diff options
-rw-r--r-- | src/db/sysdb.h | 7 | ||||
-rw-r--r-- | src/db/sysdb_search.c | 101 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 62 |
3 files changed, 113 insertions, 57 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index fc53e38de..138e7df82 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -690,4 +690,11 @@ errno_t sysdb_remove_attrs(struct sysdb_ctx *sysdb, enum sysdb_member_type type, char **remove_attrs); +errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, + enum sysdb_member_type mtype, + const char *name, + char ***_direct_parents); + #endif /* __SYS_DB_H__ */ diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 37d6e14b2..55fdea8e1 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -842,3 +842,104 @@ done: talloc_zfree(tmp_ctx); return ret; } + +errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, + enum sysdb_member_type mtype, + const char *name, + char ***_direct_parents) +{ + errno_t ret; + const char *dn; + struct ldb_dn *basedn; + static const char *group_attrs[] = { SYSDB_NAME, NULL }; + const char *member_filter; + size_t direct_sysdb_count = 0; + struct ldb_message **direct_sysdb_groups = NULL; + char **direct_parents = NULL; + TALLOC_CTX *tmp_ctx = NULL; + int i, pi; + const char *tmp_str; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) return ENOMEM; + + if (mtype == SYSDB_MEMBER_USER) { + dn = sysdb_user_strdn(tmp_ctx, dom->name, name); + } else if (mtype == SYSDB_MEMBER_USER) { + dn = sysdb_group_strdn(tmp_ctx, dom->name, name); + } else { + DEBUG(1, ("Unknown member type\n")); + ret = EINVAL; + goto done; + } + + if (!dn) { + ret = ENOMEM; + goto done; + } + + member_filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s))", + SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS, + SYSDB_MEMBER, dn); + if (!member_filter) { + ret = ENOMEM; + goto done; + } + + basedn = ldb_dn_new_fmt(tmp_ctx, sysdb_ctx_get_ldb(sysdb), + SYSDB_TMPL_GROUP_BASE, dom->name); + if (!basedn) { + ret = ENOMEM; + goto done; + } + + DEBUG(8, ("searching sysdb with filter [%s]\n", member_filter)); + + ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, + LDB_SCOPE_SUBTREE, member_filter, group_attrs, + &direct_sysdb_count, &direct_sysdb_groups); + if (ret == ENOENT) { + direct_sysdb_count = 0; + } else if (ret != EOK && ret != ENOENT) { + DEBUG(2, ("sysdb_search_entry failed: [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + + /* EOK */ + /* Get the list of sysdb groups by name */ + direct_parents = talloc_array(tmp_ctx, char *, direct_sysdb_count+1); + if (!direct_parents) { + ret = ENOMEM; + goto done; + } + + pi = 0; + for(i = 0; i < direct_sysdb_count; i++) { + tmp_str = ldb_msg_find_attr_as_string(direct_sysdb_groups[i], + SYSDB_NAME, NULL); + if (!tmp_str) { + /* This should never happen, but if it does, just continue */ + continue; + } + + direct_parents[pi] = talloc_strdup(direct_parents, tmp_str); + if (!direct_parents[pi]) { + DEBUG(1, ("A group with no name?\n")); + ret = EIO; + goto done; + } + pi++; + } + direct_parents[pi] = NULL; + + DEBUG(7, ("%s is a member of %d sysdb groups\n", + name, direct_sysdb_count)); + *_direct_parents = talloc_steal(mem_ctx, direct_parents); + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; +} diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 2191c133e..f5c37078b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -774,20 +774,13 @@ static int sdap_initgr_nested_store_group(struct sysdb_ctx *sysdb, int ngroups) { TALLOC_CTX *tmp_ctx; - const char *member_filter; const char *group_orig_dn; const char *group_name; - const char *group_dn; int ret; - int i; - struct ldb_message **direct_sysdb_groups = NULL; - size_t direct_sysdb_count = 0; - static const char *group_attrs[] = { SYSDB_NAME, NULL }; struct ldb_dn *basedn; int ndirect; struct sysdb_attrs **direct_groups; char **sysdb_grouplist = NULL; - const char *tmp_str; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; @@ -813,58 +806,13 @@ static int sdap_initgr_nested_store_group(struct sysdb_ctx *sysdb, } /* Get direct sysdb parents */ - group_dn = sysdb_group_strdn(tmp_ctx, dom->name, group_name); - if (!group_dn) { - ret = ENOMEM; - goto done; - } - - member_filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s))", - SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS, - SYSDB_MEMBER, group_dn); - if (!member_filter) { - ret = ENOMEM; - goto done; - } - - DEBUG(8, ("searching sysdb with filter %s\n", member_filter)); - - ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, - LDB_SCOPE_SUBTREE, member_filter, group_attrs, - &direct_sysdb_count, &direct_sysdb_groups); - if (ret == EOK) { - /* Get the list of sysdb groups by name */ - sysdb_grouplist = talloc_array(tmp_ctx, char *, direct_sysdb_count+1); - if (!sysdb_grouplist) { - ret = ENOMEM; - goto done; - } - - for(i = 0; i < direct_sysdb_count; i++) { - tmp_str = ldb_msg_find_attr_as_string(direct_sysdb_groups[i], - SYSDB_NAME, NULL); - if (!tmp_str) { - /* This should never happen, but if it does, just continue */ - continue; - } - - sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist, tmp_str); - if (!sysdb_grouplist[i]) { - DEBUG(1, ("A group with no name?\n")); - ret = EIO; - goto done; - } - } - sysdb_grouplist[i] = NULL; - } else if (ret == ENOENT) { - sysdb_grouplist = NULL; - direct_sysdb_count = 0; - } else { - DEBUG(2, ("sysdb_search_entry failed: [%d]: %s\n", ret, strerror(ret))); + ret = sysdb_get_direct_parents(tmp_ctx, sysdb, dom, SYSDB_MEMBER_GROUP, + group_name, &sysdb_grouplist); + if (ret) { + DEBUG(1, ("Could not get direct parents for %s: %d [%s]\n", + group_name, ret, strerror(ret))); goto done; } - DEBUG(7, ("The group %s is a member of %d sysdb groups\n", - group_name, direct_sysdb_count)); /* Filter only parents from full set */ ret = sdap_initgr_nested_get_direct_parents(tmp_ctx, group, groups, |