summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/db/sysdb_search.c32
-rw-r--r--src/providers/data_provider.h1
-rw-r--r--src/providers/ipa/ipa_id.c15
-rw-r--r--src/providers/ldap/ldap_id.c20
-rw-r--r--src/providers/ldap/sdap_async.h1
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c14
-rw-r--r--src/tests/sysdb-tests.c9
7 files changed, 64 insertions, 28 deletions
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index da0c6d90c..ccd8fa080 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -1612,20 +1612,30 @@ errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx,
if (res->count == 0) {
ret = sysdb_search_user_by_upn(tmp_ctx, domain, name_or_upn_or_sid,
NULL, &msg);
- if (ret != EOK) {
+ if (ret == ENOENT) {
+ ret = sysdb_search_user_by_sid_str(tmp_ctx, domain,
+ name_or_upn_or_sid, NULL, &msg);
if (ret == ENOENT) {
- ret = sysdb_search_user_by_sid_str(tmp_ctx, domain,
- name_or_upn_or_sid, NULL,
- &msg);
- }
-
- if (ret != EOK) {
- /* User cannot be found in cache */
- DEBUG(SSSDBG_OP_FAILURE, "Cannot find user [%s] in cache\n",
- name_or_upn_or_sid);
- goto done;
+ ret = sysdb_search_object_by_uuid(tmp_ctx, domain,
+ name_or_upn_or_sid, NULL,
+ &res);
+ if (ret == EOK && res->count == 1) {
+ msg = res->msgs[0];
+ } else {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "sysdb_search_object_by_uuid did not return a " \
+ "single result.\n");
+ ret = ENOENT;
+ goto done;
+ }
}
}
+ if (ret != EOK) {
+ /* User cannot be found in cache */
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot find user [%s] in cache\n",
+ name_or_upn_or_sid);
+ goto done;
+ }
} else if (res->count == 1) {
msg = res->msgs[0];
} else {
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index 89fb06a0d..5df493e9d 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -150,7 +150,6 @@
#define DP_SEC_ID_LEN (sizeof(DP_SEC_ID) - 1)
#define EXTRA_NAME_IS_UPN "U"
-#define EXTRA_NAME_IS_SID "S"
#define EXTRA_INPUT_MAYBE_WITH_VIEW "V"
/* AUTH related common data and functions */
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
index ebf5f03b8..e3a7fffc3 100644
--- a/src/providers/ipa/ipa_id.c
+++ b/src/providers/ipa/ipa_id.c
@@ -555,6 +555,7 @@ struct ipa_id_get_account_info_state {
struct sss_domain_info *domain;
struct be_req *be_req;
struct be_acct_req *ar;
+ struct be_acct_req *orig_ar;
const char *realm;
struct sysdb_attrs *override_attrs;
@@ -733,13 +734,25 @@ static void ipa_id_get_account_info_got_override(struct tevent_req *subreq)
if (strcmp(state->ar->domain, anchor_domain) == 0) {
+ state->orig_ar = state->ar;
+
ret = get_be_acct_req_for_uuid(state, ipa_uuid,
state->ar->domain,
&state->ar);
if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n");
+ DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_uuid failed.\n");
goto fail;
}
+
+ if ((state->orig_ar->entry_type & BE_REQ_TYPE_MASK)
+ == BE_REQ_INITGROUPS) {
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Switching back to BE_REQ_INITGROUPS.\n");
+ state->ar->entry_type = BE_REQ_INITGROUPS;
+ state->ar->filter_type = BE_FILTER_UUID;
+ state->ar->attr_type = BE_ATTR_CORE;
+ }
+
} else {
DEBUG(SSSDBG_MINOR_FAILURE,
"Anchor from a different domain [%s], expected [%s]. " \
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index c2686d249..63098a82e 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -964,6 +964,7 @@ struct groups_by_user_state {
struct sss_domain_info *domain;
const char *name;
+ int name_type;
const char *extra_value;
const char **attrs;
@@ -982,6 +983,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
const char *name,
+ int name_type,
const char *extra_value,
bool noexist_delete)
{
@@ -1007,6 +1009,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
}
state->name = name;
+ state->name_type = name_type;
state->extra_value = extra_value;
state->domain = sdom->dom;
state->sysdb = sdom->dom->sysdb;
@@ -1069,6 +1072,7 @@ static void groups_by_user_connect_done(struct tevent_req *subreq)
state->ctx,
state->conn,
state->name,
+ state->name_type,
state->extra_value,
state->attrs);
if (!subreq) {
@@ -1392,7 +1396,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
case BE_REQ_INITGROUPS: /* init groups for user */
if (ar->filter_type != BE_FILTER_NAME
- && ar->filter_type != BE_FILTER_SECID) {
+ && ar->filter_type != BE_FILTER_SECID
+ && ar->filter_type != BE_FILTER_UUID) {
ret = EINVAL;
state->err = "Invalid filter type";
goto done;
@@ -1402,21 +1407,12 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
state->err = "Invalid attr type";
goto done;
}
- if (ar->filter_type == BE_FILTER_SECID && ar->extra_value != NULL
- && strcmp(ar->extra_value, EXTRA_NAME_IS_SID) != 0) {
- DEBUG(SSSDBG_OP_FAILURE,
- "Unexpected extra value [%s] for BE_FILTER_SECID.\n",
- ar->extra_value);
- ret = EINVAL;
- state->err = "Invalid extra value";
- goto done;
- }
subreq = groups_by_user_send(state, be_ctx->ev, id_ctx,
sdom, conn,
ar->filter_value,
- (ar->filter_type == BE_FILTER_SECID)
- ? EXTRA_NAME_IS_SID : ar->extra_value,
+ ar->filter_type,
+ ar->extra_value,
noexist_delete);
break;
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index ef9b3bbad..e9bfc5759 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -135,6 +135,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
struct sdap_id_ctx *id_ctx,
struct sdap_id_conn_ctx *conn,
const char *name,
+ int name_type,
const char *extra_value,
const char **grp_attrs);
int sdap_get_initgr_recv(struct tevent_req *req);
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 5c5be5eab..4f775d76b 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -2667,6 +2667,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
struct sdap_id_ctx *id_ctx,
struct sdap_id_conn_ctx *conn,
const char *name,
+ int name_type,
const char *extra_value,
const char **grp_attrs)
{
@@ -2716,10 +2717,17 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name;
- } else if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_SID) == 0) {
- search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
} else {
- search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name;
+ switch (name_type) {
+ case BE_FILTER_SECID:
+ search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
+ break;
+ case BE_FILTER_UUID:
+ search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name;
+ break;
+ default:
+ search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name;
+ }
}
state->user_base_filter =
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 0185beeaf..450a9d1d6 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -3581,6 +3581,10 @@ START_TEST(test_sysdb_get_real_name)
"S-1-5-21-123-456-789-111");
fail_unless(ret == EOK, "sysdb_attrs_add_string failed.");
+ ret = sysdb_attrs_add_string(user_attrs, SYSDB_UUID,
+ "12345678-9012-3456-7890-123456789012");
+ fail_unless(ret == EOK, "sysdb_attrs_add_string failed.");
+
ret = sysdb_store_user(test_ctx->domain, "RealName",
NULL, 22345, 0, "gecos",
"/home/realname", "/bin/bash",
@@ -3604,6 +3608,11 @@ START_TEST(test_sysdb_get_real_name)
fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].",
"RealName", str);
+ ret = sysdb_get_real_name(test_ctx, test_ctx->domain,
+ "12345678-9012-3456-7890-123456789012", &str);
+ fail_unless(ret == EOK, "sysdb_get_real_name failed.");
+ fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].",
+ "RealName", str);
}
END_TEST
generated by cgit (git 2.34.1) at 2024-05-19 16:28:51 +0000