diff options
| author | Michal Zidek <mzidek@redhat.com> | 2015-02-10 17:30:00 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-13 11:28:45 +0100 |
| commit | 23674dfef4225b90d45c27b88fe72dc37b22e32d (patch) | |
| tree | f3f2814e564511fef79db03b909cc86d10208999 /src/providers/ipa | |
| parent | 867c5d7d51327464a21f48fd6dc2a6f4f107bd36 (diff) | |
| download | sssd-23674dfef4225b90d45c27b88fe72dc37b22e32d.tar.gz sssd-23674dfef4225b90d45c27b88fe72dc37b22e32d.tar.xz sssd-23674dfef4225b90d45c27b88fe72dc37b22e32d.zip | |
sysdb: Unify name format for groups and users
This is WIP patch to unify format of
usernames and groupnames in sssd internals.
In current form it breaks just about everything.
The sysdb update function is just placeholder
and it's contents are irelevant.
Currently I am working on fqname attribute
removal because it seems to just add confusion.
If you decide to look into the code, please use
sunglasses or other other protective gear and play
some calm music in your backgroun to prevent
eye or brain injury.
Diffstat (limited to 'src/providers/ipa')
| -rw-r--r-- | src/providers/ipa/ipa_auth.c | 16 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_hbac_common.c | 10 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 47 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 14 |
4 files changed, 62 insertions, 25 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index b1bfa3ffe..cfbead882 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -332,6 +332,14 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) int dp_err = DP_ERR_FATAL; int ret; int auth_timeout; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + if (tmpctx == NULL) { + ret = ENOMEM; + goto done; + } ret = sdap_cli_connect_recv(req, state, NULL, &state->sh, NULL); talloc_zfree(req); @@ -355,7 +363,13 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs[0] = SYSDB_ORIG_DN; attrs[1] = NULL; - ret = sysdb_search_user_by_name(state, be_ctx->domain, state->pd->user, + name = sss_ioname2internal(tmpctx, be_ctx->domain, state->pd->user); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_user_by_name(state, be_ctx->domain, name, attrs, &user_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed.\n"); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 72a620ef0..9285a79dc 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -402,7 +402,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element); static errno_t @@ -506,7 +506,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element) { errno_t ret; @@ -528,7 +528,11 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, goto done; } - users->name = username; + users->name = sss_ioname2internal(tmp_ctx, domain, pd_username); + if (users->name == NULL) { + ret = ENOMEM; + goto done; + } /* Read the originalMemberOf attribute * This will give us the list of both POSIX and diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 1d233cd52..7bce94a63 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1361,7 +1361,7 @@ done: static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - size_t ngroups, char **groups, + size_t ngroups, char **fq_groups, struct ldb_dn ***_dn_list, char ***_missing_groups) { @@ -1393,14 +1393,14 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, parent_domain = (dom->parent == NULL) ? dom : dom->parent; for (c = 0; c < ngroups; c++) { - obj_domain = find_domain_by_object_name(parent_domain, groups[c]); + obj_domain = find_domain_by_object_name(parent_domain, fq_groups[c]); if (obj_domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_object_name failed.\n"); ret = ENOMEM; goto done; } - ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, groups[c], NULL, + ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, fq_groups[c], NULL, &msg); if (ret == EOK) { dn_list[n_dns] = ldb_dn_copy(dn_list, msg->dn); @@ -1412,7 +1412,7 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, n_dns++; } else if (ret == ENOENT) { missing_groups[n_missing] = talloc_strdup(missing_groups, - groups[c]); + fq_groups[c]); if (missing_groups[n_missing] == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; @@ -1868,9 +1868,19 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, } if (name == NULL) { - /* we always use the fully qualified name for subdomain users */ - name = sss_tc_fqname(tmp_ctx, dom->names, dom, - attrs->a.user.pw_name); + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.user.pw_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse user name.\n"); + goto done; + } + + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); if (!name) { DEBUG(SSSDBG_OP_FAILURE, "failed to format user name.\n"); ret = ENOMEM; @@ -2129,18 +2139,27 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, type = SYSDB_MEMBER_GROUP; if (name == NULL) { - name = attrs->a.group.gr_name; - } + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.group.gr_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse group name.\n"); + goto done; + } - if (IS_SUBDOMAIN(dom)) { - /* we always use the fully qualified name for subdomain users */ - name = sss_get_domain_name(tmp_ctx, name, dom); - if (!name) { - DEBUG(SSSDBG_OP_FAILURE, "failed to format user name,\n"); + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to format group name.\n"); ret = ENOMEM; goto done; } } + DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", name); ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name); diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 472985d4a..5e6a4e9d4 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -913,7 +913,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, SYSDB_GHOST, SYSDB_HOMEDIR, NULL }; - char *name; + char *fq_name; if (ar->filter_type == BE_FILTER_SECID) { ret = sysdb_search_object_by_sid(mem_ctx, dom, ar->filter_value, attrs, @@ -986,24 +986,24 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, goto done; } } else if (ar->filter_type == BE_FILTER_NAME) { - name = sss_get_domain_name(mem_ctx, ar->filter_value, dom); - if (name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed\n"); + /* is ar->filter_value already internal fq name? */ + fq_name = sss_ioname2internal(mem_ctx, dom, ar->filter_value); + if (fq_name == NULL) { ret = ENOMEM; goto done; } switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_GROUP: - ret = sysdb_search_group_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); break; case BE_REQ_INITGROUPS: case BE_REQ_USER: case BE_REQ_USER_AND_GROUP: - ret = sysdb_search_user_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_user_by_name(mem_ctx, dom, fq_name, attrs, &msg); if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_USER_AND_GROUP) { - ret = sysdb_search_group_by_name(mem_ctx, dom, name, + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); } break; |