diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2012-04-23 08:05:07 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-03 14:09:14 -0400 |
commit | 8be5e4497e5008f7807178acdfcbf97365ec4e73 (patch) | |
tree | afa0e26dab895b020e7fac5e3a4f0e7979d7dcb1 /src/providers/ldap/sdap_async_users.c | |
parent | 3f2fa4c9290afdb393c760419a0ff686045a1ab3 (diff) | |
download | sssd-8be5e4497e5008f7807178acdfcbf97365ec4e73.tar.gz sssd-8be5e4497e5008f7807178acdfcbf97365ec4e73.tar.bz2 sssd-8be5e4497e5008f7807178acdfcbf97365ec4e73.zip |
LDAP: Add helper function to map IDs
This function will also auto-create a new ID map if the domain has
not been seen previously.
Diffstat (limited to 'src/providers/ldap/sdap_async_users.c')
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 63 |
1 files changed, 6 insertions, 57 deletions
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 11574f9e..bc9e5551 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -59,7 +59,6 @@ int sdap_save_user(TALLOC_CTX *memctx, char *sid_str; char *dom_sid_str = NULL; char *group_sid_str; - enum idmap_error_code err; DEBUG(9, ("Save user\n")); @@ -134,50 +133,8 @@ int sdap_save_user(TALLOC_CTX *memctx, if (ret != EOK) goto fail; /* Convert the SID into a UNIX user ID */ - err = sss_idmap_sid_to_unix(opts->idmap_ctx->map, - sid_str, - (uint32_t *)&uid); - if (err != IDMAP_SUCCESS && err != IDMAP_NO_DOMAIN) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not convert objectSID [%s] to a UNIX ID\n", - sid_str)); - ret = EIO; - goto fail; - } else if (err == IDMAP_NO_DOMAIN) { - /* This is the first time we've seen this domain - * Create a new domain for it. We'll use the dom-sid - * as the domain name for now, since we don't have - * any way to get the real name. - */ - ret = sdap_idmap_get_dom_sid_from_object(tmpctx, sid_str, - &dom_sid_str); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not parse domain SID from [%s]\n", sid_str)); - goto fail; - } - - ret = sdap_idmap_add_domain(opts->idmap_ctx, - dom_sid_str, dom_sid_str, - -1); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not add new domain for sid [%s]\n", sid_str)); - goto fail; - } - - /* Now try converting to a UNIX ID again */ - err = sss_idmap_sid_to_unix(opts->idmap_ctx->map, - sid_str, - (uint32_t *)&uid); - if (err != IDMAP_SUCCESS) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not convert objectSID [%s] to a UNIX ID\n", - sid_str)); - ret = EIO; - goto fail; - } - } + ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid); + if (ret != EOK) goto fail; /* Store the UID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. @@ -197,7 +154,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } /* check that the uid is valid for this domain */ if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) { - DEBUG(2, ("User [%s] filtered out! (id out of range)\n", + DEBUG(2, ("User [%s] filtered out! (uid out of range)\n", name)); ret = EINVAL; goto fail; @@ -242,16 +199,8 @@ int sdap_save_user(TALLOC_CTX *memctx, } /* Convert the SID into a UNIX group ID */ - err = sss_idmap_sid_to_unix(opts->idmap_ctx->map, - group_sid_str, - (uint32_t *)&gid); - if (err != IDMAP_SUCCESS) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not convert objectSID [%s] to a UNIX ID\n", - group_sid_str)); - ret = EIO; - goto fail; - } + ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str, &gid); + if (ret != EOK) goto fail; /* Store the GID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. @@ -272,7 +221,7 @@ int sdap_save_user(TALLOC_CTX *memctx, /* check that the gid is valid for this domain */ if (OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { - DEBUG(2, ("User [%s] filtered out! (id out of range)\n", + DEBUG(2, ("User [%s] filtered out! (primary gid out of range)\n", name)); ret = EINVAL; goto fail; |