summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_async_groups.c
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2011-09-21 10:50:18 +0200
committerStephen Gallagher <sgallagh@redhat.com>2011-09-28 09:22:48 -0400
commit033d1e3985288ec827db85882b052104485606ac (patch)
tree007e9ee457afe42904f15d1abd23133fc94bca6c /src/providers/ldap/sdap_async_groups.c
parentfd61c807554d5a3ff74f065eb0438fe2524f4ba2 (diff)
downloadsssd-033d1e3985288ec827db85882b052104485606ac.tar.gz
sssd-033d1e3985288ec827db85882b052104485606ac.tar.bz2
sssd-033d1e3985288ec827db85882b052104485606ac.zip
Store name aliases for users, groups
Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works
Diffstat (limited to 'src/providers/ldap/sdap_async_groups.c')
-rw-r--r--src/providers/ldap/sdap_async_groups.c129
1 files changed, 92 insertions, 37 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index f887651d..2b48af92 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -222,9 +222,11 @@ static int sdap_save_group(TALLOC_CTX *memctx,
const char *name = NULL;
gid_t gid;
int ret;
+ int i;
char *usn_value = NULL;
TALLOC_CTX *tmpctx = NULL;
bool posix_group;
+ const char **aliases = NULL;
tmpctx = talloc_new(memctx);
if (!tmpctx) {
@@ -367,6 +369,20 @@ static int sdap_save_group(TALLOC_CTX *memctx,
}
}
+ ret = sysdb_attrs_get_aliases(tmpctx, attrs, name, &aliases);
+ if (ret != EOK) {
+ DEBUG(1, ("Failed to get the alias list\n"));
+ goto fail;
+ }
+
+ for (i = 0; aliases[i]; i++) {
+ ret = sysdb_attrs_add_string(group_attrs, SYSDB_NAME_ALIAS,
+ aliases[i]);
+ if (ret) {
+ goto fail;
+ }
+ }
+
DEBUG(6, ("Storing info for group %s\n", name));
ret = sdap_store_group_with_gid(group_attrs, ctx, dom,
@@ -853,17 +869,73 @@ sdap_process_group_members_2307bis(struct tevent_req *req,
}
static int
+sdap_add_group_member_2307(struct sdap_process_group_state *state,
+ const char *username)
+{
+ char *strdn;
+
+ strdn = sysdb_user_strdn(state->sysdb_dns->values,
+ state->dom->name, username);
+ if (!strdn) {
+ return ENOMEM;
+ }
+
+ state->sysdb_dns->values[state->sysdb_dns->num_values].data =
+ (uint8_t *) strdn;
+ state->sysdb_dns->values[state->sysdb_dns->num_values].length =
+ strlen(strdn);
+ state->sysdb_dns->num_values++;
+
+ return EOK;
+}
+
+static int
sdap_process_missing_member_2307(struct sdap_process_group_state *state,
- char *username, bool *in_transaction)
+ char *member_name, bool *in_transaction)
{
int ret, sret;
- struct ldb_dn *dn;
- char* dn_string;
-
- DEBUG(7, ("Adding a dummy entry\n"));
+ TALLOC_CTX *tmp_ctx;
+ const char *filter;
+ const char *username;
+ size_t count;
+ struct ldb_message **msgs = NULL;
+ static const char *attrs[] = { SYSDB_NAME, NULL };
if (!in_transaction) return EINVAL;
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) return ENOMEM;
+
+ /* Check for the alias in the sysdb */
+ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME_ALIAS, member_name);
+ if (!filter) {
+ ret = ENOMEM;
+ goto fail;
+ }
+
+ ret = sysdb_search_users(tmp_ctx, state->sysdb, filter,
+ attrs, &count, &msgs);
+ if (ret == EOK && count > 0) {
+ /* Entry exists but the group references it with an alias. */
+
+ if (count != 1) {
+ DEBUG(1, ("More than one entry with this alias?\n"));
+ ret = EIO;
+ goto fail;
+ }
+
+ /* fill username with primary name */
+ username = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
+ goto done;
+ } else if (ret != EOK && ret != ENOENT) {
+ ret = EIO;
+ goto fail;
+ }
+
+ username = member_name;
+ /* The entry really does not exist, add a fake entry */
+ DEBUG(7, ("Adding a dummy entry\n"));
+
if (!*in_transaction) {
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
@@ -885,27 +957,17 @@ sdap_process_missing_member_2307(struct sdap_process_group_state *state,
* Convert the just received DN into the corresponding sysdb DN
* for saving into member attribute of the group
*/
- dn = sysdb_user_dn(state->sysdb, state, state->dom->name,
- (char*) username);
- if (!dn) {
- ret = ENOMEM;
- goto fail;
- }
-
- dn_string = ldb_dn_alloc_linearized(state->sysdb_dns->values, dn);
- if (!dn_string) {
- ret = ENOMEM;
+done:
+ ret = sdap_add_group_member_2307(state, username);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not add group member %s\n", username));
goto fail;
}
- state->sysdb_dns->values[state->sysdb_dns->num_values].data =
- (uint8_t *) dn_string;
- state->sysdb_dns->values[state->sysdb_dns->num_values].length =
- strlen(dn_string);
- state->sysdb_dns->num_values++;
-
+ talloc_free(tmp_ctx);
return EOK;
fail:
+ talloc_free(tmp_ctx);
if (*in_transaction) {
sret = sysdb_transaction_cancel(state->sysdb);
if (sret == EOK) {
@@ -925,7 +987,6 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state,
struct ldb_message *msg;
bool in_transaction = false;
char *member_name;
- char *strdn;
int ret;
errno_t sret;
int i;
@@ -939,23 +1000,17 @@ sdap_process_group_members_2307(struct sdap_process_group_state *state,
ret = sysdb_search_user_by_name(state, state->sysdb,
member_name, NULL, &msg);
if (ret == EOK) {
- strdn = sysdb_user_strdn(state->sysdb_dns->values,
- state->dom->name,
- member_name);
- if (!strdn) {
- ret = ENOMEM;
+ /*
+ * User already cached in sysdb. Remember the sysdb DN for later
+ * use by sdap_save_groups()
+ */
+ DEBUG(7, ("Member already cached in sysdb: %s\n", member_name));
+
+ ret = sdap_add_group_member_2307(state, member_name);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not add member %s into sysdb\n", member_name));
goto done;
}
- /*
- * User already cached in sysdb. Remember the sysdb DN for later
- * use by sdap_save_groups()
- */
- DEBUG(7,("Member already cached in sysdb: %s\n", strdn));
- state->sysdb_dns->values[state->sysdb_dns->num_values].data =
- (uint8_t *) strdn;
- state->sysdb_dns->values[state->sysdb_dns->num_values].length =
- strlen(strdn);
- state->sysdb_dns->num_values++;
} else if (ret == ENOENT) {
/* The user is not in sysdb, need to add it */
DEBUG(7, ("member #%d (%s): not found in sysdb\n",