diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-11-20 20:50:27 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-12-08 17:18:10 -0500 |
commit | 045c7c123eeb720173c19d5196b4fb5bb4cecbaa (patch) | |
tree | 7d6040cb63334a685d555ce23b6d3baf827b57c2 | |
parent | 7d744f82e2ae118216454214464847f4c218340c (diff) | |
download | freeipa-045c7c123eeb720173c19d5196b4fb5bb4cecbaa.tar.gz freeipa-045c7c123eeb720173c19d5196b4fb5bb4cecbaa.tar.xz freeipa-045c7c123eeb720173c19d5196b4fb5bb4cecbaa.zip |
ipa-kdb: enhance deref searches
Allow to deref more than one attribute.
The attrs searched are the same for all deref attributes at this time.
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 7 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_common.c | 34 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_mspac.c | 11 |
3 files changed, 39 insertions, 13 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index 8c907c448..33b74a28a 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -123,8 +123,11 @@ krb5_error_code ipadb_simple_modify(struct ipadb_context *ipactx, krb5_error_code ipadb_simple_delete_val(struct ipadb_context *ipactx, char *dn, char *attr, char *value); krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, - char *entry_dn, char **entry_attrs, - char *deref_attr_name, char **deref_attrs, + char *base_dn, int scope, + char *filter, + char **entry_attrs, + char **deref_attr_names, + char **deref_attrs, LDAPMessage **res); int ipadb_ldap_attr_to_int(LDAP *lcontext, LDAPMessage *le, diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c index d3e8e9c4c..6f5ac1d74 100644 --- a/daemons/ipa-kdb/ipa_kdb_common.c +++ b/daemons/ipa-kdb/ipa_kdb_common.c @@ -265,24 +265,39 @@ done: } krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, - char *entry_dn, char **entry_attrs, - char *deref_attr_name, char **deref_attrs, + char *base_dn, int scope, + char *filter, + char **entry_attrs, + char **deref_attr_names, + char **deref_attrs, LDAPMessage **res) { struct berval derefval = { 0, NULL }; LDAPControl *ctrl[2] = { NULL, NULL }; - LDAPDerefSpec ds[2]; + LDAPDerefSpec *ds; krb5_error_code kerr; int times; int ret; + int c; - ds[0].derefAttr = deref_attr_name; - ds[0].attributes = deref_attrs; - ds[1].derefAttr = NULL; + for (c = 0; deref_attr_names[c]; c++) { + /* count */ ; + } + + ds = calloc(c, sizeof(LDAPDerefSpec)); + if (!ds) { + return ENOMEM; + } + + for (c = 0; deref_attr_names[c]; c++) { + ds[c].derefAttr = deref_attr_names[c]; + ds[c].attributes = deref_attrs; + } ret = ldap_create_deref_control_value(ipactx->lcontext, ds, &derefval); if (ret != LDAP_SUCCESS) { - return ENOMEM; + kerr = ENOMEM; + goto done; } ret = ldap_control_create(LDAP_CONTROL_X_DEREF, @@ -297,8 +312,8 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, ret = LDAP_SUCCESS; while (!ipadb_need_retry(ipactx, ret) && times > 0) { times--; - ret = ldap_search_ext_s(ipactx->lcontext, entry_dn, - LDAP_SCOPE_BASE, "(objectclass=*)", + ret = ldap_search_ext_s(ipactx->lcontext, base_dn, + scope, filter, entry_attrs, 0, ctrl, NULL, &std_timeout, LDAP_NO_LIMIT, @@ -309,6 +324,7 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, done: ldap_memfree(derefval.bv_val); + free(ds); return kerr; } diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 7b19611b3..8f4affa40 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -84,6 +84,11 @@ static char *user_pac_attrs[] = { NULL }; +char *deref_search_attrs[] = { + "memberOf", + NULL +}; + static char *memberof_pac_attrs[] = { "gidNumber", "ipaNTSecurityIdentifier", @@ -502,8 +507,10 @@ static krb5_error_code ipadb_get_pac(krb5_context kcontext, /* == Search PAC info == */ - kerr = ipadb_deref_search(ipactx, ied->entry_dn, user_pac_attrs, - "memberOf", memberof_pac_attrs, &results); + kerr = ipadb_deref_search(ipactx, ied->entry_dn, LDAP_SCOPE_BASE, + "(objectclass=*)", user_pac_attrs, + deref_search_attrs, memberof_pac_attrs, + &results); if (kerr) { goto done; } |