diff options
| author | Pavel Reichl <preichl@redhat.com> | 2014-11-20 18:27:04 +0000 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-12-13 22:11:13 +0100 |
| commit | 6fac5e5f0c54a0f92872ce1450606cfcb577a920 (patch) | |
| tree | 698969beabfac61e841fb61ca4fe02826b83f2a6 /src/db | |
| parent | d72958f09ce3718019992b7a117f112e38855b55 (diff) | |
| download | sssd-6fac5e5f0c54a0f92872ce1450606cfcb577a920.tar.gz sssd-6fac5e5f0c54a0f92872ce1450606cfcb577a920.tar.xz sssd-6fac5e5f0c54a0f92872ce1450606cfcb577a920.zip | |
LDAP: retain external members
When processing group membership check sysdb for group members from
extern domain and include them in newly processed group membership as
extern members are curently found only when initgroups() is called.
Resolves:
https://fedorahosted.org/sssd/ticket/2492
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/db')
| -rw-r--r-- | src/db/sysdb.h | 6 | ||||
| -rw-r--r-- | src/db/sysdb_ops.c | 83 |
2 files changed, 89 insertions, 0 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 5bd7f90ac..cdcdfd51d 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -1103,4 +1103,10 @@ errno_t sysdb_gpo_get_gpo_result_setting(TALLOC_CTX *mem_ctx, const char *policy_setting_key, const char **policy_setting_value); +errno_t sysdb_get_sids_of_members(TALLOC_CTX *mem_ctx, + struct sss_domain_info *dom, + const char *group_name, + const char ***_sids, + const char ***_dns, + size_t *_n); #endif /* __SYS_DB_H__ */ diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 998046a2c..768f94553 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -3630,3 +3630,86 @@ errno_t sysdb_search_object_by_uuid(TALLOC_CTX *mem_ctx, return sysdb_search_object_by_str_attr(mem_ctx, domain, SYSDB_UUID_FILTER, uuid_str, attrs, res); } + +errno_t sysdb_get_sids_of_members(TALLOC_CTX *mem_ctx, + struct sss_domain_info *dom, + const char *group_name, + const char ***_sids, + const char ***_dns, + size_t *_n) +{ + errno_t ret; + size_t i, m_count; + TALLOC_CTX *tmp_ctx; + struct ldb_message *msg; + struct ldb_message **members; + const char *attrs[] = { SYSDB_SID_STR, NULL }; + const char **sids = NULL, **dns = NULL; + size_t n = 0; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + ret = sysdb_search_group_by_name(tmp_ctx, dom, group_name, NULL, &msg); + if (ret != EOK) { + goto done; + } + + /* Get sid_str attribute of all elemets pointed to by group members */ + ret = sysdb_asq_search(tmp_ctx, dom, msg->dn, NULL, SYSDB_MEMBER, attrs, + &m_count, &members); + if (ret != EOK) { + goto done; + } + + sids = talloc_array(tmp_ctx, const char*, m_count); + if (sids == NULL) { + ret = ENOMEM; + goto done; + } + + dns = talloc_array(tmp_ctx, const char*, m_count); + if (dns == NULL) { + ret = ENOMEM; + goto done; + } + + for (i=0; i < m_count; i++) { + const char *sidstr; + + sidstr = ldb_msg_find_attr_as_string(members[i], SYSDB_SID_STR, NULL); + + if (sidstr != NULL) { + sids[n] = talloc_steal(sids, sidstr); + + dns[n] = talloc_steal(dns, ldb_dn_get_linearized(members[i]->dn)); + if (dns[n] == NULL) { + ret = ENOMEM; + goto done; + } + n++; + } + } + + if (n == 0) { + ret = ENOENT; + goto done; + } + + *_n = n; + *_sids = talloc_steal(mem_ctx, sids); + *_dns = talloc_steal(mem_ctx, dns); + + ret = EOK; + +done: + if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_FUNC, "No such entry\n"); + } else if (ret) { + DEBUG(SSSDBG_OP_FAILURE, "Error: %d (%s)\n", ret, strerror(ret)); + } + talloc_free(tmp_ctx); + return ret; +} |