Add ldap_deref option

author: Sumit Bose <sbose@redhat.com> 2010-10-21 10:13:46 +0200
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-10-22 07:21:49 -0400
commit: 4534c103b193b74452ea81bf12ffaceb1901728a (patch)
tree: 7719850dbeaa3a3358c031f8f0b8397e424aae7c /src/providers
parent: 3fd2f20f23c909f7d3d4dfd1b8b1c0f8cc87dfe1 (diff)
download: sssd-4534c103b193b74452ea81bf12ffaceb1901728a.tar.gz
sssd-4534c103b193b74452ea81bf12ffaceb1901728a.tar.xz
sssd-4534c103b193b74452ea81bf12ffaceb1901728a.zip
6 files changed, 65 insertions, 3 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 758bf9de9..aee8b65f4 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -27,6 +27,7 @@
 #include <arpa/inet.h>
 
 #include "providers/ipa/ipa_common.h"
+#include "providers/ldap/sdap_async_private.h"
 
 struct dp_option ipa_basic_opts[] = {
     { "ipa_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
@@ -75,7 +76,8 @@ struct dp_option ipa_def_ldap_opts[] = {
     { "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER },
     { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
-    { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER }
+    { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER },
+    { "ldap_deref", DP_OPT_STRING, NULL_STRING, NULL_STRING }
 };
 
 struct sdap_attr_map ipa_attr_map[] = {
@@ -359,6 +361,15 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
                                     SDAP_NETGROUP_SEARCH_BASE)));
     }
 
+    value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF);
+    if (value != NULL) {
+        ret = deref_string_to_val(value, &i);
+        if (ret != EOK) {
+            DEBUG(1, ("Failed to verify ldap_deref option.\n"));
+            goto done;
+        }
+    }
+
     ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
                        ipa_attr_map,
                        SDAP_AT_GENERAL,
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 8cbcaebb6..ef1cac207 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -35,7 +35,7 @@ struct ipa_service {
 /* the following defines are used to keep track of the options in the ldap
  * module, so that if they change and ipa is not updated correspondingly
  * this will trigger a runtime abort error */
-#define IPA_OPTS_BASIC_TEST 38
+#define IPA_OPTS_BASIC_TEST 39
 
 /* the following define is used to keep track of the options in the krb5
  * module, so that if they change and ipa is not updated correspondingly
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index ea5f95707..543774b87 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -71,7 +71,8 @@ struct dp_option default_basic_opts[] = {
     { "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER },
     { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
-    { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER }
+    { "ldap_group_nesting_level", DP_OPT_NUMBER, { .number = 2 }, NULL_NUMBER },
+    { "ldap_deref", DP_OPT_STRING, NULL_STRING, NULL_STRING }
 };
 
 struct sdap_attr_map generic_attr_map[] = {
@@ -188,6 +189,8 @@ int ldap_get_options(TALLOC_CTX *memctx,
     int ret;
     int account_cache_expiration;
     int offline_credentials_expiration;
+    const char *ldap_deref;
+    int ldap_deref_val;
 
     opts = talloc_zero(memctx, struct sdap_options);
     if (!opts) return ENOMEM;
@@ -293,6 +296,14 @@ int ldap_get_options(TALLOC_CTX *memctx,
         goto done;
     }
 
+    ldap_deref = dp_opt_get_string(opts->basic, SDAP_DEREF);
+    if (ldap_deref != NULL) {
+        ret = deref_string_to_val(ldap_deref, &ldap_deref_val);
+        if (ret != EOK) {
+            DEBUG(1, ("Failed to verify ldap_deref option.\n"));
+            goto done;
+        }
+    }
 
 #ifndef HAVE_LDAP_CONNCB
     bool ldap_referrals;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 4506085f1..be4cf8a02 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -178,6 +178,7 @@ enum sdap_basic_opt {
     SDAP_ACCESS_FILTER,
     SDAP_NETGROUP_SEARCH_BASE,
     SDAP_NESTING_LEVEL,
+    SDAP_DEREF,
 
     SDAP_OPTS_BASIC /* opts counter */
 };
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index b62050521..e4ca96242 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -28,6 +28,24 @@
 
 #define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D
 
+errno_t deref_string_to_val(const char *str, int *val)
+{
+    if (strcasecmp(str, "never") == 0) {
+        *val = LDAP_DEREF_NEVER;
+    } else if (strcasecmp(str, "searching") == 0) {
+        *val = LDAP_DEREF_SEARCHING;
+    } else if (strcasecmp(str, "finding") == 0) {
+        *val = LDAP_DEREF_FINDING;
+    } else if (strcasecmp(str, "always") == 0) {
+        *val = LDAP_DEREF_ALWAYS;
+    } else {
+        DEBUG(1, ("Illegal deref option [%s].\n", str));
+        return EINVAL;
+    }
+
+    return EOK;
+}
+
 /* ==Connect-to-LDAP-Server=============================================== */
 
 struct sdap_connect_state {
@@ -61,6 +79,8 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx,
     int msgid;
     char *errmsg = NULL;
     bool ldap_referrals;
+    const char *ldap_deref;
+    int ldap_deref_val;
 
     req = tevent_req_create(memctx, &state, struct sdap_connect_state);
     if (!req) return NULL;
@@ -130,6 +150,23 @@ struct tevent_req *sdap_connect_send(TALLOC_CTX *memctx,
         goto fail;
     }
 
+    /* Set alias dereferencing */
+    ldap_deref = dp_opt_get_string(opts->basic, SDAP_DEREF);
+    if (ldap_deref != NULL) {
+        ret = deref_string_to_val(ldap_deref, &ldap_deref_val);
+        if (ret != EOK) {
+            DEBUG(1, ("deref_string_to_val failed.\n"));
+            goto fail;
+        }
+
+        lret = ldap_set_option(state->sh->ldap, LDAP_OPT_DEREF, &ldap_deref_val);
+        if (lret != LDAP_OPT_SUCCESS) {
+            DEBUG(1, ("Failed to set deref option to %d\n", ldap_deref_val));
+            goto fail;
+        }
+
+    }
+
     ret = setup_ldap_connection_callbacks(state->sh, state->ev);
     if (ret != EOK) {
         DEBUG(1, ("setup_ldap_connection_callbacks failed.\n"));
diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h
index 10ed44693..f049fa6aa 100644
--- a/src/providers/ldap/sdap_async_private.h
+++ b/src/providers/ldap/sdap_async_private.h
@@ -53,6 +53,8 @@ int sdap_get_rootdse_recv(struct tevent_req *req,
                           TALLOC_CTX *memctx,
                           struct sysdb_attrs **rootdse);
 
+errno_t deref_string_to_val(const char *str, int *val);
+
 /* from sdap_child_helpers.c */
 
 struct tevent_req *sdap_get_tgt_send(TALLOC_CTX *mem_ctx,
author	Sumit Bose <sbose@redhat.com>	2010-10-21 10:13:46 +0200
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-10-22 07:21:49 -0400
commit	4534c103b193b74452ea81bf12ffaceb1901728a (patch)
tree	7719850dbeaa3a3358c031f8f0b8397e424aae7c /src/providers
parent	3fd2f20f23c909f7d3d4dfd1b8b1c0f8cc87dfe1 (diff)
download	sssd-4534c103b193b74452ea81bf12ffaceb1901728a.tar.gz sssd-4534c103b193b74452ea81bf12ffaceb1901728a.tar.xz sssd-4534c103b193b74452ea81bf12ffaceb1901728a.zip