diff options
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/ldap_id.c | 20 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 14 |
3 files changed, 20 insertions, 15 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index d65bd5f6a..997313bec 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -965,6 +965,7 @@ struct groups_by_user_state { struct sss_domain_info *domain; const char *name; + int name_type; const char *extra_value; const char **attrs; @@ -983,6 +984,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, + int name_type, const char *extra_value, bool noexist_delete) { @@ -1008,6 +1010,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, } state->name = name; + state->name_type = name_type; state->extra_value = extra_value; state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; @@ -1070,6 +1073,7 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) state->ctx, state->conn, state->name, + state->name_type, state->extra_value, state->attrs); if (!subreq) { @@ -1393,7 +1397,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, case BE_REQ_INITGROUPS: /* init groups for user */ if (ar->filter_type != BE_FILTER_NAME - && ar->filter_type != BE_FILTER_SECID) { + && ar->filter_type != BE_FILTER_SECID + && ar->filter_type != BE_FILTER_UUID) { ret = EINVAL; state->err = "Invalid filter type"; goto done; @@ -1403,21 +1408,12 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, state->err = "Invalid attr type"; goto done; } - if (ar->filter_type == BE_FILTER_SECID && ar->extra_value != NULL - && strcmp(ar->extra_value, EXTRA_NAME_IS_SID) != 0) { - DEBUG(SSSDBG_OP_FAILURE, - "Unexpected extra value [%s] for BE_FILTER_SECID.\n", - ar->extra_value); - ret = EINVAL; - state->err = "Invalid extra value"; - goto done; - } subreq = groups_by_user_send(state, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, - (ar->filter_type == BE_FILTER_SECID) - ? EXTRA_NAME_IS_SID : ar->extra_value, + ar->filter_type, + ar->extra_value, noexist_delete); break; diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 29afd8e1a..f2ea9bf2e 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -136,6 +136,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + int name_type, const char *extra_value, const char **grp_attrs); int sdap_get_initgr_recv(struct tevent_req *req); diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 5c5be5eab..4f775d76b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2667,6 +2667,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + int name_type, const char *extra_value, const char **grp_attrs) { @@ -2716,10 +2717,17 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name; - } else if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_SID) == 0) { - search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name; } else { - search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + switch (name_type) { + case BE_FILTER_SECID: + search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name; + break; + case BE_FILTER_UUID: + search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name; + break; + default: + search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + } } state->user_base_filter = |