summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/ldap/sdap_async.c108
-rw-r--r--src/providers/ldap/sdap_async.h6
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c7
-rw-r--r--src/providers/ldap/sdap_async_users.c6
4 files changed, 0 insertions, 127 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 14a27bcb..46f0215a 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -2100,114 +2100,6 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts)
return false;
}
-errno_t sdap_check_aliases(struct sysdb_ctx *sysdb,
- struct sysdb_attrs *user_attrs,
- struct sss_domain_info *dom,
- struct sdap_options *opts,
- bool steal_memberships)
-{
- errno_t ret;
- const char **aliases = NULL;
- const char *name = NULL;
- struct ldb_message *msg;
- TALLOC_CTX *tmp_ctx = NULL;
- char **parents;
- uid_t alias_uid, uid;
- int i;
-
- tmp_ctx = talloc_new(NULL);
- if (!tmp_ctx) return ENOMEM;
-
- ret = sysdb_attrs_primary_name(sysdb, user_attrs,
- opts->user_map[SDAP_AT_USER_NAME].sys_name,
- &name);
- if (ret != EOK) {
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Could not get the primary name\n"));
- goto done;
- }
-
- ret = sysdb_attrs_get_uint32_t(user_attrs,
- opts->user_map[SDAP_AT_USER_UID].sys_name,
- &uid);
- if (ret != EOK) {
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Could not get UID\n"));
- goto done;
- }
-
- ret = sysdb_attrs_get_aliases(tmp_ctx, user_attrs, name,
- !dom->case_sensitive, &aliases);
- if (ret != EOK) {
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Failed to get the alias list\n"));
- goto done;
- }
-
- for (i = 0; aliases[i]; i++) {
- /* In RFC2307 schema, another group might be referencing user
- * using secondary name, so there might be fake users in the cache
- * from a previous getgr call */
- ret = sysdb_search_user_by_name(tmp_ctx, sysdb,
- aliases[i], NULL, &msg);
- if (ret && ret != ENOENT) {
- DEBUG(SSSDBG_TRACE_INTERNAL, ("Error searching the cache\n"));
- goto done;
- } else if (ret == ENOENT) {
- DEBUG(SSSDBG_TRACE_INTERNAL,
- ("No user with primary name same as alias %s\n", aliases[i]));
- continue;
- }
-
- alias_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
- if (alias_uid) {
- if (alias_uid == uid) {
- DEBUG(SSSDBG_TRACE_INTERNAL,
- ("User already cached, skipping\n"));
- continue;
- }
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Cache contains non-fake user with same name "
- "as alias %s\n", aliases[i]));
- ret = EIO;
- goto done;
- }
- DEBUG(SSSDBG_TRACE_FUNC, ("%s is a fake user\n", aliases[i]));
-
- if (steal_memberships) {
- /* Get direct sysdb parents */
- ret = sysdb_get_direct_parents(tmp_ctx, sysdb, dom,
- SYSDB_MEMBER_USER,
- aliases[i], &parents);
- if (ret) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Could not get direct parents for %s: %d [%s]\n",
- aliases[i], ret, strerror(ret)));
- goto done;
- }
-
- ret = sysdb_update_members(sysdb, name, SYSDB_MEMBER_USER,
- (const char *const *) parents,
- NULL);
- if (ret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Membership update failed [%d]: %s\n",
- ret, strerror(ret)));
- goto done;
- }
- }
-
- ret = sysdb_delete_user(sysdb, aliases[i], alias_uid);
- if (ret) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Error deleting fake user %s\n", aliases[i]));
- goto done;
- }
- }
-
- ret = EOK;
-done:
- talloc_free(tmp_ctx);
- return ret;
-}
-
errno_t
sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
const char *attr_name,
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 870f1531..34fb40da 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -195,12 +195,6 @@ int sdap_deref_search_recv(struct tevent_req *req,
size_t *reply_count,
struct sdap_deref_attrs ***reply);
-errno_t sdap_check_aliases(struct sysdb_ctx *sysdb,
- struct sysdb_attrs *user_attrs,
- struct sss_domain_info *dom,
- struct sdap_options *opts,
- bool steal_memberships);
-
errno_t
sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
const char *attr_name,
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index b883ccf9..86117600 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -2646,13 +2646,6 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
switch (state->opts->schema_type) {
case SDAP_SCHEMA_RFC2307:
- ret = sdap_check_aliases(state->sysdb, state->orig_user, state->dom,
- state->opts, false);
- if (ret != EOK) {
- tevent_req_error(req, ret);
- return;
- }
-
subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts,
state->sysdb, state->sh,
cname);
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index bc9e5551..dfce319b 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -411,12 +411,6 @@ int sdap_save_users(TALLOC_CTX *memctx,
DEBUG(9, ("User %d processed!\n", i));
}
- ret = sdap_check_aliases(sysdb, users[i], dom,
- opts, true);
- if (ret) {
- DEBUG(2, ("Failed to check aliases for user %d. Ignoring.\n", i));
- }
-
if (usn_value) {
if (higher_usn) {
if ((strlen(usn_value) > strlen(higher_usn)) ||