diff options
author | Pavel Březina <pbrezina@redhat.com> | 2013-09-06 13:13:04 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-26 21:11:52 +0200 |
commit | 9cc66028cb6e497588a088ff2953e2ca7ed6ca6d (patch) | |
tree | 5b4d5bf7c5b77c3a04939a2e3f47cf2e4ee4e762 /src/providers | |
parent | cf1a8af5556b1d8eab68802918c881ae1a0b89eb (diff) | |
download | sssd-9cc66028cb6e497588a088ff2953e2ca7ed6ca6d.tar.gz sssd-9cc66028cb6e497588a088ff2953e2ca7ed6ca6d.tar.bz2 sssd-9cc66028cb6e497588a088ff2953e2ca7ed6ca6d.zip |
sysdb: get_sysdb_grouplist() can return either names or dn
We need to work with distinguish names when processing
cross-domain membership, because groups and users may
be stored in different sysdb tree.
Resolves:
https://fedorahosted.org/sssd/ticket/2066
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 65 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_private.h | 6 |
2 files changed, 55 insertions, 16 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index a0df82ca..e645067b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -3035,11 +3035,12 @@ int sdap_get_initgr_recv(struct tevent_req *req) return EOK; } -errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - const char *name, - char ***grouplist) +static errno_t get_sysdb_grouplist_ex(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *name, + char ***grouplist, + bool get_dn) { errno_t ret; const char *attrs[2]; @@ -3075,19 +3076,32 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, goto done; } - /* Get a list of the groups by groupname only */ - for (i=0; i < groups->num_values; i++) { - ret = sysdb_group_dn_name(sysdb, - sysdb_grouplist, - (const char *)groups->values[i].data, - &sysdb_grouplist[i]); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not determine group name from [%s]: [%s]\n", - (const char *)groups->values[i].data, strerror(ret))); - goto done; + if (get_dn) { + /* Get distinguish name */ + for (i=0; i < groups->num_values; i++) { + sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist, + (const char *)groups->values[i].data); + if (sysdb_grouplist[i] == NULL) { + ret = ENOMEM; + goto done; + } + } + } else { + /* Get a list of the groups by groupname only */ + for (i=0; i < groups->num_values; i++) { + ret = sysdb_group_dn_name(sysdb, + sysdb_grouplist, + (const char *)groups->values[i].data, + &sysdb_grouplist[i]); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Could not determine group name from [%s]: [%s]\n", + (const char *)groups->values[i].data, strerror(ret))); + goto done; + } } } + sysdb_grouplist[groups->num_values] = NULL; } @@ -3098,3 +3112,22 @@ done: return ret; } +errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *name, + char ***grouplist) +{ + return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain, + name, grouplist, false); +} + +errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *name, + char ***grouplist) +{ + return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain, + name, grouplist, true); +} diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h index 944c8a82..364c809a 100644 --- a/src/providers/ldap/sdap_async_private.h +++ b/src/providers/ldap/sdap_async_private.h @@ -112,6 +112,12 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, const char *name, char ***grouplist); +errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *name, + char ***grouplist); + /* from sdap_async_nested_groups.c */ struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, |