diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-23 12:55:25 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-24 13:52:33 +0200 |
commit | bfd59d1a2d0d45125e5164ef12c425690d519f61 (patch) | |
tree | aa1c8ea874622481d9b75b3f9a31f980601baed8 /src | |
parent | bbb7ba8890908613b1b723746e091aed740af9f9 (diff) | |
download | sssd-bfd59d1a2d0d45125e5164ef12c425690d519f61.tar.gz sssd-bfd59d1a2d0d45125e5164ef12c425690d519f61.tar.bz2 sssd-bfd59d1a2d0d45125e5164ef12c425690d519f61.zip |
LDAP: Use domain-specific name where appropriate
The subdomain users user FQDN in their name attribute. However, handling
of whether to use FQDN in the LDAP code was not really good. This patch
introduces a utility function and converts code that was relying on
user/group names matching to this utility function.
This is a temporary fix until we can refactor the sysdb API in #2011.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap.c | 51 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 12 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 76 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 51 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 81 |
5 files changed, 159 insertions, 112 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 5497d943..7741030c 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -1209,3 +1209,54 @@ int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val) return EOK; } + +static errno_t +sdap_get_primary_name(TALLOC_CTX *memctx, + const char *attr_name, + struct sysdb_attrs *attrs, + struct sss_domain_info *dom, + const char **_primary_name) +{ + errno_t ret; + const char *orig_name = NULL; + char *name; + + ret = sysdb_attrs_primary_name(dom->sysdb, attrs, attr_name, &orig_name); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("The object has no name attribute\n")); + return EINVAL; + } + + name = sss_get_domain_name(memctx, orig_name, dom); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + ("Failed to format original name [%s]\n", orig_name)); + return ENOMEM; + } + DEBUG(SSSDBG_TRACE_FUNC, ("Processing object %s\n", name)); + + *_primary_name = name; + return EOK; +} + +errno_t sdap_get_user_primary_name(TALLOC_CTX *memctx, + struct sdap_options *opts, + struct sysdb_attrs *attrs, + struct sss_domain_info *dom, + const char **_user_name) +{ + return sdap_get_primary_name(memctx, + opts->group_map[SDAP_AT_USER_NAME].name, + attrs, dom, _user_name); +} + +errno_t sdap_get_group_primary_name(TALLOC_CTX *memctx, + struct sdap_options *opts, + struct sysdb_attrs *attrs, + struct sss_domain_info *dom, + const char **_group_name) +{ + return sdap_get_primary_name(memctx, + opts->group_map[SDAP_AT_GROUP_NAME].name, + attrs, dom, _group_name); +} diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 24d208a2..6d24982b 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -492,6 +492,18 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, int sdap_replace_id(struct sysdb_attrs *entry, const char *attr, id_t val); +errno_t sdap_get_group_primary_name(TALLOC_CTX *memctx, + struct sdap_options *opts, + struct sysdb_attrs *attrs, + struct sss_domain_info *dom, + const char **_group_name); + +errno_t sdap_get_user_primary_name(TALLOC_CTX *memctx, + struct sdap_options *opts, + struct sysdb_attrs *attrs, + struct sss_domain_info *dom, + const char **_user_name); + errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, struct sdap_options *opts, struct sdap_domain *sdom); diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index c3b5914a..aa30cd0b 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -428,8 +428,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, { struct ldb_message_element *el; struct sysdb_attrs *group_attrs; - const char *name = NULL; - char *group_name; + const char *group_name; gid_t gid; errno_t ret; char *usn_value = NULL; @@ -450,14 +449,12 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - ret = sysdb_attrs_primary_name(ctx, attrs, - opts->group_map[SDAP_AT_GROUP_NAME].name, - &name); + ret = sdap_get_group_primary_name(tmpctx, opts, attrs, dom, &group_name); if (ret != EOK) { - DEBUG(1, ("Failed to save the group - entry has no name attribute\n")); + DEBUG(SSSDBG_OP_FAILURE, ("Failed to get group name\n")); goto done; } - DEBUG(SSSDBG_TRACE_FUNC, ("Processing group %s\n", name)); + DEBUG(SSSDBG_TRACE_FUNC, ("Processing group %s\n", group_name)); /* Always store SID string if available */ ret = sdap_attrs_get_sid_str(tmpctx, opts->idmap_ctx, attrs, @@ -472,7 +469,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, } } else if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_ALL, ("objectSID: not available for group [%s].\n", - name)); + group_name)); sid_str = NULL; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not identify objectSID: [%s]\n", @@ -487,14 +484,14 @@ static int sdap_save_group(TALLOC_CTX *memctx, if (sid_str == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("SID not available, cannot map a " \ - "unix ID to group [%s].\n", name)); + "unix ID to group [%s].\n", group_name)); ret = ENOENT; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Mapping group [%s] objectSID [%s] to unix ID\n", - name, sid_str)); + group_name, sid_str)); /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &gid); @@ -544,7 +541,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, &gid); if (ret != EOK) { DEBUG(1, ("no gid provided for [%s] in domain [%s].\n", - name, dom->name)); + group_name, dom->name)); ret = EINVAL; goto done; } @@ -553,8 +550,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, /* check that the gid is valid for this domain */ if (posix_group) { if (OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { - DEBUG(2, ("Group [%s] filtered out! (id out of range)\n", - name)); + DEBUG(SSSDBG_MINOR_FAILURE, + ("Group [%s] filtered out! (id out of range)\n", group_name)); ret = EINVAL; goto done; } @@ -562,7 +559,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, } ret = sdap_attrs_add_string(attrs, SYSDB_ORIG_DN, "original DN", - name, group_attrs); + group_name, group_attrs); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting original DN: [%s]\n", @@ -573,7 +570,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, ret = sdap_attrs_add_string(attrs, opts->group_map[SDAP_AT_GROUP_MODSTAMP].sys_name, "original mod-Timestamp", - name, group_attrs); + group_name, group_attrs); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Error setting mod timestamp: [%s]\n", @@ -590,8 +587,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } if (el->num_values == 0) { - DEBUG(7, ("Original USN value is not available for [%s].\n", - name)); + DEBUG(SSSDBG_TRACE_FUNC, + ("Original USN value is not available for [%s].\n", group_name)); } else { ret = sysdb_attrs_add_string(group_attrs, opts->group_map[SDAP_AT_GROUP_USN].sys_name, @@ -617,20 +614,12 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - ret = sdap_save_all_names(name, attrs, dom, group_attrs); + ret = sdap_save_all_names(group_name, attrs, dom, group_attrs); if (ret != EOK) { DEBUG(1, ("Failed to save group names\n")); goto done; } - - DEBUG(6, ("Storing info for group %s\n", name)); - - group_name = sss_get_domain_name(tmpctx, name, dom); - if (!group_name) { - DEBUG(SSSDBG_OP_FAILURE, ("failed to format user name,\n")); - ret = ENOMEM; - goto done; - } + DEBUG(SSSDBG_TRACE_FUNC, ("Storing info for group %s\n", group_name)); ret = sdap_store_group_with_gid(ctx, dom, group_name, gid, group_attrs, @@ -654,7 +643,7 @@ done: if (ret) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to save group [%s]: [%s]\n", - name ? name : "Unknown", + group_name ? group_name : "Unknown", strerror(ret))); } talloc_free(tmpctx); @@ -677,17 +666,17 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, { struct ldb_message_element *el; struct sysdb_attrs *group_attrs = NULL; - const char *name; + const char *group_name; char **userdns = NULL; size_t nuserdns = 0; int ret; - ret = sysdb_attrs_primary_name(ctx, attrs, - opts->group_map[SDAP_AT_GROUP_NAME].name, - &name); + ret = sdap_get_group_primary_name(memctx, opts, attrs, dom, &group_name); if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Failed to get group name\n")); goto fail; } + DEBUG(SSSDBG_TRACE_FUNC, ("Processing group %s\n", group_name)); /* With AD we also want to merge in parent groups of primary GID as they * are reported with tokenGroups, too @@ -705,11 +694,13 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, if (ret != EOK) { goto fail; } - if (el->num_values == 0 && nuserdns == 0) { - DEBUG(7, ("No members for group [%s]\n", name)); + if (el->num_values == 0 && nuserdns == 0) { + DEBUG(SSSDBG_TRACE_FUNC, + ("No members for group [%s]\n", group_name)); } else { - DEBUG(7, ("Adding member users to group [%s]\n", name)); + DEBUG(SSSDBG_TRACE_FUNC, + ("Adding member users to group [%s]\n", group_name)); group_attrs = sysdb_new_attrs(memctx); if (!group_attrs) { @@ -725,16 +716,15 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx, } } - DEBUG(6, ("Storing members for group %s\n", name)); - - ret = sysdb_store_group(ctx, dom, name, 0, group_attrs, + ret = sysdb_store_group(ctx, dom, group_name, 0, group_attrs, dom->group_timeout, now); if (ret) goto fail; return EOK; fail: - DEBUG(2, ("Failed to save user %s\n", name)); + DEBUG(SSSDBG_OP_FAILURE, + ("Failed to save members of group %s\n", group_name)); return ret; } @@ -2049,11 +2039,11 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, in_transaction = true; for (i = 0; i < num_users; i++) { - ret = sysdb_attrs_primary_name(sysdb, users[i], - opts->user_map[SDAP_AT_USER_NAME].name, - &username); + ret = sdap_get_user_primary_name(tmp_ctx, opts, users[i], + domain, &username); if (ret != EOK) { - DEBUG(1, ("User entry %d has no name attribute. Skipping\n", i)); + DEBUG(SSSDBG_MINOR_FAILURE, + ("User entry %d has no name attribute. Skipping\n", i)); continue; } diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 4c379fdf..ec1cf3e6 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -39,7 +39,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, TALLOC_CTX *tmp_ctx; struct ldb_message *msg; int i, mi, ai; - const char *name; + const char *groupname; const char *original_dn; char **missing; gid_t gid; @@ -106,20 +106,20 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, for (i=0; missing[i]; i++) { /* The group is not in sysdb, need to add a fake entry */ for (ai=0; ai < ldap_groups_count; ai++) { - ret = sysdb_attrs_primary_name(sysdb, ldap_groups[ai], - opts->group_map[SDAP_AT_GROUP_NAME].name, - &name); + ret = sdap_get_group_primary_name(tmp_ctx, opts, ldap_groups[ai], + domain, &groupname); if (ret != EOK) { - DEBUG(1, ("The group has no name attribute\n")); + DEBUG(SSSDBG_CRIT_FAILURE, + ("The group has no name attribute\n")); goto done; } - if (strcmp(name, missing[i]) == 0) { + if (strcmp(groupname, missing[i]) == 0) { posix = true; if (use_id_mapping) { DEBUG(SSSDBG_TRACE_LIBS, - ("Mapping group [%s] objectSID to unix ID\n", name)); + ("Mapping group [%s] objectSID to unix ID\n", groupname)); ret = sdap_attrs_get_sid_str( tmp_ctx, opts->idmap_ctx, ldap_groups[ai], @@ -129,7 +129,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] has objectSID [%s]\n", - name, sid_str)); + groupname, sid_str)); /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, @@ -137,7 +137,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, if (ret == EOK) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] has mapped gid [%lu]\n", - name, (unsigned long)gid)); + groupname, (unsigned long)gid)); } else { posix = false; gid = 0; @@ -145,7 +145,7 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_INTERNAL, ("Group [%s] cannot be mapped. " "Treating as a non-POSIX group\n", - name)); + groupname)); } } else { @@ -153,9 +153,11 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, SYSDB_GIDNUM, &gid); if (ret == ENOENT || (ret == EOK && gid == 0)) { - DEBUG(9, ("The group %s gid was %s\n", - name, ret == ENOENT ? "missing" : "zero")); - DEBUG(8, ("Marking group %s as non-posix and setting GID=0!\n", name)); + DEBUG(SSSDBG_TRACE_LIBS, ("The group %s gid was %s\n", + groupname, ret == ENOENT ? "missing" : "zero")); + DEBUG(SSSDBG_TRACE_FUNC, + ("Marking group %s as non-posix and setting GID=0!\n", + groupname)); gid = 0; posix = false; } else if (ret) { @@ -172,8 +174,9 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, original_dn = NULL; } - DEBUG(8, ("Adding fake group %s to sysdb\n", name)); - ret = sysdb_add_incomplete_group(sysdb, domain, name, gid, + DEBUG(SSSDBG_TRACE_INTERNAL, + ("Adding fake group %s to sysdb\n", groupname)); + ret = sysdb_add_incomplete_group(sysdb, domain, groupname, gid, original_dn, posix, now); if (ret != EOK) { goto done; @@ -720,11 +723,9 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, state->user = user; state->op = NULL; - ret = sysdb_attrs_primary_name(sysdb, user, - opts->user_map[SDAP_AT_USER_NAME].name, - &state->username); + ret = sdap_get_user_primary_name(memctx, opts, user, dom, &state->username); if (ret != EOK) { - DEBUG(1, ("User entry had no username\n")); + DEBUG(SSSDBG_CRIT_FAILURE, ("User entry had no username\n")); goto immediate; } @@ -1281,9 +1282,7 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, } /* Get direct sysdb parents */ - ret = sysdb_attrs_primary_name(sysdb, group, - opts->group_map[SDAP_AT_GROUP_NAME].name, - &group_name); + ret = sdap_get_group_primary_name(tmp_ctx, opts, group, dom, &group_name); if (ret != EOK) { goto done; } @@ -2186,11 +2185,9 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) goto done; } - ret = sysdb_attrs_primary_name( - state->sysdb, - state->groups[state->group_iter], - state->opts->group_map[SDAP_AT_GROUP_NAME].name, - &state->primary_name); + ret = sdap_get_group_primary_name(tmp_ctx, state->opts, + state->groups[state->group_iter], + state->dom, &state->primary_name); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index b3a5c3de..07ddb622 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -105,7 +105,6 @@ int sdap_save_user(TALLOC_CTX *memctx, { struct ldb_message_element *el; int ret; - const char *name = NULL; const char *user_name = NULL; const char *fullname = NULL; const char *pwd; @@ -126,7 +125,7 @@ int sdap_save_user(TALLOC_CTX *memctx, char *sid_str; char *dom_sid_str = NULL; - DEBUG(9, ("Save user\n")); + DEBUG(SSSDBG_TRACE_FUNC, ("Save user\n")); tmpctx = talloc_new(NULL); if (!tmpctx) { @@ -140,13 +139,12 @@ int sdap_save_user(TALLOC_CTX *memctx, goto done; } - ret = sysdb_attrs_primary_name(ctx, attrs, - opts->user_map[SDAP_AT_USER_NAME].name, - &name); + ret = sdap_get_user_primary_name(memctx, opts, attrs, dom, &user_name); if (ret != EOK) { - DEBUG(1, ("Failed to save the user - entry has no name attribute\n")); + DEBUG(SSSDBG_OP_FAILURE, ("Failed to get user name\n")); goto done; } + DEBUG(SSSDBG_TRACE_FUNC, ("Processing user %s\n", user_name)); if (opts->schema_type == SDAP_SCHEMA_AD) { ret = sysdb_attrs_get_string(attrs, @@ -207,7 +205,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } } else if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_ALL, ("objectSID: not available for group [%s].\n", - name)); + user_name)); sid_str = NULL; } else { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not identify objectSID: [%s]\n", @@ -224,13 +222,13 @@ int sdap_save_user(TALLOC_CTX *memctx, if (sid_str == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, ("SID not available, cannot map a " \ - "unix ID to user [%s].\n", name)); + "unix ID to user [%s].\n", user_name)); ret = ENOENT; goto done; } DEBUG(SSSDBG_TRACE_LIBS, - ("Mapping user [%s] objectSID [%s] to unix ID\n", name, sid_str)); + ("Mapping user [%s] objectSID [%s] to unix ID\n", user_name, sid_str)); /* Convert the SID into a UNIX user ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid); @@ -255,8 +253,9 @@ int sdap_save_user(TALLOC_CTX *memctx, opts->user_map[SDAP_AT_USER_UID].sys_name, &uid); if (ret != EOK) { - DEBUG(1, ("no uid provided for [%s] in domain [%s].\n", - name, dom->name)); + DEBUG(SSSDBG_CRIT_FAILURE, + ("no uid provided for [%s] in domain [%s].\n", + user_name, dom->name)); ret = EINVAL; goto done; } @@ -264,7 +263,7 @@ int sdap_save_user(TALLOC_CTX *memctx, /* check that the uid is valid for this domain */ if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) { DEBUG(2, ("User [%s] filtered out! (uid out of range)\n", - name)); + user_name)); ret = EINVAL; goto done; } @@ -275,8 +274,8 @@ int sdap_save_user(TALLOC_CTX *memctx, &gid); if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, - ("Cannot get the GID for [%s] in domain [%s].\n", - name, dom->name)); + ("Cannot get the GID for [%s] in domain [%s].\n", + user_name, dom->name)); goto done; } } else { @@ -296,8 +295,9 @@ int sdap_save_user(TALLOC_CTX *memctx, opts->user_map[SDAP_AT_USER_GID].sys_name, &gid); if (ret != EOK) { - DEBUG(1, ("no gid provided for [%s] in domain [%s].\n", - name, dom->name)); + DEBUG(SSSDBG_CRIT_FAILURE, + ("no gid provided for [%s] in domain [%s].\n", + user_name, dom->name)); ret = EINVAL; goto done; } @@ -307,7 +307,8 @@ int sdap_save_user(TALLOC_CTX *memctx, if (IS_SUBDOMAIN(dom) == false && OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { DEBUG(SSSDBG_CRIT_FAILURE, - ("User [%s] filtered out! (primary gid out of range)\n", name)); + ("User [%s] filtered out! (primary gid out of range)\n", + user_name)); ret = EINVAL; goto done; } @@ -318,11 +319,11 @@ int sdap_save_user(TALLOC_CTX *memctx, } if (!el || el->num_values == 0) { DEBUG(SSSDBG_MINOR_FAILURE, - ("originalDN is not available for [%s].\n", name)); + ("originalDN is not available for [%s].\n", user_name)); } else { orig_dn = (const char *) el->values[0].data; DEBUG(SSSDBG_TRACE_INTERNAL, ("Adding originalDN [%s] to attributes " - "of [%s].\n", orig_dn, name)); + "of [%s].\n", orig_dn, user_name)); ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_DN, orig_dn); if (ret) { @@ -335,11 +336,11 @@ int sdap_save_user(TALLOC_CTX *memctx, goto done; } if (el->num_values == 0) { - DEBUG(7, ("Original memberOf is not available for [%s].\n", - name)); + DEBUG(SSSDBG_TRACE_FUNC, + ("Original memberOf is not available for [%s].\n", user_name)); } else { - DEBUG(7, ("Adding original memberOf attributes to [%s].\n", - name)); + DEBUG(SSSDBG_TRACE_FUNC, + ("Adding original memberOf attributes to [%s].\n", user_name)); for (i = 0; i < el->num_values; i++) { ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF, (const char *) el->values[i].data); @@ -352,7 +353,7 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sdap_attrs_add_string(attrs, opts->user_map[SDAP_AT_USER_MODSTAMP].sys_name, "original mod-Timestamp", - name, user_attrs); + user_name, user_attrs); if (ret != EOK) { goto done; } @@ -363,8 +364,8 @@ int sdap_save_user(TALLOC_CTX *memctx, goto done; } if (el->num_values == 0) { - DEBUG(7, ("Original USN value is not available for [%s].\n", - name)); + DEBUG(SSSDBG_TRACE_FUNC, + ("Original USN value is not available for [%s].\n", user_name)); } else { ret = sysdb_attrs_add_string(user_attrs, opts->user_map[SDAP_AT_USER_USN].sys_name, @@ -385,7 +386,8 @@ int sdap_save_user(TALLOC_CTX *memctx, goto done; } if (el->num_values == 0) { - DEBUG(7, ("User principal is not available for [%s].\n", name)); + DEBUG(SSSDBG_TRACE_FUNC, + ("User principal is not available for [%s].\n", user_name)); } else { upn = talloc_strdup(user_attrs, (const char*) el->values[0].data); if (!upn) { @@ -395,8 +397,9 @@ int sdap_save_user(TALLOC_CTX *memctx, if (dp_opt_get_bool(opts->basic, SDAP_FORCE_UPPER_CASE_REALM)) { make_realm_upper_case(upn); } - DEBUG(7, ("Adding user principal [%s] to attributes of [%s].\n", - upn, name)); + DEBUG(SSSDBG_TRACE_FUNC, + ("Adding user principal [%s] to attributes of [%s].\n", + upn, user_name)); ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn); if (ret) { goto done; @@ -405,7 +408,7 @@ int sdap_save_user(TALLOC_CTX *memctx, for (i = SDAP_FIRST_EXTRA_USER_AT; i < SDAP_OPTS_USER; i++) { ret = sdap_attrs_add_list(attrs, opts->user_map[i].sys_name, - NULL, name, user_attrs); + NULL, user_name, user_attrs); if (ret) { goto done; } @@ -422,9 +425,9 @@ int sdap_save_user(TALLOC_CTX *memctx, } } - ret = sdap_save_all_names(name, attrs, dom, user_attrs); + ret = sdap_save_all_names(user_name, attrs, dom, user_attrs); if (ret != EOK) { - DEBUG(1, ("Failed to save user names\n")); + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to save user names\n")); goto done; } @@ -437,14 +440,7 @@ int sdap_save_user(TALLOC_CTX *memctx, goto done; } - DEBUG(6, ("Storing info for user %s\n", name)); - - user_name = sss_get_domain_name(tmpctx, name, dom); - if (!user_name) { - DEBUG(SSSDBG_OP_FAILURE, ("failed to format user name,\n")); - ret = ENOMEM; - goto done; - } + DEBUG(SSSDBG_TRACE_FUNC, ("Storing info for user %s\n", user_name)); ret = sysdb_store_user(ctx, dom, user_name, pwd, uid, gid, gecos, homedir, shell, orig_dn, @@ -460,8 +456,9 @@ int sdap_save_user(TALLOC_CTX *memctx, done: if (ret) { - DEBUG(2, ("Failed to save user [%s]\n", - name ? name : "Unknown")); + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to save user [%s]\n", + user_name ? user_name : "Unknown")); } talloc_free(tmpctx); return ret; |