8eda442b2e
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
is applied
157 lines
5.8 KiB
Diff
157 lines
5.8 KiB
Diff
From e5c42c2630093d3020b3c4944cce1646325bc236 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
|
Date: Fri, 2 Jun 2017 13:26:49 +0200
|
|
Subject: [PATCH 097/115] SYSDB: Add sysdb_search_by_orig_dn()
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Three new methods have been added to sysdb's API in order to perform
|
|
search by the orig dn (which is quite common in SSSD's code base).
|
|
|
|
A common/base method called sysdb_search_by_orig_dn() is the most
|
|
important one and then a few other helpers for searching users and
|
|
groups groups directly.
|
|
|
|
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
---
|
|
src/db/sysdb.h | 27 ++++++++++++++++------
|
|
src/db/sysdb_ops.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
2 files changed, 86 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
|
index f4cad577b97e737613e11d063fe7a8664faed624..411ee9aededa1d9ee2654d8247e98a38d7666ad2 100644
|
|
--- a/src/db/sysdb.h
|
|
+++ b/src/db/sysdb.h
|
|
@@ -342,6 +342,12 @@ struct certmap_info {
|
|
const char **domains;
|
|
};
|
|
|
|
+enum sysdb_member_type {
|
|
+ SYSDB_MEMBER_USER,
|
|
+ SYSDB_MEMBER_GROUP,
|
|
+ SYSDB_MEMBER_NETGROUP,
|
|
+ SYSDB_MEMBER_SERVICE,
|
|
+};
|
|
|
|
/* These attributes are stored in the timestamp cache */
|
|
extern const char *sysdb_ts_cache_attrs[];
|
|
@@ -574,6 +580,20 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
|
|
struct sysdb_attrs *override_attrs,
|
|
struct ldb_dn *obj_dn);
|
|
|
|
+errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx,
|
|
+ struct sss_domain_info *domain,
|
|
+ enum sysdb_member_type type,
|
|
+ const char *member_dn,
|
|
+ const char **attrs,
|
|
+ size_t *msgs_counts,
|
|
+ struct ldb_message ***msgs);
|
|
+
|
|
+#define sysdb_search_users_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \
|
|
+ sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_MEMBER_USER, member_dn, attrs, msgs_counts, msgs);
|
|
+
|
|
+#define sysdb_search_groups_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \
|
|
+ sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_MEMBER_GROUP, member_dn, attrs, msgs_counts, msgs);
|
|
+
|
|
errno_t sysdb_search_user_override_attrs_by_name(TALLOC_CTX *mem_ctx,
|
|
struct sss_domain_info *domain,
|
|
const char *name,
|
|
@@ -1040,13 +1060,6 @@ int sysdb_store_group(struct sss_domain_info *domain,
|
|
uint64_t cache_timeout,
|
|
time_t now);
|
|
|
|
-enum sysdb_member_type {
|
|
- SYSDB_MEMBER_USER,
|
|
- SYSDB_MEMBER_GROUP,
|
|
- SYSDB_MEMBER_NETGROUP,
|
|
- SYSDB_MEMBER_SERVICE,
|
|
-};
|
|
-
|
|
int sysdb_add_group_member(struct sss_domain_info *domain,
|
|
const char *group,
|
|
const char *member,
|
|
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
|
|
index 7ca6575ce75dab7805236c9f48dbf28a2f3946d2..4cfef68239a5f145967c942b1fb6647c5542f019 100644
|
|
--- a/src/db/sysdb_ops.c
|
|
+++ b/src/db/sysdb_ops.c
|
|
@@ -3236,6 +3236,72 @@ done:
|
|
return ret;
|
|
}
|
|
|
|
+static int sysdb_cache_search_users(TALLOC_CTX *mem_ctx,
|
|
+ struct sss_domain_info *domain,
|
|
+ struct ldb_context *ldb,
|
|
+ const char *sub_filter,
|
|
+ const char **attrs,
|
|
+ size_t *msgs_count,
|
|
+ struct ldb_message ***msgs);
|
|
+
|
|
+static int sysdb_cache_search_groups(TALLOC_CTX *mem_ctx,
|
|
+ struct sss_domain_info *domain,
|
|
+ struct ldb_context *ldb,
|
|
+ const char *sub_filter,
|
|
+ const char **attrs,
|
|
+ size_t *msgs_count,
|
|
+ struct ldb_message ***msgs);
|
|
+
|
|
+errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx,
|
|
+ struct sss_domain_info *domain,
|
|
+ enum sysdb_member_type type,
|
|
+ const char *member_dn,
|
|
+ const char **attrs,
|
|
+ size_t *msgs_count,
|
|
+ struct ldb_message ***msgs)
|
|
+{
|
|
+ TALLOC_CTX *tmp_ctx;
|
|
+ char *filter;
|
|
+ char *sanitized_dn = NULL;
|
|
+ errno_t ret;
|
|
+
|
|
+ tmp_ctx = talloc_new(NULL);
|
|
+ if (tmp_ctx == NULL) {
|
|
+ return ENOMEM;
|
|
+ }
|
|
+
|
|
+ ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn);
|
|
+ if (ret != EOK) {
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, sanitized_dn);
|
|
+ if (filter == NULL) {
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ switch (type) {
|
|
+ case SYSDB_MEMBER_USER:
|
|
+ ret = sysdb_cache_search_users(mem_ctx, domain, domain->sysdb->ldb,
|
|
+ filter, attrs, msgs_count, msgs);
|
|
+ break;
|
|
+ case SYSDB_MEMBER_GROUP:
|
|
+ ret = sysdb_cache_search_groups(mem_ctx, domain, domain->sysdb->ldb,
|
|
+ filter, attrs, msgs_count, msgs);
|
|
+ break;
|
|
+ default:
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "Trying to perform a search by orig_dn using a "
|
|
+ "non-supported type\n");
|
|
+ ret = EINVAL;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+done:
|
|
+ talloc_free(tmp_ctx);
|
|
+ return ret;
|
|
+}
|
|
|
|
/* =Custom Store (replaces-existing-data)================== */
|
|
|
|
--
|
|
2.14.1
|
|
|