */
             DEBUG(7, ("member #%d (%s): not found in sysdb\n",