summaryrefslogtreecommitdiff
path: root/server/providers/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'server/providers/ldap')
-rw-r--r--server/providers/ldap/sdap_async_accounts.c272
1 files changed, 129 insertions, 143 deletions
diff --git a/server/providers/ldap/sdap_async_accounts.c b/server/providers/ldap/sdap_async_accounts.c
index 157ec3e9..e4656cd7 100644
--- a/server/providers/ldap/sdap_async_accounts.c
+++ b/server/providers/ldap/sdap_async_accounts.c
@@ -624,64 +624,110 @@ int sdap_get_users_recv(struct tevent_req *req,
/* ==Group-Parsing Routines=============================================== */
-static int sdap_parse_memberships(TALLOC_CTX *memctx,
- struct sysdb_handle *handle,
- struct sdap_options *opts,
- struct ldb_val *values,
- int num_values,
- const char ***member_users,
- const char ***member_groups)
+struct sdap_orig_entry_state {
+ int done;
+};
+
+static void sdap_find_entry_by_origDN_done(struct tevent_req *req)
+{
+ struct sdap_orig_entry_state *state = tevent_req_callback_data(req,
+ struct sdap_orig_entry_state);
+ state->done = 1;
+}
+
+/* WARNING: this is a sync routine for now */
+static int sdap_find_entry_by_origDN(TALLOC_CTX *memctx,
+ struct tevent_context *ev,
+ struct sysdb_handle *handle,
+ struct sss_domain_info *domain,
+ const char *orig_dn,
+ char **localdn)
{
- const char **mgs = NULL;
- const char **mus = NULL;
- int i, u, g;
+ struct tevent_req *req;
+ struct sdap_orig_entry_state *state;
+ static const char *attrs[] = { NULL };
+ struct ldb_dn *base_dn;
+ char *filter;
+ struct ldb_message **msgs;
+ size_t num_msgs;
int ret;
- /* if this is the first time we are called, check if users and
- * groups base DNs are set, if not do it */
- if (!opts->users_base) {
- opts->users_base = ldb_dn_new_fmt(opts,
- sysdb_handle_get_ldb(handle), "%s",
- dp_opt_get_string(opts->basic,
- SDAP_USER_SEARCH_BASE));
- if (!opts->users_base) {
- DEBUG(1, ("Unable to get casefold Users Base DN from [%s]\n",
- dp_opt_get_string(opts->basic,
- SDAP_USER_SEARCH_BASE)));
- DEBUG(1, ("Out of memory?!\n"));
- ret = ENOMEM;
- goto done;
- }
+ state = talloc_zero(memctx, struct sdap_orig_entry_state);
+ if (!state) {
+ ret = ENOMEM;
+ goto done;
}
- if (!opts->groups_base) {
- opts->groups_base = ldb_dn_new_fmt(opts,
- sysdb_handle_get_ldb(handle), "%s",
- dp_opt_get_string(opts->basic,
- SDAP_GROUP_SEARCH_BASE));
- if (!opts->users_base) {
- DEBUG(1, ("Unable to get casefold Users Base DN from [%s]\n",
- dp_opt_get_string(opts->basic,
- SDAP_GROUP_SEARCH_BASE)));
- DEBUG(1, ("Out of memory?!\n"));
- ret = ENOMEM;
- goto done;
- }
+
+ filter = talloc_asprintf(state, "%s=%s", SYSDB_ORIG_DN, orig_dn);
+ if (!filter) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ base_dn = sysdb_domain_dn(sysdb_handle_get_ctx(handle),
+ state, domain->name);
+ if (!base_dn) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ req = sysdb_search_entry_send(state, ev, handle, base_dn,
+ LDB_SCOPE_SUBTREE, filter, attrs);
+ if (!req) {
+ ret = ENOMEM;
+ goto done;
+ }
+ tevent_req_set_callback(req, sdap_find_entry_by_origDN_done, state);
+
+ /* WARNING: SYNC LOOP HERE */
+ while (state->done == 0) {
+ tevent_loop_once(ev);
+ }
+
+ ret = sysdb_search_entry_recv(req, state, &num_msgs, &msgs);
+ if (ret) {
+ goto done;
+ }
+ if (num_msgs != 1) {
+ ret = ENOENT;
+ goto done;
+ }
+
+ *localdn = talloc_strdup(memctx, ldb_dn_get_linearized(msgs[0]->dn));
+ if (!*localdn) {
+ ret = ENOENT;
+ goto done;
}
+ ret = EOK;
+
+done:
+ talloc_zfree(state);
+ return ret;
+}
+
+static int sdap_fill_memberships(struct sysdb_attrs *group_attrs,
+ struct tevent_context *ev,
+ struct sysdb_handle *handle,
+ struct sdap_options *opts,
+ struct sss_domain_info *domain,
+ struct ldb_val *values,
+ int num_values)
+{
+ struct ldb_message_element *el;
+ int i, j;
+ int ret;
+
switch (opts->schema_type) {
case SDAP_SCHEMA_RFC2307:
DEBUG(9, ("[RFC2307 Schema]\n"));
- mus = talloc_array(memctx, const char *, num_values +1);
- if (!mus) {
- ret = ENOMEM;
+ ret = sysdb_attrs_users_from_ldb_vals(group_attrs, SYSDB_MEMBER,
+ domain->name,
+ values, num_values);
+ if (ret) {
goto done;
}
- for (i = 0; i < num_values; i++) {
- mus[i] = (char *)values[i].data;
- DEBUG(7, (" member user %d: [%s]\n", i, mus[i]));
- }
- mus[i] = NULL;
break;
@@ -690,93 +736,43 @@ static int sdap_parse_memberships(TALLOC_CTX *memctx,
case SDAP_SCHEMA_AD:
DEBUG(9, ("[IPA or AD Schema]\n"));
- /* Just allocate both big enough to contain all members for now */
- mus = talloc_array(memctx, const char *, num_values +1);
- if (!mus) {
- ret = ENOMEM;
+ ret = sysdb_attrs_get_el(group_attrs, SYSDB_MEMBER, &el);
+ if (ret) {
goto done;
}
- mgs = talloc_array(memctx, const char *, num_values +1);
- if (!mgs) {
+ /* Just allocate both big enough to contain all members for now */
+ el->values = talloc_realloc(el, el->values, struct ldb_val,
+ el->num_values + num_values);
+ if (!el->values) {
ret = ENOMEM;
goto done;
}
- u = 0;
- g = 0;
-
- for (i = 0; i < num_values; i++) {
- struct ldb_dn *tmp_dn = NULL;
- const struct ldb_val *v;
-
- /* parse out DN */
- tmp_dn = ldb_dn_new_fmt(mus,
- sysdb_handle_get_ldb(handle),
- "%.*s",
- (int)values[i].length,
- (char *)values[i].data);
- if (!tmp_dn) {
- DEBUG(1, ("Unable to parse DN: [%.*s]\n",
- (int)values[i].length,
- (char *)values[i].data));
- continue;
- }
- v = ldb_dn_get_rdn_val(tmp_dn);
- if (!v) {
- DEBUG(1, ("Unable to parse DN: [%.*s]\n",
- (int)values[i].length,
- (char *)values[i].data));
- continue;
- }
- DEBUG(9, ("Member DN [%.*s], RDN [%.*s]\n",
- (int)values[i].length, (char *)values[i].data,
- (int)v->length, (char *)v->data));
-
- if (ldb_dn_compare_base(opts->users_base, tmp_dn) == 0) {
- mus[u] = talloc_asprintf(mus, "%.*s",
- (int)v->length,
- (char *)v->data);
- if (!mus[u]) {
- DEBUG(1, ("Out of memory?!\n"));
- continue;
- }
- u++;
-
- DEBUG(7, (" member user %d: [%.*s]\n", i,
- (int)v->length, (char *)v->data));
- } else
- if (ldb_dn_compare_base(opts->groups_base, tmp_dn) == 0) {
- mgs[g] = talloc_asprintf(mgs, "%.*s",
- (int)v->length,
- (char *)v->data);
- if (!mgs[g]) {
- DEBUG(1, ("Out of memory?!\n"));
- continue;
+ for (i = 0, j = el->num_values; i < num_values; i++) {
+
+ /* sync search entry with this as origDN */
+ ret = sdap_find_entry_by_origDN(el->values, ev,
+ handle, domain,
+ (char *)values[i].data,
+ (char **)&el->values[j].data);
+ if (ret != EOK) {
+ if (ret != ENOENT) {
+ goto done;
}
- g++;
- DEBUG(7, (" member group %d: [%.*s]\n", i,
- (int)v->length, (char *)v->data));
+ DEBUG(7, (" member #%d (%s): not found!\n",
+ i, (char *)values[i].data));
} else {
- DEBUG(1, ("Unkown Member type for DN: [%.*s]\n",
- (int)values[i].length,
- (char *)values[i].data));
- continue;
- }
- }
+ DEBUG(7, (" member #%d (%s): [%s]\n",
+ i, (char *)values[i].data,
+ (char *)el->values[j].data));
- if (g) {
- mgs[g] = NULL;
- } else {
- talloc_zfree(mgs);
- }
-
- if (u) {
- mus[u] = NULL;
- } else {
- talloc_zfree(mus);
+ el->values[j].length = strlen((char *)el->values[j].data);
+ j++;
+ }
}
+ el->num_values = j;
break;
@@ -790,14 +786,6 @@ static int sdap_parse_memberships(TALLOC_CTX *memctx,
ret = EOK;
done:
- if (ret != EOK) {
- talloc_zfree(mus);
- talloc_zfree(mgs);
- }
-
- *member_users = mus;
- *member_groups = mgs;
-
return ret;
}
@@ -830,8 +818,6 @@ static struct tevent_req *sdap_save_group_send(TALLOC_CTX *memctx,
struct tevent_req *req, *subreq;
struct sdap_save_group_state *state;
struct ldb_message_element *el;
- const char **member_groups = NULL;
- const char **member_users = NULL;
struct sysdb_attrs *group_attrs;
long int l;
gid_t gid;
@@ -937,9 +923,8 @@ static struct tevent_req *sdap_save_group_send(TALLOC_CTX *memctx,
} else {
DEBUG(7, ("Adding member users to group [%s]\n", state->name));
- ret = sdap_parse_memberships(state, handle, opts,
- el->values, el->num_values,
- &member_users, &member_groups);
+ ret = sdap_fill_memberships(group_attrs, ev, handle, opts, dom,
+ el->values, el->num_values);
if (ret) {
goto fail;
}
@@ -951,7 +936,6 @@ static struct tevent_req *sdap_save_group_send(TALLOC_CTX *memctx,
subreq = sysdb_store_group_send(state, state->ev,
state->handle, state->dom,
state->name, gid,
- member_users, member_groups,
group_attrs,
dp_opt_get_int(opts->basic,
SDAP_ENTRY_CACHE_TIMEOUT));
@@ -1031,8 +1015,7 @@ static struct tevent_req *sdap_save_grpmem_send(TALLOC_CTX *memctx,
struct tevent_req *req, *subreq;
struct sdap_save_grpmem_state *state;
struct ldb_message_element *el;
- const char **member_groups = NULL;
- const char **member_users = NULL;
+ struct sysdb_attrs *group_attrs = NULL;
int ret;
req = tevent_req_create(memctx, &state, struct sdap_save_grpmem_state);
@@ -1061,9 +1044,14 @@ static struct tevent_req *sdap_save_grpmem_send(TALLOC_CTX *memctx,
} else {
DEBUG(7, ("Adding member users to group [%s]\n", state->name));
- ret = sdap_parse_memberships(state, handle, opts,
- el->values, el->num_values,
- &member_users, &member_groups);
+ group_attrs = sysdb_new_attrs(state);
+ if (!group_attrs) {
+ ret = ENOMEM;
+ goto fail;
+ }
+
+ ret = sdap_fill_memberships(group_attrs, ev, handle, opts, dom,
+ el->values, el->num_values);
if (ret) {
goto fail;
}
@@ -1074,8 +1062,7 @@ static struct tevent_req *sdap_save_grpmem_send(TALLOC_CTX *memctx,
subreq = sysdb_store_group_send(state, state->ev,
state->handle, state->dom,
state->name, 0,
- member_users, member_groups,
- NULL,
+ group_attrs,
dp_opt_get_int(opts->basic,
SDAP_ENTRY_CACHE_TIMEOUT));
if (!subreq) {
@@ -1982,7 +1969,6 @@ static void sdap_get_initgr_process(struct tevent_req *subreq)
struct tevent_req);
struct sdap_get_initgr_state *state = tevent_req_data(req,
struct sdap_get_initgr_state);
- const char *user_dn;
int ret;
DEBUG(9, ("Process user's groups\n"));