summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/db/sysdb.c2
-rw-r--r--src/db/sysdb.h11
-rw-r--r--src/db/sysdb_search.c46
-rw-r--r--src/db/sysdb_subdomains.c40
-rw-r--r--src/responder/nss/nsssrv_cmd.c14
-rw-r--r--src/responder/pam/pamsrv_cmd.c4
-rw-r--r--src/responder/sudo/sudosrv_get_sudorules.c2
-rw-r--r--src/tests/sysdb-tests.c28
-rw-r--r--src/tools/sss_seed.c10
-rw-r--r--src/tools/sss_sync_ops.c4
-rw-r--r--src/util/domain_info_utils.c2
11 files changed, 78 insertions, 85 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index 2647c630..623cf2b5 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -1822,7 +1822,7 @@ errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx,
return ENOMEM;
}
- ret = sysdb_getpwnam(tmp_ctx, sysdb, name, &res);
+ ret = sysdb_getpwnam(tmp_ctx, sysdb, sysdb->domain, name, &res);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot canonicalize username\n"));
goto done;
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 9f8c85be..0c15cc66 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -429,15 +429,6 @@ errno_t sysdb_store_domgroup(struct sss_domain_info *domain,
errno_t sysdb_delete_domgroup(struct sss_domain_info *domain,
const char *name, gid_t gid);
-int sysdb_subdom_getpwnam(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb,
- const char *name,
- struct ldb_result **res);
-int sysdb_subdom_getgrnam(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb,
- const char *name,
- struct ldb_result **res);
-
errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
size_t *range_count,
struct range_info ***range_list);
@@ -464,6 +455,7 @@ int sysdb_domain_init(TALLOC_CTX *mem_ctx,
* therefore they cannot be called within a transaction */
int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
@@ -478,6 +470,7 @@ int sysdb_enumpwent(TALLOC_CTX *mem_ctx,
int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index 49f628bf..902a2637 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -29,6 +29,7 @@
int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
struct ldb_result **_res)
{
@@ -37,6 +38,7 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
struct ldb_dn *base_dn;
struct ldb_result *res;
char *sanitized_name;
+ const char *src_name;
int ret;
tmp_ctx = talloc_new(NULL);
@@ -45,13 +47,27 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
}
base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
- SYSDB_TMPL_USER_BASE, sysdb->domain->name);
+ SYSDB_TMPL_USER_BASE, domain->name);
if (!base_dn) {
ret = ENOMEM;
goto done;
}
- ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name);
+ /* If this is a subomain we need to use fully qualified names for the
+ * search as well by default */
+ if (domain->parent && domain->fqnames) {
+ ret = ENOMEM;
+ src_name = talloc_asprintf(tmp_ctx, domain->names->fq_fmt,
+ name, domain->name);
+ } else {
+ ret = EINVAL;
+ src_name = name;
+ }
+ if (!src_name) {
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(tmp_ctx, src_name, &sanitized_name);
if (ret != EOK) {
goto done;
}
@@ -191,6 +207,7 @@ static int mpg_res_convert(struct ldb_result *res)
int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name,
struct ldb_result **_res)
{
@@ -200,6 +217,7 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
char *sanitized_name;
struct ldb_dn *base_dn;
struct ldb_result *res;
+ const char *src_name;
int ret;
tmp_ctx = talloc_new(NULL);
@@ -210,18 +228,32 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
if (sysdb->mpg) {
fmt_filter = SYSDB_GRNAM_MPG_FILTER;
base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
- SYSDB_DOM_BASE, sysdb->domain->name);
+ SYSDB_DOM_BASE, domain->name);
} else {
fmt_filter = SYSDB_GRNAM_FILTER;
base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
- SYSDB_TMPL_GROUP_BASE, sysdb->domain->name);
+ SYSDB_TMPL_GROUP_BASE, domain->name);
}
if (!base_dn) {
ret = ENOMEM;
goto done;
}
- ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name);
+ /* If this is a subomain we need to use fully qualified names for the
+ * search as well by default */
+ if (domain->parent && domain->fqnames) {
+ ret = ENOMEM;
+ src_name = talloc_asprintf(tmp_ctx, domain->names->fq_fmt,
+ name, domain->name);
+ } else {
+ ret = EINVAL;
+ src_name = name;
+ }
+ if (!src_name) {
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(tmp_ctx, src_name, &sanitized_name);
if (ret != EOK) {
goto done;
}
@@ -365,9 +397,7 @@ int sysdb_initgroups(TALLOC_CTX *mem_ctx,
return ENOMEM;
}
- /* if this is a subdomain we need to search for the fully qualified
- * name in the database */
- ret = sysdb_subdom_getpwnam(tmp_ctx, sysdb, name, &res);
+ ret = sysdb_getpwnam(tmp_ctx, sysdb, sysdb->domain, name, &res);
if (ret != EOK) {
DEBUG(1, ("sysdb_getpwnam failed: [%d][%s]\n",
ret, strerror(ret)));
diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
index ea1ce998..9f20ed59 100644
--- a/src/db/sysdb_subdomains.c
+++ b/src/db/sysdb_subdomains.c
@@ -668,43 +668,3 @@ errno_t sysdb_delete_domgroup(struct sss_domain_info *domain,
return sysdb_delete_group(domain->sysdb, name, gid);
}
-
-int sysdb_subdom_getpwnam(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb,
- const char *name,
- struct ldb_result **res)
-{
- char *src_name = NULL;
- int ret;
-
- if (sysdb->domain->parent) {
- src_name = talloc_asprintf(mem_ctx, sysdb->domain->names->fq_fmt,
- name, sysdb->domain->name);
- if (!src_name) return ENOMEM;
- }
-
- ret = sysdb_getpwnam(mem_ctx, sysdb, src_name ? src_name : name, res);
- talloc_zfree(src_name);
-
- return ret;
-}
-
-int sysdb_subdom_getgrnam(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb,
- const char *name,
- struct ldb_result **res)
-{
- char *src_name = NULL;
- int ret;
-
- if (sysdb->domain->parent) {
- src_name = talloc_asprintf(mem_ctx, sysdb->domain->names->fq_fmt,
- name, sysdb->domain->name);
- if (!src_name) return ENOMEM;
- }
-
- ret = sysdb_getgrnam(mem_ctx, sysdb, src_name ? src_name : name, res);
- talloc_zfree(src_name);
-
- return ret;
-}
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 55543f07..7e33d922 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -297,7 +297,7 @@ static int fill_pwent(struct sss_packet *packet,
size_t dom_len = 0;
int delim = 1;
int i, ret, num, t;
- bool add_domain = dom->fqnames;
+ bool add_domain = (dom->fqnames && (dom->parent == NULL));
const char *domain = dom->name;
const char *namefmt;
bool packet_initialized = false;
@@ -759,9 +759,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
return EIO;
}
- /* if this is a subdomain we need to search for the fully qualified
- * name in the database */
- ret = sysdb_subdom_getpwnam(cmdctx, sysdb, name, &dctx->res);
+ ret = sysdb_getpwnam(cmdctx, sysdb, dom, name, &dctx->res);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
return EIO;
@@ -1926,7 +1924,7 @@ static int fill_members(struct sss_packet *packet,
size_t blen;
const char *domain = dom->name;
- bool add_domain = dom->fqnames;
+ bool add_domain = (dom->fqnames && (dom->parent == NULL));
if (add_domain) {
delim = 1;
@@ -2055,7 +2053,7 @@ static int fill_grent(struct sss_packet *packet,
int i = 0;
int ret, num, memnum;
size_t rzero, rsize;
- bool add_domain = dom->fqnames;
+ bool add_domain = (dom->fqnames && (dom->parent == NULL));
const char *domain = dom->name;
const char *namefmt;
TALLOC_CTX *tmp_ctx = NULL;
@@ -2358,9 +2356,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
return EIO;
}
- /* if this is a subdomain we need to search for the fully qualified
- * name in the database */
- ret = sysdb_subdom_getgrnam(cmdctx, sysdb, name, &dctx->res);
+ ret = sysdb_getgrnam(cmdctx, sysdb, dom, name, &dctx->res);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
return EIO;
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 813894d3..fa8eabf6 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -1239,9 +1239,7 @@ static int pam_check_user_search(struct pam_auth_req *preq)
return EFAULT;
}
- /* if this is a subdomain we need to search for the fully qualified
- * name in the database */
- ret = sysdb_subdom_getpwnam(preq, sysdb, name, &preq->res);
+ ret = sysdb_getpwnam(preq, sysdb, dom, name, &preq->res);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
return EIO;
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index 5a78000c..ac8cb3ce 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -136,7 +136,7 @@ static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx)
goto done;
}
- ret = sysdb_getpwnam(dctx, sysdb, name, &user);
+ ret = sysdb_getpwnam(dctx, sysdb, dctx->domain, name, &user);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
("Failed to make request to our cache!\n"));
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 351c07d0..65e03fe0 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -846,6 +846,7 @@ START_TEST (test_sysdb_getpwnam)
ret = sysdb_getpwnam(test_ctx,
test_ctx->sysdb,
+ test_ctx->domain,
username, &res);
if (ret) {
fail("sysdb_getpwnam failed for username %s (%d: %s)",
@@ -866,6 +867,7 @@ START_TEST (test_sysdb_getpwnam)
ret = sysdb_getpwnam(test_ctx,
test_ctx->sysdb,
+ test_ctx->domain,
username, &res);
if (ret) {
fail("sysdb_getpwnam failed for username %s (%d: %s)",
@@ -901,6 +903,7 @@ START_TEST (test_sysdb_getgrnam)
ret = sysdb_getgrnam(test_ctx,
test_ctx->sysdb,
+ test_ctx->domain,
groupname, &res);
if (ret) {
fail("sysdb_getgrnam failed for groupname %s (%d: %s)",
@@ -923,6 +926,7 @@ START_TEST (test_sysdb_getgrnam)
ret = sysdb_getgrnam(test_ctx,
test_ctx->sysdb,
+ test_ctx->domain,
groupname, &res);
if (ret) {
fail("sysdb_getgrnam failed for groupname %s (%d: %s)",
@@ -3275,7 +3279,8 @@ START_TEST(test_group_rename)
ret = sysdb_store_group(test_ctx->sysdb, fromname, grgid, NULL, 0, 0);
fail_unless(ret == EOK, "Could not add first group");
- ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, fromname, &res);
+ ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, fromname, &res);
fail_unless(ret == EOK, "Could not retrieve the group from cache\n");
if (res->count != 1) {
fail("Invalid number of replies. Expected 1, got %d", res->count);
@@ -3298,7 +3303,8 @@ START_TEST(test_group_rename)
ret = sysdb_store_group(test_ctx->sysdb, toname, grgid, NULL, 0, 0);
fail_unless(ret == EOK, "Could not add first group");
- ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, toname, &res);
+ ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, toname, &res);
fail_unless(ret == EOK, "Could not retrieve the group from cache\n");
if (res->count != 1) {
fail("Invalid number of replies. Expected 1, got %d", res->count);
@@ -3315,7 +3321,8 @@ START_TEST(test_group_rename)
name, toname);
/* Verify the first name is gone */
- ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, fromname, &res);
+ ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, fromname, &res);
fail_unless(ret == EOK, "Could not retrieve the group from cache\n");
fail_unless(res->count == 0, "Unexpectedly found the original user\n");
@@ -3345,7 +3352,8 @@ START_TEST(test_user_rename)
NULL, NULL, NULL, 0, 0);
fail_unless(ret == EOK, "Could not add first user");
- ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, fromname, &res);
+ ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, fromname, &res);
fail_unless(ret == EOK, "Could not retrieve the user from cache\n");
if (res->count != 1) {
fail("Invalid number of replies. Expected 1, got %d", res->count);
@@ -3370,7 +3378,8 @@ START_TEST(test_user_rename)
fromname, "/", "/bin/sh", NULL, NULL, NULL, 0, 0);
fail_unless(ret == EOK, "Could not add second user");
- ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, toname, &res);
+ ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, toname, &res);
fail_unless(ret == EOK, "Could not retrieve the user from cache\n");
if (res->count != 1) {
fail("Invalid number of replies. Expected 1, got %d", res->count);
@@ -3387,7 +3396,8 @@ START_TEST(test_user_rename)
name, fromname);
/* Verify the first name is gone */
- ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, fromname, &res);
+ ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, fromname, &res);
fail_unless(ret == EOK, "Could not retrieve the user from cache\n");
fail_unless(res->count == 0, "Unexpectedly found the original user\n");
@@ -3684,7 +3694,8 @@ START_TEST(test_odd_characters)
ret, strerror(ret));
talloc_zfree(msg);
- ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, odd_groupname, &res);
+ ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, odd_groupname, &res);
fail_unless(ret == EOK, "sysdb_getgrnam error [%d][%s]",
ret, strerror(ret));
fail_unless(res->count == 1, "Received [%d] responses",
@@ -3723,7 +3734,8 @@ START_TEST(test_odd_characters)
fail_unless(ret == EOK, "sysdb_add_group_member error [%d][%s]",
ret, strerror(ret));
- ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, odd_username, &res);
+ ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb,
+ test_ctx->domain, odd_username, &res);
fail_unless(ret == EOK, "sysdb_getpwnam error [%d][%s]",
ret, strerror(ret));
fail_unless(res->count == 1, "Received [%d] responses",
diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c
index d3c1cb44..45b4d1ad 100644
--- a/src/tools/sss_seed.c
+++ b/src/tools/sss_seed.c
@@ -47,6 +47,7 @@ struct user_ctx {
struct seed_ctx {
struct confdb_ctx *confdb;
+ struct sss_domain_info *domain;
struct sysdb_ctx *sysdb;
struct user_ctx *uctx;
@@ -598,6 +599,7 @@ fini:
static int seed_init_db(TALLOC_CTX *mem_ctx,
const char *domain_name,
struct confdb_ctx **_confdb,
+ struct sss_domain_info **_domain,
struct sysdb_ctx **_sysdb)
{
TALLOC_CTX *tmp_ctx = NULL;
@@ -640,6 +642,7 @@ static int seed_init_db(TALLOC_CTX *mem_ctx,
}
*_confdb = talloc_steal(mem_ctx, confdb);
+ *_domain = domain;
*_sysdb = domain->sysdb;
done:
@@ -650,6 +653,7 @@ done:
static int seed_domain_user_info(const char *name,
const char *domain_name,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
bool *is_cached)
{
TALLOC_CTX *tmp_ctx = NULL;
@@ -680,7 +684,7 @@ static int seed_domain_user_info(const char *name,
}
/* look for user in cache */
- ret = sysdb_getpwnam(tmp_ctx, sysdb, name, &res);
+ ret = sysdb_getpwnam(tmp_ctx, sysdb, domain, name, &res);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Couldn't lookup user (%s) in the cache\n", name));
@@ -792,7 +796,7 @@ int main(int argc, const char **argv)
/* set up confdb,sysdb and domain */
ret = seed_init_db(sctx, sctx->uctx->domain_name, &sctx->confdb,
- &sctx->sysdb);
+ &sctx->domain, &sctx->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to initialize db and domain\n"));
goto done;
@@ -800,7 +804,7 @@ int main(int argc, const char **argv)
/* get user info from domain */
ret = seed_domain_user_info(sctx->uctx->name, sctx->uctx->domain_name,
- sctx->sysdb, &sctx->user_cached);
+ sctx->sysdb, sctx->domain, &sctx->user_cached);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Failed lookup of user [%s] in domain [%s]\n",
sctx->uctx->name, sctx->uctx->domain_name));
diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c
index 37fd8c61..f5d496b5 100644
--- a/src/tools/sss_sync_ops.c
+++ b/src/tools/sss_sync_ops.c
@@ -575,7 +575,7 @@ int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx,
const char *str;
int ret;
- ret = sysdb_getpwnam(mem_ctx, sysdb, name, &res);
+ ret = sysdb_getpwnam(mem_ctx, sysdb, out->domain, name, &res);
if (ret) {
return ret;
}
@@ -648,7 +648,7 @@ int sysdb_getgrnam_sync(TALLOC_CTX *mem_ctx,
const char *str;
int ret;
- ret = sysdb_getgrnam(mem_ctx, sysdb, name, &res);
+ ret = sysdb_getgrnam(mem_ctx, sysdb, out->domain, name, &res);
if (ret) {
return ret;
}
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index cee11eb5..c016258e 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -73,7 +73,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
}
dom->enumerate = false;
- dom->fqnames = false;
+ dom->fqnames = true;
/* FIXME: get ranges from the server */
dom->id_min = 0;
dom->id_max = 0xffffffff;