diff options
-rw-r--r-- | src/providers/data_provider.h | 6 | ||||
-rw-r--r-- | src/providers/data_provider_be.c | 5 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id.c | 6 | ||||
-rw-r--r-- | src/providers/proxy/proxy_id.c | 6 | ||||
-rw-r--r-- | src/responder/common/responder_dp.c | 18 |
5 files changed, 37 insertions, 4 deletions
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 256e6089e..313681448 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -140,6 +140,7 @@ #define BE_FILTER_NAME 1 #define BE_FILTER_IDNUM 2 #define BE_FILTER_ENUM 3 +#define BE_FILTER_SECID 4 #define BE_REQ_USER 0x0001 #define BE_REQ_GROUP 0x0002 @@ -153,6 +154,11 @@ #define BE_REQ_TYPE_MASK 0x00FF #define BE_REQ_FAST 0x1000 +#define DP_SEC_ID "secid" +/* sizeof() counts the trailing \0 so we must substract 1 for the string + * length */ +#define DP_SEC_ID_LEN (sizeof(DP_SEC_ID) - 1) + /* AUTH related common data and functions */ #define DEBUG_PAM_DATA(level, pd) do { \ diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 823dc00e9..cd6715680 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -1043,6 +1043,11 @@ static int be_get_account_info(DBusMessage *message, struct sbus_connection *con ret = split_name_extended(req, &filter[9], &req->filter_value, &req->extra_value); + } else if (strncmp(filter, DP_SEC_ID"=", DP_SEC_ID_LEN + 1) == 0) { + req->filter_type = BE_FILTER_SECID; + ret = split_name_extended(req, &filter[DP_SEC_ID_LEN + 1], + &req->filter_value, + &req->extra_value); } else if (strcmp(filter, ENUM_INDICATOR) == 0) { req->filter_type = BE_FILTER_ENUM; req->filter_value = NULL; diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 073f6869e..4d373a495 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -1058,6 +1058,12 @@ void sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx) return sdap_handler_done(breq, DP_ERR_OK, EOK, "Success"); } + if (ar->filter_type == BE_FILTER_SECID) { + ret = EINVAL; + err = "Invalid filter type"; + break; + } + req = services_get_send(breq, be_ctx->ev, ctx, ar->filter_value, ar->extra_value, diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index 7d7fab205..aae3ee8f4 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -1364,6 +1364,12 @@ void proxy_get_account_info(struct be_req *breq) return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid attr type"); } + /* proxy provider does not support security ID lookups */ + if (ar->filter_type == BE_FILTER_SECID) { + return be_req_terminate(breq, DP_ERR_FATAL, ENOSYS, + "Invalid filter type"); + } + switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ switch (ar->filter_type) { diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c index d23075d63..53826b0f3 100644 --- a/src/responder/common/responder_dp.c +++ b/src/responder/common/responder_dp.c @@ -548,11 +548,21 @@ sss_dp_get_account_msg(void *pvt) } if (info->opt_name) { - if (info->extra) { - filter = talloc_asprintf(info, "name=%s:%s", - info->opt_name, info->extra); + if (info->type == SSS_DP_SECID) { + if (info->extra) { + filter = talloc_asprintf(info, "%s=%s:%s", DP_SEC_ID, + info->opt_name, info->extra); + } else { + filter = talloc_asprintf(info, "%s=%s", DP_SEC_ID, + info->opt_name); + } } else { - filter = talloc_asprintf(info, "name=%s", info->opt_name); + if (info->extra) { + filter = talloc_asprintf(info, "name=%s:%s", + info->opt_name, info->extra); + } else { + filter = talloc_asprintf(info, "name=%s", info->opt_name); + } } } else if (info->opt_id) { if (info->extra) { |