summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/sdap_async_initgroups_ad.c52
1 files changed, 41 insertions, 11 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index f6d236de..a0841a79 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -364,9 +364,12 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
char *sid_str;
gid_t gid;
time_t now;
+ struct sss_domain_info *group_domain;
struct sysdb_attrs **users;
struct ldb_message_element *el;
struct ldb_message *msg;
+ struct ldb_dn *group_ldb_dn;
+ const char *group_str_dn;
char **ldap_grouplist;
char **sysdb_grouplist;
char **add_groups;
@@ -471,12 +474,20 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
continue;
}
+ group_domain = find_subdomain_by_sid(get_domains_head(state->domain),
+ sid_str);
+ if (group_domain == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Domain not found for SID %s\n",
+ sid_str));
+ continue;
+ }
+
DEBUG(SSSDBG_TRACE_LIBS,
("Processing membership GID [%"SPRIgid"]\n", gid));
/* Check whether this GID already exists in the sysdb */
- ret = sysdb_search_group_by_gid(tmp_ctx, state->sysdb, state->domain,
- gid, attrs, &msg);
+ ret = sysdb_search_group_by_gid(tmp_ctx, group_domain->sysdb,
+ group_domain, gid, attrs, &msg);
if (ret == EOK) {
group_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
if (!group_name) {
@@ -491,9 +502,10 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
* the group or its GID occurs, it will replace this
* temporary entry.
*/
+
group_name = sid_str;
- ret = sysdb_add_incomplete_group(state->sysdb,
- state->domain,
+ ret = sysdb_add_incomplete_group(group_domain->sysdb,
+ group_domain,
group_name, gid,
NULL, sid_str, false, now);
if (ret != EOK) {
@@ -510,13 +522,31 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
goto done;
}
+ group_ldb_dn = sysdb_group_dn(group_domain->sysdb, tmp_ctx,
+ group_domain, group_name);
+ if (group_ldb_dn == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_group_dn() failed\n"));
+ ret = ENOMEM;
+ goto done;
+ }
+
+ group_str_dn = ldb_dn_get_linearized(group_ldb_dn);
+ if (group_str_dn == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("ldb_dn_get_linearized() failed\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
ldap_grouplist[group_count] =
- talloc_strdup(ldap_grouplist, group_name);
+ talloc_strdup(ldap_grouplist, group_str_dn);
if (!ldap_grouplist[group_count]) {
ret = ENOMEM;
goto done;
}
+ talloc_zfree(group_ldb_dn); /* also frees group_str_dn */
+ group_str_dn = NULL;
+
group_count++;
}
ldap_grouplist[group_count] = NULL;
@@ -524,8 +554,8 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
/* Get the current sysdb group list for this user
* so we can update it.
*/
- ret = get_sysdb_grouplist(state, state->sysdb, state->domain,
- state->username, &sysdb_grouplist);
+ ret = get_sysdb_grouplist_dn(state, state->sysdb, state->domain,
+ state->username, &sysdb_grouplist);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Could not get the list of groups for [%s] in the sysdb: "
@@ -543,10 +573,10 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
DEBUG(SSSDBG_TRACE_LIBS,
("Updating memberships for [%s]\n", state->username));
- ret = sysdb_update_members(state->sysdb, state->domain,
- state->username, SYSDB_MEMBER_USER,
- (const char *const *) add_groups,
- (const char *const *) del_groups);
+ ret = sysdb_update_members_dn(state->sysdb, state->domain,
+ state->username, SYSDB_MEMBER_USER,
+ (const char *const *) add_groups,
+ (const char *const *) del_groups);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Membership update failed [%d]: %s\n",