summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2014-09-25 09:38:44 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-10-20 16:15:09 +0200
commite6b476c9749737f0979fe6460f0d6ced08351db3 (patch)
treeea8596515fccbdd013e57ba4d4183032ad9becdd
parentba88f3617e5a56bba19a0d65d35069d8e4d0c89c (diff)
downloadsssd-e6b476c9749737f0979fe6460f0d6ced08351db3.tar.gz
sssd-e6b476c9749737f0979fe6460f0d6ced08351db3.tar.xz
sssd-e6b476c9749737f0979fe6460f0d6ced08351db3.zip
nss: add view support for getpwnam/getpwuid requests
For user lookups view and override aware calls to search the cache and read attribute values are used. Relates to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r--src/responder/nss/nsssrv_cmd.c78
1 files changed, 62 insertions, 16 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 78ef1c5ad..a4b54a69d 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -179,7 +179,8 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx,
const char *orig_name = homedir_ctx->username;
errno_t ret;
- homedir = ldb_msg_find_attr_as_string(msg, SYSDB_HOMEDIR, NULL);
+ homedir = sss_view_ldb_msg_find_attr_as_string(dom, msg, SYSDB_HOMEDIR,
+ NULL);
homedir_ctx->original = homedir;
/* Subdomain users store FQDN in their name attribute */
@@ -243,7 +244,8 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
return nctx->override_shell;
}
- user_shell = ldb_msg_find_attr_as_string(msg, SYSDB_SHELL, NULL);
+ user_shell = sss_view_ldb_msg_find_attr_as_string(dom, msg, SYSDB_SHELL,
+ NULL);
if (!user_shell) {
/* Check whether there is a default shell specified */
if (dom->default_shell) {
@@ -339,9 +341,37 @@ static int fill_pwent(struct sss_packet *packet,
msg = msgs[i];
upn = ldb_msg_find_attr_as_string(msg, SYSDB_UPN, NULL);
- orig_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
- uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
- gid = get_gid_override(msg, dom);
+
+ if (DOM_HAS_VIEWS(dom)) {
+ orig_name = ldb_msg_find_attr_as_string(msg,
+ OVERRIDE_PREFIX SYSDB_NAME,
+ NULL);
+ if (orig_name != NULL && IS_SUBDOMAIN(dom)) {
+ /* Override names are not fully qualified */
+ add_domain = true;
+ }
+
+ gid = ldb_msg_find_attr_as_uint64(msg,
+ OVERRIDE_PREFIX SYSDB_GIDNUM, 0);
+ } else {
+ orig_name = NULL;
+ gid = 0;
+ }
+
+ if (orig_name == NULL) {
+ orig_name = ldb_msg_find_attr_as_string(msg,
+ SYSDB_DEFAULT_OVERRIDE_NAME,
+ NULL);
+ if (orig_name == NULL) {
+ orig_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
+ }
+ }
+
+ uid = sss_view_ldb_msg_find_attr_as_uint64(dom, msg, SYSDB_UIDNUM, 0);
+
+ if (gid == 0) {
+ gid = get_gid_override(msg, dom);
+ }
if (!orig_name || !uid || !gid) {
DEBUG(SSSDBG_OP_FAILURE, "Incomplete user object for %s[%llu]! Skipping\n",
@@ -385,7 +415,8 @@ static int fill_pwent(struct sss_packet *packet,
to_sized_string(&name, tmpstr);
- tmpstr = ldb_msg_find_attr_as_string(msg, SYSDB_GECOS, NULL);
+ tmpstr = sss_view_ldb_msg_find_attr_as_string(dom, msg, SYSDB_GECOS,
+ NULL);
if (!tmpstr) {
to_sized_string(&gecos, "");
} else {
@@ -405,6 +436,7 @@ static int fill_pwent(struct sss_packet *packet,
} else {
to_sized_string(&homedir, tmpstr);
}
+
tmpstr = get_shell_override(tmp_ctx, msg, nctx, dom);
if (!tmpstr) {
to_sized_string(&shell, "");
@@ -734,6 +766,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
int ret;
static const char *user_attrs[] = SYSDB_PW_ATTRS;
struct ldb_message *msg;
+ const char *extra_flag = NULL;
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
@@ -827,7 +860,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
dctx->res->msgs[0] = talloc_steal(dctx->res->msgs, msg);
}
} else {
- ret = sysdb_getpwnam(cmdctx, dom, name, &dctx->res);
+ ret = sysdb_getpwnam_with_views(cmdctx, dom, name, &dctx->res);
}
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -871,11 +904,17 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
/* if this is a caching provider (or if we haven't checked the cache
* yet) then verify that the cache is uptodate */
if (dctx->check_provider) {
- ret = check_cache(dctx, nctx, dctx->res,
- SSS_DP_USER, name, 0,
- cmdctx->name_is_upn ? EXTRA_NAME_IS_UPN : NULL,
- nss_cmd_getby_dp_callback,
- dctx);
+
+ if (cmdctx->name_is_upn) {
+ extra_flag = EXTRA_NAME_IS_UPN;
+ } else if (DOM_HAS_VIEWS(dom) && dctx->res->count == 0) {
+ extra_flag = EXTRA_INPUT_MAYBE_WITH_VIEW;
+ } else {
+ extra_flag = NULL;
+ }
+
+ ret = check_cache(dctx, nctx, dctx->res, SSS_DP_USER, name, 0,
+ extra_flag, nss_cmd_getby_dp_callback, dctx);
if (ret != EOK) {
/* Anything but EOK means we should reenter the mainloop
* because we may be refreshing the cache
@@ -1453,6 +1492,7 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
struct nss_ctx *nctx;
int ret;
int err;
+ const char *extra_flag = NULL;
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
@@ -1492,7 +1532,7 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
goto done;
}
- ret = sysdb_getpwuid(cmdctx, dom, cmdctx->id, &dctx->res);
+ ret = sysdb_getpwuid_with_views(cmdctx, dom, cmdctx->id, &dctx->res);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to make request to our cache!\n");
@@ -1523,9 +1563,15 @@ static int nss_cmd_getpwuid_search(struct nss_dom_ctx *dctx)
/* if this is a caching provider (or if we haven't checked the cache
* yet) then verify that the cache is uptodate */
if (dctx->check_provider) {
- ret = check_cache(dctx, nctx, dctx->res,
- SSS_DP_USER, NULL, cmdctx->id, NULL,
- nss_cmd_getby_dp_callback,
+
+ if (DOM_HAS_VIEWS(dom) && dctx->res->count == 0) {
+ extra_flag = EXTRA_INPUT_MAYBE_WITH_VIEW;
+ } else {
+ extra_flag = NULL;
+ }
+
+ ret = check_cache(dctx, nctx, dctx->res, SSS_DP_USER, NULL,
+ cmdctx->id, extra_flag, nss_cmd_getby_dp_callback,
dctx);
if (ret != EOK) {
/* Anything but EOK means we should reenter the mainloop