diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-04 18:45:45 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-04 18:45:45 +0200 |
commit | a2ed5789a0f50b13d67108b9fde593db33446d1f (patch) | |
tree | be95cb8d9db8d9ceeed73f20bb77e9625986990e | |
parent | 74a599a655d192b50626bf658b0f23895e11d498 (diff) | |
download | sssd-adlookup.tar.gz sssd-adlookup.tar.xz sssd-adlookup.zip |
WIPadlookup
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index e38f4cd16..48ed04af5 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -721,6 +721,31 @@ static errno_t sdap_search_user_next_base(struct tevent_req *req) return EOK; } +bool is_in_domain(struct sdap_options *opts, + struct sss_domain_info *dom, + struct sysdb_attrs *obj) +{ + errno_t ret; + const char *original_dn = NULL; + struct sdap_domain *sdmatch = NULL; + + ret = sysdb_attrs_get_string(obj, SYSDB_ORIG_DN, &original_dn); + if (ret) { + DEBUG(SSSDBG_FUNC_DATA, + "The group has no original DN, assuming our domain\n"); + return true; + } + + sdmatch = sdap_domain_get_by_dn(opts, original_dn); + if (sdmatch == NULL) { + DEBUG(SSSDBG_FUNC_DATA, + "The group has no original DN, assuming our domain\n"); + return true; + } + + return (sdmatch->dom == dom); +} + static void sdap_search_user_process(struct tevent_req *subreq) { struct tevent_req *req = tevent_req_callback_data(subreq, @@ -764,8 +789,18 @@ static void sdap_search_user_process(struct tevent_req *subreq) /* Copy the new users into the list * They're already allocated on 'state' + * + * Don't copy users from other domains in case + * the search was for parent domain but a child domain would match, + * too, such as: + * dc=example,dc=com + * dc=child,dc=example,dc=com + * while searching for an object from dc=example. */ for (i = 0; i < count; i++) { + // get original dn + // call sdap_domain_get_by_dn(original_dn) + // if domain != this domain, continue state->users[state->count + i] = talloc_steal(state->users, users[i]); } |