summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-09-28 11:26:09 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-11-02 11:12:12 -0400
commit357efd33759fd1297723d9956a7f77226fe26871 (patch)
treee79696ada41330f3f78e45359bb4d404fd62170e
parent74a7d5805499a95a868ab4f43f77d34ccf9854a3 (diff)
downloadsssd-357efd33759fd1297723d9956a7f77226fe26871.tar.gz
sssd-357efd33759fd1297723d9956a7f77226fe26871.tar.xz
sssd-357efd33759fd1297723d9956a7f77226fe26871.zip
LDAP: Convert ldap_*_search_filter
Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
-rw-r--r--src/providers/ldap/ldap_common.c6
-rw-r--r--src/providers/ldap/ldap_id.c44
-rw-r--r--src/providers/ldap/ldap_id_enum.c32
3 files changed, 23 insertions, 59 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 233d01947..8f5b8ac4f 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -508,6 +508,7 @@ errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,
char *unparsed_base;
char **split_bases;
char *filter;
+ const char *old_filter = NULL;
int count;
int i, c;
@@ -519,9 +520,11 @@ errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,
break;
case SDAP_USER_SEARCH_BASE:
class_name = "USER";
+ old_filter = dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_FILTER);
break;
case SDAP_GROUP_SEARCH_BASE:
class_name = "GROUP";
+ old_filter = dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_FILTER);
break;
case SDAP_NETGROUP_SEARCH_BASE:
class_name = "NETGROUP";
@@ -601,8 +604,9 @@ errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,
talloc_zfree(ldn);
search_bases[0]->scope = LDAP_SCOPE_SUBTREE;
- search_bases[0]->filter = NULL;
+ /* Use a search filter specified in the old style if available */
+ search_bases[0]->filter = old_filter;
DEBUG(SSSDBG_CONF_SETTINGS,
("Search base added: [%s][%s][%s][%s]\n",
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 607fd2784..3e93bb852 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -65,7 +65,6 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
struct users_get_state *state;
const char *attr_name;
char *clean_name;
- char *base_filter;
int ret;
req = tevent_req_create(memctx, &state, struct users_get_state);
@@ -104,21 +103,12 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
goto fail;
}
- base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
- attr_name, clean_name,
- ctx->opts->user_map[SDAP_OC_USER].name);
+ state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
+ attr_name, clean_name,
+ ctx->opts->user_map[SDAP_OC_USER].name);
talloc_zfree(clean_name);
- if (!base_filter) {
- DEBUG(2, ("Failed to build the base filter\n"));
- ret = ENOMEM;
- goto fail;
- }
-
- state->filter = sdap_get_id_specific_filter(state, base_filter,
- dp_opt_get_string(ctx->opts->basic, SDAP_USER_SEARCH_FILTER));
- talloc_zfree(base_filter);
if (!state->filter) {
- DEBUG(2, ("Failed to build user filter\n"));
+ DEBUG(2, ("Failed to build the base filter\n"));
ret = ENOMEM;
goto fail;
}
@@ -306,7 +296,6 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
struct groups_get_state *state;
const char *attr_name;
char *clean_name;
- char *base_filter;
int ret;
req = tevent_req_create(memctx, &state, struct groups_get_state);
@@ -345,25 +334,16 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
goto fail;
}
- base_filter = talloc_asprintf(state,
- "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
- attr_name, clean_name,
- ctx->opts->group_map[SDAP_OC_GROUP].name,
- ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
- ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
- ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
+ state->filter = talloc_asprintf(state,
+ "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
+ attr_name, clean_name,
+ ctx->opts->group_map[SDAP_OC_GROUP].name,
+ ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
+ ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
+ ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
talloc_zfree(clean_name);
- if (!base_filter) {
- DEBUG(2, ("Failed to build filter\n"));
- ret = ENOMEM;
- goto fail;
- }
-
- state->filter = sdap_get_id_specific_filter(state, base_filter,
- dp_opt_get_string(ctx->opts->basic, SDAP_GROUP_SEARCH_FILTER));
- talloc_zfree(base_filter);
if (!state->filter) {
- DEBUG(2, ("Failed to build group-specific filter\n"));
+ DEBUG(2, ("Failed to build filter\n"));
ret = ENOMEM;
goto fail;
}
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index d49b64dd8..45f4ef78a 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -429,7 +429,6 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
{
struct tevent_req *req, *subreq;
struct enum_users_state *state;
- char *base_filter;
int ret;
req = tevent_req_create(memctx, &state, struct enum_users_state);
@@ -440,7 +439,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
state->op = op;
if (ctx->srv_opts && ctx->srv_opts->max_user_value && !purge) {
- base_filter = talloc_asprintf(
+ state->filter = talloc_asprintf(
state,
"(&(objectclass=%s)(%s=*)(%s=*)(%s=*)(%s>=%s)(!(%s=%s)))",
ctx->opts->user_map[SDAP_OC_USER].name,
@@ -452,7 +451,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
ctx->opts->user_map[SDAP_AT_USER_USN].name,
ctx->srv_opts->max_user_value);
} else {
- base_filter = talloc_asprintf(
+ state->filter = talloc_asprintf(
state,
"(&(objectclass=%s)(%s=*)(%s=*)(%s=*))",
ctx->opts->user_map[SDAP_OC_USER].name,
@@ -460,17 +459,8 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
ctx->opts->user_map[SDAP_AT_USER_UID].name,
ctx->opts->user_map[SDAP_AT_USER_GID].name);
}
- if (!base_filter) {
- DEBUG(2, ("Failed to build base filter\n"));
- ret = ENOMEM;
- goto fail;
- }
-
- state->filter = sdap_get_id_specific_filter(state, base_filter,
- dp_opt_get_string(ctx->opts->basic, SDAP_USER_SEARCH_FILTER));
- talloc_zfree(base_filter);
if (!state->filter) {
- DEBUG(2, ("Failed to build user filter\n"));
+ DEBUG(2, ("Failed to build base filter\n"));
ret = ENOMEM;
goto fail;
}
@@ -563,7 +553,6 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
{
struct tevent_req *req, *subreq;
struct enum_groups_state *state;
- char *base_filter;
int ret;
req = tevent_req_create(memctx, &state, struct enum_groups_state);
@@ -574,7 +563,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
state->op = op;
if (ctx->srv_opts && ctx->srv_opts->max_group_value && !purge) {
- base_filter = talloc_asprintf(
+ state->filter = talloc_asprintf(
state,
"(&(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0)))(%s>=%s)(!(%s=%s)))",
ctx->opts->group_map[SDAP_OC_GROUP].name,
@@ -586,7 +575,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
ctx->opts->group_map[SDAP_AT_GROUP_USN].name,
ctx->srv_opts->max_group_value);
} else {
- base_filter = talloc_asprintf(
+ state->filter = talloc_asprintf(
state,
"(&(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
ctx->opts->group_map[SDAP_OC_GROUP].name,
@@ -594,17 +583,8 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
}
- if (!base_filter) {
- DEBUG(2, ("Failed to build filter\n"));
- ret = ENOMEM;
- goto fail;
- }
-
- state->filter = sdap_get_id_specific_filter(state, base_filter,
- dp_opt_get_string(ctx->opts->basic, SDAP_GROUP_SEARCH_FILTER));
- talloc_zfree(base_filter);
if (!state->filter) {
- DEBUG(2, ("Failed to build group filter\n"));
+ DEBUG(2, ("Failed to build filter\n"));
ret = ENOMEM;
goto fail;
}