diff options
-rw-r--r-- | src/providers/data_provider.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id.c | 15 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.h | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 11 |
4 files changed, 25 insertions, 4 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index ebb4fadfa..9af13627c 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -147,6 +147,8 @@ * length */ #define DP_SEC_ID_LEN (sizeof(DP_SEC_ID) - 1) +#define EXTRA_NAME_IS_UPN "U" + /* AUTH related common data and functions */ #define DEBUG_PAM_DATA(level, pd) do { \ diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index c788b6bdd..eb349f3cc 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -70,6 +70,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, + const char *extra_value, int attrs_type, bool noexist_delete) { @@ -111,7 +112,11 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, sdom->dom->domain_id); switch (filter_type) { case BE_FILTER_NAME: - attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name; + if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { + attr_name = ctx->opts->user_map[SDAP_AT_USER_PRINC].name; + } else { + attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name; + } ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto done; @@ -918,6 +923,7 @@ struct groups_by_user_state { struct sss_domain_info *domain; const char *name; + const char *extra_value; const char **attrs; int dp_error; @@ -935,6 +941,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, + const char *extra_value, bool noexist_delete) { struct tevent_req *req; @@ -959,6 +966,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, } state->name = name; + state->extra_value = extra_value; state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; @@ -1020,6 +1028,7 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) state->ctx, state->conn, state->name, + state->extra_value, state->attrs); if (!subreq) { tevent_req_error(req, ENOMEM); @@ -1320,6 +1329,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, sdom, conn, ar->filter_value, ar->filter_type, + ar->extra_value, ar->attr_type, noexist_delete); break; @@ -1358,6 +1368,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, subreq = groups_by_user_send(breq, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, + ar->extra_value, noexist_delete); break; @@ -1701,7 +1712,7 @@ static void get_user_and_group_groups_done(struct tevent_req *subreq) * Retry with users. */ subreq = users_get_send(req, state->ev, state->id_ctx, state->sdom, state->conn, - state->filter_val, state->filter_type, + state->filter_val, state->filter_type, NULL, state->attrs_type, state->noexist_delete); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "groups_get_send failed.\n"); diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 808254a24..7bb69f2fa 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -134,6 +134,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + const char *extra_value, const char **grp_attrs); int sdap_get_initgr_recv(struct tevent_req *req); diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 62e76cc4a..f96dfe0ff 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2616,6 +2616,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + const char *extra_value, const char **grp_attrs) { struct tevent_req *req; @@ -2623,6 +2624,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, int ret; char *clean_name; bool use_id_mapping; + const char *search_attr; DEBUG(SSSDBG_TRACE_ALL, "Retrieving info for initgroups call\n"); @@ -2661,10 +2663,15 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, return NULL; } + if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { + search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name; + } else { + search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + } + state->user_base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)", - state->opts->user_map[SDAP_AT_USER_NAME].name, - clean_name, + search_attr, clean_name, state->opts->user_map[SDAP_OC_USER].name); if (!state->user_base_filter) { talloc_zfree(req); |