sssd/0021-SDAP-use-ipa_get_rdn-in-nested-groups.patch

153 lines
4.9 KiB
Diff
Raw Normal View History

From 0e69b0fca08a1e35eb50232bfaa10094101ea801 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 10 Dec 2015 15:10:37 +0100
Subject: [PATCH 21/49] SDAP: use ipa_get_rdn() in nested groups
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit a6dd4a6c55773e81490dcafd61d4b9782705e9bf)
---
Makefile.am | 2 +
src/providers/ldap/sdap_async_nested_groups.c | 80 +++------------------------
2 files changed, 11 insertions(+), 71 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 6efb5ea7f81642292b39a44e7e2029a2757e47ea..59632f59f26f6d113de3398856e2ef0015d4ad16 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -2092,6 +2092,7 @@ nestedgroups_tests_SOURCES = \
src/tests/cmocka/common_mock_be.c \
src/providers/ldap/sdap_async_nested_groups.c \
src/providers/ldap/sdap_ad_groups.c \
+ src/providers/ipa/ipa_dn.c \
$(NULL)
nestedgroups_tests_CFLAGS = \
$(AM_CFLAGS) \
@@ -2860,6 +2861,7 @@ libsss_ldap_common_la_SOURCES = \
src/providers/ldap/sdap_domain.c \
src/providers/ldap/sdap_ops.c \
src/providers/ldap/sdap.c \
+ src/providers/ipa/ipa_dn.c \
src/util/user_info_msg.c \
src/util/sss_ldap.c \
$(NULL)
diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c
index af25430eacd4de7ea2e2872b0d9e34c8515c22db..9d715225243d8672850563473bd3938d4cc5db6b 100644
--- a/src/providers/ldap/sdap_async_nested_groups.c
+++ b/src/providers/ldap/sdap_async_nested_groups.c
@@ -35,6 +35,7 @@
#include "providers/ldap/sdap_async.h"
#include "providers/ldap/sdap_async_private.h"
#include "providers/ldap/sdap_idmap.h"
+#include "providers/ipa/ipa_dn.h"
#define sdap_nested_group_sysdb_search_users(domain, filter) \
sdap_nested_group_sysdb_search((domain), (filter), true)
@@ -1417,96 +1418,33 @@ static errno_t sdap_nested_group_single_recv(struct tevent_req *req)
return EOK;
}
-/* This should be a function pointer set from the IPA provider */
static errno_t sdap_nested_group_get_ipa_user(TALLOC_CTX *mem_ctx,
const char *user_dn,
struct sysdb_ctx *sysdb,
struct sysdb_attrs **_user)
{
- errno_t ret;
- struct sysdb_attrs *user = NULL;
- char *name;
- struct ldb_dn *dn = NULL;
- const char *rdn_name;
- const char *users_comp_name;
- const char *acct_comp_name;
- const struct ldb_val *rdn_val;
- const struct ldb_val *users_comp_val;
- const struct ldb_val *acct_comp_val;
TALLOC_CTX *tmp_ctx;
+ struct sysdb_attrs *user;
+ char *name;
+ errno_t ret;
tmp_ctx = talloc_new(NULL);
- if (!tmp_ctx) return ENOMEM;
-
- /* return username if dn is in form:
- * uid=username,cn=users,cn=accounts,dc=example,dc=com */
-
- dn = ldb_dn_new(tmp_ctx, sysdb_ctx_get_ldb(sysdb), user_dn);
- if (dn == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- /* rdn, users, accounts and least one domain component */
- if (ldb_dn_get_comp_num(dn) < 4) {
- ret = ENOENT;
- goto done;
- }
-
- rdn_name = ldb_dn_get_rdn_name(dn);
- if (rdn_name == NULL) {
- ret = EINVAL;
- goto done;
- }
-
- /* rdn must be 'uid' */
- if (strcasecmp("uid", rdn_name) != 0) {
- ret = ENOENT;
- goto done;
- }
-
- /* second component must be 'cn=users' */
- users_comp_name = ldb_dn_get_component_name(dn, 1);
- if (strcasecmp("cn", users_comp_name) != 0) {
- ret = ENOENT;
- goto done;
- }
-
- users_comp_val = ldb_dn_get_component_val(dn, 1);
- if (strncasecmp("users", (const char *) users_comp_val->data,
- users_comp_val->length) != 0) {
- ret = ENOENT;
- goto done;
- }
-
- /* third component must be 'cn=accounts' */
- acct_comp_name = ldb_dn_get_component_name(dn, 2);
- if (strcasecmp("cn", acct_comp_name) != 0) {
- ret = ENOENT;
- goto done;
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
}
- acct_comp_val = ldb_dn_get_component_val(dn, 2);
- if (strncasecmp("accounts", (const char *) acct_comp_val->data,
- acct_comp_val->length) != 0) {
- ret = ENOENT;
+ ret = ipa_get_rdn(tmp_ctx, sysdb, user_dn, &name, "uid",
+ "cn", "users", "cn", "accounts");
+ if (ret != EOK) {
goto done;
}
- /* value of rdn is username */
user = sysdb_new_attrs(tmp_ctx);
if (user == NULL) {
ret = ENOMEM;
goto done;
}
- rdn_val = ldb_dn_get_rdn_val(dn);
- name = talloc_strndup(user, (const char *)rdn_val->data, rdn_val->length);
- if (name == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
ret = sysdb_attrs_add_string(user, SYSDB_NAME, name);
if (ret != EOK) {
goto done;
--
2.5.0