From 7ba70236daccb48432350147d0560b3302518cee Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzidek@redhat.com>
Date: Wed, 10 Sep 2014 12:56:54 +0200
Subject: Use the alternative objectclass in group maps.

Use the alternative group objectclass in queries.

Fixes:
https://fedorahosted.org/sssd/ticket/2436

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/providers/ldap/sdap.c | 40 ++++++++++++++++++++++++++++++++++++----
 1 file changed, 36 insertions(+), 4 deletions(-)

(limited to 'src/providers/ldap/sdap.c')

diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index ff50f8b5d..7034b11ed 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -290,6 +290,8 @@ int sdap_get_map(TALLOC_CTX *memctx,
 
 /* =Parse-msg============================================================= */
 
+static bool objectclass_matched(struct sdap_attr_map *map,
+                                const char *objcl, int len);
 int sdap_parse_entry(TALLOC_CTX *memctx,
                      struct sdap_handle *sh, struct sdap_msg *sm,
                      struct sdap_attr_map *map, int attrs_num,
@@ -348,9 +350,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
         }
 
         for (i = 0; vals[i]; i++) {
-            /* the objectclass is always the first name in the map */
-            if (strncasecmp(map[0].name,
-                            vals[i]->bv_val, vals[i]->bv_len) == 0) {
+            if (objectclass_matched(map, vals[i]->bv_val, vals[i]->bv_len)) {
                 /* ok it's an entry of the right type */
                 break;
             }
@@ -530,6 +530,25 @@ done:
     return ret;
 }
 
+static bool objectclass_matched(struct sdap_attr_map *map,
+                                const char *objcl, int len)
+{
+    if (len == 0) {
+        len = strlen(objcl) + 1;
+    }
+
+    if (strncasecmp(map[SDAP_OC_GROUP].name, objcl, len) == 0) {
+        return true;
+    }
+
+    if (map[SDAP_OC_GROUP_ALT].name != NULL
+        && strncasecmp(map[SDAP_OC_GROUP_ALT].name, objcl, len) == 0) {
+        return true;
+    }
+
+    return false;
+}
+
 /* Parses an LDAPDerefRes into sdap_deref_attrs structure */
 errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
                          struct sdap_attr_map_info *minfo,
@@ -630,7 +649,7 @@ errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
 
         for (i=0; ocs[i]; i++) {
             /* the objectclass is always the first name in the map */
-            if (strcasecmp(minfo[mi].map[0].name, ocs[i]) == 0) {
+            if (objectclass_matched(minfo[mi].map, ocs[i], 0)) {
                 DEBUG(SSSDBG_TRACE_ALL,
                       "Found map for objectclass '%s'\n", ocs[i]);
                 map = minfo[mi].map;
@@ -1449,3 +1468,16 @@ errno_t sdap_get_netgroup_primary_name(TALLOC_CTX *memctx,
                                  opts->netgroup_map[SDAP_AT_NETGROUP_NAME].name,
                                  attrs, dom, _netgroup_name);
 }
+
+char *sdap_make_oc_list(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map)
+{
+    if (map[SDAP_OC_GROUP_ALT].name == NULL) {
+        return talloc_asprintf(mem_ctx, "objectClass=%s",
+                               map[SDAP_OC_GROUP].name);
+    } else {
+        return talloc_asprintf(mem_ctx,
+                               "|(objectClass=%s)(objectClass=%s)",
+                               map[SDAP_OC_GROUP].name,
+                               map[SDAP_OC_GROUP_ALT].name);
+    }
+}
-- 
cgit