diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-09-28 11:26:09 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-11-02 11:12:12 -0400 |
commit | 357efd33759fd1297723d9956a7f77226fe26871 (patch) | |
tree | e79696ada41330f3f78e45359bb4d404fd62170e | |
parent | 74a7d5805499a95a868ab4f43f77d34ccf9854a3 (diff) | |
download | sssd-357efd33759fd1297723d9956a7f77226fe26871.tar.gz sssd-357efd33759fd1297723d9956a7f77226fe26871.tar.xz sssd-357efd33759fd1297723d9956a7f77226fe26871.zip |
LDAP: Convert ldap_*_search_filter
Instead of making this a global option for all user lookups, make
it only used if the search base is passed without an explicit
filter.
-rw-r--r-- | src/providers/ldap/ldap_common.c | 6 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id.c | 44 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id_enum.c | 32 |
3 files changed, 23 insertions, 59 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 233d01947..8f5b8ac4f 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -508,6 +508,7 @@ errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, char *unparsed_base; char **split_bases; char *filter; + const char *old_filter = NULL; int count; int i, c; @@ -519,9 +520,11 @@ errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, break; case SDAP_USER_SEARCH_BASE: class_name = "USER"; + old_filter = dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_FILTER); break; case SDAP_GROUP_SEARCH_BASE: class_name = "GROUP"; + old_filter = dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_FILTER); break; case SDAP_NETGROUP_SEARCH_BASE: class_name = "NETGROUP"; @@ -601,8 +604,9 @@ errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, talloc_zfree(ldn); search_bases[0]->scope = LDAP_SCOPE_SUBTREE; - search_bases[0]->filter = NULL; + /* Use a search filter specified in the old style if available */ + search_bases[0]->filter = old_filter; DEBUG(SSSDBG_CONF_SETTINGS, ("Search base added: [%s][%s][%s][%s]\n", diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 607fd2784..3e93bb852 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -65,7 +65,6 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, struct users_get_state *state; const char *attr_name; char *clean_name; - char *base_filter; int ret; req = tevent_req_create(memctx, &state, struct users_get_state); @@ -104,21 +103,12 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, goto fail; } - base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", - attr_name, clean_name, - ctx->opts->user_map[SDAP_OC_USER].name); + state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", + attr_name, clean_name, + ctx->opts->user_map[SDAP_OC_USER].name); talloc_zfree(clean_name); - if (!base_filter) { - DEBUG(2, ("Failed to build the base filter\n")); - ret = ENOMEM; - goto fail; - } - - state->filter = sdap_get_id_specific_filter(state, base_filter, - dp_opt_get_string(ctx->opts->basic, SDAP_USER_SEARCH_FILTER)); - talloc_zfree(base_filter); if (!state->filter) { - DEBUG(2, ("Failed to build user filter\n")); + DEBUG(2, ("Failed to build the base filter\n")); ret = ENOMEM; goto fail; } @@ -306,7 +296,6 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, struct groups_get_state *state; const char *attr_name; char *clean_name; - char *base_filter; int ret; req = tevent_req_create(memctx, &state, struct groups_get_state); @@ -345,25 +334,16 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } - base_filter = talloc_asprintf(state, - "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", - attr_name, clean_name, - ctx->opts->group_map[SDAP_OC_GROUP].name, - ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, - ctx->opts->group_map[SDAP_AT_GROUP_GID].name, - ctx->opts->group_map[SDAP_AT_GROUP_GID].name); + state->filter = talloc_asprintf(state, + "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", + attr_name, clean_name, + ctx->opts->group_map[SDAP_OC_GROUP].name, + ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name, + ctx->opts->group_map[SDAP_AT_GROUP_GID].name); talloc_zfree(clean_name); - if (!base_filter) { - DEBUG(2, ("Failed to build filter\n")); - ret = ENOMEM; - goto fail; - } - - state->filter = sdap_get_id_specific_filter(state, base_filter, - dp_opt_get_string(ctx->opts->basic, SDAP_GROUP_SEARCH_FILTER)); - talloc_zfree(base_filter); if (!state->filter) { - DEBUG(2, ("Failed to build group-specific filter\n")); + DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index d49b64dd8..45f4ef78a 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -429,7 +429,6 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, { struct tevent_req *req, *subreq; struct enum_users_state *state; - char *base_filter; int ret; req = tevent_req_create(memctx, &state, struct enum_users_state); @@ -440,7 +439,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, state->op = op; if (ctx->srv_opts && ctx->srv_opts->max_user_value && !purge) { - base_filter = talloc_asprintf( + state->filter = talloc_asprintf( state, "(&(objectclass=%s)(%s=*)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))", ctx->opts->user_map[SDAP_OC_USER].name, @@ -452,7 +451,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, ctx->opts->user_map[SDAP_AT_USER_USN].name, ctx->srv_opts->max_user_value); } else { - base_filter = talloc_asprintf( + state->filter = talloc_asprintf( state, "(&(objectclass=%s)(%s=*)(%s=*)(%s=*))", ctx->opts->user_map[SDAP_OC_USER].name, @@ -460,17 +459,8 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, ctx->opts->user_map[SDAP_AT_USER_UID].name, ctx->opts->user_map[SDAP_AT_USER_GID].name); } - if (!base_filter) { - DEBUG(2, ("Failed to build base filter\n")); - ret = ENOMEM; - goto fail; - } - - state->filter = sdap_get_id_specific_filter(state, base_filter, - dp_opt_get_string(ctx->opts->basic, SDAP_USER_SEARCH_FILTER)); - talloc_zfree(base_filter); if (!state->filter) { - DEBUG(2, ("Failed to build user filter\n")); + DEBUG(2, ("Failed to build base filter\n")); ret = ENOMEM; goto fail; } @@ -563,7 +553,6 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, { struct tevent_req *req, *subreq; struct enum_groups_state *state; - char *base_filter; int ret; req = tevent_req_create(memctx, &state, struct enum_groups_state); @@ -574,7 +563,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, state->op = op; if (ctx->srv_opts && ctx->srv_opts->max_group_value && !purge) { - base_filter = talloc_asprintf( + state->filter = talloc_asprintf( state, "(&(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0)))(%s>=%s)(!(%s=%s)))", ctx->opts->group_map[SDAP_OC_GROUP].name, @@ -586,7 +575,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, ctx->opts->group_map[SDAP_AT_GROUP_USN].name, ctx->srv_opts->max_group_value); } else { - base_filter = talloc_asprintf( + state->filter = talloc_asprintf( state, "(&(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", ctx->opts->group_map[SDAP_OC_GROUP].name, @@ -594,17 +583,8 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, ctx->opts->group_map[SDAP_AT_GROUP_GID].name, ctx->opts->group_map[SDAP_AT_GROUP_GID].name); } - if (!base_filter) { - DEBUG(2, ("Failed to build filter\n")); - ret = ENOMEM; - goto fail; - } - - state->filter = sdap_get_id_specific_filter(state, base_filter, - dp_opt_get_string(ctx->opts->basic, SDAP_GROUP_SEARCH_FILTER)); - talloc_zfree(base_filter); if (!state->filter) { - DEBUG(2, ("Failed to build group filter\n")); + DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; goto fail; } |