diff options
| author | Simo Sorce <ssorce@redhat.com> | 2009-11-30 21:51:41 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-12-07 10:19:03 -0500 |
| commit | 9a9f6858e488b6aaf1df7f484a7caea5346f5a3e (patch) | |
| tree | 8beaf990f32b778eabdb4f30ba2338ae2f447d2a /server/db/sysdb_ops.c | |
| parent | effa7cd25f32c88aeb1478f5305bb185434867be (diff) | |
| download | sssd-9a9f6858e488b6aaf1df7f484a7caea5346f5a3e.tar.gz sssd-9a9f6858e488b6aaf1df7f484a7caea5346f5a3e.tar.xz sssd-9a9f6858e488b6aaf1df7f484a7caea5346f5a3e.zip | |
Fix nested group memberships
Search the local db to find the local DN using the original DN as search key.
This way we do not have to rely on weak and faulty heuristicts based on DN
names.
Add a few helper functions in the process and change the way we pass members to
sysdb_store_group_send(), instead of passing users and groups list, just add
member DNs to the other sysdb attrs.
Diffstat (limited to 'server/db/sysdb_ops.c')
| -rw-r--r-- | server/db/sysdb_ops.c | 65 |
1 files changed, 1 insertions, 64 deletions
diff --git a/server/db/sysdb_ops.c b/server/db/sysdb_ops.c index ae95b51be..86a9d33e8 100644 --- a/server/db/sysdb_ops.c +++ b/server/db/sysdb_ops.c @@ -2778,8 +2778,6 @@ struct sysdb_store_group_state { const char *name; gid_t gid; - const char **member_users; - const char **member_groups; struct sysdb_attrs *attrs; @@ -2796,8 +2794,6 @@ struct tevent_req *sysdb_store_group_send(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *name, gid_t gid, - const char **member_users, - const char **member_groups, struct sysdb_attrs *attrs, uint64_t cache_timeout) { @@ -2815,8 +2811,6 @@ struct tevent_req *sysdb_store_group_send(TALLOC_CTX *mem_ctx, state->domain = domain; state->name = name; state->gid = gid; - state->member_users = member_users; - state->member_groups = member_groups; state->attrs = attrs; state->cache_timeout = cache_timeout; @@ -2845,7 +2839,7 @@ static void sysdb_store_group_check(struct tevent_req *subreq) struct ldb_message *msg; time_t now = time(NULL); bool new_group = false; - int ret, i; + int ret; ret = sysdb_search_group_recv(subreq, state, &msg); talloc_zfree(subreq); @@ -2860,63 +2854,6 @@ static void sysdb_store_group_check(struct tevent_req *subreq) /* FIXME: use the remote modification timestamp to know if the * group needs any update */ - if (state->member_users || state->member_groups) { - if (!state->attrs) { - state->attrs = sysdb_new_attrs(state); - if (!state->attrs) { - DEBUG(6, ("Error: Out of memory\n")); - tevent_req_error(req, ENOMEM); - return; - } - } - - for (i = 0; state->member_users && state->member_users[i]; i++) { - char *member; - - member = sysdb_user_strdn(state, - state->domain->name, - state->member_users[i]); - if (!member) { - DEBUG(4, ("Error: Out of memory\n")); - tevent_req_error(req, ENOMEM); - return; - } - DEBUG(9, ("adding member: %s to group %s\n", - member, state->name)); - - ret = sysdb_attrs_steal_string(state->attrs, - SYSDB_MEMBER, member); - if (ret) { - DEBUG(4, ("Error: %d (%s)\n", ret, strerror(ret))); - tevent_req_error(req, ret); - return; - } - } - - for (i = 0; state->member_groups && state->member_groups[i]; i++) { - char *member; - - member = sysdb_group_strdn(state, - state->domain->name, - state->member_groups[i]); - if (!member) { - DEBUG(4, ("Error: Out of memory\n")); - tevent_req_error(req, ENOMEM); - return; - } - DEBUG(9, ("adding member: %s to group %s\n", - member, state->name)); - - ret = sysdb_attrs_steal_string(state->attrs, - SYSDB_MEMBER, member); - if (ret) { - DEBUG(4, ("Error: %d (%s)\n", ret, strerror(ret))); - tevent_req_error(req, ret); - return; - } - } - } - if (new_group) { /* group doesn't exist, turn into adding a group */ subreq = sysdb_add_group_send(state, state->ev, state->handle, |