summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/db/sysdb.h7
-rw-r--r--src/db/sysdb_search.c101
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c62
3 files changed, 113 insertions, 57 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index fc53e38de..138e7df82 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -690,4 +690,11 @@ errno_t sysdb_remove_attrs(struct sysdb_ctx *sysdb,
enum sysdb_member_type type,
char **remove_attrs);
+errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
+ enum sysdb_member_type mtype,
+ const char *name,
+ char ***_direct_parents);
+
#endif /* __SYS_DB_H__ */
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index 37d6e14b2..55fdea8e1 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -842,3 +842,104 @@ done:
talloc_zfree(tmp_ctx);
return ret;
}
+
+errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
+ enum sysdb_member_type mtype,
+ const char *name,
+ char ***_direct_parents)
+{
+ errno_t ret;
+ const char *dn;
+ struct ldb_dn *basedn;
+ static const char *group_attrs[] = { SYSDB_NAME, NULL };
+ const char *member_filter;
+ size_t direct_sysdb_count = 0;
+ struct ldb_message **direct_sysdb_groups = NULL;
+ char **direct_parents = NULL;
+ TALLOC_CTX *tmp_ctx = NULL;
+ int i, pi;
+ const char *tmp_str;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) return ENOMEM;
+
+ if (mtype == SYSDB_MEMBER_USER) {
+ dn = sysdb_user_strdn(tmp_ctx, dom->name, name);
+ } else if (mtype == SYSDB_MEMBER_USER) {
+ dn = sysdb_group_strdn(tmp_ctx, dom->name, name);
+ } else {
+ DEBUG(1, ("Unknown member type\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
+ if (!dn) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ member_filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s))",
+ SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS,
+ SYSDB_MEMBER, dn);
+ if (!member_filter) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ basedn = ldb_dn_new_fmt(tmp_ctx, sysdb_ctx_get_ldb(sysdb),
+ SYSDB_TMPL_GROUP_BASE, dom->name);
+ if (!basedn) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ DEBUG(8, ("searching sysdb with filter [%s]\n", member_filter));
+
+ ret = sysdb_search_entry(tmp_ctx, sysdb, basedn,
+ LDB_SCOPE_SUBTREE, member_filter, group_attrs,
+ &direct_sysdb_count, &direct_sysdb_groups);
+ if (ret == ENOENT) {
+ direct_sysdb_count = 0;
+ } else if (ret != EOK && ret != ENOENT) {
+ DEBUG(2, ("sysdb_search_entry failed: [%d]: %s\n",
+ ret, strerror(ret)));
+ goto done;
+ }
+
+ /* EOK */
+ /* Get the list of sysdb groups by name */
+ direct_parents = talloc_array(tmp_ctx, char *, direct_sysdb_count+1);
+ if (!direct_parents) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ pi = 0;
+ for(i = 0; i < direct_sysdb_count; i++) {
+ tmp_str = ldb_msg_find_attr_as_string(direct_sysdb_groups[i],
+ SYSDB_NAME, NULL);
+ if (!tmp_str) {
+ /* This should never happen, but if it does, just continue */
+ continue;
+ }
+
+ direct_parents[pi] = talloc_strdup(direct_parents, tmp_str);
+ if (!direct_parents[pi]) {
+ DEBUG(1, ("A group with no name?\n"));
+ ret = EIO;
+ goto done;
+ }
+ pi++;
+ }
+ direct_parents[pi] = NULL;
+
+ DEBUG(7, ("%s is a member of %d sysdb groups\n",
+ name, direct_sysdb_count));
+ *_direct_parents = talloc_steal(mem_ctx, direct_parents);
+ ret = EOK;
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 2191c133e..f5c37078b 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -774,20 +774,13 @@ static int sdap_initgr_nested_store_group(struct sysdb_ctx *sysdb,
int ngroups)
{
TALLOC_CTX *tmp_ctx;
- const char *member_filter;
const char *group_orig_dn;
const char *group_name;
- const char *group_dn;
int ret;
- int i;
- struct ldb_message **direct_sysdb_groups = NULL;
- size_t direct_sysdb_count = 0;
- static const char *group_attrs[] = { SYSDB_NAME, NULL };
struct ldb_dn *basedn;
int ndirect;
struct sysdb_attrs **direct_groups;
char **sysdb_grouplist = NULL;
- const char *tmp_str;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return ENOMEM;
@@ -813,58 +806,13 @@ static int sdap_initgr_nested_store_group(struct sysdb_ctx *sysdb,
}
/* Get direct sysdb parents */
- group_dn = sysdb_group_strdn(tmp_ctx, dom->name, group_name);
- if (!group_dn) {
- ret = ENOMEM;
- goto done;
- }
-
- member_filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)(%s=%s))",
- SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS,
- SYSDB_MEMBER, group_dn);
- if (!member_filter) {
- ret = ENOMEM;
- goto done;
- }
-
- DEBUG(8, ("searching sysdb with filter %s\n", member_filter));
-
- ret = sysdb_search_entry(tmp_ctx, sysdb, basedn,
- LDB_SCOPE_SUBTREE, member_filter, group_attrs,
- &direct_sysdb_count, &direct_sysdb_groups);
- if (ret == EOK) {
- /* Get the list of sysdb groups by name */
- sysdb_grouplist = talloc_array(tmp_ctx, char *, direct_sysdb_count+1);
- if (!sysdb_grouplist) {
- ret = ENOMEM;
- goto done;
- }
-
- for(i = 0; i < direct_sysdb_count; i++) {
- tmp_str = ldb_msg_find_attr_as_string(direct_sysdb_groups[i],
- SYSDB_NAME, NULL);
- if (!tmp_str) {
- /* This should never happen, but if it does, just continue */
- continue;
- }
-
- sysdb_grouplist[i] = talloc_strdup(sysdb_grouplist, tmp_str);
- if (!sysdb_grouplist[i]) {
- DEBUG(1, ("A group with no name?\n"));
- ret = EIO;
- goto done;
- }
- }
- sysdb_grouplist[i] = NULL;
- } else if (ret == ENOENT) {
- sysdb_grouplist = NULL;
- direct_sysdb_count = 0;
- } else {
- DEBUG(2, ("sysdb_search_entry failed: [%d]: %s\n", ret, strerror(ret)));
+ ret = sysdb_get_direct_parents(tmp_ctx, sysdb, dom, SYSDB_MEMBER_GROUP,
+ group_name, &sysdb_grouplist);
+ if (ret) {
+ DEBUG(1, ("Could not get direct parents for %s: %d [%s]\n",
+ group_name, ret, strerror(ret)));
goto done;
}
- DEBUG(7, ("The group %s is a member of %d sysdb groups\n",
- group_name, direct_sysdb_count));
/* Filter only parents from full set */
ret = sdap_initgr_nested_get_direct_parents(tmp_ctx, group, groups,