diff options
author | Michal Zidek <mzidek@redhat.com> | 2012-11-14 15:36:22 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-28 11:20:09 +0100 |
commit | d6f283302268520c1506fb3da4f2a22f5a741be5 (patch) | |
tree | 1db58d6866fe821754a7e49d5442c2b427cdc075 /src/providers/ldap/sdap_async_users.c | |
parent | 82505163d22f0ce9cc63f22b2cac5d3ca3af0937 (diff) | |
download | sssd-d6f283302268520c1506fb3da4f2a22f5a741be5.tar.gz sssd-d6f283302268520c1506fb3da4f2a22f5a741be5.tar.bz2 sssd-d6f283302268520c1506fb3da4f2a22f5a741be5.zip |
idmap: Silence DEBUG messages when dealing with built-in SIDs.
When converting built-in SID to unix GID/UID a confusing debug
message about the failed conversion was printed. This patch special
cases these built-in objects.
https://fedorahosted.org/sssd/ticket/1593
Diffstat (limited to 'src/providers/ldap/sdap_async_users.c')
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 95 |
1 files changed, 51 insertions, 44 deletions
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index d706740d..f640b970 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -67,13 +67,13 @@ int sdap_save_user(TALLOC_CTX *memctx, tmpctx = talloc_new(NULL); if (!tmpctx) { ret = ENOMEM; - goto fail; + goto done; } user_attrs = sysdb_new_attrs(tmpctx); if (user_attrs == NULL) { ret = ENOMEM; - goto fail; + goto done; } ret = sysdb_attrs_primary_name(ctx, attrs, @@ -81,7 +81,7 @@ int sdap_save_user(TALLOC_CTX *memctx, &name); if (ret != EOK) { DEBUG(1, ("Failed to save the user - entry has no name attribute\n")); - goto fail; + goto done; } if (opts->schema_type == SDAP_SCHEMA_AD) { @@ -90,22 +90,22 @@ int sdap_save_user(TALLOC_CTX *memctx, if (ret == EOK) { ret = sysdb_attrs_add_string(user_attrs, SYSDB_FULLNAME, fullname); if (ret != EOK) { - goto fail; + goto done; } } else if (ret != ENOENT) { - goto fail; + goto done; } } ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_PWD].sys_name, &el); - if (ret) goto fail; + if (ret) goto done; if (el->num_values == 0) pwd = NULL; else pwd = (const char *)el->values[0].data; ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_GECOS].sys_name, &el); - if (ret) goto fail; + if (ret) goto done; if (el->num_values == 0) gecos = NULL; else gecos = (const char *)el->values[0].data; @@ -114,19 +114,19 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sysdb_attrs_get_el( attrs, opts->user_map[SDAP_AT_USER_FULLNAME].sys_name, &el); - if (ret) goto fail; + if (ret) goto done; if (el->num_values > 0) gecos = (const char *)el->values[0].data; } ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_HOME].sys_name, &el); - if (ret) goto fail; + if (ret) goto done; if (el->num_values == 0) homedir = NULL; else homedir = (const char *)el->values[0].data; ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_SHELL].sys_name, &el); - if (ret) goto fail; + if (ret) goto done; if (el->num_values == 0) shell = NULL; else shell = (const char *)el->values[0].data; @@ -139,23 +139,29 @@ int sdap_save_user(TALLOC_CTX *memctx, tmpctx, opts->idmap_ctx, attrs, opts->user_map[SDAP_AT_USER_OBJECTSID].sys_name, &sid_str); - if (ret != EOK) goto fail; + if (ret != EOK) goto done; /* Add string representation to the cache for easier * debugging */ ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, sid_str); - if (ret != EOK) goto fail; + if (ret != EOK) goto done; /* Convert the SID into a UNIX user ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid); - if (ret != EOK) goto fail; + if (ret == ENOTSUP) { + DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n")); + ret = EOK; + goto done; + } else if (ret != EOK) { + goto done; + } /* Store the UID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. */ ret = sysdb_attrs_add_uint32(attrs, SYSDB_UIDNUM, uid); - if (ret != EOK) goto fail; + if (ret != EOK) goto done; } else { ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_UID].sys_name, @@ -164,7 +170,7 @@ int sdap_save_user(TALLOC_CTX *memctx, DEBUG(1, ("no uid provided for [%s] in domain [%s].\n", name, dom->name)); ret = EINVAL; - goto fail; + goto done; } } /* check that the uid is valid for this domain */ @@ -172,7 +178,7 @@ int sdap_save_user(TALLOC_CTX *memctx, DEBUG(2, ("User [%s] filtered out! (uid out of range)\n", name)); ret = EINVAL; - goto fail; + goto done; } if (use_id_mapping) { @@ -185,7 +191,7 @@ int sdap_save_user(TALLOC_CTX *memctx, ("no primary group ID provided for [%s] in domain [%s].\n", name, dom->name)); ret = EINVAL; - goto fail; + goto done; } /* The primary group ID is just the RID part of the objectSID @@ -200,7 +206,7 @@ int sdap_save_user(TALLOC_CTX *memctx, if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not parse domain SID from [%s]\n", sid_str)); - goto fail; + goto done; } } @@ -210,18 +216,18 @@ int sdap_save_user(TALLOC_CTX *memctx, (unsigned long)primary_gid); if (!group_sid_str) { ret = ENOMEM; - goto fail; + goto done; } /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str, &gid); - if (ret != EOK) goto fail; + if (ret != EOK) goto done; /* Store the GID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. */ ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid); - if (ret != EOK) goto fail; + if (ret != EOK) goto done; } else { ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_GID].sys_name, @@ -230,7 +236,7 @@ int sdap_save_user(TALLOC_CTX *memctx, DEBUG(1, ("no gid provided for [%s] in domain [%s].\n", name, dom->name)); ret = EINVAL; - goto fail; + goto done; } } @@ -239,12 +245,12 @@ int sdap_save_user(TALLOC_CTX *memctx, DEBUG(2, ("User [%s] filtered out! (primary gid out of range)\n", name)); ret = EINVAL; - goto fail; + goto done; } ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el); if (ret) { - goto fail; + goto done; } if (!el || el->num_values == 0) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -256,13 +262,13 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_DN, orig_dn); if (ret) { - goto fail; + goto done; } } ret = sysdb_attrs_get_el(attrs, SYSDB_MEMBEROF, &el); if (ret) { - goto fail; + goto done; } if (el->num_values == 0) { DEBUG(7, ("Original memberOf is not available for [%s].\n", @@ -274,7 +280,7 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF, (const char *) el->values[i].data); if (ret) { - goto fail; + goto done; } } } @@ -284,13 +290,13 @@ int sdap_save_user(TALLOC_CTX *memctx, "original mod-Timestamp", name, user_attrs); if (ret != EOK) { - goto fail; + goto done; } ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_USN].sys_name, &el); if (ret) { - goto fail; + goto done; } if (el->num_values == 0) { DEBUG(7, ("Original USN value is not available for [%s].\n", @@ -300,19 +306,19 @@ int sdap_save_user(TALLOC_CTX *memctx, opts->user_map[SDAP_AT_USER_USN].sys_name, (const char*)el->values[0].data); if (ret) { - goto fail; + goto done; } usn_value = talloc_strdup(tmpctx, (const char*)el->values[0].data); if (!usn_value) { ret = ENOMEM; - goto fail; + goto done; } } ret = sysdb_attrs_get_el(attrs, opts->user_map[SDAP_AT_USER_PRINC].sys_name, &el); if (ret) { - goto fail; + goto done; } if (el->num_values == 0) { DEBUG(7, ("User principal is not available for [%s].\n", name)); @@ -320,7 +326,7 @@ int sdap_save_user(TALLOC_CTX *memctx, upn = talloc_strdup(user_attrs, (const char*) el->values[0].data); if (!upn) { ret = ENOMEM; - goto fail; + goto done; } if (dp_opt_get_bool(opts->basic, SDAP_FORCE_UPPER_CASE_REALM)) { make_realm_upper_case(upn); @@ -329,7 +335,7 @@ int sdap_save_user(TALLOC_CTX *memctx, upn, name)); ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn); if (ret) { - goto fail; + goto done; } } @@ -337,7 +343,7 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sdap_attrs_add_list(attrs, opts->user_map[i].sys_name, NULL, name, user_attrs); if (ret) { - goto fail; + goto done; } } @@ -348,14 +354,14 @@ int sdap_save_user(TALLOC_CTX *memctx, (cache_timeout ? (time(NULL) + cache_timeout) : 0)); if (ret) { - goto fail; + goto done; } } ret = sdap_save_all_names(name, attrs, !dom->case_sensitive, user_attrs); if (ret != EOK) { DEBUG(1, ("Failed to save user names\n")); - goto fail; + goto done; } /* Make sure that any attributes we requested from LDAP that we @@ -364,26 +370,27 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = list_missing_attrs(user_attrs, opts->user_map, SDAP_OPTS_USER, attrs, &missing); if (ret != EOK) { - goto fail; + goto done; } DEBUG(6, ("Storing info for user %s\n", name)); ret = sysdb_store_user(ctx, name, pwd, uid, gid, gecos, homedir, shell, orig_dn, user_attrs, missing, cache_timeout, now); - if (ret) goto fail; + if (ret) goto done; if (_usn_value) { *_usn_value = talloc_steal(memctx, usn_value); } talloc_steal(memctx, user_attrs); - talloc_free(tmpctx); - return EOK; + ret = EOK; -fail: - DEBUG(2, ("Failed to save user [%s]\n", - name ? name : "Unknown")); +done: + if (ret) { + DEBUG(2, ("Failed to save user [%s]\n", + name ? name : "Unknown")); + } talloc_free(tmpctx); return ret; } |