diff options
| author | Michal Zidek <mzidek@redhat.com> | 2015-02-10 17:30:00 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-13 11:28:45 +0100 |
| commit | 23674dfef4225b90d45c27b88fe72dc37b22e32d (patch) | |
| tree | f3f2814e564511fef79db03b909cc86d10208999 /src/providers | |
| parent | 867c5d7d51327464a21f48fd6dc2a6f4f107bd36 (diff) | |
| download | sssd-23674dfef4225b90d45c27b88fe72dc37b22e32d.tar.gz sssd-23674dfef4225b90d45c27b88fe72dc37b22e32d.tar.xz sssd-23674dfef4225b90d45c27b88fe72dc37b22e32d.zip | |
sysdb: Unify name format for groups and users
This is WIP patch to unify format of
usernames and groupnames in sssd internals.
In current form it breaks just about everything.
The sysdb update function is just placeholder
and it's contents are irelevant.
Currently I am working on fqname attribute
removal because it seems to just add confusion.
If you decide to look into the code, please use
sunglasses or other other protective gear and play
some calm music in your backgroun to prevent
eye or brain injury.
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ipa/ipa_auth.c | 16 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_hbac_common.c | 10 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 47 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 14 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_auth.c | 19 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.c | 10 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 18 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 7 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_netgroups.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_users.c | 2 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_utils.c | 17 | ||||
| -rw-r--r-- | src/providers/proxy/proxy_id.c | 100 |
14 files changed, 203 insertions, 62 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index b1bfa3ffe..cfbead882 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -332,6 +332,14 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) int dp_err = DP_ERR_FATAL; int ret; int auth_timeout; + char *name; + TALLOC_CTX *tmpctx; + + tmpctx = talloc_new(NULL); + if (tmpctx == NULL) { + ret = ENOMEM; + goto done; + } ret = sdap_cli_connect_recv(req, state, NULL, &state->sh, NULL); talloc_zfree(req); @@ -355,7 +363,13 @@ static void ipa_migration_flag_connect_done(struct tevent_req *req) attrs[0] = SYSDB_ORIG_DN; attrs[1] = NULL; - ret = sysdb_search_user_by_name(state, be_ctx->domain, state->pd->user, + name = sss_ioname2internal(tmpctx, be_ctx->domain, state->pd->user); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_user_by_name(state, be_ctx->domain, name, attrs, &user_msg); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed.\n"); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 72a620ef0..9285a79dc 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -402,7 +402,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element); static errno_t @@ -506,7 +506,7 @@ done: static errno_t hbac_eval_user_element(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, - const char *username, + const char *pd_username, struct hbac_request_element **user_element) { errno_t ret; @@ -528,7 +528,11 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, goto done; } - users->name = username; + users->name = sss_ioname2internal(tmp_ctx, domain, pd_username); + if (users->name == NULL) { + ret = ENOMEM; + goto done; + } /* Read the originalMemberOf attribute * This will give us the list of both POSIX and diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 1d233cd52..7bce94a63 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1361,7 +1361,7 @@ done: static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - size_t ngroups, char **groups, + size_t ngroups, char **fq_groups, struct ldb_dn ***_dn_list, char ***_missing_groups) { @@ -1393,14 +1393,14 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, parent_domain = (dom->parent == NULL) ? dom : dom->parent; for (c = 0; c < ngroups; c++) { - obj_domain = find_domain_by_object_name(parent_domain, groups[c]); + obj_domain = find_domain_by_object_name(parent_domain, fq_groups[c]); if (obj_domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_object_name failed.\n"); ret = ENOMEM; goto done; } - ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, groups[c], NULL, + ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, fq_groups[c], NULL, &msg); if (ret == EOK) { dn_list[n_dns] = ldb_dn_copy(dn_list, msg->dn); @@ -1412,7 +1412,7 @@ static errno_t get_group_dn_list(TALLOC_CTX *mem_ctx, n_dns++; } else if (ret == ENOENT) { missing_groups[n_missing] = talloc_strdup(missing_groups, - groups[c]); + fq_groups[c]); if (missing_groups[n_missing] == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); ret = ENOMEM; @@ -1868,9 +1868,19 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, } if (name == NULL) { - /* we always use the fully qualified name for subdomain users */ - name = sss_tc_fqname(tmp_ctx, dom->names, dom, - attrs->a.user.pw_name); + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.user.pw_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse user name.\n"); + goto done; + } + + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); if (!name) { DEBUG(SSSDBG_OP_FAILURE, "failed to format user name.\n"); ret = ENOMEM; @@ -2129,18 +2139,27 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, type = SYSDB_MEMBER_GROUP; if (name == NULL) { - name = attrs->a.group.gr_name; - } + char *domname; + char *shortname; + ret = sss_parse_name(tmp_ctx, dom->names, + attrs->a.group.gr_name, + &domname, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse group name.\n"); + goto done; + } - if (IS_SUBDOMAIN(dom)) { - /* we always use the fully qualified name for subdomain users */ - name = sss_get_domain_name(tmp_ctx, name, dom); - if (!name) { - DEBUG(SSSDBG_OP_FAILURE, "failed to format user name,\n"); + name = sss_create_internal_fqname(tmp_ctx, shortname, + domname ? domname + : dom->name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to format group name.\n"); ret = ENOMEM; goto done; } } + DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", name); ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name); diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 472985d4a..5e6a4e9d4 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -913,7 +913,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, SYSDB_GHOST, SYSDB_HOMEDIR, NULL }; - char *name; + char *fq_name; if (ar->filter_type == BE_FILTER_SECID) { ret = sysdb_search_object_by_sid(mem_ctx, dom, ar->filter_value, attrs, @@ -986,24 +986,24 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, goto done; } } else if (ar->filter_type == BE_FILTER_NAME) { - name = sss_get_domain_name(mem_ctx, ar->filter_value, dom); - if (name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed\n"); + /* is ar->filter_value already internal fq name? */ + fq_name = sss_ioname2internal(mem_ctx, dom, ar->filter_value); + if (fq_name == NULL) { ret = ENOMEM; goto done; } switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_GROUP: - ret = sysdb_search_group_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); break; case BE_REQ_INITGROUPS: case BE_REQ_USER: case BE_REQ_USER_AND_GROUP: - ret = sysdb_search_user_by_name(mem_ctx, dom, name, attrs, &msg); + ret = sysdb_search_user_by_name(mem_ctx, dom, fq_name, attrs, &msg); if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_USER_AND_GROUP) { - ret = sysdb_search_group_by_name(mem_ctx, dom, name, + ret = sysdb_search_group_by_name(mem_ctx, dom, fq_name, attrs, &msg); } break; diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 7657b4ded..f155f7b7c 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -331,6 +331,8 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, size_t password_len; size_t fa2_len = 0; int ret = EOK; + TALLOC_CTX *tmp_ctx; + char *name; switch(pd->cmd) { case SSS_CMD_RENEW: @@ -380,7 +382,22 @@ static void krb5_auth_store_creds(struct sss_domain_info *domain, return; } - ret = sysdb_cache_password_ex(domain, pd->user, password, + /* Fixme: tmp_ctx should not be used like this */ + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n"); + return; + } + name = sss_ioname2internal(tmp_ctx, domain, pd->user); + if (name == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, + "failed to parse name while storing offline creds.\n"); + talloc_free(tmp_ctx); + return; + } + talloc_free(tmp_ctx); + + ret = sysdb_cache_password_ex(domain, name, password, sss_authtok_get_type(pd->authtok), fa2_len); if (ret) { DEBUG(SSSDBG_OP_FAILURE, diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index fcdc4028e..1a0967704 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -1562,15 +1562,9 @@ sdap_get_primary_name(TALLOC_CTX *memctx, return EINVAL; } - name = sss_get_domain_name(memctx, orig_name, dom); - if (name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to format original name [%s]\n", orig_name); - return ENOMEM; - } - DEBUG(SSSDBG_TRACE_FUNC, "Processing object %s\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Processing object %s\n", orig_name); - *_primary_name = name; + *_primary_name = talloc_steal(memctx, name); return EOK; } diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 09bc0d654..801963205 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -305,6 +305,7 @@ errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, + bool use_internal_fqname, struct sysdb_attrs *attrs); struct tevent_req * diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 7e979c3c4..0c96c0ddc 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -342,7 +342,7 @@ done: static errno_t sdap_store_group_with_gid(struct sss_domain_info *domain, - const char *name, + const char *name, /* internal fqname */ gid_t gid, struct sysdb_attrs *group_attrs, uint64_t cache_timeout, @@ -738,7 +738,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - ret = sdap_save_all_names(group_name, attrs, dom, group_attrs); + ret = sdap_save_all_names(group_name, attrs, dom, true, group_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save group names\n"); goto done; @@ -805,7 +805,7 @@ are_sids_from_same_dom(const char *sid1, const char *sid2, bool *_result) static errno_t retain_extern_members(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, - const char *group_name, + const char *group_fqname, const char *group_sid, char ***_userdns, size_t *_nuserdns) @@ -823,7 +823,7 @@ retain_extern_members(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_get_sids_of_members(tmp_ctx, dom, group_name, &sids, &dns, &n); + ret = sysdb_get_sids_of_members(tmp_ctx, dom, group_fqname, &sids, &dns, &n); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_TRACE_ALL, @@ -2414,6 +2414,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, errno_t ret, sret; struct ldb_message_element *el; const char *username; + char *gh_name; char *clean_orig_dn; const char *original_dn; struct sss_domain_info *user_dom; @@ -2488,6 +2489,13 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, continue; } + /* We want ghost users in the format name@domain */ + gh_name = talloc_asprintf(tmp_ctx, "%s@%s", username, user_dom->name); + if (gh_name == NULL) { + ret = ENOMEM; + goto done; + } + /* Check for the specified origDN in the sysdb */ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, @@ -2533,7 +2541,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, key.type = HASH_KEY_STRING; key.str = talloc_steal(ghosts, discard_const(original_dn)); value.type = HASH_VALUE_PTR; - value.ptr = talloc_steal(ghosts, discard_const(username)); + value.ptr = talloc_steal(ghosts, gh_name); ret = hash_enter(ghosts, &key, &value); if (ret != HASH_SUCCESS) { talloc_free(key.str); diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 8d45c61ab..91a6d7be9 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -68,7 +68,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, mi = 0; for (i=0; groupnames[i]; i++) { - tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain); + tmp_name = sss_create_internal_fqname(tmp_ctx, groupnames[i], domain->name); if (tmp_name == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Failed to format original name [%s]\n", groupnames[i]); diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index e210db978..bd0e766d2 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -927,7 +927,12 @@ static void sdap_ad_tokengroups_initgr_mapping_done(struct tevent_req *subreq) /* This is a new group. For now, we will store it under the name * of its SID. When a direct lookup of the group or its GID occurs, * it will replace this temporary entry. */ - name = sid; + name = sss_create_internal_fqname(tmp_ctx, sid, domain->name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + ret = sysdb_add_incomplete_group(domain, name, gid, NULL, sid, NULL, false, now); if (ret != EOK) { diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index e50f25087..e2ce29396 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -121,7 +121,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); - ret = sdap_save_all_names(name, attrs, dom, + ret = sdap_save_all_names(name, attrs, dom, false, netgroup_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save netgroup names\n"); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 25304d4bf..45bd898e5 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -466,7 +466,7 @@ int sdap_save_user(TALLOC_CTX *memctx, cache_timeout = dom->user_timeout; - ret = sdap_save_all_names(user_name, attrs, dom, user_attrs); + ret = sdap_save_all_names(user_name, attrs, dom, true, user_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save user names\n"); goto done; diff --git a/src/providers/ldap/sdap_utils.c b/src/providers/ldap/sdap_utils.c index 9da46ea70..cf48d2541 100644 --- a/src/providers/ldap/sdap_utils.c +++ b/src/providers/ldap/sdap_utils.c @@ -77,10 +77,11 @@ errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, + bool use_internal_fqname, struct sysdb_attrs *attrs) { const char **aliases = NULL; - const char *domname; + const char *sysdb_alias; errno_t ret; TALLOC_CTX *tmp_ctx; int i; @@ -100,14 +101,20 @@ sdap_save_all_names(const char *name, } for (i = 0; aliases[i]; i++) { - domname = sss_get_domain_name(tmp_ctx, aliases[i], dom); - if (domname == NULL) { + if (use_internal_fqname) { + sysdb_alias = sss_create_internal_fqname(tmp_ctx, aliases[i], + dom->name); + } else { + sysdb_alias = sss_get_domain_name(tmp_ctx, aliases[i], dom); + } + + if (sysdb_alias == NULL) { ret = ENOMEM; goto done; } if (lowercase) { - ret = sysdb_attrs_add_lc_name_alias(attrs, domname); + ret = sysdb_attrs_add_lc_name_alias(attrs, sysdb_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Failed to add lower-cased version " "of alias [%s] into the " @@ -115,7 +122,7 @@ sdap_save_all_names(const char *name, goto done; } } else { - ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, domname); + ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, sysdb_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Failed to add alias [%s] into the " "attribute list\n", aliases[i]); diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index f8b8cbdf2..d74040526 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -44,7 +44,7 @@ delete_user(struct sss_domain_info *domain, static int get_pw_name(struct proxy_id_ctx *ctx, struct sss_domain_info *dom, - const char *name) + const char *i_name) { TALLOC_CTX *tmpctx; struct passwd *pwd; @@ -56,14 +56,31 @@ static int get_pw_name(struct proxy_id_ctx *ctx, bool del_user; struct ldb_result *cached_pwd = NULL; const char *real_name = NULL; + char *shortname; + char *shortname_or_alias; + char *name_or_alias; + char *domname; - DEBUG(SSSDBG_TRACE_FUNC, "Searching user by name (%s)\n", name); + DEBUG(SSSDBG_TRACE_FUNC, "Searching user by name (%s)\n", i_name); tmpctx = talloc_new(NULL); if (!tmpctx) { return ENOMEM; } + ret = sss_parse_name(tmpctx, dom->names, i_name, + &domname, &shortname_or_alias); + if (ret != EOK) { + goto done; + } + + name_or_alias = sss_create_internal_fqname(tmpctx, shortname_or_alias, + domname ? domname : dom->name); + if (name_or_alias == NULL) { + ret = ENOMEM; + goto done; + } + pwd = talloc_zero(tmpctx, struct passwd); if (!pwd) { ret = ENOMEM; @@ -79,7 +96,7 @@ static int get_pw_name(struct proxy_id_ctx *ctx, /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ - status = ctx->ops.getpwnam_r(name, pwd, buffer, buflen, &ret); + status = ctx->ops.getpwnam_r(i_name, pwd, buffer, buflen, &ret); ret = handle_getpw_result(status, pwd, dom, &del_user); if (ret) { DEBUG(SSSDBG_OP_FAILURE, @@ -88,7 +105,7 @@ static int get_pw_name(struct proxy_id_ctx *ctx, } if (del_user) { - ret = delete_user(dom, name, 0); + ret = delete_user(dom, name_or_alias, 0); goto done; } @@ -124,24 +141,36 @@ static int get_pw_name(struct proxy_id_ctx *ctx, goto done; } - real_name = pwd->pw_name; + ret = sss_parse_name(tmpctx, dom->names, pwd->pw_name, + NULL, &shortname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_parse_name failed [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + real_name = sss_create_internal_fqname(tmpctx, shortname, dom->name); + if (real_name == NULL) { + ret = ENOMEM; + goto done; + } } if (del_user) { - ret = delete_user(dom, name, uid); + ret = delete_user(dom, name_or_alias, uid); goto done; } /* Both lookups went fine, we can save the user now */ ret = save_user(dom, !dom->case_sensitive, pwd, - real_name, name, dom->user_timeout); + real_name, name_or_alias, dom->user_timeout); done: talloc_zfree(tmpctx); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "proxy -> getpwnam_r failed for '%s' <%d>: %s\n", - name, ret, strerror(ret)); + i_name, ret, strerror(ret)); } return ret; } @@ -315,6 +344,7 @@ static int get_pw_uid(struct proxy_id_ctx *ctx, size_t buflen; bool del_user = false; int ret; + char *name; DEBUG(SSSDBG_TRACE_FUNC, "Searching user by uid (%"SPRIuid")\n", uid); @@ -349,8 +379,14 @@ static int get_pw_uid(struct proxy_id_ctx *ctx, goto done; } + name = sss_ioname2internal(tmpctx, dom, pwd->pw_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'\n", + pwd->pw_name); + goto done; + } ret = save_user(dom, !dom->case_sensitive, pwd, - pwd->pw_name, NULL, dom->user_timeout); + name, NULL, dom->user_timeout); done: talloc_zfree(tmpctx); @@ -379,6 +415,7 @@ static int enum_users(TALLOC_CTX *mem_ctx, int ret; errno_t sret; bool again; + char *name; DEBUG(SSSDBG_TRACE_LIBS, "Enumerating users\n"); @@ -472,8 +509,15 @@ static int enum_users(TALLOC_CTX *mem_ctx, break; } + name = sss_ioname2internal(tmpctx, dom, pwd->pw_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "failed to parse name '%s'\n", + pwd->pw_name); + goto done; + } + ret = save_user(dom, !dom->case_sensitive, pwd, - pwd->pw_name, NULL, dom->user_timeout); + name, NULL, dom->user_timeout); if (ret) { /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -534,7 +578,7 @@ static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb, struct group *grp, time_t now); static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom, - struct group *grp, const char *real_name, + struct group *grp, const char *real_name, /* internal fqname */ const char *alias, uint64_t cache_timeout) { errno_t ret, sret; @@ -793,6 +837,7 @@ static int get_gr_name(struct proxy_id_ctx *ctx, gid_t gid; struct ldb_result *cached_grp = NULL; const char *real_name = NULL; + char *alias; DEBUG(SSSDBG_FUNC_DATA, "Searching group by name (%s)\n", name); @@ -873,7 +918,13 @@ static int get_gr_name(struct proxy_id_ctx *ctx, goto done; } - real_name = grp->gr_name; + real_name = sss_ioname2internal(tmpctx, dom, grp->gr_name); + if (real_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to parse name '%s'\n", + grp->gr_name); + ret = ENOMEM; + goto done; + } } if (delete_group) { @@ -888,6 +939,13 @@ static int get_gr_name(struct proxy_id_ctx *ctx, goto done; } + alias = sss_ioname2internal(tmpctx, dom, name); + if (alias == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to parse name %s\n", name); + ret = ENOMEM; + goto done; + } ret = save_group(sysdb, dom, grp, real_name, name, dom->group_timeout); if (ret) { DEBUG(SSSDBG_OP_FAILURE, @@ -920,6 +978,7 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx, size_t buflen = 0; bool delete_group = false; int ret; + char *name; DEBUG(SSSDBG_TRACE_FUNC, "Searching group by gid (%"SPRIgid")\n", gid); @@ -966,7 +1025,13 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx, goto done; } - ret = save_group(sysdb, dom, grp, grp->gr_name, NULL, dom->group_timeout); + name = sss_ioname2internal(tmpctx, dom, grp->gr_name); + if (name == NULL) { + ret = ENOMEM; + goto done; + } + + ret = save_group(sysdb, dom, grp, name, NULL, dom->group_timeout); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Cannot save user [%d]: %s\n", ret, strerror(ret)); @@ -1000,6 +1065,7 @@ static int enum_groups(TALLOC_CTX *mem_ctx, int ret; errno_t sret; bool again; + char *name; DEBUG(SSSDBG_TRACE_LIBS, "Enumerating groups\n"); @@ -1091,7 +1157,13 @@ static int enum_groups(TALLOC_CTX *mem_ctx, break; } - ret = save_group(sysdb, dom, grp, grp->gr_name, + name = sss_ioname2internal(tmpctx, dom, grp->gr_name); + if (name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to parse group name." + "Ignoring\n"); + ret = ENOMEM; + } + ret = save_group(sysdb, dom, grp, name, NULL, dom->group_timeout); if (ret) { /* Do not fail completely on errors. |