diff options
author | Jan Zeleny <jzeleny@redhat.com> | 2012-04-23 05:13:48 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-05-31 15:46:27 -0400 |
commit | f56e704cf0b3b0e9e997e96221fa82d488ee8ca7 (patch) | |
tree | aab013d172e625a49c8f59a919dded1dd6dc1214 /src | |
parent | 9f26cae5ae716a0542261167b5a91d7d2e1763e7 (diff) | |
download | sssd-f56e704cf0b3b0e9e997e96221fa82d488ee8ca7.tar.gz sssd-f56e704cf0b3b0e9e997e96221fa82d488ee8ca7.tar.xz sssd-f56e704cf0b3b0e9e997e96221fa82d488ee8ca7.zip |
Ghost members - removed sdap_check_aliases()
This function is no longer necessary because we don't have fake user
entries any more. The original purpose of this function was to check if
there are fake user entries for particular user and, if yes, to update
its membership.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap_async.c | 108 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.h | 6 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 7 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 6 |
4 files changed, 0 insertions, 127 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 14a27bcba..46f0215a8 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -2100,114 +2100,6 @@ bool sdap_has_deref_support(struct sdap_handle *sh, struct sdap_options *opts) return false; } -errno_t sdap_check_aliases(struct sysdb_ctx *sysdb, - struct sysdb_attrs *user_attrs, - struct sss_domain_info *dom, - struct sdap_options *opts, - bool steal_memberships) -{ - errno_t ret; - const char **aliases = NULL; - const char *name = NULL; - struct ldb_message *msg; - TALLOC_CTX *tmp_ctx = NULL; - char **parents; - uid_t alias_uid, uid; - int i; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) return ENOMEM; - - ret = sysdb_attrs_primary_name(sysdb, user_attrs, - opts->user_map[SDAP_AT_USER_NAME].sys_name, - &name); - if (ret != EOK) { - DEBUG(SSSDBG_TRACE_INTERNAL, ("Could not get the primary name\n")); - goto done; - } - - ret = sysdb_attrs_get_uint32_t(user_attrs, - opts->user_map[SDAP_AT_USER_UID].sys_name, - &uid); - if (ret != EOK) { - DEBUG(SSSDBG_TRACE_INTERNAL, ("Could not get UID\n")); - goto done; - } - - ret = sysdb_attrs_get_aliases(tmp_ctx, user_attrs, name, - !dom->case_sensitive, &aliases); - if (ret != EOK) { - DEBUG(SSSDBG_TRACE_INTERNAL, ("Failed to get the alias list\n")); - goto done; - } - - for (i = 0; aliases[i]; i++) { - /* In RFC2307 schema, another group might be referencing user - * using secondary name, so there might be fake users in the cache - * from a previous getgr call */ - ret = sysdb_search_user_by_name(tmp_ctx, sysdb, - aliases[i], NULL, &msg); - if (ret && ret != ENOENT) { - DEBUG(SSSDBG_TRACE_INTERNAL, ("Error searching the cache\n")); - goto done; - } else if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_INTERNAL, - ("No user with primary name same as alias %s\n", aliases[i])); - continue; - } - - alias_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); - if (alias_uid) { - if (alias_uid == uid) { - DEBUG(SSSDBG_TRACE_INTERNAL, - ("User already cached, skipping\n")); - continue; - } - DEBUG(SSSDBG_FATAL_FAILURE, - ("Cache contains non-fake user with same name " - "as alias %s\n", aliases[i])); - ret = EIO; - goto done; - } - DEBUG(SSSDBG_TRACE_FUNC, ("%s is a fake user\n", aliases[i])); - - if (steal_memberships) { - /* Get direct sysdb parents */ - ret = sysdb_get_direct_parents(tmp_ctx, sysdb, dom, - SYSDB_MEMBER_USER, - aliases[i], &parents); - if (ret) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("Could not get direct parents for %s: %d [%s]\n", - aliases[i], ret, strerror(ret))); - goto done; - } - - ret = sysdb_update_members(sysdb, name, SYSDB_MEMBER_USER, - (const char *const *) parents, - NULL); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("Membership update failed [%d]: %s\n", - ret, strerror(ret))); - goto done; - } - } - - ret = sysdb_delete_user(sysdb, aliases[i], alias_uid); - if (ret) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("Error deleting fake user %s\n", aliases[i])); - goto done; - } - } - - ret = EOK; -done: - talloc_free(tmp_ctx); - return ret; -} - errno_t sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, const char *attr_name, diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 870f15310..34fb40dae 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -195,12 +195,6 @@ int sdap_deref_search_recv(struct tevent_req *req, size_t *reply_count, struct sdap_deref_attrs ***reply); -errno_t sdap_check_aliases(struct sysdb_ctx *sysdb, - struct sysdb_attrs *user_attrs, - struct sss_domain_info *dom, - struct sdap_options *opts, - bool steal_memberships); - errno_t sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, const char *attr_name, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index b883ccf93..861176000 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2646,13 +2646,6 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) switch (state->opts->schema_type) { case SDAP_SCHEMA_RFC2307: - ret = sdap_check_aliases(state->sysdb, state->orig_user, state->dom, - state->opts, false); - if (ret != EOK) { - tevent_req_error(req, ret); - return; - } - subreq = sdap_initgr_rfc2307_send(state, state->ev, state->opts, state->sysdb, state->sh, cname); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index bc9e5551b..dfce319b2 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -411,12 +411,6 @@ int sdap_save_users(TALLOC_CTX *memctx, DEBUG(9, ("User %d processed!\n", i)); } - ret = sdap_check_aliases(sysdb, users[i], dom, - opts, true); - if (ret) { - DEBUG(2, ("Failed to check aliases for user %d. Ignoring.\n", i)); - } - if (usn_value) { if (higher_usn) { if ((strlen(usn_value) > strlen(higher_usn)) || |