summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/db/sysdb.h3
-rw-r--r--src/db/sysdb_search.c24
-rw-r--r--src/db/sysdb_views.c41
-rw-r--r--src/responder/nss/nsssrv_cmd.c2
4 files changed, 44 insertions, 26 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index ebb1bbeda..f582f6a51 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -487,7 +487,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
struct ldb_message *obj,
- struct ldb_message *override_obj);
+ struct ldb_message *override_obj,
+ const char **req_attrs);
errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
struct ldb_message *obj);
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index dacbd239d..677257405 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -124,7 +124,8 @@ errno_t sysdb_getpwnam_with_views(TALLOC_CTX *mem_ctx,
* the original object. */
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
- override_obj == NULL ? NULL : override_obj ->msgs[0]);
+ override_obj == NULL ? NULL : override_obj->msgs[0],
+ NULL);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
goto done;
@@ -229,7 +230,8 @@ errno_t sysdb_getpwuid_with_views(TALLOC_CTX *mem_ctx,
* the original object. */
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
- override_obj == NULL ? NULL : override_obj->msgs[0]);
+ override_obj == NULL ? NULL : override_obj->msgs[0],
+ NULL);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
goto done;
@@ -314,7 +316,8 @@ int sysdb_enumpwent_with_views(TALLOC_CTX *mem_ctx,
if (DOM_HAS_VIEWS(domain)) {
for (c = 0; c < res->count; c++) {
- ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL);
+ ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL,
+ NULL);
/* enumeration assumes that the cache is up-to-date, hence we do not
* need to handle ENOENT separately. */
if (ret != EOK) {
@@ -426,7 +429,8 @@ int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx,
}
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
- override_obj == NULL ? NULL : override_obj ->msgs[0]);
+ override_obj == NULL ? NULL : override_obj ->msgs[0],
+ NULL);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
goto done;
@@ -578,7 +582,8 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
}
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
- override_obj == NULL ? NULL : override_obj ->msgs[0]);
+ override_obj == NULL ? NULL : override_obj ->msgs[0],
+ NULL);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
goto done;
@@ -734,7 +739,8 @@ int sysdb_enumgrent_with_views(TALLOC_CTX *mem_ctx,
if (DOM_HAS_VIEWS(domain)) {
for (c = 0; c < res->count; c++) {
- ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL);
+ ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL,
+ NULL);
/* enumeration assumes that the cache is up-to-date, hence we do not
* need to handle ENOENT separately. */
if (ret != EOK) {
@@ -956,7 +962,8 @@ int sysdb_initgroups_with_views(TALLOC_CTX *mem_ctx,
if (DOM_HAS_VIEWS(domain)) {
/* Skip user entry because it already has override values added */
for (c = 1; c < res->count; c++) {
- ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL);
+ ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL,
+ NULL);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
"sysdb_add_overrides_to_object failed.\n");
@@ -1083,7 +1090,8 @@ int sysdb_get_user_attr_with_views(TALLOC_CTX *mem_ctx,
* the original object. */
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
- override_obj == NULL ? NULL : override_obj ->msgs[0]);
+ override_obj == NULL ? NULL : override_obj ->msgs[0],
+ attrs);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
return ret;
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
index a42aa96ed..f2cf37023 100644
--- a/src/db/sysdb_views.c
+++ b/src/db/sysdb_views.c
@@ -948,6 +948,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
* @param[in] domain Domain struct, needed to access the cache
* @oaram[in] obj The original object
* @param[in] override_obj The object with the override data, may be NULL
+ * @param[in] req_attrs List of attributes to be requested, if not set a
+ * default list dependig on the object type will be used
*
* @return EOK - Override data was added successfully
* @return ENOMEM - There was insufficient memory to complete the operation
@@ -958,7 +960,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
*/
errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
struct ldb_message *obj,
- struct ldb_message *override_obj)
+ struct ldb_message *override_obj,
+ const char **req_attrs)
{
int ret;
const char *override_dn_str;
@@ -983,7 +986,8 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
{NULL, NULL}
};
size_t c;
- const char *tmp_str;
+ size_t d;
+ struct ldb_message_element *tmp_el;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
@@ -1016,12 +1020,15 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
goto done;
}
- uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0);
- if (uid == 0) {
- /* No UID hence group object */
- attrs = group_attrs;
- } else {
- attrs = user_attrs;
+ attrs = req_attrs;
+ if (attrs == NULL) {
+ uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0);
+ if (uid == 0) {
+ /* No UID hence group object */
+ attrs = group_attrs;
+ } else {
+ attrs = user_attrs;
+ }
}
ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, override_dn,
@@ -1050,14 +1057,16 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
}
for (c = 0; attr_map[c].attr != NULL; c++) {
- tmp_str = ldb_msg_find_attr_as_string(override, attr_map[c].attr, NULL);
- if (tmp_str != NULL) {
- talloc_steal(obj, tmp_str);
- ret = ldb_msg_add_string(obj, attr_map[c].new_attr, tmp_str);
- if (ret != LDB_SUCCESS) {
- DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
- ret = sysdb_error_to_errno(ret);
- goto done;
+ tmp_el = ldb_msg_find_element(override, attr_map[c].attr);
+ if (tmp_el != NULL) {
+ for (d = 0; d < tmp_el->num_values; d++) {
+ ret = ldb_msg_add_steal_value(obj, attr_map[c].new_attr,
+ &tmp_el->values[d]);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_value failed.\n");
+ ret = sysdb_error_to_errno(ret);
+ goto done;
+ }
}
}
}
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index b100aae08..ff7b6a334 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -4064,7 +4064,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
if (ret == EOK && DOM_HAS_VIEWS(dom)) {
for (c = 0; c < dctx->res->count; c++) {
ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c],
- NULL);
+ NULL, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
"sysdb_add_overrides_to_object failed.\n");
generated by cgit (git 2.34.1) at 2024-04-18 19:15:49 +0000