diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2011-03-11 05:06:48 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-03-14 15:42:34 -0400 |
| commit | 0112cf9f4a48494f1527018f86f762f2aff63f07 (patch) | |
| tree | 5644fe2052f920f7713deb4b5d6fc8d643c28bb1 /src | |
| parent | 33e6db66a823832b6f9653bc46de549631dcfad9 (diff) | |
| download | sssd-0112cf9f4a48494f1527018f86f762f2aff63f07.tar.gz sssd-0112cf9f4a48494f1527018f86f762f2aff63f07.tar.bz2 sssd-0112cf9f4a48494f1527018f86f762f2aff63f07.zip | |
Require existence of GID number and name in group searches
https://fedorahosted.org/sssd/ticket/824
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 9 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_id_enum.c | 28 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 30 |
3 files changed, 42 insertions, 25 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 9a234280..776df1ac 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -335,9 +335,12 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } - state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", - attr_name, clean_name, - ctx->opts->group_map[SDAP_OC_GROUP].name); + state->filter = + talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", + attr_name, clean_name, + ctx->opts->group_map[SDAP_OC_GROUP].name, + ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name); if (!state->filter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index f47ee9fb..42c29119 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -546,19 +546,23 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, state->op = op; if (ctx->srv_opts && ctx->srv_opts->max_group_value && !purge) { - state->filter = talloc_asprintf(state, - "(&(%s=*)(objectclass=%s)(%s>=%s)(!(%s=%s)))", - ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, - ctx->opts->group_map[SDAP_OC_GROUP].name, - ctx->opts->group_map[SDAP_AT_GROUP_USN].name, - ctx->srv_opts->max_group_value, - ctx->opts->group_map[SDAP_AT_GROUP_USN].name, - ctx->srv_opts->max_group_value); + state->filter = talloc_asprintf( + state, + "(&(objectclass=%s)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))", + ctx->opts->group_map[SDAP_OC_GROUP].name, + ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name, + ctx->opts->group_map[SDAP_AT_GROUP_USN].name, + ctx->srv_opts->max_group_value, + ctx->opts->group_map[SDAP_AT_GROUP_USN].name, + ctx->srv_opts->max_group_value); } else { - state->filter = talloc_asprintf(state, - "(&(%s=*)(objectclass=%s))", - ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, - ctx->opts->group_map[SDAP_OC_GROUP].name); + state->filter = talloc_asprintf( + state, + "(&(objectclass=%s)(%s=*)(%s=*))", + ctx->opts->group_map[SDAP_OC_GROUP].name, + ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name); } if (!state->filter) { DEBUG(2, ("Failed to build filter\n")); diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 8e459598..30c7a498 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -2007,10 +2007,12 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, return NULL; } - filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", + filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_name, - opts->group_map[SDAP_OC_GROUP].name); + opts->group_map[SDAP_OC_GROUP].name, + opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_GID].name); if (!filter) { talloc_zfree(req); return NULL; @@ -2211,8 +2213,10 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, return NULL; } - state->filter = talloc_asprintf(state, "(objectclass=%s)", - opts->group_map[SDAP_OC_GROUP].name); + state->filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=*)(%s=*)", + opts->group_map[SDAP_OC_GROUP].name, + opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_GID].name); if (!state->filter) { talloc_zfree(req); return NULL; @@ -3103,8 +3107,10 @@ static errno_t sdap_nested_group_lookup_group(struct tevent_req *req) } filter = talloc_asprintf( - sdap_attrs, "(objectclass=%s)", - state->opts->group_map[SDAP_OC_GROUP].name); + sdap_attrs, "(&(objectclass=%s)(%s=*)(%s=*))", + state->opts->group_map[SDAP_OC_GROUP].name, + state->opts->group_map[SDAP_AT_GROUP_NAME].name, + state->opts->group_map[SDAP_AT_GROUP_GID].name); if (!filter) { talloc_free(sdap_attrs); return ENOMEM; @@ -3435,10 +3441,12 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( return NULL; } - filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", + filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_orig_dn, - opts->group_map[SDAP_OC_GROUP].name); + opts->group_map[SDAP_OC_GROUP].name, + opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_GID].name); if (!filter) { talloc_zfree(req); return NULL; @@ -3839,10 +3847,12 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) } filter = talloc_asprintf( - tmp_ctx, "(&(%s=%s)(objectclass=%s))", + tmp_ctx, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", state->opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_orig_dn, - state->opts->group_map[SDAP_OC_GROUP].name); + state->opts->group_map[SDAP_OC_GROUP].name, + state->opts->group_map[SDAP_AT_GROUP_NAME].name, + state->opts->group_map[SDAP_AT_GROUP_GID].name); if (!filter) { ret = ENOMEM; goto error; |