diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-06 16:04:32 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-09 17:59:23 +0100 |
commit | f9f74a587c8e96dcf90214c760022684afc8bef7 (patch) | |
tree | f5ba9de45392c96e5362b0238a36db516dd83496 /src | |
parent | 480195bd70467bf05e2fd92cf25cec822a670ced (diff) | |
download | sssd-f9f74a587c8e96dcf90214c760022684afc8bef7.tar.gz sssd-f9f74a587c8e96dcf90214c760022684afc8bef7.tar.bz2 sssd-f9f74a587c8e96dcf90214c760022684afc8bef7.zip |
AD: replace GID/UID, do not add another one
The code would call sysdb_attrs_add_uint32 which added another UID or GID
to the ID=0 we already downloaded from LDAP (0 is the default value) when
ID-mapping an entry. This led to funky behaviour later on when we wanted
to process the ID.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap.c | 31 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 8 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 7 |
4 files changed, 41 insertions, 7 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index f5b1f95f..371121b2 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -1158,3 +1158,34 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, return ret; } + +int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val) +{ + char *str; + errno_t ret; + struct ldb_message_element *el; + + ret = sysdb_attrs_get_el_ext(entry, attr, false, &el); + if (ret == ENOENT) { + return sysdb_attrs_add_uint32(entry, attr, val); + } else if (ret) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot get attribute [%s]\n", attr)); + return ret; + } + + if (el->num_values != 1) { + DEBUG(SSSDBG_OP_FAILURE, + ("Expected 1 value for %s, got %d\n", attr, el->num_values)); + return EINVAL; + } + + str = talloc_asprintf(entry, "%llu", (unsigned long long) val); + if (!str) { + return ENOMEM; + } + + el->values[0].data = (uint8_t *) str; + el->values[0].length = strlen(str); + + return EOK; +} diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index d844ad63..d1436579 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -488,6 +488,8 @@ int build_attrs_from_map(TALLOC_CTX *memctx, int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, struct berval *value, int dupval, LDAPControl **ctrlp); +int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val); + errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, struct sdap_options *opts); int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 26f36fb9..e1e84c33 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -398,11 +398,9 @@ static int sdap_save_group(TALLOC_CTX *memctx, /* Store the GID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. */ - ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not store GID: [%s]\n", - strerror(ret))); + ret = sdap_replace_id(attrs, SYSDB_GIDNUM, gid); + if (ret) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the id-mapped GID\n")); goto done; } } else { diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index f640b970..ade1d37b 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -160,8 +160,11 @@ int sdap_save_user(TALLOC_CTX *memctx, /* Store the UID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. */ - ret = sysdb_attrs_add_uint32(attrs, SYSDB_UIDNUM, uid); - if (ret != EOK) goto done; + ret = sdap_replace_id(attrs, SYSDB_UIDNUM, uid); + if (ret) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the id-mapped UID\n")); + goto done; + } } else { ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_UID].sys_name, |