diff options
| author | Michal Zidek <mzidek@redhat.com> | 2014-09-10 12:56:54 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-09-15 10:13:00 +0200 |
| commit | 7ba70236daccb48432350147d0560b3302518cee (patch) | |
| tree | bc39a26bce57ae6361af1b99bd9d4128208df9ad /src/providers/ldap/sdap_async_initgroups.c | |
| parent | 6f91c61426c8cfbfec52d5e77ae4650007694e69 (diff) | |
| download | sssd-7ba70236daccb48432350147d0560b3302518cee.tar.gz sssd-7ba70236daccb48432350147d0560b3302518cee.tar.xz sssd-7ba70236daccb48432350147d0560b3302518cee.zip | |
Use the alternative objectclass in group maps.
Use the alternative group objectclass in queries.
Fixes:
https://fedorahosted.org/sssd/ticket/2436
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 50 |
1 files changed, 39 insertions, 11 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 9f45fde39..d3e080013 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -368,6 +368,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, const char **attr_filter; char *clean_name; errno_t ret; + char *oc_list; req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307_state); if (!req) return NULL; @@ -419,11 +420,17 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, return NULL; } + oc_list = sdap_make_oc_list(state, opts->group_map); + if (oc_list == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create objectClass list.\n"); + ret = ENOMEM; + goto done; + } + state->base_filter = talloc_asprintf(state, - "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))", + "(&(%s=%s)(%s)(%s=*)(&(%s=*)(!(%s=0))))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, - clean_name, - opts->group_map[SDAP_OC_GROUP].name, + clean_name, oc_list, opts->group_map[SDAP_AT_GROUP_NAME].name, opts->group_map[SDAP_AT_GROUP_GID].name, opts->group_map[SDAP_AT_GROUP_GID].name); @@ -805,6 +812,7 @@ static errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req) int i; struct tevent_req *subreq; struct sdap_initgr_nested_state *state; + char *oc_list; state = tevent_req_data(req, struct sdap_initgr_nested_state); @@ -823,8 +831,13 @@ static errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req) state->group_dns[i] = NULL; /* terminate */ state->cur = 0; - state->filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=*))", - state->opts->group_map[SDAP_OC_GROUP].name, + oc_list = sdap_make_oc_list(state, state->opts->group_map); + if (oc_list == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create objectClass list.\n"); + return ENOMEM; + } + + state->filter = talloc_asprintf(state, "(&(%s)(%s=*))", oc_list, state->opts->group_map[SDAP_AT_GROUP_NAME].name); if (!state->filter) { return ENOMEM; @@ -1513,6 +1526,7 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( const char **attr_filter; char *clean_orig_dn; bool use_id_mapping; + char *oc_list; req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307bis_state); if (!req) return NULL; @@ -1565,11 +1579,18 @@ static struct tevent_req *sdap_initgr_rfc2307bis_send( sdom->dom->name, sdom->dom->domain_id); + oc_list = sdap_make_oc_list(state, opts->group_map); + if (oc_list == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create objectClass list.\n"); + ret = ENOMEM; + goto done; + } + state->base_filter = - talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)", + talloc_asprintf(state, + "(&(%s=%s)(%s)(%s=*)", opts->group_map[SDAP_AT_GROUP_MEMBER].name, - clean_orig_dn, - opts->group_map[SDAP_OC_GROUP].name, + clean_orig_dn, oc_list, opts->group_map[SDAP_AT_GROUP_NAME].name); if (!state->base_filter) { ret = ENOMEM; @@ -2263,6 +2284,7 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) hash_value_t value; struct sdap_rfc2307bis_nested_ctx *state = tevent_req_data(req, struct sdap_rfc2307bis_nested_ctx); + char *oc_list; tmp_ctx = talloc_new(state); if (!tmp_ctx) { @@ -2339,11 +2361,17 @@ static errno_t rfc2307bis_nested_groups_step(struct tevent_req *req) goto done; } + oc_list = sdap_make_oc_list(state, state->opts->group_map); + if (oc_list == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create objectClass list.\n"); + ret = ENOMEM; + goto done; + } + state->base_filter = talloc_asprintf( - state, "(&(%s=%s)(objectclass=%s)(%s=*))", + state, "(&(%s=%s)(%s)(%s=*))", state->opts->group_map[SDAP_AT_GROUP_MEMBER].name, - clean_orig_dn, - state->opts->group_map[SDAP_OC_GROUP].name, + clean_orig_dn, oc_list, state->opts->group_map[SDAP_AT_GROUP_NAME].name); if (!state->base_filter) { ret = ENOMEM; |