diff options
author | Sumit Bose <sbose@redhat.com> | 2014-09-29 12:12:01 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-20 16:15:19 +0200 |
commit | d2f4551519698809e73a029c49599e1f67e6bdd4 (patch) | |
tree | c1b0282a7f76a0f90cf7d95cfcf5378d28b2d0a9 /src/db/sysdb_views.c | |
parent | f1d5f72459ec7d776e66c4516da2c1b9c6c1a84d (diff) | |
download | sssd-d2f4551519698809e73a029c49599e1f67e6bdd4.tar.gz sssd-d2f4551519698809e73a029c49599e1f67e6bdd4.tar.xz sssd-d2f4551519698809e73a029c49599e1f67e6bdd4.zip |
sysdb: add sysdb_getgrnam_with_views and sysdb_getgrgid_with_views
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/db/sysdb_views.c')
-rw-r--r-- | src/db/sysdb_views.c | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c index 7252bad19..acb5d8138 100644 --- a/src/db/sysdb_views.c +++ b/src/db/sysdb_views.c @@ -1057,6 +1057,136 @@ done: return ret; } +errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain, + struct ldb_message *obj) +{ + int ret; + size_t c; + struct ldb_message_element *members; + TALLOC_CTX *tmp_ctx; + struct ldb_dn *member_dn; + struct ldb_result *member_obj; + struct ldb_result *override_obj; + static const char *member_attrs[] = SYSDB_PW_ATTRS; + const char *override_dn_str; + struct ldb_dn *override_dn; + const char *memberuid; + + members = ldb_msg_find_element(obj, SYSDB_MEMBER); + if (members == NULL || members->num_values == 0) { + DEBUG(SSSDBG_TRACE_ALL, "Group has no members.\n"); + return EOK; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + ret = ENOMEM; + goto done; + } + + for (c = 0; c < members->num_values; c++) { + member_dn = ldb_dn_from_ldb_val(tmp_ctx, domain->sysdb->ldb, + &members->values[c]); + if (member_dn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_from_ldb_val failed.\n"); + ret = ENOMEM; + goto done; + } + + ret = ldb_search(domain->sysdb->ldb, member_dn, &member_obj, member_dn, + LDB_SCOPE_BASE, member_attrs, NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + if (member_obj->count != 1) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Base search for member object returned [%d] results.\n", + member_obj->count); + ret = EINVAL; + goto done; + } + + override_dn_str = ldb_msg_find_attr_as_string(member_obj->msgs[0], + SYSDB_OVERRIDE_DN, NULL); + if (override_dn_str == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing override DN for objext [%s].\n", + ldb_dn_get_linearized(member_obj->msgs[0]->dn)); + ret = ENOENT; + goto done; + } + + override_dn = ldb_dn_new(member_obj, domain->sysdb->ldb, + override_dn_str); + if (override_dn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n"); + ret = ENOMEM; + goto done; + } + + memberuid = NULL; + if (ldb_dn_compare(member_obj->msgs[0]->dn, override_dn) != 0) { + DEBUG(SSSDBG_TRACE_ALL, "Checking override for object [%s].\n", + ldb_dn_get_linearized(member_obj->msgs[0]->dn)); + + ret = ldb_search(domain->sysdb->ldb, member_obj, &override_obj, + override_dn, LDB_SCOPE_BASE, member_attrs, NULL); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto done; + } + + if (override_obj->count != 1) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Base search for override object returned [%d] results.\n", + member_obj->count); + ret = EINVAL; + goto done; + } + + memberuid = ldb_msg_find_attr_as_string(override_obj->msgs[0], + SYSDB_NAME, + NULL); + } + + if (memberuid == NULL) { + DEBUG(SSSDBG_TRACE_ALL, "No override name available.\n"); + + memberuid = ldb_msg_find_attr_as_string(member_obj->msgs[0], + SYSDB_NAME, + NULL); + if (memberuid == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Object [%s] has no name.\n", + ldb_dn_get_linearized(member_obj->msgs[0]->dn)); + ret = EINVAL; + goto done; + } + } + + ret = ldb_msg_add_string(obj, OVERRIDE_PREFIX SYSDB_MEMBERUID, + memberuid); + if (ret != LDB_SUCCESS) { + DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n"); + ret = sysdb_error_to_errno(ret); + goto done; + } + + /* Free all temporary data of the current member to avoid memory usage + * spikes. All temporary data should be allocated below member_dn. */ + talloc_free(member_dn); + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + struct ldb_message_element * sss_view_ldb_msg_find_element(struct sss_domain_info *dom, const struct ldb_message *msg, |