diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/db/sysdb_search.c | 32 | ||||
-rw-r--r-- | src/providers/data_provider.h | 1 | ||||
-rw-r--r-- | src/providers/ipa/ipa_id.c | 15 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id.c | 20 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.h | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 14 | ||||
-rw-r--r-- | src/tests/sysdb-tests.c | 9 |
7 files changed, 64 insertions, 28 deletions
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index da0c6d90c..ccd8fa080 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -1612,20 +1612,30 @@ errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx, if (res->count == 0) { ret = sysdb_search_user_by_upn(tmp_ctx, domain, name_or_upn_or_sid, NULL, &msg); - if (ret != EOK) { + if (ret == ENOENT) { + ret = sysdb_search_user_by_sid_str(tmp_ctx, domain, + name_or_upn_or_sid, NULL, &msg); if (ret == ENOENT) { - ret = sysdb_search_user_by_sid_str(tmp_ctx, domain, - name_or_upn_or_sid, NULL, - &msg); - } - - if (ret != EOK) { - /* User cannot be found in cache */ - DEBUG(SSSDBG_OP_FAILURE, "Cannot find user [%s] in cache\n", - name_or_upn_or_sid); - goto done; + ret = sysdb_search_object_by_uuid(tmp_ctx, domain, + name_or_upn_or_sid, NULL, + &res); + if (ret == EOK && res->count == 1) { + msg = res->msgs[0]; + } else { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_search_object_by_uuid did not return a " \ + "single result.\n"); + ret = ENOENT; + goto done; + } } } + if (ret != EOK) { + /* User cannot be found in cache */ + DEBUG(SSSDBG_OP_FAILURE, "Cannot find user [%s] in cache\n", + name_or_upn_or_sid); + goto done; + } } else if (res->count == 1) { msg = res->msgs[0]; } else { diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index 89fb06a0d..5df493e9d 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -150,7 +150,6 @@ #define DP_SEC_ID_LEN (sizeof(DP_SEC_ID) - 1) #define EXTRA_NAME_IS_UPN "U" -#define EXTRA_NAME_IS_SID "S" #define EXTRA_INPUT_MAYBE_WITH_VIEW "V" /* AUTH related common data and functions */ diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index ebf5f03b8..e3a7fffc3 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -555,6 +555,7 @@ struct ipa_id_get_account_info_state { struct sss_domain_info *domain; struct be_req *be_req; struct be_acct_req *ar; + struct be_acct_req *orig_ar; const char *realm; struct sysdb_attrs *override_attrs; @@ -733,13 +734,25 @@ static void ipa_id_get_account_info_got_override(struct tevent_req *subreq) if (strcmp(state->ar->domain, anchor_domain) == 0) { + state->orig_ar = state->ar; + ret = get_be_acct_req_for_uuid(state, ipa_uuid, state->ar->domain, &state->ar); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_uuid failed.\n"); goto fail; } + + if ((state->orig_ar->entry_type & BE_REQ_TYPE_MASK) + == BE_REQ_INITGROUPS) { + DEBUG(SSSDBG_TRACE_ALL, + "Switching back to BE_REQ_INITGROUPS.\n"); + state->ar->entry_type = BE_REQ_INITGROUPS; + state->ar->filter_type = BE_FILTER_UUID; + state->ar->attr_type = BE_ATTR_CORE; + } + } else { DEBUG(SSSDBG_MINOR_FAILURE, "Anchor from a different domain [%s], expected [%s]. " \ diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index c2686d249..63098a82e 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -964,6 +964,7 @@ struct groups_by_user_state { struct sss_domain_info *domain; const char *name; + int name_type; const char *extra_value; const char **attrs; @@ -982,6 +983,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, + int name_type, const char *extra_value, bool noexist_delete) { @@ -1007,6 +1009,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, } state->name = name; + state->name_type = name_type; state->extra_value = extra_value; state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; @@ -1069,6 +1072,7 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) state->ctx, state->conn, state->name, + state->name_type, state->extra_value, state->attrs); if (!subreq) { @@ -1392,7 +1396,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, case BE_REQ_INITGROUPS: /* init groups for user */ if (ar->filter_type != BE_FILTER_NAME - && ar->filter_type != BE_FILTER_SECID) { + && ar->filter_type != BE_FILTER_SECID + && ar->filter_type != BE_FILTER_UUID) { ret = EINVAL; state->err = "Invalid filter type"; goto done; @@ -1402,21 +1407,12 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, state->err = "Invalid attr type"; goto done; } - if (ar->filter_type == BE_FILTER_SECID && ar->extra_value != NULL - && strcmp(ar->extra_value, EXTRA_NAME_IS_SID) != 0) { - DEBUG(SSSDBG_OP_FAILURE, - "Unexpected extra value [%s] for BE_FILTER_SECID.\n", - ar->extra_value); - ret = EINVAL; - state->err = "Invalid extra value"; - goto done; - } subreq = groups_by_user_send(state, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, - (ar->filter_type == BE_FILTER_SECID) - ? EXTRA_NAME_IS_SID : ar->extra_value, + ar->filter_type, + ar->extra_value, noexist_delete); break; diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index ef9b3bbad..e9bfc5759 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -135,6 +135,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + int name_type, const char *extra_value, const char **grp_attrs); int sdap_get_initgr_recv(struct tevent_req *req); diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 5c5be5eab..4f775d76b 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2667,6 +2667,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + int name_type, const char *extra_value, const char **grp_attrs) { @@ -2716,10 +2717,17 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name; - } else if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_SID) == 0) { - search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name; } else { - search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + switch (name_type) { + case BE_FILTER_SECID: + search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name; + break; + case BE_FILTER_UUID: + search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name; + break; + default: + search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + } } state->user_base_filter = diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 0185beeaf..450a9d1d6 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -3581,6 +3581,10 @@ START_TEST(test_sysdb_get_real_name) "S-1-5-21-123-456-789-111"); fail_unless(ret == EOK, "sysdb_attrs_add_string failed."); + ret = sysdb_attrs_add_string(user_attrs, SYSDB_UUID, + "12345678-9012-3456-7890-123456789012"); + fail_unless(ret == EOK, "sysdb_attrs_add_string failed."); + ret = sysdb_store_user(test_ctx->domain, "RealName", NULL, 22345, 0, "gecos", "/home/realname", "/bin/bash", @@ -3604,6 +3608,11 @@ START_TEST(test_sysdb_get_real_name) fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", "RealName", str); + ret = sysdb_get_real_name(test_ctx, test_ctx->domain, + "12345678-9012-3456-7890-123456789012", &str); + fail_unless(ret == EOK, "sysdb_get_real_name failed."); + fail_unless(strcmp(str, "RealName") == 0, "Expected [%s], got [%s].", + "RealName", str); } END_TEST |