diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2009-01-12 11:52:03 -0500 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2009-01-12 11:52:03 -0500 |
commit | 17e83b5b0f39f71bbe98c1971bfdf337ab83d00c (patch) | |
tree | 2e7efb8872981bc2390d19453c2df1ef779b8d3c /server/nss | |
parent | f947e77d5a16b61092314b79cc5b660f0f897976 (diff) | |
download | sssd-17e83b5b0f39f71bbe98c1971bfdf337ab83d00c.tar.gz sssd-17e83b5b0f39f71bbe98c1971bfdf337ab83d00c.tar.xz sssd-17e83b5b0f39f71bbe98c1971bfdf337ab83d00c.zip |
Adding parsing code to separate names from domains.
Currently, if an invalid domain was specified, it
will result in EINVAL being returned.
Diffstat (limited to 'server/nss')
-rw-r--r-- | server/nss/nsssrv.h | 6 | ||||
-rw-r--r-- | server/nss/nsssrv_cmd.c | 52 |
2 files changed, 51 insertions, 7 deletions
diff --git a/server/nss/nsssrv.h b/server/nss/nsssrv.h index faefa7dfe..6e4d57e01 100644 --- a/server/nss/nsssrv.h +++ b/server/nss/nsssrv.h @@ -35,6 +35,12 @@ #define NSS_PACKET_MAX_RECV_SIZE 1024 +/* NSS_DOMAIN_DELIM can be specified in config.h */ +#include "config.h" +#ifndef NSS_DOMAIN_DELIM +#define NSS_DOMAIN_DELIM '@' +#endif + struct nss_ldb_ctx; struct getent_ctx; diff --git a/server/nss/nsssrv_cmd.c b/server/nss/nsssrv_cmd.c index 4bacee058..698230694 100644 --- a/server/nss/nsssrv_cmd.c +++ b/server/nss/nsssrv_cmd.c @@ -22,6 +22,7 @@ #include "ldb.h" #include "ldb_errors.h" #include "util/util.h" +#include "util/btreemap.h" #include "nss/nsssrv.h" #include "nss/nsssrv_ldb.h" #include <time.h> @@ -299,6 +300,39 @@ done: nss_cmd_done(nctx); } +static int nss_parse_name(TALLOC_CTX *memctx, + const char *fullname, + struct btreemap *domain_map, + const char **domain, const char **name) { + char *delim; + struct btreemap *node; + int ret; + + if ((delim = strchr(fullname, NSS_DOMAIN_DELIM)) != NULL) { + + /* Check for registered domain */ + ret = btreemap_search_key(domain_map, (void *)(delim+1), &node); + if (ret != BTREEMAP_FOUND) { + /* No such domain was registered. Return EINVAL. + * TODO: alternative approach? + * Alternatively, we could simply fail down to + * below, treating the entire construct as the + * full name if the domain is unspecified. + */ + return EINVAL; + } + + *name = talloc_strndup(memctx, fullname, delim-fullname); + *domain = talloc_strdup(memctx, delim+1); + } + else { + *name = talloc_strdup(memctx, fullname); + *domain = NULL; + } + + return EOK; +} + static void nss_cmd_getpwnam_callback(uint16_t err_maj, uint32_t err_min, const char *err_msg, void *ptr) { @@ -342,18 +376,22 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx) /* get user name to query */ nss_packet_get_body(cctx->creq->in, &body, &blen); - nctx->name = (const char *)body; /* if not terminated fail */ - if (nctx->name[blen -1] != '\0') { + if (body[blen -1] != '\0') { talloc_free(nctx); return EINVAL; } - /* FIXME: Just ask all backends for now, until Steve provides for name - * parsing code */ - nctx->domain = NULL; - - DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain)); + ret = nss_parse_name(nctx, (const char *)body, + cctx->nctx->domain_map, + &nctx->domain, &nctx->name); + if (ret != EOK) { + DEBUG(1, ("Invalid name received\n")); + talloc_free(nctx); + return ret; + } + DEBUG(4, ("Requesting info for [%s] from [%s]\n", + nctx->name, nctx->domain?nctx->domain:"all domains")); ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx, nctx->domain, nctx->name, |