summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/db/sysdb.c36
-rw-r--r--src/db/sysdb.h1
-rw-r--r--src/providers/ldap/sdap_async.c9
-rw-r--r--src/providers/ldap/sdap_async.h1
-rw-r--r--src/providers/ldap/sdap_async_groups.c4
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c17
-rw-r--r--src/providers/ldap/sdap_async_netgroups.c9
-rw-r--r--src/providers/ldap/sdap_async_users.c2
8 files changed, 64 insertions, 15 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index d66cc53c..034e5da0 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -22,6 +22,7 @@
#include "util/util.h"
#include "util/strtonum.h"
+#include "util/sss_utf8.h"
#include "db/sysdb_private.h"
#include "confdb/confdb.h"
#include <time.h>
@@ -1587,18 +1588,22 @@ done:
* Given a primary name returned by sysdb_attrs_primary_name(), this function
* returns the other SYSDB_NAME attribute values so they can be saved as
* SYSDB_NAME_ALIAS into cache.
+ *
+ * If lowercase is set, all aliases are duplicated in lowercase as well.
*/
errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *attrs,
const char *primary,
+ bool lowercase,
const char ***_aliases)
{
TALLOC_CTX *tmp_ctx = NULL;
struct ldb_message_element *sysdb_name_el;
- size_t i, ai;
+ size_t i, ai, num;
errno_t ret;
const char **aliases = NULL;
const char *name;
+ char *lower;
if (_aliases == NULL) return EINVAL;
@@ -1615,8 +1620,8 @@ errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx,
goto done;
}
- aliases = talloc_array(tmp_ctx, const char *,
- sysdb_name_el->num_values);
+ num = lowercase ? 2 * sysdb_name_el->num_values : sysdb_name_el->num_values;
+ aliases = talloc_array(tmp_ctx, const char *, num+1);
if (!aliases) {
ret = ENOMEM;
goto done;
@@ -1626,11 +1631,34 @@ errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx,
for (i=0; i < sysdb_name_el->num_values; i++) {
name = (const char *)sysdb_name_el->values[i].data;
if (strcmp(primary, name) != 0) {
- aliases[ai] = name;
+ aliases[ai] = talloc_strdup(aliases, name);
+ if (!aliases[ai]) {
+ ret = ENOMEM;
+ goto done;
+ }
ai++;
}
}
+ if (lowercase) {
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ ("Domain is case-insensitive; will add lowercased aliases\n"));
+ for (i=0; i < sysdb_name_el->num_values; i++) {
+ name = (const char *)sysdb_name_el->values[i].data;
+ lower = sss_tc_utf8_str_tolower(tmp_ctx, name);
+ if (!lower) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ if (strcmp(name, lower) != 0) {
+ aliases[ai] = talloc_strdup(aliases, lower);
+ ai++;
+ }
+ talloc_free(lower);
+ }
+ }
+
aliases[ai] = NULL;
ret = EOK;
done:
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index e5e781f6..6094a4aa 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -241,6 +241,7 @@ errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb,
errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *attrs,
const char *primary,
+ bool lowercase,
const char ***_aliases);
errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb,
TALLOC_CTX *mem_ctx,
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 98291e6e..0719f74b 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -1920,7 +1920,8 @@ errno_t sdap_check_aliases(struct sysdb_ctx *sysdb,
goto done;
}
- ret = sysdb_attrs_get_aliases(tmp_ctx, user_attrs, name, &aliases);
+ ret = sysdb_attrs_get_aliases(tmp_ctx, user_attrs, name,
+ !dom->case_sensitive, &aliases);
if (ret != EOK) {
DEBUG(1, ("Failed to get the alias list\n"));
goto done;
@@ -2024,10 +2025,10 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
return EOK;
}
-
errno_t
sdap_save_all_names(const char *name,
struct sysdb_attrs *ldap_attrs,
+ bool lowercase,
struct sysdb_attrs *attrs)
{
const char **aliases = NULL;
@@ -2041,7 +2042,8 @@ sdap_save_all_names(const char *name,
goto done;
}
- ret = sysdb_attrs_get_aliases(tmp_ctx, ldap_attrs, name, &aliases);
+ ret = sysdb_attrs_get_aliases(tmp_ctx, ldap_attrs, name,
+ lowercase, &aliases);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Failed to get the alias list"));
goto done;
@@ -2062,4 +2064,3 @@ done:
talloc_free(tmp_ctx);
return ret;
}
-
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index f53af1e0..2fd606bc 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -208,6 +208,7 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs,
errno_t sdap_save_all_names(const char *name,
struct sysdb_attrs *ldap_attrs,
+ bool lowercase,
struct sysdb_attrs *attrs);
#endif /* _SDAP_ASYNC_H_ */
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 750ac998..3e30bb28 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -348,9 +348,9 @@ static int sdap_save_group(TALLOC_CTX *memctx,
}
}
- ret = sdap_save_all_names(name, attrs, group_attrs);
+ ret = sdap_save_all_names(name, attrs, !dom->case_sensitive, group_attrs);
if (ret != EOK) {
- DEBUG(1, ("Failed to save user names\n"));
+ DEBUG(1, ("Failed to save group names\n"));
goto fail;
}
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 631ce152..73ab25ea 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -444,8 +444,9 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq)
/* Search for all groups for which this user is a member */
attrs[0] = SYSDB_MEMBEROF;
attrs[1] = NULL;
- ret = sysdb_search_user_by_name(state, state->sysdb, state->name, attrs,
- &msg);
+
+ ret = sysdb_search_user_by_name(state, state->sysdb, state->name,
+ attrs, &msg);
if (ret != EOK) {
tevent_req_error(req, ret);
return;
@@ -2462,6 +2463,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
size_t count;
int ret;
const char *orig_dn;
+ const char *cname;
DEBUG(9, ("Receiving info for the user\n"));
@@ -2520,6 +2522,13 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
return;
}
+ ret = sysdb_get_real_name(state, state->sysdb, state->name, &cname);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot canonicalize username\n"));
+ tevent_req_error(req, ret);
+ return;
+ }
+
DEBUG(9, ("Process user's groups\n"));
switch (state->opts->schema_type) {
@@ -2533,7 +2542,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts,
state->sysdb, state->sh,
- state->name);
+ cname);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
@@ -2553,7 +2562,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
subreq = sdap_initgr_rfc2307bis_send(
state, state->ev, state->opts, state->sysdb,
state->dom, state->sh,
- state->name, orig_dn);
+ cname, orig_dn);
if (!subreq) {
tevent_req_error(req, ENOMEM);
return;
diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c
index 88efc5e2..0888c7e2 100644
--- a/src/providers/ldap/sdap_async_netgroups.c
+++ b/src/providers/ldap/sdap_async_netgroups.c
@@ -38,6 +38,7 @@ bool is_dn(const char *str)
static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
struct sysdb_ctx *ctx,
+ struct sss_domain_info *dom,
struct sdap_options *opts,
struct sysdb_attrs *attrs,
char **_timestamp,
@@ -119,6 +120,13 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx,
DEBUG(6, ("Storing info for netgroup %s\n", name));
+ ret = sdap_save_all_names(name, attrs, !dom->case_sensitive,
+ netgroup_attrs);
+ if (ret != EOK) {
+ DEBUG(1, ("Failed to save netgroup names\n"));
+ goto fail;
+ }
+
ret = sysdb_add_netgroup(ctx, name, NULL, netgroup_attrs,
dp_opt_get_int(opts->basic,
SDAP_ENTRY_CACHE_TIMEOUT), now);
@@ -681,6 +689,7 @@ static void netgr_translate_members_done(struct tevent_req *subreq)
now = time(NULL);
for (c = 0; c < state->count; c++) {
ret = sdap_save_netgroup(state, state->sysdb,
+ state->dom,
state->opts,
state->netgroups[c],
&state->higher_timestamp,
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index c929e204..cccf75b8 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -234,7 +234,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
}
}
- ret = sdap_save_all_names(name, attrs, user_attrs);
+ ret = sdap_save_all_names(name, attrs, !dom->case_sensitive, user_attrs);
if (ret != EOK) {
DEBUG(1, ("Failed to save user names\n"));
goto fail;