153 lines
4.9 KiB
Diff
153 lines
4.9 KiB
Diff
|
From 0e69b0fca08a1e35eb50232bfaa10094101ea801 Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||
|
Date: Thu, 10 Dec 2015 15:10:37 +0100
|
||
|
Subject: [PATCH 21/49] SDAP: use ipa_get_rdn() in nested groups
|
||
|
|
||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||
|
(cherry picked from commit a6dd4a6c55773e81490dcafd61d4b9782705e9bf)
|
||
|
---
|
||
|
Makefile.am | 2 +
|
||
|
src/providers/ldap/sdap_async_nested_groups.c | 80 +++------------------------
|
||
|
2 files changed, 11 insertions(+), 71 deletions(-)
|
||
|
|
||
|
diff --git a/Makefile.am b/Makefile.am
|
||
|
index 6efb5ea7f81642292b39a44e7e2029a2757e47ea..59632f59f26f6d113de3398856e2ef0015d4ad16 100644
|
||
|
--- a/Makefile.am
|
||
|
+++ b/Makefile.am
|
||
|
@@ -2092,6 +2092,7 @@ nestedgroups_tests_SOURCES = \
|
||
|
src/tests/cmocka/common_mock_be.c \
|
||
|
src/providers/ldap/sdap_async_nested_groups.c \
|
||
|
src/providers/ldap/sdap_ad_groups.c \
|
||
|
+ src/providers/ipa/ipa_dn.c \
|
||
|
$(NULL)
|
||
|
nestedgroups_tests_CFLAGS = \
|
||
|
$(AM_CFLAGS) \
|
||
|
@@ -2860,6 +2861,7 @@ libsss_ldap_common_la_SOURCES = \
|
||
|
src/providers/ldap/sdap_domain.c \
|
||
|
src/providers/ldap/sdap_ops.c \
|
||
|
src/providers/ldap/sdap.c \
|
||
|
+ src/providers/ipa/ipa_dn.c \
|
||
|
src/util/user_info_msg.c \
|
||
|
src/util/sss_ldap.c \
|
||
|
$(NULL)
|
||
|
diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c
|
||
|
index af25430eacd4de7ea2e2872b0d9e34c8515c22db..9d715225243d8672850563473bd3938d4cc5db6b 100644
|
||
|
--- a/src/providers/ldap/sdap_async_nested_groups.c
|
||
|
+++ b/src/providers/ldap/sdap_async_nested_groups.c
|
||
|
@@ -35,6 +35,7 @@
|
||
|
#include "providers/ldap/sdap_async.h"
|
||
|
#include "providers/ldap/sdap_async_private.h"
|
||
|
#include "providers/ldap/sdap_idmap.h"
|
||
|
+#include "providers/ipa/ipa_dn.h"
|
||
|
|
||
|
#define sdap_nested_group_sysdb_search_users(domain, filter) \
|
||
|
sdap_nested_group_sysdb_search((domain), (filter), true)
|
||
|
@@ -1417,96 +1418,33 @@ static errno_t sdap_nested_group_single_recv(struct tevent_req *req)
|
||
|
return EOK;
|
||
|
}
|
||
|
|
||
|
-/* This should be a function pointer set from the IPA provider */
|
||
|
static errno_t sdap_nested_group_get_ipa_user(TALLOC_CTX *mem_ctx,
|
||
|
const char *user_dn,
|
||
|
struct sysdb_ctx *sysdb,
|
||
|
struct sysdb_attrs **_user)
|
||
|
{
|
||
|
- errno_t ret;
|
||
|
- struct sysdb_attrs *user = NULL;
|
||
|
- char *name;
|
||
|
- struct ldb_dn *dn = NULL;
|
||
|
- const char *rdn_name;
|
||
|
- const char *users_comp_name;
|
||
|
- const char *acct_comp_name;
|
||
|
- const struct ldb_val *rdn_val;
|
||
|
- const struct ldb_val *users_comp_val;
|
||
|
- const struct ldb_val *acct_comp_val;
|
||
|
TALLOC_CTX *tmp_ctx;
|
||
|
+ struct sysdb_attrs *user;
|
||
|
+ char *name;
|
||
|
+ errno_t ret;
|
||
|
|
||
|
tmp_ctx = talloc_new(NULL);
|
||
|
- if (!tmp_ctx) return ENOMEM;
|
||
|
-
|
||
|
- /* return username if dn is in form:
|
||
|
- * uid=username,cn=users,cn=accounts,dc=example,dc=com */
|
||
|
-
|
||
|
- dn = ldb_dn_new(tmp_ctx, sysdb_ctx_get_ldb(sysdb), user_dn);
|
||
|
- if (dn == NULL) {
|
||
|
- ret = ENOMEM;
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- /* rdn, users, accounts and least one domain component */
|
||
|
- if (ldb_dn_get_comp_num(dn) < 4) {
|
||
|
- ret = ENOENT;
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- rdn_name = ldb_dn_get_rdn_name(dn);
|
||
|
- if (rdn_name == NULL) {
|
||
|
- ret = EINVAL;
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- /* rdn must be 'uid' */
|
||
|
- if (strcasecmp("uid", rdn_name) != 0) {
|
||
|
- ret = ENOENT;
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- /* second component must be 'cn=users' */
|
||
|
- users_comp_name = ldb_dn_get_component_name(dn, 1);
|
||
|
- if (strcasecmp("cn", users_comp_name) != 0) {
|
||
|
- ret = ENOENT;
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- users_comp_val = ldb_dn_get_component_val(dn, 1);
|
||
|
- if (strncasecmp("users", (const char *) users_comp_val->data,
|
||
|
- users_comp_val->length) != 0) {
|
||
|
- ret = ENOENT;
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- /* third component must be 'cn=accounts' */
|
||
|
- acct_comp_name = ldb_dn_get_component_name(dn, 2);
|
||
|
- if (strcasecmp("cn", acct_comp_name) != 0) {
|
||
|
- ret = ENOENT;
|
||
|
- goto done;
|
||
|
+ if (tmp_ctx == NULL) {
|
||
|
+ return ENOMEM;
|
||
|
}
|
||
|
|
||
|
- acct_comp_val = ldb_dn_get_component_val(dn, 2);
|
||
|
- if (strncasecmp("accounts", (const char *) acct_comp_val->data,
|
||
|
- acct_comp_val->length) != 0) {
|
||
|
- ret = ENOENT;
|
||
|
+ ret = ipa_get_rdn(tmp_ctx, sysdb, user_dn, &name, "uid",
|
||
|
+ "cn", "users", "cn", "accounts");
|
||
|
+ if (ret != EOK) {
|
||
|
goto done;
|
||
|
}
|
||
|
|
||
|
- /* value of rdn is username */
|
||
|
user = sysdb_new_attrs(tmp_ctx);
|
||
|
if (user == NULL) {
|
||
|
ret = ENOMEM;
|
||
|
goto done;
|
||
|
}
|
||
|
|
||
|
- rdn_val = ldb_dn_get_rdn_val(dn);
|
||
|
- name = talloc_strndup(user, (const char *)rdn_val->data, rdn_val->length);
|
||
|
- if (name == NULL) {
|
||
|
- ret = ENOMEM;
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
ret = sysdb_attrs_add_string(user, SYSDB_NAME, name);
|
||
|
if (ret != EOK) {
|
||
|
goto done;
|
||
|
--
|
||
|
2.5.0
|
||
|
|