summaryrefslogtreecommitdiffstats
path: root/src/back-sch-nss.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/back-sch-nss.c')
-rw-r--r--src/back-sch-nss.c63
1 files changed, 44 insertions, 19 deletions
diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c
index f192bb9..db57cb8 100644
--- a/src/back-sch-nss.c
+++ b/src/back-sch-nss.c
@@ -52,17 +52,6 @@
#include "back-sch.h"
#include "format.h"
-struct backend_search_filter_config {
- bool_t search_user;
- bool_t search_group;
- bool_t search_uid;
- bool_t search_gid;
- bool_t search_members;
- bool_t name_set;
- bool_t wrong_search;
- char *name;
-};
-
static int
bvstrcasecmp(const struct berval *bval, const char *s)
{
@@ -127,6 +116,10 @@ backend_search_filter_has_cn_uid(Slapi_Filter *filter, void *arg)
}
}
+ if (config->callback != NULL) {
+ config->callback(filter, filter_type, bval, config);
+ }
+
if ((config->search_uid ||
config->search_gid ||
config->search_user ||
@@ -211,8 +204,6 @@ backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd,
slapi_entry_add_string(entry,
"objectClass", "posixAccount");
slapi_entry_add_string(entry,
- "objectClass", "extensibleObject");
- slapi_entry_add_string(entry,
"uid", pwd->pw_name);
slapi_entry_attr_set_uint(entry,
"uidNumber", pwd->pw_uid);
@@ -240,7 +231,20 @@ backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd,
#ifdef HAVE_SSS_NSS_IDMAP
rc = sss_nss_getsidbyid(pwd->pw_uid, &sid_str, &id_type);
if ((rc == 0) && (sid_str != NULL)) {
+#ifdef USE_IPA_IDVIEWS
+ char *anchor = NULL;
+ /* For overrides of AD users to work correctly, we need to generate
+ * ipaAnchorUUID value so that idviews can be properly searched for the override */
+ anchor = slapi_ch_smprintf(":SID:%s", sid_str);
+ if (anchor != NULL) {
+ slapi_entry_add_string(entry, "objectClass", "ipaOverrideTarget");
+ slapi_entry_add_string(entry, "ipaAnchorUUID", anchor);
+ slapi_ch_free_string(&anchor);
+ }
+#else
+ slapi_entry_add_string(entry, "objectClass", "extensibleObject");
slapi_entry_add_string(entry, "ipaNTSecurityIdentifier", sid_str);
+#endif
free(sid_str);
}
#endif
@@ -335,8 +339,6 @@ backend_make_group_entry_from_nsswitch_group(struct group *grp,
slapi_entry_add_string(entry,
"objectClass", "posixGroup");
slapi_entry_add_string(entry,
- "objectClass", "extensibleObject");
- slapi_entry_add_string(entry,
"cn", grp->gr_name);
slapi_entry_attr_set_uint(entry,
"gidNumber", grp->gr_gid);
@@ -352,7 +354,20 @@ backend_make_group_entry_from_nsswitch_group(struct group *grp,
#ifdef HAVE_SSS_NSS_IDMAP
rc = sss_nss_getsidbyid(grp->gr_gid, &sid_str, &id_type);
if ((rc == 0) && (sid_str != NULL)) {
+#ifdef USE_IPA_IDVIEWS
+ char *anchor = NULL;
+ /* For overrides of AD users to work correctly, we need to generate
+ * ipaAnchorUUID value so that idviews can be properly searched for the override */
+ anchor = slapi_ch_smprintf(":SID:%s", sid_str);
+ if (anchor != NULL) {
+ slapi_entry_add_string(entry, "objectClass", "ipaOverrideTarget");
+ slapi_entry_add_string(entry, "ipaAnchorUUID", anchor);
+ slapi_ch_free_string(&anchor);
+ }
+#else
+ slapi_entry_add_string(entry, "objectClass", "extensibleObject");
slapi_entry_add_string(entry, "ipaNTSecurityIdentifier", sid_str);
+#endif
free(sid_str);
}
#endif
@@ -558,6 +573,16 @@ nsswitch_type_to_name(enum sch_search_nsswitch_t type)
return "(unknown)";
}
+int
+backend_analyze_search_filter(Slapi_Filter *filter, struct backend_search_filter_config *config)
+{
+ int result, rc;
+ result = slapi_filter_apply(filter,
+ backend_search_filter_has_cn_uid,
+ config, &rc);
+ return (result != SLAPI_FILTER_SCAN_STOP) ? 1 : 0;
+}
+
/* Check if the filter is one (like uid=<value>) that should trigger an
* nsswitch lookup, and if it is, make a note that we should perform such a
* lookup. */
@@ -566,15 +591,15 @@ backend_search_nsswitch(struct backend_set_data *set_data,
struct backend_search_cbdata *cbdata)
{
int result, rc;
- struct backend_search_filter_config config = {FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, NULL};
+ struct backend_search_filter_config config =
+ {FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, NULL, NULL, NULL};
struct backend_staged_search *staged = NULL;
char *idptr = NULL;
unsigned long id;
/* First, we search the filter to see if it includes a cn|uid=<value> test. */
- result = slapi_filter_apply(cbdata->filter,
- backend_search_filter_has_cn_uid, &config, &rc);
- if ((result != SLAPI_FILTER_SCAN_STOP)) {
+ result = backend_analyze_search_filter(cbdata->filter, &config);
+ if (result != 0) {
return;
}
generated by cgit (git 2.34.1) at 2024-05-04 06:41:45 +0000