summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_async_users.c
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-04-23 08:05:07 -0400
committerStephen Gallagher <sgallagh@redhat.com>2012-05-03 14:09:14 -0400
commit8be5e4497e5008f7807178acdfcbf97365ec4e73 (patch)
treeafa0e26dab895b020e7fac5e3a4f0e7979d7dcb1 /src/providers/ldap/sdap_async_users.c
parent3f2fa4c9290afdb393c760419a0ff686045a1ab3 (diff)
downloadsssd-8be5e4497e5008f7807178acdfcbf97365ec4e73.tar.gz
sssd-8be5e4497e5008f7807178acdfcbf97365ec4e73.tar.bz2
sssd-8be5e4497e5008f7807178acdfcbf97365ec4e73.zip
LDAP: Add helper function to map IDs
This function will also auto-create a new ID map if the domain has not been seen previously.
Diffstat (limited to 'src/providers/ldap/sdap_async_users.c')
-rw-r--r--src/providers/ldap/sdap_async_users.c63
1 files changed, 6 insertions, 57 deletions
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index 11574f9e..bc9e5551 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -59,7 +59,6 @@ int sdap_save_user(TALLOC_CTX *memctx,
char *sid_str;
char *dom_sid_str = NULL;
char *group_sid_str;
- enum idmap_error_code err;
DEBUG(9, ("Save user\n"));
@@ -134,50 +133,8 @@ int sdap_save_user(TALLOC_CTX *memctx,
if (ret != EOK) goto fail;
/* Convert the SID into a UNIX user ID */
- err = sss_idmap_sid_to_unix(opts->idmap_ctx->map,
- sid_str,
- (uint32_t *)&uid);
- if (err != IDMAP_SUCCESS && err != IDMAP_NO_DOMAIN) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Could not convert objectSID [%s] to a UNIX ID\n",
- sid_str));
- ret = EIO;
- goto fail;
- } else if (err == IDMAP_NO_DOMAIN) {
- /* This is the first time we've seen this domain
- * Create a new domain for it. We'll use the dom-sid
- * as the domain name for now, since we don't have
- * any way to get the real name.
- */
- ret = sdap_idmap_get_dom_sid_from_object(tmpctx, sid_str,
- &dom_sid_str);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Could not parse domain SID from [%s]\n", sid_str));
- goto fail;
- }
-
- ret = sdap_idmap_add_domain(opts->idmap_ctx,
- dom_sid_str, dom_sid_str,
- -1);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Could not add new domain for sid [%s]\n", sid_str));
- goto fail;
- }
-
- /* Now try converting to a UNIX ID again */
- err = sss_idmap_sid_to_unix(opts->idmap_ctx->map,
- sid_str,
- (uint32_t *)&uid);
- if (err != IDMAP_SUCCESS) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Could not convert objectSID [%s] to a UNIX ID\n",
- sid_str));
- ret = EIO;
- goto fail;
- }
- }
+ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid);
+ if (ret != EOK) goto fail;
/* Store the UID in the ldap_attrs so it doesn't get
* treated as a missing attribute from LDAP and removed.
@@ -197,7 +154,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
}
/* check that the uid is valid for this domain */
if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) {
- DEBUG(2, ("User [%s] filtered out! (id out of range)\n",
+ DEBUG(2, ("User [%s] filtered out! (uid out of range)\n",
name));
ret = EINVAL;
goto fail;
@@ -242,16 +199,8 @@ int sdap_save_user(TALLOC_CTX *memctx,
}
/* Convert the SID into a UNIX group ID */
- err = sss_idmap_sid_to_unix(opts->idmap_ctx->map,
- group_sid_str,
- (uint32_t *)&gid);
- if (err != IDMAP_SUCCESS) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Could not convert objectSID [%s] to a UNIX ID\n",
- group_sid_str));
- ret = EIO;
- goto fail;
- }
+ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str, &gid);
+ if (ret != EOK) goto fail;
/* Store the GID in the ldap_attrs so it doesn't get
* treated as a missing attribute from LDAP and removed.
@@ -272,7 +221,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
/* check that the gid is valid for this domain */
if (OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) {
- DEBUG(2, ("User [%s] filtered out! (id out of range)\n",
+ DEBUG(2, ("User [%s] filtered out! (primary gid out of range)\n",
name));
ret = EINVAL;
goto fail;