summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_async_users.c
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-04-22 20:52:58 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-05-03 14:09:14 -0400
commit532eb49e129bedf57cdbd0a66f39ad228b8f2482 (patch)
treef1873c6abe09bf5c06b02ab8f09fc3fcd9a2ebfb /src/providers/ldap/sdap_async_users.c
parentc0dc67f92a4abee6bcce304117bf2a2362ad812c (diff)
downloadsssd-532eb49e129bedf57cdbd0a66f39ad228b8f2482.tar.gz
sssd-532eb49e129bedf57cdbd0a66f39ad228b8f2482.tar.bz2
sssd-532eb49e129bedf57cdbd0a66f39ad228b8f2482.zip
LDAP: Map the user's primaryGroupID
Diffstat (limited to 'src/providers/ldap/sdap_async_users.c')
-rw-r--r--src/providers/ldap/sdap_async_users.c76
1 files changed, 64 insertions, 12 deletions
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index 9aa09da9..c6534993 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -47,7 +47,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
const char *homedir;
const char *shell;
uid_t uid;
- gid_t gid;
+ gid_t gid, primary_gid;
struct sysdb_attrs *user_attrs;
char *upn = NULL;
size_t i;
@@ -58,7 +58,8 @@ int sdap_save_user(TALLOC_CTX *memctx,
bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING);
struct dom_sid *dom_sid;
char *sid_str;
- char *dom_sid_str;
+ char *dom_sid_str = NULL;
+ char *group_sid_str;
enum idmap_error_code err;
DEBUG(9, ("Save user\n"));
@@ -126,9 +127,9 @@ int sdap_save_user(TALLOC_CTX *memctx,
&el);
if (ret != EOK || el->num_values != 1) {
DEBUG(SSSDBG_MINOR_FAILURE,
- ("No [%s] attribute for user [%s] while id-mapping\n",
+ ("No [%s] attribute for user [%s] while id-mapping. [%d][%s]\n",
opts->user_map[SDAP_AT_USER_OBJECTSID].name,
- name));
+ name, el->num_values, strerror(ret)));
goto fail;
}
@@ -213,14 +214,65 @@ int sdap_save_user(TALLOC_CTX *memctx,
goto fail;
}
- ret = sysdb_attrs_get_uint32_t(attrs,
- opts->user_map[SDAP_AT_USER_GID].sys_name,
- &gid);
- if (ret != EOK) {
- DEBUG(1, ("no gid provided for [%s] in domain [%s].\n",
- name, dom->name));
- ret = EINVAL;
- goto fail;
+ if (use_id_mapping) {
+ ret = sysdb_attrs_get_uint32_t(
+ attrs,
+ opts->user_map[SDAP_AT_USER_PRIMARY_GROUP].sys_name,
+ &primary_gid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("no primary group ID provided for [%s] in domain [%s].\n",
+ name, dom->name));
+ ret = EINVAL;
+ goto fail;
+ }
+
+ /* The primary group ID is just the RID part of the objectSID
+ * of the group. Generate the GID by adding this to the domain
+ * SID value.
+ */
+
+ /* First, get the domain SID if we didn't do so above */
+ if (!dom_sid_str) {
+ ret = sdap_idmap_get_dom_sid_from_object(tmpctx, sid_str,
+ &dom_sid_str);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Could not parse domain SID from [%s]\n", sid_str));
+ goto fail;
+ }
+ }
+
+ /* Add the RID to the end */
+ group_sid_str = talloc_asprintf(tmpctx, "%s-%lu",
+ dom_sid_str,
+ (unsigned long)primary_gid);
+ if (!group_sid_str) {
+ ret = ENOMEM;
+ goto fail;
+ }
+
+ /* Convert the SID into a UNIX group ID */
+ err = sss_idmap_sid_to_unix(opts->idmap_ctx->map,
+ group_sid_str,
+ (uint32_t *)&gid);
+ if (err != IDMAP_SUCCESS) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Could not convert objectSID [%s] to a UNIX ID\n",
+ group_sid_str));
+ ret = EIO;
+ goto fail;
+ }
+ } else {
+ ret = sysdb_attrs_get_uint32_t(attrs,
+ opts->user_map[SDAP_AT_USER_GID].sys_name,
+ &gid);
+ if (ret != EOK) {
+ DEBUG(1, ("no gid provided for [%s] in domain [%s].\n",
+ name, dom->name));
+ ret = EINVAL;
+ goto fail;
+ }
}
/* check that the gid is valid for this domain */