summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2014-11-07 13:55:01 +0100
committerJakub Hrozek <jhrozek@redhat.com>2014-11-20 10:52:45 +0100
commit7964d2bd7ea6a0f5bf5acdf94279d72122eca6ad (patch)
tree573fabd08719e3e8256a23d971476b1b1312d32a
parent8eb981dd8bc85aee7a913c6f0096ad47f3382339 (diff)
downloadsssd-7964d2bd7ea6a0f5bf5acdf94279d72122eca6ad.tar.gz
sssd-7964d2bd7ea6a0f5bf5acdf94279d72122eca6ad.tar.xz
sssd-7964d2bd7ea6a0f5bf5acdf94279d72122eca6ad.zip
LDAP: add support for lookups by UUID
Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r--src/providers/data_provider.h2
-rw-r--r--src/providers/ldap/ldap_id.c58
2 files changed, 55 insertions, 5 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index e1cb4befa..5df493e9d 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -127,6 +127,7 @@
#define BE_FILTER_IDNUM 2
#define BE_FILTER_ENUM 3
#define BE_FILTER_SECID 4
+#define BE_FILTER_UUID 5
#define BE_REQ_USER 0x0001
#define BE_REQ_GROUP 0x0002
@@ -139,6 +140,7 @@
#define BE_REQ_HOST 0x0010
#define BE_REQ_BY_SECID 0x0011
#define BE_REQ_USER_AND_GROUP 0x0012
+#define BE_REQ_BY_UUID 0x0013
#define BE_REQ_TYPE_MASK 0x00FF
#define BE_REQ_FAST 0x1000
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index e8b3a0e1e..2e58f4e49 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -179,6 +179,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
goto done;
}
break;
+ case BE_FILTER_UUID:
+ attr_name = ctx->opts->user_map[SDAP_AT_USER_UUID].name;
+ if (attr_name == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "UUID search not configured for this backend.\n");
+ ret = EINVAL;
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, name, &clean_name);
+ if (ret != EOK) {
+ goto done;
+ }
+ break;
default:
ret = EINVAL;
goto done;
@@ -458,8 +472,9 @@ static void users_get_done(struct tevent_req *subreq)
break;
case BE_FILTER_SECID:
- /* Since it is not clear if the SID belongs to a user or a group
- * we have nothing to do here. */
+ case BE_FILTER_UUID:
+ /* Since it is not clear if the SID/UUID belongs to a user or a
+ * group we have nothing to do here. */
break;
default:
@@ -635,6 +650,20 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
goto done;
}
break;
+ case BE_FILTER_UUID:
+ attr_name = ctx->opts->group_map[SDAP_AT_GROUP_UUID].name;
+ if (attr_name == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "UUID search not configured for this backend.\n");
+ ret = EINVAL;
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, name, &clean_name);
+ if (ret != EOK) {
+ goto done;
+ }
+ break;
default:
ret = EINVAL;
goto done;
@@ -884,8 +913,9 @@ static void groups_get_done(struct tevent_req *subreq)
break;
case BE_FILTER_SECID:
- /* Since it is not clear if the SID belongs to a user or a group
- * we have nothing to do here. */
+ case BE_FILTER_UUID:
+ /* Since it is not clear if the SID/UUID belongs to a user or a
+ * group we have nothing to do here. */
break;
default:
@@ -1401,7 +1431,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
goto done;
}
- if (ar->filter_type == BE_FILTER_SECID) {
+ if (ar->filter_type == BE_FILTER_SECID
+ || ar->filter_type == BE_FILTER_UUID) {
ret = EINVAL;
state->err = "Invalid filter type";
goto done;
@@ -1430,6 +1461,21 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
noexist_delete);
break;
+ case BE_REQ_BY_UUID:
+ if (ar->filter_type != BE_FILTER_UUID) {
+ ret = EINVAL;
+ state->err = "Invalid filter type";
+ goto done;
+ }
+
+ subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx,
+ sdom, conn,
+ ar->filter_value,
+ ar->filter_type,
+ ar->attr_type,
+ noexist_delete);
+ break;
+
case BE_REQ_USER_AND_GROUP:
if (!(ar->filter_type == BE_FILTER_NAME ||
ar->filter_type == BE_FILTER_IDNUM)) {
@@ -1504,6 +1550,8 @@ sdap_handle_acct_req_done(struct tevent_req *subreq)
break;
case BE_REQ_BY_SECID:
/* Fallthrough */
+ case BE_REQ_BY_UUID:
+ /* Fallthrough */
case BE_REQ_USER_AND_GROUP:
err = "Lookup by SID failed";
ret = sdap_get_user_and_group_recv(subreq, &state->dp_error,