diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/db/sysdb.c | 2 | ||||
-rw-r--r-- | src/db/sysdb.h | 11 | ||||
-rw-r--r-- | src/db/sysdb_search.c | 46 | ||||
-rw-r--r-- | src/db/sysdb_subdomains.c | 40 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 14 | ||||
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 4 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv_get_sudorules.c | 2 | ||||
-rw-r--r-- | src/tests/sysdb-tests.c | 28 | ||||
-rw-r--r-- | src/tools/sss_seed.c | 10 | ||||
-rw-r--r-- | src/tools/sss_sync_ops.c | 4 | ||||
-rw-r--r-- | src/util/domain_info_utils.c | 2 |
11 files changed, 78 insertions, 85 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c index 2647c630..623cf2b5 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -1822,7 +1822,7 @@ errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_getpwnam(tmp_ctx, sysdb, name, &res); + ret = sysdb_getpwnam(tmp_ctx, sysdb, sysdb->domain, name, &res); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot canonicalize username\n")); goto done; diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 9f8c85be..0c15cc66 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -429,15 +429,6 @@ errno_t sysdb_store_domgroup(struct sss_domain_info *domain, errno_t sysdb_delete_domgroup(struct sss_domain_info *domain, const char *name, gid_t gid); -int sysdb_subdom_getpwnam(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - const char *name, - struct ldb_result **res); -int sysdb_subdom_getgrnam(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - const char *name, - struct ldb_result **res); - errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, size_t *range_count, struct range_info ***range_list); @@ -464,6 +455,7 @@ int sysdb_domain_init(TALLOC_CTX *mem_ctx, * therefore they cannot be called within a transaction */ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, struct ldb_result **res); @@ -478,6 +470,7 @@ int sysdb_enumpwent(TALLOC_CTX *mem_ctx, int sysdb_getgrnam(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, struct ldb_result **res); diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 49f628bf..902a2637 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -29,6 +29,7 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, struct ldb_result **_res) { @@ -37,6 +38,7 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, struct ldb_dn *base_dn; struct ldb_result *res; char *sanitized_name; + const char *src_name; int ret; tmp_ctx = talloc_new(NULL); @@ -45,13 +47,27 @@ int sysdb_getpwnam(TALLOC_CTX *mem_ctx, } base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - SYSDB_TMPL_USER_BASE, sysdb->domain->name); + SYSDB_TMPL_USER_BASE, domain->name); if (!base_dn) { ret = ENOMEM; goto done; } - ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); + /* If this is a subomain we need to use fully qualified names for the + * search as well by default */ + if (domain->parent && domain->fqnames) { + ret = ENOMEM; + src_name = talloc_asprintf(tmp_ctx, domain->names->fq_fmt, + name, domain->name); + } else { + ret = EINVAL; + src_name = name; + } + if (!src_name) { + goto done; + } + + ret = sss_filter_sanitize(tmp_ctx, src_name, &sanitized_name); if (ret != EOK) { goto done; } @@ -191,6 +207,7 @@ static int mpg_res_convert(struct ldb_result *res) int sysdb_getgrnam(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name, struct ldb_result **_res) { @@ -200,6 +217,7 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, char *sanitized_name; struct ldb_dn *base_dn; struct ldb_result *res; + const char *src_name; int ret; tmp_ctx = talloc_new(NULL); @@ -210,18 +228,32 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, if (sysdb->mpg) { fmt_filter = SYSDB_GRNAM_MPG_FILTER; base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - SYSDB_DOM_BASE, sysdb->domain->name); + SYSDB_DOM_BASE, domain->name); } else { fmt_filter = SYSDB_GRNAM_FILTER; base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - SYSDB_TMPL_GROUP_BASE, sysdb->domain->name); + SYSDB_TMPL_GROUP_BASE, domain->name); } if (!base_dn) { ret = ENOMEM; goto done; } - ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); + /* If this is a subomain we need to use fully qualified names for the + * search as well by default */ + if (domain->parent && domain->fqnames) { + ret = ENOMEM; + src_name = talloc_asprintf(tmp_ctx, domain->names->fq_fmt, + name, domain->name); + } else { + ret = EINVAL; + src_name = name; + } + if (!src_name) { + goto done; + } + + ret = sss_filter_sanitize(tmp_ctx, src_name, &sanitized_name); if (ret != EOK) { goto done; } @@ -365,9 +397,7 @@ int sysdb_initgroups(TALLOC_CTX *mem_ctx, return ENOMEM; } - /* if this is a subdomain we need to search for the fully qualified - * name in the database */ - ret = sysdb_subdom_getpwnam(tmp_ctx, sysdb, name, &res); + ret = sysdb_getpwnam(tmp_ctx, sysdb, sysdb->domain, name, &res); if (ret != EOK) { DEBUG(1, ("sysdb_getpwnam failed: [%d][%s]\n", ret, strerror(ret))); diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c index ea1ce998..9f20ed59 100644 --- a/src/db/sysdb_subdomains.c +++ b/src/db/sysdb_subdomains.c @@ -668,43 +668,3 @@ errno_t sysdb_delete_domgroup(struct sss_domain_info *domain, return sysdb_delete_group(domain->sysdb, name, gid); } - -int sysdb_subdom_getpwnam(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - const char *name, - struct ldb_result **res) -{ - char *src_name = NULL; - int ret; - - if (sysdb->domain->parent) { - src_name = talloc_asprintf(mem_ctx, sysdb->domain->names->fq_fmt, - name, sysdb->domain->name); - if (!src_name) return ENOMEM; - } - - ret = sysdb_getpwnam(mem_ctx, sysdb, src_name ? src_name : name, res); - talloc_zfree(src_name); - - return ret; -} - -int sysdb_subdom_getgrnam(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - const char *name, - struct ldb_result **res) -{ - char *src_name = NULL; - int ret; - - if (sysdb->domain->parent) { - src_name = talloc_asprintf(mem_ctx, sysdb->domain->names->fq_fmt, - name, sysdb->domain->name); - if (!src_name) return ENOMEM; - } - - ret = sysdb_getgrnam(mem_ctx, sysdb, src_name ? src_name : name, res); - talloc_zfree(src_name); - - return ret; -} diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 55543f07..7e33d922 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -297,7 +297,7 @@ static int fill_pwent(struct sss_packet *packet, size_t dom_len = 0; int delim = 1; int i, ret, num, t; - bool add_domain = dom->fqnames; + bool add_domain = (dom->fqnames && (dom->parent == NULL)); const char *domain = dom->name; const char *namefmt; bool packet_initialized = false; @@ -759,9 +759,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx) return EIO; } - /* if this is a subdomain we need to search for the fully qualified - * name in the database */ - ret = sysdb_subdom_getpwnam(cmdctx, sysdb, name, &dctx->res); + ret = sysdb_getpwnam(cmdctx, sysdb, dom, name, &dctx->res); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); return EIO; @@ -1926,7 +1924,7 @@ static int fill_members(struct sss_packet *packet, size_t blen; const char *domain = dom->name; - bool add_domain = dom->fqnames; + bool add_domain = (dom->fqnames && (dom->parent == NULL)); if (add_domain) { delim = 1; @@ -2055,7 +2053,7 @@ static int fill_grent(struct sss_packet *packet, int i = 0; int ret, num, memnum; size_t rzero, rsize; - bool add_domain = dom->fqnames; + bool add_domain = (dom->fqnames && (dom->parent == NULL)); const char *domain = dom->name; const char *namefmt; TALLOC_CTX *tmp_ctx = NULL; @@ -2358,9 +2356,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx) return EIO; } - /* if this is a subdomain we need to search for the fully qualified - * name in the database */ - ret = sysdb_subdom_getgrnam(cmdctx, sysdb, name, &dctx->res); + ret = sysdb_getgrnam(cmdctx, sysdb, dom, name, &dctx->res); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); return EIO; diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 813894d3..fa8eabf6 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1239,9 +1239,7 @@ static int pam_check_user_search(struct pam_auth_req *preq) return EFAULT; } - /* if this is a subdomain we need to search for the fully qualified - * name in the database */ - ret = sysdb_subdom_getpwnam(preq, sysdb, name, &preq->res); + ret = sysdb_getpwnam(preq, sysdb, dom, name, &preq->res); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); return EIO; diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c index 5a78000c..ac8cb3ce 100644 --- a/src/responder/sudo/sudosrv_get_sudorules.c +++ b/src/responder/sudo/sudosrv_get_sudorules.c @@ -136,7 +136,7 @@ static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx) goto done; } - ret = sysdb_getpwnam(dctx, sysdb, name, &user); + ret = sysdb_getpwnam(dctx, sysdb, dctx->domain, name, &user); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to make request to our cache!\n")); diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 351c07d0..65e03fe0 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -846,6 +846,7 @@ START_TEST (test_sysdb_getpwnam) ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, username, &res); if (ret) { fail("sysdb_getpwnam failed for username %s (%d: %s)", @@ -866,6 +867,7 @@ START_TEST (test_sysdb_getpwnam) ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, username, &res); if (ret) { fail("sysdb_getpwnam failed for username %s (%d: %s)", @@ -901,6 +903,7 @@ START_TEST (test_sysdb_getgrnam) ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, groupname, &res); if (ret) { fail("sysdb_getgrnam failed for groupname %s (%d: %s)", @@ -923,6 +926,7 @@ START_TEST (test_sysdb_getgrnam) ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, groupname, &res); if (ret) { fail("sysdb_getgrnam failed for groupname %s (%d: %s)", @@ -3275,7 +3279,8 @@ START_TEST(test_group_rename) ret = sysdb_store_group(test_ctx->sysdb, fromname, grgid, NULL, 0, 0); fail_unless(ret == EOK, "Could not add first group"); - ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, fromname, &res); + ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, fromname, &res); fail_unless(ret == EOK, "Could not retrieve the group from cache\n"); if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); @@ -3298,7 +3303,8 @@ START_TEST(test_group_rename) ret = sysdb_store_group(test_ctx->sysdb, toname, grgid, NULL, 0, 0); fail_unless(ret == EOK, "Could not add first group"); - ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, toname, &res); + ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, toname, &res); fail_unless(ret == EOK, "Could not retrieve the group from cache\n"); if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); @@ -3315,7 +3321,8 @@ START_TEST(test_group_rename) name, toname); /* Verify the first name is gone */ - ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, fromname, &res); + ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, fromname, &res); fail_unless(ret == EOK, "Could not retrieve the group from cache\n"); fail_unless(res->count == 0, "Unexpectedly found the original user\n"); @@ -3345,7 +3352,8 @@ START_TEST(test_user_rename) NULL, NULL, NULL, 0, 0); fail_unless(ret == EOK, "Could not add first user"); - ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, fromname, &res); + ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, fromname, &res); fail_unless(ret == EOK, "Could not retrieve the user from cache\n"); if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); @@ -3370,7 +3378,8 @@ START_TEST(test_user_rename) fromname, "/", "/bin/sh", NULL, NULL, NULL, 0, 0); fail_unless(ret == EOK, "Could not add second user"); - ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, toname, &res); + ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, toname, &res); fail_unless(ret == EOK, "Could not retrieve the user from cache\n"); if (res->count != 1) { fail("Invalid number of replies. Expected 1, got %d", res->count); @@ -3387,7 +3396,8 @@ START_TEST(test_user_rename) name, fromname); /* Verify the first name is gone */ - ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, fromname, &res); + ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, fromname, &res); fail_unless(ret == EOK, "Could not retrieve the user from cache\n"); fail_unless(res->count == 0, "Unexpectedly found the original user\n"); @@ -3684,7 +3694,8 @@ START_TEST(test_odd_characters) ret, strerror(ret)); talloc_zfree(msg); - ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, odd_groupname, &res); + ret = sysdb_getgrnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, odd_groupname, &res); fail_unless(ret == EOK, "sysdb_getgrnam error [%d][%s]", ret, strerror(ret)); fail_unless(res->count == 1, "Received [%d] responses", @@ -3723,7 +3734,8 @@ START_TEST(test_odd_characters) fail_unless(ret == EOK, "sysdb_add_group_member error [%d][%s]", ret, strerror(ret)); - ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, odd_username, &res); + ret = sysdb_getpwnam(test_ctx, test_ctx->sysdb, + test_ctx->domain, odd_username, &res); fail_unless(ret == EOK, "sysdb_getpwnam error [%d][%s]", ret, strerror(ret)); fail_unless(res->count == 1, "Received [%d] responses", diff --git a/src/tools/sss_seed.c b/src/tools/sss_seed.c index d3c1cb44..45b4d1ad 100644 --- a/src/tools/sss_seed.c +++ b/src/tools/sss_seed.c @@ -47,6 +47,7 @@ struct user_ctx { struct seed_ctx { struct confdb_ctx *confdb; + struct sss_domain_info *domain; struct sysdb_ctx *sysdb; struct user_ctx *uctx; @@ -598,6 +599,7 @@ fini: static int seed_init_db(TALLOC_CTX *mem_ctx, const char *domain_name, struct confdb_ctx **_confdb, + struct sss_domain_info **_domain, struct sysdb_ctx **_sysdb) { TALLOC_CTX *tmp_ctx = NULL; @@ -640,6 +642,7 @@ static int seed_init_db(TALLOC_CTX *mem_ctx, } *_confdb = talloc_steal(mem_ctx, confdb); + *_domain = domain; *_sysdb = domain->sysdb; done: @@ -650,6 +653,7 @@ done: static int seed_domain_user_info(const char *name, const char *domain_name, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, bool *is_cached) { TALLOC_CTX *tmp_ctx = NULL; @@ -680,7 +684,7 @@ static int seed_domain_user_info(const char *name, } /* look for user in cache */ - ret = sysdb_getpwnam(tmp_ctx, sysdb, name, &res); + ret = sysdb_getpwnam(tmp_ctx, sysdb, domain, name, &res); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Couldn't lookup user (%s) in the cache\n", name)); @@ -792,7 +796,7 @@ int main(int argc, const char **argv) /* set up confdb,sysdb and domain */ ret = seed_init_db(sctx, sctx->uctx->domain_name, &sctx->confdb, - &sctx->sysdb); + &sctx->domain, &sctx->sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to initialize db and domain\n")); goto done; @@ -800,7 +804,7 @@ int main(int argc, const char **argv) /* get user info from domain */ ret = seed_domain_user_info(sctx->uctx->name, sctx->uctx->domain_name, - sctx->sysdb, &sctx->user_cached); + sctx->sysdb, sctx->domain, &sctx->user_cached); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Failed lookup of user [%s] in domain [%s]\n", sctx->uctx->name, sctx->uctx->domain_name)); diff --git a/src/tools/sss_sync_ops.c b/src/tools/sss_sync_ops.c index 37fd8c61..f5d496b5 100644 --- a/src/tools/sss_sync_ops.c +++ b/src/tools/sss_sync_ops.c @@ -575,7 +575,7 @@ int sysdb_getpwnam_sync(TALLOC_CTX *mem_ctx, const char *str; int ret; - ret = sysdb_getpwnam(mem_ctx, sysdb, name, &res); + ret = sysdb_getpwnam(mem_ctx, sysdb, out->domain, name, &res); if (ret) { return ret; } @@ -648,7 +648,7 @@ int sysdb_getgrnam_sync(TALLOC_CTX *mem_ctx, const char *str; int ret; - ret = sysdb_getgrnam(mem_ctx, sysdb, name, &res); + ret = sysdb_getgrnam(mem_ctx, sysdb, out->domain, name, &res); if (ret) { return ret; } diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index cee11eb5..c016258e 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -73,7 +73,7 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, } dom->enumerate = false; - dom->fqnames = false; + dom->fqnames = true; /* FIXME: get ranges from the server */ dom->id_min = 0; dom->id_max = 0xffffffff; |