summaryrefslogtreecommitdiffstats
path: root/server/nss
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2009-01-12 11:52:03 -0500
committerSimo Sorce <idra@samba.org>2009-01-12 11:52:03 -0500
commit17e83b5b0f39f71bbe98c1971bfdf337ab83d00c (patch)
tree2e7efb8872981bc2390d19453c2df1ef779b8d3c /server/nss
parentf947e77d5a16b61092314b79cc5b660f0f897976 (diff)
downloadsssd-17e83b5b0f39f71bbe98c1971bfdf337ab83d00c.tar.gz
sssd-17e83b5b0f39f71bbe98c1971bfdf337ab83d00c.tar.xz
sssd-17e83b5b0f39f71bbe98c1971bfdf337ab83d00c.zip
Adding parsing code to separate names from domains.
Currently, if an invalid domain was specified, it will result in EINVAL being returned.
Diffstat (limited to 'server/nss')
-rw-r--r--server/nss/nsssrv.h6
-rw-r--r--server/nss/nsssrv_cmd.c52
2 files changed, 51 insertions, 7 deletions
diff --git a/server/nss/nsssrv.h b/server/nss/nsssrv.h
index faefa7dfe..6e4d57e01 100644
--- a/server/nss/nsssrv.h
+++ b/server/nss/nsssrv.h
@@ -35,6 +35,12 @@
#define NSS_PACKET_MAX_RECV_SIZE 1024
+/* NSS_DOMAIN_DELIM can be specified in config.h */
+#include "config.h"
+#ifndef NSS_DOMAIN_DELIM
+#define NSS_DOMAIN_DELIM '@'
+#endif
+
struct nss_ldb_ctx;
struct getent_ctx;
diff --git a/server/nss/nsssrv_cmd.c b/server/nss/nsssrv_cmd.c
index 4bacee058..698230694 100644
--- a/server/nss/nsssrv_cmd.c
+++ b/server/nss/nsssrv_cmd.c
@@ -22,6 +22,7 @@
#include "ldb.h"
#include "ldb_errors.h"
#include "util/util.h"
+#include "util/btreemap.h"
#include "nss/nsssrv.h"
#include "nss/nsssrv_ldb.h"
#include <time.h>
@@ -299,6 +300,39 @@ done:
nss_cmd_done(nctx);
}
+static int nss_parse_name(TALLOC_CTX *memctx,
+ const char *fullname,
+ struct btreemap *domain_map,
+ const char **domain, const char **name) {
+ char *delim;
+ struct btreemap *node;
+ int ret;
+
+ if ((delim = strchr(fullname, NSS_DOMAIN_DELIM)) != NULL) {
+
+ /* Check for registered domain */
+ ret = btreemap_search_key(domain_map, (void *)(delim+1), &node);
+ if (ret != BTREEMAP_FOUND) {
+ /* No such domain was registered. Return EINVAL.
+ * TODO: alternative approach?
+ * Alternatively, we could simply fail down to
+ * below, treating the entire construct as the
+ * full name if the domain is unspecified.
+ */
+ return EINVAL;
+ }
+
+ *name = talloc_strndup(memctx, fullname, delim-fullname);
+ *domain = talloc_strdup(memctx, delim+1);
+ }
+ else {
+ *name = talloc_strdup(memctx, fullname);
+ *domain = NULL;
+ }
+
+ return EOK;
+}
+
static void nss_cmd_getpwnam_callback(uint16_t err_maj, uint32_t err_min,
const char *err_msg, void *ptr)
{
@@ -342,18 +376,22 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
/* get user name to query */
nss_packet_get_body(cctx->creq->in, &body, &blen);
- nctx->name = (const char *)body;
/* if not terminated fail */
- if (nctx->name[blen -1] != '\0') {
+ if (body[blen -1] != '\0') {
talloc_free(nctx);
return EINVAL;
}
- /* FIXME: Just ask all backends for now, until Steve provides for name
- * parsing code */
- nctx->domain = NULL;
-
- DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain));
+ ret = nss_parse_name(nctx, (const char *)body,
+ cctx->nctx->domain_map,
+ &nctx->domain, &nctx->name);
+ if (ret != EOK) {
+ DEBUG(1, ("Invalid name received\n"));
+ talloc_free(nctx);
+ return ret;
+ }
+ DEBUG(4, ("Requesting info for [%s] from [%s]\n",
+ nctx->name, nctx->domain?nctx->domain:"all domains"));
ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx,
nctx->domain, nctx->name,