summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-01-06 16:04:32 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-01-09 17:59:23 +0100
commitf9f74a587c8e96dcf90214c760022684afc8bef7 (patch)
treef5ba9de45392c96e5362b0238a36db516dd83496 /src
parent480195bd70467bf05e2fd92cf25cec822a670ced (diff)
downloadsssd-f9f74a587c8e96dcf90214c760022684afc8bef7.tar.gz
sssd-f9f74a587c8e96dcf90214c760022684afc8bef7.tar.bz2
sssd-f9f74a587c8e96dcf90214c760022684afc8bef7.zip
AD: replace GID/UID, do not add another one
The code would call sysdb_attrs_add_uint32 which added another UID or GID to the ID=0 we already downloaded from LDAP (0 is the default value) when ID-mapping an entry. This led to funky behaviour later on when we wanted to process the ID.
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/sdap.c31
-rw-r--r--src/providers/ldap/sdap.h2
-rw-r--r--src/providers/ldap/sdap_async_groups.c8
-rw-r--r--src/providers/ldap/sdap_async_users.c7
4 files changed, 41 insertions, 7 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index f5b1f95f..371121b2 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -1158,3 +1158,34 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical,
return ret;
}
+
+int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val)
+{
+ char *str;
+ errno_t ret;
+ struct ldb_message_element *el;
+
+ ret = sysdb_attrs_get_el_ext(entry, attr, false, &el);
+ if (ret == ENOENT) {
+ return sysdb_attrs_add_uint32(entry, attr, val);
+ } else if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot get attribute [%s]\n", attr));
+ return ret;
+ }
+
+ if (el->num_values != 1) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Expected 1 value for %s, got %d\n", attr, el->num_values));
+ return EINVAL;
+ }
+
+ str = talloc_asprintf(entry, "%llu", (unsigned long long) val);
+ if (!str) {
+ return ENOMEM;
+ }
+
+ el->values[0].data = (uint8_t *) str;
+ el->values[0].length = strlen(str);
+
+ return EOK;
+}
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index d844ad63..d1436579 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -488,6 +488,8 @@ int build_attrs_from_map(TALLOC_CTX *memctx,
int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical,
struct berval *value, int dupval, LDAPControl **ctrlp);
+int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val);
+
errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse,
struct sdap_options *opts);
int sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 26f36fb9..e1e84c33 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -398,11 +398,9 @@ static int sdap_save_group(TALLOC_CTX *memctx,
/* Store the GID in the ldap_attrs so it doesn't get
* treated as a missing attribute from LDAP and removed.
*/
- ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Could not store GID: [%s]\n",
- strerror(ret)));
+ ret = sdap_replace_id(attrs, SYSDB_GIDNUM, gid);
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the id-mapped GID\n"));
goto done;
}
} else {
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index f640b970..ade1d37b 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -160,8 +160,11 @@ int sdap_save_user(TALLOC_CTX *memctx,
/* Store the UID in the ldap_attrs so it doesn't get
* treated as a missing attribute from LDAP and removed.
*/
- ret = sysdb_attrs_add_uint32(attrs, SYSDB_UIDNUM, uid);
- if (ret != EOK) goto done;
+ ret = sdap_replace_id(attrs, SYSDB_UIDNUM, uid);
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the id-mapped UID\n"));
+ goto done;
+ }
} else {
ret = sysdb_attrs_get_uint32_t(attrs,
opts->user_map[SDAP_AT_USER_UID].sys_name,