diff options
author | Sumit Bose <sbose@redhat.com> | 2014-11-07 13:55:01 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-20 10:52:45 +0100 |
commit | 7964d2bd7ea6a0f5bf5acdf94279d72122eca6ad (patch) | |
tree | 573fabd08719e3e8256a23d971476b1b1312d32a | |
parent | 8eb981dd8bc85aee7a913c6f0096ad47f3382339 (diff) | |
download | sssd-7964d2bd7ea6a0f5bf5acdf94279d72122eca6ad.tar.gz sssd-7964d2bd7ea6a0f5bf5acdf94279d72122eca6ad.tar.xz sssd-7964d2bd7ea6a0f5bf5acdf94279d72122eca6ad.zip |
LDAP: add support for lookups by UUID
Related to https://fedorahosted.org/sssd/ticket/2481
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r-- | src/providers/data_provider.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id.c | 58 |
2 files changed, 55 insertions, 5 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index e1cb4befa..5df493e9d 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -127,6 +127,7 @@ #define BE_FILTER_IDNUM 2 #define BE_FILTER_ENUM 3 #define BE_FILTER_SECID 4 +#define BE_FILTER_UUID 5 #define BE_REQ_USER 0x0001 #define BE_REQ_GROUP 0x0002 @@ -139,6 +140,7 @@ #define BE_REQ_HOST 0x0010 #define BE_REQ_BY_SECID 0x0011 #define BE_REQ_USER_AND_GROUP 0x0012 +#define BE_REQ_BY_UUID 0x0013 #define BE_REQ_TYPE_MASK 0x00FF #define BE_REQ_FAST 0x1000 diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index e8b3a0e1e..2e58f4e49 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -179,6 +179,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, goto done; } break; + case BE_FILTER_UUID: + attr_name = ctx->opts->user_map[SDAP_AT_USER_UUID].name; + if (attr_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "UUID search not configured for this backend.\n"); + ret = EINVAL; + goto done; + } + + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto done; + } + break; default: ret = EINVAL; goto done; @@ -458,8 +472,9 @@ static void users_get_done(struct tevent_req *subreq) break; case BE_FILTER_SECID: - /* Since it is not clear if the SID belongs to a user or a group - * we have nothing to do here. */ + case BE_FILTER_UUID: + /* Since it is not clear if the SID/UUID belongs to a user or a + * group we have nothing to do here. */ break; default: @@ -635,6 +650,20 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto done; } break; + case BE_FILTER_UUID: + attr_name = ctx->opts->group_map[SDAP_AT_GROUP_UUID].name; + if (attr_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "UUID search not configured for this backend.\n"); + ret = EINVAL; + goto done; + } + + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto done; + } + break; default: ret = EINVAL; goto done; @@ -884,8 +913,9 @@ static void groups_get_done(struct tevent_req *subreq) break; case BE_FILTER_SECID: - /* Since it is not clear if the SID belongs to a user or a group - * we have nothing to do here. */ + case BE_FILTER_UUID: + /* Since it is not clear if the SID/UUID belongs to a user or a + * group we have nothing to do here. */ break; default: @@ -1401,7 +1431,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - if (ar->filter_type == BE_FILTER_SECID) { + if (ar->filter_type == BE_FILTER_SECID + || ar->filter_type == BE_FILTER_UUID) { ret = EINVAL; state->err = "Invalid filter type"; goto done; @@ -1430,6 +1461,21 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, noexist_delete); break; + case BE_REQ_BY_UUID: + if (ar->filter_type != BE_FILTER_UUID) { + ret = EINVAL; + state->err = "Invalid filter type"; + goto done; + } + + subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, + sdom, conn, + ar->filter_value, + ar->filter_type, + ar->attr_type, + noexist_delete); + break; + case BE_REQ_USER_AND_GROUP: if (!(ar->filter_type == BE_FILTER_NAME || ar->filter_type == BE_FILTER_IDNUM)) { @@ -1504,6 +1550,8 @@ sdap_handle_acct_req_done(struct tevent_req *subreq) break; case BE_REQ_BY_SECID: /* Fallthrough */ + case BE_REQ_BY_UUID: + /* Fallthrough */ case BE_REQ_USER_AND_GROUP: err = "Lookup by SID failed"; ret = sdap_get_user_and_group_recv(subreq, &state->dp_error, |