diff options
author | Simo Sorce <idra@samba.org> | 2009-01-11 18:52:48 -0500 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2009-01-11 19:16:10 -0500 |
commit | f947e77d5a16b61092314b79cc5b660f0f897976 (patch) | |
tree | 734cb1413feb352194c174d126d4c505d8435a01 /server/nss | |
parent | 9aaaff891a0125dc1102668a99338530fb07abfa (diff) | |
download | sssd-f947e77d5a16b61092314b79cc5b660f0f897976.tar.gz sssd-f947e77d5a16b61092314b79cc5b660f0f897976.tar.xz sssd-f947e77d5a16b61092314b79cc5b660f0f897976.zip |
Use a unified base (temp. dc=sssd), for all domain including LOCAL.
It makes no sense to have internal attribute names user configurable,
remove that option and use macros internally.
Also now always pass the domain name to all nss_ldb_* calls.
Diffstat (limited to 'server/nss')
-rw-r--r-- | server/nss/nss_ldb.h | 74 | ||||
-rw-r--r-- | server/nss/nsssrv_cmd.c | 131 | ||||
-rw-r--r-- | server/nss/nsssrv_ldb.c | 226 | ||||
-rw-r--r-- | server/nss/nsssrv_ldb.h | 52 |
4 files changed, 228 insertions, 255 deletions
diff --git a/server/nss/nss_ldb.h b/server/nss/nss_ldb.h index eee4344f3..8f5b11245 100644 --- a/server/nss/nss_ldb.h +++ b/server/nss/nss_ldb.h @@ -4,40 +4,42 @@ #define NSS_DEF_LDB_FILE "sssd.ldb" -#define NSS_DEF_USER_BASE "cn=users,cn=local" -#define NSS_DEF_GROUP_BASE "cn=groups,cn=local" - -#define NSS_DEF_PWNAM_FILTER "(&(objectclass=user)(uid=%s))" -#define NSS_DEF_PWUID_FILTER "(&(objectclass=user)(uidNumber=%llu))" -#define NSS_DEF_PWENT_FILTER "(objectclass=user)" - -#define NSS_DEF_GRNAM_FILTER "(&(objectclass=group)(cn=%s))" -#define NSS_DEF_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))" -#define NSS_DEF_GRGID_FILTER "(&(objectclass=group)(gidNumber=%llu))" -#define NSS_DEF_GRENT_FILTER "(objectclass=group)" - -#define NSS_DEF_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))" - -#define NSS_DEF_PW_NAME "uid" -#define NSS_DEF_PW_UIDNUM "uidNumber" -#define NSS_DEF_PW_GIDNUM "gidNumber" -#define NSS_DEF_PW_FULLNAME "fullName" -#define NSS_DEF_PW_HOMEDIR "homeDirectory" -#define NSS_DEF_PW_SHELL "loginShell" - -#define NSS_DEF_GR_NAME "cn" -#define NSS_DEF_GR_GIDNUM "gidNumber" -#define NSS_DEF_GR_MEMBER "member" - -#define NSS_DEF_LAST_UPDATE "lastUpdate" - -#define NSS_DEF_PW_ATTRS {NSS_DEF_PW_NAME, NSS_DEF_PW_UIDNUM, \ - NSS_DEF_PW_GIDNUM, NSS_DEF_PW_FULLNAME, \ - NSS_DEF_PW_HOMEDIR, NSS_DEF_PW_SHELL, \ - NSS_DEF_LAST_UPDATE, NULL} -#define NSS_DEF_GRNAM_ATTRS {NSS_DEF_GR_NAME, NSS_DEF_GR_GIDNUM, NSS_DEF_LAST_UPDATE, NULL} -#define NSS_DEF_GRPW_ATTRS {NSS_DEF_PW_NAME, NSS_DEF_LAST_UPDATE, NULL} - -#define NSS_DEF_INITGR_ATTR "memberof" -#define NSS_DEF_INITGR_ATTRS {NSS_DEF_GR_GIDNUM, NSS_DEF_LAST_UPDATE, NULL} +#define NSS_DEF_BASE "dc=sssd" +#define NSS_TMPL_USER_BASE "cn=users,cn=%s,dc=sssd" +#define NSS_TMPL_GROUP_BASE "cn=groups,cn=%s,dc=sssd" + +#define NSS_PWNAM_FILTER "(&(objectclass=user)(uid=%s))" +#define NSS_PWUID_FILTER "(&(objectclass=user)(uidNumber=%llu))" +#define NSS_PWENT_FILTER "(objectclass=user)" + +#define NSS_GRNAM_FILTER "(&(objectclass=group)(cn=%s))" +#define NSS_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))" +#define NSS_GRGID_FILTER "(&(objectclass=group)(gidNumber=%llu))" +#define NSS_GRENT_FILTER "(objectclass=group)" + +#define NSS_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))" + +#define NSS_PW_NAME "uid" +#define NSS_PW_PWD "userPassword" +#define NSS_PW_UIDNUM "uidNumber" +#define NSS_PW_GIDNUM "gidNumber" +#define NSS_PW_FULLNAME "fullName" +#define NSS_PW_HOMEDIR "homeDirectory" +#define NSS_PW_SHELL "loginShell" + +#define NSS_GR_NAME "cn" +#define NSS_GR_GIDNUM "gidNumber" +#define NSS_GR_MEMBER "member" + +#define NSS_LAST_UPDATE "lastUpdate" + +#define NSS_PW_ATTRS {NSS_PW_NAME, NSS_PW_UIDNUM, \ + NSS_PW_GIDNUM, NSS_PW_FULLNAME, \ + NSS_PW_HOMEDIR, NSS_PW_SHELL, \ + NSS_LAST_UPDATE, NULL} +#define NSS_GRNAM_ATTRS {NSS_GR_NAME, NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL} +#define NSS_GRPW_ATTRS {NSS_PW_NAME, NSS_LAST_UPDATE, NULL} + +#define NSS_INITGR_ATTR "memberof" +#define NSS_INITGR_ATTRS {NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL} diff --git a/server/nss/nsssrv_cmd.c b/server/nss/nsssrv_cmd.c index 4d856e065..4bacee058 100644 --- a/server/nss/nsssrv_cmd.c +++ b/server/nss/nsssrv_cmd.c @@ -28,6 +28,7 @@ struct nss_cmd_ctx { struct cli_ctx *cctx; + const char *domain; const char *name; uid_t id; bool check_expiration; @@ -112,7 +113,6 @@ static int nss_cmd_get_version(struct cli_ctx *cctx) ***************************************************************************/ static int fill_pwent(struct nss_packet *packet, - struct nss_ldb_ctx *lctx, struct ldb_message **msgs, int count) { @@ -136,12 +136,12 @@ static int fill_pwent(struct nss_packet *packet, for (i = 0; i < count; i++) { msg = msgs[i]; - name = ldb_msg_find_attr_as_string(msg, lctx->pw_name, NULL); - fullname = ldb_msg_find_attr_as_string(msg, lctx->pw_fullname, NULL); - homedir = ldb_msg_find_attr_as_string(msg, lctx->pw_homedir, NULL); - shell = ldb_msg_find_attr_as_string(msg, lctx->pw_shell, NULL); - uid = ldb_msg_find_attr_as_uint64(msg, lctx->pw_uidnum, 0); - gid = ldb_msg_find_attr_as_uint64(msg, lctx->pw_gidnum, 0); + name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL); + fullname = ldb_msg_find_attr_as_string(msg, NSS_PW_FULLNAME, NULL); + homedir = ldb_msg_find_attr_as_string(msg, NSS_PW_HOMEDIR, NULL); + shell = ldb_msg_find_attr_as_string(msg, NSS_PW_SHELL, NULL); + uid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_UIDNUM, 0); + gid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_GIDNUM, 0); if (!name || !fullname || !homedir || !shell || !uid || !gid) { DEBUG(1, ("Incomplete user object for %s[%llu]! Skipping\n", @@ -261,7 +261,7 @@ static void nss_cmd_getpw_callback(void *ptr, int status, if (nctx->check_expiration) { timeout = nctx->cctx->nctx->cache_timeout; - lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], "lastUpdate", 0); + lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], NSS_LAST_UPDATE, 0); if (lastUpdate + timeout < time(NULL)) { /* dont loop forever :-) */ @@ -292,7 +292,7 @@ static void nss_cmd_getpw_callback(void *ptr, int status, NSS_CMD_FATAL_ERROR(cctx); } - ret = fill_pwent(cctx->creq->out, cctx->nctx->lctx, res->msgs, res->count); + ret = fill_pwent(cctx->creq->out, res->msgs, res->count); nss_packet_set_error(cctx->creq->out, ret); done: @@ -314,7 +314,8 @@ static void nss_cmd_getpwnam_callback(uint16_t err_maj, uint32_t err_min, } ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx, - nctx->name, nss_cmd_getpw_callback, nctx); + nctx->domain, nctx->name, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -348,13 +349,15 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx) return EINVAL; } - DEBUG(4, ("Requesting info for [%s]\n", nctx->name)); - /* FIXME: Just ask all backends for now, until Steve provides for name * parsing code */ + nctx->domain = NULL; + + DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain)); ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx, - nctx->name, nss_cmd_getpw_callback, nctx); + nctx->domain, nctx->name, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -382,7 +385,8 @@ static void nss_cmd_getpwuid_callback(uint16_t err_maj, uint32_t err_min, } ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx, - nctx->id, nss_cmd_getpw_callback, nctx); + nctx->domain, nctx->id, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -416,12 +420,14 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx) nctx->id = (uid_t)*((uint64_t *)body); - DEBUG(4, ("Requesting info for [%lu]\n", nctx->id)); - /* FIXME: Just ask all backends for now, until we check for ranges */ + nctx->domain = NULL; + + DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain)); ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx, - nctx->id, nss_cmd_getpw_callback, nctx); + nctx->domain, nctx->id, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -514,7 +520,7 @@ static int nss_cmd_retpwent(struct cli_ctx *cctx, int num) n = gctx->pwds->count - gctx->pwd_cur; if (n > num) n = num; - ret = fill_pwent(cctx->creq->out, cctx->nctx->lctx, + ret = fill_pwent(cctx->creq->out, &(gctx->pwds->msgs[gctx->pwd_cur]), n); gctx->pwd_cur += n; @@ -654,7 +660,6 @@ done: ***************************************************************************/ static int fill_grent(struct nss_packet *packet, - struct nss_ldb_ctx *lctx, struct ldb_message **msgs, int count) { @@ -677,8 +682,8 @@ static int fill_grent(struct nss_packet *packet, if (get_group) { /* find group name/gid */ - name = ldb_msg_find_attr_as_string(msg, lctx->gr_name, NULL); - gid = ldb_msg_find_attr_as_uint64(msg, lctx->gr_gidnum, 0); + name = ldb_msg_find_attr_as_string(msg, NSS_GR_NAME, NULL); + gid = ldb_msg_find_attr_as_uint64(msg, NSS_GR_GIDNUM, 0); if (!name || !gid) { DEBUG(1, ("Incomplete group object for %s[%llu]! Aborting\n", name?name:"<NULL>", (unsigned long long int)gid)); @@ -706,7 +711,7 @@ static int fill_grent(struct nss_packet *packet, continue; } - name = ldb_msg_find_attr_as_string(msg, lctx->pw_name, NULL); + name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL); if (!name) { /* last member of previous group found, or error. @@ -784,7 +789,7 @@ static void nss_cmd_getgr_callback(void *ptr, int status, goto done; } - ret = fill_grent(cctx->creq->out, cctx->nctx->lctx, res->msgs, res->count); + ret = fill_grent(cctx->creq->out, res->msgs, res->count); nss_packet_set_error(cctx->creq->out, ret); done: @@ -797,25 +802,30 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx) uint8_t *body; size_t blen; int ret; - const char *name; + + nctx = talloc_zero(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + nctx->check_expiration = true; /* get group name to query */ nss_packet_get_body(cctx->creq->in, &body, &blen); - name = (const char *)body; + nctx->name = (const char *)body; /* if not terminated fail */ - if (name[blen -1] != '\0') { + if (nctx->name[blen -1] != '\0') { return EINVAL; } - DEBUG(4, ("Requesting info for [%s]\n", name)); + /* FIXME: Just ask all backends for now, until Steve provides for name + * parsing code */ + nctx->domain = NULL; - nctx = talloc(cctx, struct nss_cmd_ctx); - if (!nctx) { - return ENOMEM; - } - nctx->cctx = cctx; + DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain)); - ret = nss_ldb_getgrnam(nctx, cctx->ev, cctx->nctx->lctx, name, + ret = nss_ldb_getgrnam(nctx, cctx->ev, cctx->nctx->lctx, + nctx->domain, nctx->name, nss_cmd_getgr_callback, nctx); return ret; @@ -827,26 +837,28 @@ static int nss_cmd_getgrgid(struct cli_ctx *cctx) uint8_t *body; size_t blen; int ret; - uint64_t gid; + + nctx = talloc_zero(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + nctx->check_expiration = true; /* get gid to query */ nss_packet_get_body(cctx->creq->in, &body, &blen); - if (blen != sizeof(uint64_t)) { return EINVAL; } + nctx->id = (uid_t)*((uint64_t *)body); - gid = *((uint64_t *)body); - - DEBUG(4, ("Requesting info for [%lu]\n", gid)); + /* FIXME: Just ask all backends for now, until we check for ranges */ + nctx->domain = NULL; - nctx = talloc(cctx, struct nss_cmd_ctx); - if (!nctx) { - return ENOMEM; - } - nctx->cctx = cctx; + DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain)); - ret = nss_ldb_getgrgid(nctx, cctx->ev, cctx->nctx->lctx, gid, + ret = nss_ldb_getgrgid(nctx, cctx->ev, cctx->nctx->lctx, + nctx->domain, nctx->id, nss_cmd_getgr_callback, nctx); return ret; @@ -932,7 +944,7 @@ static int nss_cmd_retgrent(struct cli_ctx *cctx, int num) n = gctx->grps->count - gctx->grp_cur; if (n > num) n = num; - ret = fill_grent(cctx->creq->out, cctx->nctx->lctx, + ret = fill_grent(cctx->creq->out, &(gctx->grps->msgs[gctx->grp_cur]), n); gctx->grp_cur += n; @@ -1075,7 +1087,6 @@ static void nss_cmd_initgr_callback(void *ptr, int status, { struct nss_cmd_ctx *nctx = talloc_get_type(ptr, struct nss_cmd_ctx); struct cli_ctx *cctx = nctx->cctx; - struct nss_ldb_ctx *lctx = cctx->nctx->lctx; uint8_t *body; size_t blen; uint64_t gid; @@ -1106,7 +1117,7 @@ static void nss_cmd_initgr_callback(void *ptr, int status, nss_packet_get_body(cctx->creq->out, &body, &blen); for (i = 0; i < num; i++) { - gid = ldb_msg_find_attr_as_uint64(res->msgs[i], lctx->gr_gidnum, 0); + gid = ldb_msg_find_attr_as_uint64(res->msgs[i], NSS_GR_GIDNUM, 0); if (!gid) { DEBUG(1, ("Incomplete group object for initgroups! Aborting\n")); nss_packet_set_error(cctx->creq->out, EIO); @@ -1129,25 +1140,31 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx) uint8_t *body; size_t blen; int ret; - const char *name; + + nctx = talloc_zero(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + nctx->check_expiration = true; /* get user name to query */ nss_packet_get_body(cctx->creq->in, &body, &blen); - name = (const char *)body; + nctx->name = (const char *)body; /* if not terminated fail */ - if (name[blen -1] != '\0') { + if (nctx->name[blen -1] != '\0') { return EINVAL; } - DEBUG(4, ("Requesting groups for [%s]\n", name)); + /* FIXME: Just ask all backends for now, until Steve provides for name + * parsing code */ + nctx->domain = NULL; + + DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain)); - nctx = talloc(cctx, struct nss_cmd_ctx); - if (!nctx) { - return ENOMEM; - } - nctx->cctx = cctx; - ret = nss_ldb_initgroups(nctx, cctx->ev, cctx->nctx->lctx, name, + ret = nss_ldb_initgroups(nctx, cctx->ev, cctx->nctx->lctx, + nctx->domain, nctx->name, nss_cmd_initgr_callback, nctx); return ret; diff --git a/server/nss/nsssrv_ldb.c b/server/nss/nsssrv_ldb.c index 98fcb76c3..d9c404637 100644 --- a/server/nss/nsssrv_ldb.c +++ b/server/nss/nsssrv_ldb.c @@ -24,11 +24,11 @@ #include "util/util.h" #include "nss/nsssrv.h" #include "nss/nsssrv_ldb.h" -#include "nss/nss_ldb.h" #include "confdb/confdb.h" struct nss_ldb_search_ctx { struct nss_ldb_ctx *nlctx; + const char *base_dn; nss_ldb_callback_t callback; void *ptr; struct ldb_result *res; @@ -115,6 +115,7 @@ static int get_gen_callback(struct ldb_request *req, } static struct nss_ldb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx, + const char *base_dn, struct nss_ldb_ctx *ctx, nss_ldb_callback_t fn, void *ptr) @@ -126,6 +127,7 @@ static struct nss_ldb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx, return NULL; } sctx->nlctx = ctx; + sctx->base_dn = base_dn; sctx->callback = fn; sctx->ptr = ptr; sctx->res = talloc_zero(sctx, struct ldb_result); @@ -143,13 +145,14 @@ static int pwd_search(struct nss_ldb_search_ctx *sctx, struct nss_ldb_ctx *ctx, const char *expression) { + static const char *attrs[] = NSS_PW_ATTRS; struct ldb_request *req; int ret; ret = ldb_build_search_req(&req, ctx->ldb, sctx, - ldb_dn_new(sctx, ctx->ldb, ctx->user_base), + ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), LDB_SCOPE_SUBTREE, - expression, ctx->pw_attrs, NULL, + expression, attrs, NULL, sctx, get_gen_callback, NULL); if (ret != LDB_SUCCESS) { @@ -167,18 +170,29 @@ static int pwd_search(struct nss_ldb_search_ctx *sctx, int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; + const char *base_dn; char *expression; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->pwnam_filter, name); + expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name); if (!expression) { talloc_free(sctx); return ENOMEM; @@ -190,19 +204,30 @@ int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, uint64_t uid, nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; unsigned long long int filter_uid = uid; + const char *base_dn; char *expression; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->pwuid_filter, filter_uid); + expression = talloc_asprintf(sctx, NSS_PWUID_FILTER, filter_uid); if (!expression) { talloc_free(sctx); return ENOMEM; @@ -218,12 +243,12 @@ int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx, { struct nss_ldb_search_ctx *sctx; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - return pwd_search(sctx, ctx, ctx->pwent_filter); + return pwd_search(sctx, ctx, NSS_PWENT_FILTER); } /* groups */ @@ -243,6 +268,7 @@ static void get_members(void *ptr, int status, struct ldb_result *res) struct ldb_request *req; struct ldb_message *msg; struct ldb_result *ret_res; + static const char *attrs[] = NSS_GRPW_ATTRS; const char *expression; int ret, i; @@ -272,7 +298,7 @@ static void get_members(void *ptr, int status, struct ldb_result *res) return request_done(gmctx->ret_sctx); } - mem_sctx = init_src_ctx(gmctx, ctx, get_members, sctx); + mem_sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, sctx); if (!mem_sctx) { return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); } @@ -294,16 +320,16 @@ static void get_members(void *ptr, int status, struct ldb_result *res) ret_res->count++; /* search for this group members */ - expression = talloc_asprintf(mem_sctx, ctx->grna2_filter, + expression = talloc_asprintf(mem_sctx, NSS_GRNA2_FILTER, ldb_dn_get_linearized(msg->dn)); if (!expression) { return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); } ret = ldb_build_search_req(&req, ctx->ldb, mem_sctx, - ldb_dn_new(mem_sctx, ctx->ldb, ctx->user_base), + ldb_dn_new(mem_sctx, ctx->ldb, sctx->base_dn), LDB_SCOPE_SUBTREE, - expression, ctx->grpw_attrs, NULL, + expression, attrs, NULL, mem_sctx, get_gen_callback, NULL); if (ret != LDB_SUCCESS) { @@ -394,7 +420,7 @@ static int get_grp_callback(struct ldb_request *req, /* re-use sctx to create a fake handler for the first call to * get_members() */ - sctx = init_src_ctx(gmctx, ctx, get_members, gmctx); + sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, gmctx); get_members(sctx, LDB_SUCCESS, NULL); return LDB_SUCCESS; @@ -413,13 +439,14 @@ static int grp_search(struct nss_ldb_search_ctx *sctx, struct nss_ldb_ctx *ctx, const char *expression) { + static const char *attrs[] = NSS_GRNAM_ATTRS; struct ldb_request *req; int ret; ret = ldb_build_search_req(&req, ctx->ldb, sctx, - ldb_dn_new(sctx, ctx->ldb, ctx->group_base), + ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), LDB_SCOPE_SUBTREE, - expression, ctx->grnam_attrs, NULL, + expression, attrs, NULL, sctx, get_grp_callback, NULL); if (ret != LDB_SUCCESS) { @@ -437,18 +464,29 @@ static int grp_search(struct nss_ldb_search_ctx *sctx, int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; + const char *base_dn; char *expression; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->grnam_filter, name); + expression = talloc_asprintf(sctx, NSS_GRNAM_FILTER, name); if (!expression) { talloc_free(sctx); return ENOMEM; @@ -460,19 +498,30 @@ int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx, int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, uint64_t gid, nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; unsigned long long int filter_gid = gid; + const char *base_dn; char *expression; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->grgid_filter, filter_gid); + expression = talloc_asprintf(sctx, NSS_GRGID_FILTER, filter_gid); if (!expression) { talloc_free(sctx); return ENOMEM; @@ -488,12 +537,12 @@ int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx, { struct nss_ldb_search_ctx *sctx; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - return grp_search(sctx, ctx, ctx->grent_filter); + return grp_search(sctx, ctx, NSS_GRENT_FILTER); } static void nss_ldb_initgr_search(void *ptr, int status, @@ -505,6 +554,7 @@ static void nss_ldb_initgr_search(void *ptr, int status, struct ldb_request *req; struct ldb_control **ctrl; struct ldb_asq_control *control; + static const char *attrs[] = NSS_INITGR_ATTRS; int ret; sctx = talloc_get_type(ptr, struct nss_ldb_search_ctx); @@ -517,7 +567,7 @@ static void nss_ldb_initgr_search(void *ptr, int status, return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); } - expression = talloc_asprintf(sctx, ctx->initgr_filter); + expression = talloc_asprintf(sctx, NSS_INITGR_FILTER); if (!expression) { return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); } @@ -538,7 +588,7 @@ static void nss_ldb_initgr_search(void *ptr, int status, return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); } control->request = 1; - control->source_attribute = talloc_strdup(control, ctx->initgr_attr); + control->source_attribute = talloc_strdup(control, NSS_INITGR_ATTR); if (!control->source_attribute) { return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); } @@ -548,7 +598,7 @@ static void nss_ldb_initgr_search(void *ptr, int status, ret = ldb_build_search_req(&req, ctx->ldb, sctx, res->msgs[0]->dn, LDB_SCOPE_BASE, - expression, ctx->initgr_attrs, ctrl, + expression, attrs, ctrl, sctx, get_gen_callback, NULL); if (ret != LDB_SUCCESS) { @@ -564,35 +614,47 @@ static void nss_ldb_initgr_search(void *ptr, int status, int nss_ldb_initgroups(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr) { + static const char *attrs[] = NSS_PW_ATTRS; struct nss_ldb_search_ctx *ret_sctx; struct nss_ldb_search_ctx *sctx; + const char *base_dn; char *expression; struct ldb_request *req; int ret; - ret_sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + ret_sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr); if (!ret_sctx) { return ENOMEM; } - sctx = init_src_ctx(ret_sctx, ctx, nss_ldb_initgr_search, ret_sctx); + sctx = init_src_ctx(ret_sctx, base_dn, ctx, nss_ldb_initgr_search, ret_sctx); if (!sctx) { talloc_free(sctx); return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->pwnam_filter, name); + expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name); if (!expression) { talloc_free(sctx); return ENOMEM; } ret = ldb_build_search_req(&req, ctx->ldb, sctx, - ldb_dn_new(sctx, ctx->ldb, ctx->user_base), + ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), LDB_SCOPE_SUBTREE, - expression, ctx->pw_attrs, NULL, + expression, attrs, NULL, sctx, get_gen_callback, NULL); if (ret != LDB_SUCCESS) { @@ -633,49 +695,6 @@ static int nss_ldb_read_var(TALLOC_CTX *tmp_ctx, return EOK; } -static int nss_ldb_read_array(TALLOC_CTX *tmp_ctx, - struct confdb_ctx *cdb, - struct nss_ldb_ctx *ctx, - const char *name, - const char **def_value, - const char ***target) -{ - char **values; - const char **t; - int i, ret; - - ret = confdb_get_param(cdb, tmp_ctx, - NSS_LDB_CONF_SECTION, - name, &values); - if (ret != EOK) - return ret; - - for (i = 0; values[i]; i++) /* count */ ; - if (i == 0) { - for (i = 0; def_value[i]; i++) /*count */ ; - } - if (i == 0) - return EINVAL; - - t = talloc_array(ctx, const char *, i+1); - if (!*target) - return ENOMEM; - - if (values[0]) { - for (i = 0; values[i]; i++) { - t[i] = talloc_steal(ctx, values[i]); - } - } else { - for (i = 0; def_value[i]; i++) { - t[i] = talloc_strdup(ctx, def_value[i]); - } - } - t[i] = NULL; - - *target = t; - return EOK; -} - static int nss_ldb_read_conf(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, struct nss_ldb_ctx **nlctx) @@ -705,67 +724,6 @@ static int nss_ldb_read_conf(TALLOC_CTX *mem_ctx, default_ldb_path, &ctx->ldb_file); DEBUG(3, ("NSS LDB Cache Path: %s\n", ctx->ldb_file)); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "userBase", - NSS_DEF_USER_BASE, &ctx->user_base); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "groupBase", - NSS_DEF_GROUP_BASE, &ctx->group_base); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwnamFilter", - NSS_DEF_PWNAM_FILTER, &ctx->pwnam_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwuidFilter", - NSS_DEF_PWUID_FILTER, &ctx->pwuid_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwentFilter", - NSS_DEF_PWENT_FILTER, &ctx->pwent_filter); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grnamFilter", - NSS_DEF_GRNAM_FILTER, &ctx->grnam_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grna2Filter", - NSS_DEF_GRNA2_FILTER, &ctx->grna2_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grgidFilter", - NSS_DEF_GRGID_FILTER, &ctx->grgid_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grentFilter", - NSS_DEF_GRENT_FILTER, &ctx->grent_filter); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "initgrFilter", - NSS_DEF_INITGR_FILTER, &ctx->initgr_filter); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwName", - NSS_DEF_PW_NAME, &ctx->pw_name); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwUidnum", - NSS_DEF_PW_UIDNUM, &ctx->pw_uidnum); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwGidnum", - NSS_DEF_PW_GIDNUM, &ctx->pw_gidnum); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwFullname", - NSS_DEF_PW_FULLNAME, &ctx->pw_fullname); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwHomedir", - NSS_DEF_PW_HOMEDIR, &ctx->pw_homedir); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwShell", - NSS_DEF_PW_SHELL, &ctx->pw_shell); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grName", - NSS_DEF_GR_NAME, &ctx->gr_name); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grGidnum", - NSS_DEF_GR_GIDNUM, &ctx->gr_gidnum); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grMember", - NSS_DEF_GR_MEMBER, &ctx->gr_member); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "initgrAttr", - NSS_DEF_INITGR_ATTR, - &ctx->initgr_attr); - - const char *pwattrs[] = NSS_DEF_PW_ATTRS; - nss_ldb_read_array(tmp_ctx, cdb, ctx, "pwAttrs", - pwattrs, &ctx->pw_attrs); - const char *grnamattrs[] = NSS_DEF_GRNAM_ATTRS; - nss_ldb_read_array(tmp_ctx, cdb, ctx, "grnamAttrs", - grnamattrs, &ctx->grnam_attrs); - const char *grpwattrs[] = NSS_DEF_GRPW_ATTRS; - nss_ldb_read_array(tmp_ctx, cdb, ctx, "grpwAttrs", - grpwattrs, &ctx->grpw_attrs); - const char *initgrattrs[] = NSS_DEF_INITGR_ATTRS; - nss_ldb_read_array(tmp_ctx, cdb, ctx, "initgrAttrs", - initgrattrs, &ctx->initgr_attrs); - *nlctx = ctx; ret = EOK; diff --git a/server/nss/nsssrv_ldb.h b/server/nss/nsssrv_ldb.h index 016f5a54c..66c9687d2 100644 --- a/server/nss/nsssrv_ldb.h +++ b/server/nss/nsssrv_ldb.h @@ -1,39 +1,30 @@ +/* + SSSD -struct nss_ldb_ctx { - struct ldb_context *ldb; - const char *ldb_file; - - const char *user_base; - const char *group_base; + NSS LDB Header - const char *pwnam_filter; - const char *pwuid_filter; - const char *pwent_filter; + Copyright (C) Simo Sorce <ssorce@redhat.com> 2008 - const char *grnam_filter; - const char *grna2_filter; - const char *grgid_filter; - const char *grent_filter; + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. - const char *initgr_filter; + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. - const char *pw_name; - const char *pw_uidnum; - const char *pw_gidnum; - const char *pw_fullname; - const char *pw_homedir; - const char *pw_shell; + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ - const char *gr_name; - const char *gr_gidnum; - const char *gr_member; - const char *initgr_attr; +#include "nss/nss_ldb.h" - const char **pw_attrs; - const char **grnam_attrs; - const char **grpw_attrs; - const char **initgr_attrs; +struct nss_ldb_ctx { + struct ldb_context *ldb; + const char *ldb_file; }; struct confdb_ctx; @@ -48,12 +39,14 @@ int nss_ldb_init(TALLOC_CTX *mem_ctx, int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr); int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, uint64_t uid, nss_ldb_callback_t fn, void *ptr); @@ -65,12 +58,14 @@ int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx, int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr); int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, uint64_t gid, nss_ldb_callback_t fn, void *ptr); @@ -82,6 +77,7 @@ int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx, int nss_ldb_initgroups(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr); |