diff options
-rw-r--r-- | src/db/sysdb.c | 36 | ||||
-rw-r--r-- | src/db/sysdb.h | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.c | 9 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.h | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 4 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 17 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_netgroups.c | 9 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 2 |
8 files changed, 64 insertions, 15 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c index d66cc53c..034e5da0 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -22,6 +22,7 @@ #include "util/util.h" #include "util/strtonum.h" +#include "util/sss_utf8.h" #include "db/sysdb_private.h" #include "confdb/confdb.h" #include <time.h> @@ -1587,18 +1588,22 @@ done: * Given a primary name returned by sysdb_attrs_primary_name(), this function * returns the other SYSDB_NAME attribute values so they can be saved as * SYSDB_NAME_ALIAS into cache. + * + * If lowercase is set, all aliases are duplicated in lowercase as well. */ errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx, struct sysdb_attrs *attrs, const char *primary, + bool lowercase, const char ***_aliases) { TALLOC_CTX *tmp_ctx = NULL; struct ldb_message_element *sysdb_name_el; - size_t i, ai; + size_t i, ai, num; errno_t ret; const char **aliases = NULL; const char *name; + char *lower; if (_aliases == NULL) return EINVAL; @@ -1615,8 +1620,8 @@ errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx, goto done; } - aliases = talloc_array(tmp_ctx, const char *, - sysdb_name_el->num_values); + num = lowercase ? 2 * sysdb_name_el->num_values : sysdb_name_el->num_values; + aliases = talloc_array(tmp_ctx, const char *, num+1); if (!aliases) { ret = ENOMEM; goto done; @@ -1626,11 +1631,34 @@ errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx, for (i=0; i < sysdb_name_el->num_values; i++) { name = (const char *)sysdb_name_el->values[i].data; if (strcmp(primary, name) != 0) { - aliases[ai] = name; + aliases[ai] = talloc_strdup(aliases, name); + if (!aliases[ai]) { + ret = ENOMEM; + goto done; + } ai++; } } + if (lowercase) { + DEBUG(SSSDBG_TRACE_INTERNAL, + ("Domain is case-insensitive; will add lowercased aliases\n")); + for (i=0; i < sysdb_name_el->num_values; i++) { + name = (const char *)sysdb_name_el->values[i].data; + lower = sss_tc_utf8_str_tolower(tmp_ctx, name); + if (!lower) { + ret = ENOMEM; + goto done; + } + + if (strcmp(name, lower) != 0) { + aliases[ai] = talloc_strdup(aliases, lower); + ai++; + } + talloc_free(lower); + } + } + aliases[ai] = NULL; ret = EOK; done: diff --git a/src/db/sysdb.h b/src/db/sysdb.h index e5e781f6..6094a4aa 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -241,6 +241,7 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb, errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx, struct sysdb_attrs *attrs, const char *primary, + bool lowercase, const char ***_aliases); errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx, diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 98291e6e..0719f74b 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -1920,7 +1920,8 @@ errno_t sdap_check_aliases(struct sysdb_ctx *sysdb, goto done; } - ret = sysdb_attrs_get_aliases(tmp_ctx, user_attrs, name, &aliases); + ret = sysdb_attrs_get_aliases(tmp_ctx, user_attrs, name, + !dom->case_sensitive, &aliases); if (ret != EOK) { DEBUG(1, ("Failed to get the alias list\n")); goto done; @@ -2024,10 +2025,10 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, return EOK; } - errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, + bool lowercase, struct sysdb_attrs *attrs) { const char **aliases = NULL; @@ -2041,7 +2042,8 @@ sdap_save_all_names(const char *name, goto done; } - ret = sysdb_attrs_get_aliases(tmp_ctx, ldap_attrs, name, &aliases); + ret = sysdb_attrs_get_aliases(tmp_ctx, ldap_attrs, name, + lowercase, &aliases); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to get the alias list")); goto done; @@ -2062,4 +2064,3 @@ done: talloc_free(tmp_ctx); return ret; } - diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index f53af1e0..2fd606bc 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -208,6 +208,7 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, + bool lowercase, struct sysdb_attrs *attrs); #endif /* _SDAP_ASYNC_H_ */ diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 750ac998..3e30bb28 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -348,9 +348,9 @@ static int sdap_save_group(TALLOC_CTX *memctx, } } - ret = sdap_save_all_names(name, attrs, group_attrs); + ret = sdap_save_all_names(name, attrs, !dom->case_sensitive, group_attrs); if (ret != EOK) { - DEBUG(1, ("Failed to save user names\n")); + DEBUG(1, ("Failed to save group names\n")); goto fail; } diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 631ce152..73ab25ea 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -444,8 +444,9 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq) /* Search for all groups for which this user is a member */ attrs[0] = SYSDB_MEMBEROF; attrs[1] = NULL; - ret = sysdb_search_user_by_name(state, state->sysdb, state->name, attrs, - &msg); + + ret = sysdb_search_user_by_name(state, state->sysdb, state->name, + attrs, &msg); if (ret != EOK) { tevent_req_error(req, ret); return; @@ -2462,6 +2463,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) size_t count; int ret; const char *orig_dn; + const char *cname; DEBUG(9, ("Receiving info for the user\n")); @@ -2520,6 +2522,13 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } + ret = sysdb_get_real_name(state, state->sysdb, state->name, &cname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot canonicalize username\n")); + tevent_req_error(req, ret); + return; + } + DEBUG(9, ("Process user's groups\n")); switch (state->opts->schema_type) { @@ -2533,7 +2542,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts, state->sysdb, state->sh, - state->name); + cname); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -2553,7 +2562,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) subreq = sdap_initgr_rfc2307bis_send( state, state->ev, state->opts, state->sysdb, state->dom, state->sh, - state->name, orig_dn); + cname, orig_dn); if (!subreq) { tevent_req_error(req, ENOMEM); return; diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index 88efc5e2..0888c7e2 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -38,6 +38,7 @@ bool is_dn(const char *str) static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, struct sysdb_ctx *ctx, + struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs *attrs, char **_timestamp, @@ -119,6 +120,13 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, DEBUG(6, ("Storing info for netgroup %s\n", name)); + ret = sdap_save_all_names(name, attrs, !dom->case_sensitive, + netgroup_attrs); + if (ret != EOK) { + DEBUG(1, ("Failed to save netgroup names\n")); + goto fail; + } + ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs, dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT), now); @@ -681,6 +689,7 @@ static void netgr_translate_members_done(struct tevent_req *subreq) now = time(NULL); for (c = 0; c < state->count; c++) { ret = sdap_save_netgroup(state, state->sysdb, + state->dom, state->opts, state->netgroups[c], &state->higher_timestamp, diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index c929e204..cccf75b8 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -234,7 +234,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } } - ret = sdap_save_all_names(name, attrs, user_attrs); + ret = sdap_save_all_names(name, attrs, !dom->case_sensitive, user_attrs); if (ret != EOK) { DEBUG(1, ("Failed to save user names\n")); goto fail; |