From 9e37ad98a9f2bbd1128ba73d0fee1af7b337ec59 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 27 Nov 2009 18:52:55 -0500 Subject: Use memberuid and not member in group enumerations This allows for correctly reporting nested group members, while at the same time not paying a too high price for caluclating nested groups at runtime e very time a search is made. --- server/db/sysdb.h | 2 +- server/responder/nss/nsssrv_cmd.c | 61 +++++---------------------------------- 2 files changed, 9 insertions(+), 54 deletions(-) diff --git a/server/db/sysdb.h b/server/db/sysdb.h index d9f224c1..bc2bf66a 100644 --- a/server/db/sysdb.h +++ b/server/db/sysdb.h @@ -117,7 +117,7 @@ SYSDB_DEFAULT_ATTRS, \ NULL} #define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \ - SYSDB_MEMBER, \ + SYSDB_MEMBERUID, \ SYSDB_DEFAULT_ATTRS, \ NULL} #define SYSDB_GRPW_ATTRS {SYSDB_NAME, SYSDB_UIDNUM, \ diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c index 6be78900..1802dfea 100644 --- a/server/responder/nss/nsssrv_cmd.c +++ b/server/responder/nss/nsssrv_cmd.c @@ -1482,7 +1482,6 @@ static int fill_grent(struct sss_packet *packet, size_t dom_len; int i, j; int ret, num, memnum; - size_t sysnamelen, sysuserslen; size_t rzero, rsize; bool add_domain = dom->fqnames; const char *domain = dom->name; @@ -1496,9 +1495,6 @@ static int fill_grent(struct sss_packet *packet, dom_len = 0; } - sysnamelen = strlen(SYSDB_NAME); - sysuserslen = strlen(SYSDB_USERS_CONTAINER); - num = 0; /* first 2 fields (len and reserved), filled up later */ @@ -1609,61 +1605,27 @@ static int fill_grent(struct sss_packet *packet, body[rzero + rsize -2] = 'x'; /* group passwd field */ body[rzero + rsize -1] = '\0'; - el = ldb_msg_find_element(msg, SYSDB_MEMBER); + el = ldb_msg_find_element(msg, SYSDB_MEMBERUID); if (el) { memnum = 0; for (j = 0; j < el->num_values; j++) { - int nlen; - char *p; - - if (strncmp((const char *)el->values[j].data, - SYSDB_NAME, sysnamelen) != 0) { - DEBUG(1, ("Member [%.*s] not in the std format ?! " - "("SYSDB_NAME"=value,...)\n", - el->values[i].length, - (const char *)el->values[i].data)); - continue; - } - - name = &((const char *)el->values[j].data)[sysnamelen + 1]; - p = strchr(name, ','); - if (!p) { - DEBUG(1, ("Member [%.*s] not in the std format ?! " - "("SYSDB_NAME"=value,...)\n", - el->values[i].length, - (const char *)el->values[j].data)); - continue; - } - nlen = p - name; + name = (const char *)el->values[j].data; if (nctx->filter_users_in_groups) { - char t; - t = *p; - *p = '\0'; ret = nss_ncache_check_user(nctx->ncache, nctx->neg_timeout, domain, name); - *p = t; if (ret == EEXIST) { - DEBUG(6, ("Group [%s] member [%.*s@%s] filtered out!" + DEBUG(6, ("Group [%s] member [%s@%s] filtered out!" " (negative cache)\n", (char *)&body[rzero+STRS_ROFFSET], - nlen, name, domain)); + name, domain)); continue; } } - p++; - if (strncmp(p, SYSDB_USERS_CONTAINER, sysuserslen) != 0) { - DEBUG(1, ("Member [%.*s] not in the std format ?! " - "("SYSDB_NAME"=value,...)\n", - el->values[i].length, - (const char *)el->values[j].data)); - continue; - } - - nsize = nlen + 1; /* includes terminating \0 */ + nsize = strlen(name) + 1; /* includes terminating \0 */ if (add_domain) nsize += delim + dom_len; ret = sss_packet_grow(packet, nsize); @@ -1674,14 +1636,8 @@ static int fill_grent(struct sss_packet *packet, sss_packet_get_body(packet, &body, &blen); if (add_domain) { - char tmp[nlen+1]; - - memcpy(tmp, name, nlen); - tmp[nlen] = '\0'; - - ret = snprintf((char *)&body[rzero + rsize], - nsize, namefmt, tmp, domain); + nsize, namefmt, name, domain); if (ret >= nsize) { /* need more space, * got creative with the print format ? */ @@ -1697,7 +1653,7 @@ static int fill_grent(struct sss_packet *packet, /* retry */ ret = snprintf((char *)&body[rzero + rsize], - nsize, namefmt, tmp, domain); + nsize, namefmt, name, domain); } if (ret != nsize-1) { @@ -1715,8 +1671,7 @@ static int fill_grent(struct sss_packet *packet, } } else { - memcpy(&body[rzero + rsize], name, nlen); - body[rzero + rsize + nlen] = '\0'; + memcpy(&body[rzero + rsize], name, nsize); } rsize += nsize; -- cgit