diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-04 12:34:32 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-07-15 17:32:20 +0200 |
| commit | cdc44abdf944b0de541fe93ecd77df4d09c856b1 (patch) | |
| tree | 481d664e6a0fc7f82358ed6ad86c29f9ac2f2c1d | |
| parent | 696c17580b49d6817f1dd33915e0e209dcfe4225 (diff) | |
| download | sssd-cdc44abdf944b0de541fe93ecd77df4d09c856b1.tar.gz sssd-cdc44abdf944b0de541fe93ecd77df4d09c856b1.tar.xz sssd-cdc44abdf944b0de541fe93ecd77df4d09c856b1.zip | |
DP: Add DP_WILDCARD and SSS_DP_WILDCARD_USER/SSS_DP_WILDCARD_GROUP
Related:
https://fedorahosted.org/sssd/ticket/2553
Extends the Data Provider interface and the responder<->Data provider
interface with wildcard lookups.
The patch uses a new "wildcard" prefix rather than reusing the existing
user/group prefixes.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
| -rw-r--r-- | src/providers/data_provider.h | 4 | ||||
| -rw-r--r-- | src/providers/data_provider_be.c | 5 | ||||
| -rw-r--r-- | src/responder/common/responder.h | 4 | ||||
| -rw-r--r-- | src/responder/common/responder_dp.c | 11 |
4 files changed, 23 insertions, 1 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 13a700308..510c63ce4 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -129,6 +129,7 @@ #define BE_FILTER_SECID 4 #define BE_FILTER_UUID 5 #define BE_FILTER_CERT 6 +#define BE_FILTER_WILDCARD 7 #define BE_REQ_USER 0x0001 #define BE_REQ_GROUP 0x0002 @@ -153,6 +154,9 @@ #define DP_SEC_ID_LEN (sizeof(DP_SEC_ID) - 1) #define DP_CERT_LEN (sizeof(DP_CERT) - 1) +#define DP_WILDCARD "wildcard" +#define DP_WILDCARD_LEN (sizeof(DP_WILDCARD) - 1) + #define EXTRA_NAME_IS_UPN "U" #define EXTRA_INPUT_MAYBE_WITH_VIEW "V" diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index f5bdfb676..d14763024 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -1204,6 +1204,11 @@ static int be_get_account_info(struct sbus_request *dbus_req, void *user_data) ret = split_name_extended(req, &filter[DP_CERT_LEN + 1], &req->filter_value, &req->extra_value); + } else if (strncmp(filter, DP_WILDCARD"=", DP_WILDCARD_LEN + 1) == 0) { + req->filter_type = BE_FILTER_WILDCARD; + ret = split_name_extended(req, &filter[DP_WILDCARD_LEN + 1], + &req->filter_value, + &req->extra_value); } else if (strcmp(filter, ENUM_INDICATOR) == 0) { req->filter_type = BE_FILTER_ENUM; req->filter_value = NULL; diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index bd0250d52..4d927cfe3 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -282,7 +282,9 @@ enum sss_dp_acct_type { SSS_DP_SERVICES, SSS_DP_SECID, SSS_DP_USER_AND_GROUP, - SSS_DP_CERT + SSS_DP_CERT, + SSS_DP_WILDCARD_USER, + SSS_DP_WILDCARD_GROUP, }; struct tevent_req * diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c index f752c94c3..f7f8df04e 100644 --- a/src/responder/common/responder_dp.c +++ b/src/responder/common/responder_dp.c @@ -528,9 +528,11 @@ sss_dp_get_account_msg(void *pvt) switch (info->type) { case SSS_DP_USER: + case SSS_DP_WILDCARD_USER: be_type = BE_REQ_USER; break; case SSS_DP_GROUP: + case SSS_DP_WILDCARD_GROUP: be_type = BE_REQ_GROUP; break; case SSS_DP_INITGROUPS: @@ -574,6 +576,15 @@ sss_dp_get_account_msg(void *pvt) filter = talloc_asprintf(info, "%s=%s", DP_CERT, info->opt_name); } + } else if (info->type == SSS_DP_WILDCARD_USER || + info->type == SSS_DP_WILDCARD_GROUP) { + if (info->extra) { + filter = talloc_asprintf(info, "%s=%s:%s", DP_WILDCARD, + info->opt_name, info->extra); + } else { + filter = talloc_asprintf(info, "%s=%s", DP_WILDCARD, + info->opt_name); + } } else { if (info->extra) { filter = talloc_asprintf(info, "name=%s:%s", |