diff options
Diffstat (limited to 'src/providers/ldap/ldap_id.c')
-rw-r--r-- | src/providers/ldap/ldap_id.c | 58 |
1 files changed, 53 insertions, 5 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index e8b3a0e1e..2e58f4e49 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -179,6 +179,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, goto done; } break; + case BE_FILTER_UUID: + attr_name = ctx->opts->user_map[SDAP_AT_USER_UUID].name; + if (attr_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "UUID search not configured for this backend.\n"); + ret = EINVAL; + goto done; + } + + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto done; + } + break; default: ret = EINVAL; goto done; @@ -458,8 +472,9 @@ static void users_get_done(struct tevent_req *subreq) break; case BE_FILTER_SECID: - /* Since it is not clear if the SID belongs to a user or a group - * we have nothing to do here. */ + case BE_FILTER_UUID: + /* Since it is not clear if the SID/UUID belongs to a user or a + * group we have nothing to do here. */ break; default: @@ -635,6 +650,20 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto done; } break; + case BE_FILTER_UUID: + attr_name = ctx->opts->group_map[SDAP_AT_GROUP_UUID].name; + if (attr_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "UUID search not configured for this backend.\n"); + ret = EINVAL; + goto done; + } + + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto done; + } + break; default: ret = EINVAL; goto done; @@ -884,8 +913,9 @@ static void groups_get_done(struct tevent_req *subreq) break; case BE_FILTER_SECID: - /* Since it is not clear if the SID belongs to a user or a group - * we have nothing to do here. */ + case BE_FILTER_UUID: + /* Since it is not clear if the SID/UUID belongs to a user or a + * group we have nothing to do here. */ break; default: @@ -1401,7 +1431,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - if (ar->filter_type == BE_FILTER_SECID) { + if (ar->filter_type == BE_FILTER_SECID + || ar->filter_type == BE_FILTER_UUID) { ret = EINVAL; state->err = "Invalid filter type"; goto done; @@ -1430,6 +1461,21 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, noexist_delete); break; + case BE_REQ_BY_UUID: + if (ar->filter_type != BE_FILTER_UUID) { + ret = EINVAL; + state->err = "Invalid filter type"; + goto done; + } + + subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, + sdom, conn, + ar->filter_value, + ar->filter_type, + ar->attr_type, + noexist_delete); + break; + case BE_REQ_USER_AND_GROUP: if (!(ar->filter_type == BE_FILTER_NAME || ar->filter_type == BE_FILTER_IDNUM)) { @@ -1504,6 +1550,8 @@ sdap_handle_acct_req_done(struct tevent_req *subreq) break; case BE_REQ_BY_SECID: /* Fallthrough */ + case BE_REQ_BY_UUID: + /* Fallthrough */ case BE_REQ_USER_AND_GROUP: err = "Lookup by SID failed"; ret = sdap_get_user_and_group_recv(subreq, &state->dp_error, |