From 9cc66028cb6e497588a088ff2953e2ca7ed6ca6d Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Fri, 6 Sep 2013 13:13:04 +0200 Subject: sysdb: get_sysdb_grouplist() can return either names or dn We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066 --- src/providers/ldap/sdap_async_initgroups.c | 65 ++++++++++++++++++++++-------- src/providers/ldap/sdap_async_private.h | 6 +++ 2 files changed, 55 insertions(+), 16 deletions(-) (limited to 'src') diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index a0df82ca..e645067b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -3035,11 +3035,12 @@ int sdap_get_initgr_recv(struct tevent_req *req) return EOK; } -errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - const char *name, - char ***grouplist) +static errno_t get_sysdb_grouplist_ex(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *name, + char ***grouplist, + bool get_dn) { errno_t ret; const char *attrs[2]; @@ -3075,19 +3076,32 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, goto done; } - /* Get a list of the groups by groupname only */ - for (i=0; i < groups->num_values; i++) { - ret = sysdb_group_dn_name(sysdb, - sysdb_grouplist, - (const char *)groups->values[i].data, - &sysdb_grouplist[i]); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not determine group name from [%s]: [%s]\n", - (const char *)groups->values[i].data, strerror(ret))); - goto done; + if (get_dn) { + /* Get distinguish name */ + for (i=0; i < groups->num_values; i++) { + sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist, + (const char *)groups->values[i].data); + if (sysdb_grouplist[i] == NULL) { + ret = ENOMEM; + goto done; + } + } + } else { + /* Get a list of the groups by groupname only */ + for (i=0; i < groups->num_values; i++) { + ret = sysdb_group_dn_name(sysdb, + sysdb_grouplist, + (const char *)groups->values[i].data, + &sysdb_grouplist[i]); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Could not determine group name from [%s]: [%s]\n", + (const char *)groups->values[i].data, strerror(ret))); + goto done; + } } } + sysdb_grouplist[groups->num_values] = NULL; } @@ -3098,3 +3112,22 @@ done: return ret; } +errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *name, + char ***grouplist) +{ + return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain, + name, grouplist, false); +} + +errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *name, + char ***grouplist) +{ + return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain, + name, grouplist, true); +} diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h index 944c8a82..364c809a 100644 --- a/src/providers/ldap/sdap_async_private.h +++ b/src/providers/ldap/sdap_async_private.h @@ -112,6 +112,12 @@ errno_t get_sysdb_grouplist(TALLOC_CTX *mem_ctx, const char *name, char ***grouplist); +errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *name, + char ***grouplist); + /* from sdap_async_nested_groups.c */ struct tevent_req *sdap_nested_group_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, -- cgit