diff options
-rw-r--r-- | src/providers/ldap/sdap_async.c | 108 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.h | 6 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 7 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 6 |
4 files changed, 0 insertions, 127 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 14a27bcb..46f0215a 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -2100,114 +2100,6 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts) return false; } -errno_t sdap_check_aliases(struct sysdb_ctx *sysdb, - struct sysdb_attrs *user_attrs, - struct sss_domain_info *dom, - struct sdap_options *opts, - bool steal_memberships) -{ - errno_t ret; - const char **aliases = NULL; - const char *name = NULL; - struct ldb_message *msg; - TALLOC_CTX *tmp_ctx = NULL; - char **parents; - uid_t alias_uid, uid; - int i; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) return ENOMEM; - - ret = sysdb_attrs_primary_name(sysdb, user_attrs, - opts->user_map[SDAP_AT_USER_NAME].sys_name, - &name); - if (ret != EOK) { - DEBUG(SSSDBG_TRACE_INTERNAL, ("Could not get the primary name\n")); - goto done; - } - - ret = sysdb_attrs_get_uint32_t(user_attrs, - opts->user_map[SDAP_AT_USER_UID].sys_name, - &uid); - if (ret != EOK) { - DEBUG(SSSDBG_TRACE_INTERNAL, ("Could not get UID\n")); - goto done; - } - - ret = sysdb_attrs_get_aliases(tmp_ctx, user_attrs, name, - !dom->case_sensitive, &aliases); - if (ret != EOK) { - DEBUG(SSSDBG_TRACE_INTERNAL, ("Failed to get the alias list\n")); - goto done; - } - - for (i = 0; aliases[i]; i++) { - /* In RFC2307 schema, another group might be referencing user - * using secondary name, so there might be fake users in the cache - * from a previous getgr call */ - ret = sysdb_search_user_by_name(tmp_ctx, sysdb, - aliases[i], NULL, &msg); - if (ret && ret != ENOENT) { - DEBUG(SSSDBG_TRACE_INTERNAL, ("Error searching the cache\n")); - goto done; - } else if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_INTERNAL, - ("No user with primary name same as alias %s\n", aliases[i])); - continue; - } - - alias_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); - if (alias_uid) { - if (alias_uid == uid) { - DEBUG(SSSDBG_TRACE_INTERNAL, - ("User already cached, skipping\n")); - continue; - } - DEBUG(SSSDBG_FATAL_FAILURE, - ("Cache contains non-fake user with same name " - "as alias %s\n", aliases[i])); - ret = EIO; - goto done; - } - DEBUG(SSSDBG_TRACE_FUNC, ("%s is a fake user\n", aliases[i])); - - if (steal_memberships) { - /* Get direct sysdb parents */ - ret = sysdb_get_direct_parents(tmp_ctx, sysdb, dom, - SYSDB_MEMBER_USER, - aliases[i], &parents); - if (ret) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("Could not get direct parents for %s: %d [%s]\n", - aliases[i], ret, strerror(ret))); - goto done; - } - - ret = sysdb_update_members(sysdb, name, SYSDB_MEMBER_USER, - (const char *const *) parents, - NULL); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("Membership update failed [%d]: %s\n", - ret, strerror(ret))); - goto done; - } - } - - ret = sysdb_delete_user(sysdb, aliases[i], alias_uid); - if (ret) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("Error deleting fake user %s\n", aliases[i])); - goto done; - } - } - - ret = EOK; -done: - talloc_free(tmp_ctx); - return ret; -} - errno_t sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, const char *attr_name, diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 870f1531..34fb40da 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -195,12 +195,6 @@ int sdap_deref_search_recv(struct tevent_req *req, size_t *reply_count, struct sdap_deref_attrs ***reply); -errno_t sdap_check_aliases(struct sysdb_ctx *sysdb, - struct sysdb_attrs *user_attrs, - struct sss_domain_info *dom, - struct sdap_options *opts, - bool steal_memberships); - errno_t sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, const char *attr_name, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index b883ccf9..86117600 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2646,13 +2646,6 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: - ret = sdap_check_aliases(state->sysdb, state->orig_user, state->dom, - state->opts, false); - if (ret != EOK) { - tevent_req_error(req, ret); - return; - } - subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts, state->sysdb, state->sh, cname); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index bc9e5551..dfce319b 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -411,12 +411,6 @@ int sdap_save_users(TALLOC_CTX *memctx, DEBUG(9, ("User %d processed!\n", i)); } - ret = sdap_check_aliases(sysdb, users[i], dom, - opts, true); - if (ret) { - DEBUG(2, ("Failed to check aliases for user %d. Ignoring.\n", i)); - } - if (usn_value) { if (higher_usn) { if ((strlen(usn_value) > strlen(higher_usn)) || |