From 0c7aa697991ea9df960fae14fd567ebdda3b4ff4 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 19 Jan 2012 20:38:40 -0500 Subject: RESPONDER: Extend sss_dp_account_send() to include extra data Some NSS maps such as 'services' require more values to be passed to the data provider than just the name or ID. In these cases, we will amend an optional component to filter value to pass to the data provider backend. --- src/responder/common/responder.h | 3 ++- src/responder/common/responder_dp.c | 31 +++++++++++++++++++++++------- src/responder/nss/nsssrv_cmd.c | 8 ++++---- src/responder/pam/pamsrv_cmd.c | 2 +- src/responder/sudo/sudosrv_get_sudorules.c | 2 +- 5 files changed, 32 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index cbac67b56..c27de3115 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -192,7 +192,8 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx, bool fast_reply, int type, const char *opt_name, - uint32_t opt_id); + uint32_t opt_id, + const char *extra); errno_t sss_dp_get_account_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c index f51e2496a..6bc086c2a 100644 --- a/src/responder/common/responder_dp.c +++ b/src/responder/common/responder_dp.c @@ -247,7 +247,8 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx, bool fast_reply, int type, const char *opt_name, - uint32_t opt_id) + uint32_t opt_id, + const char *extra) { errno_t ret; int hret; @@ -312,13 +313,29 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx, state->key->type = HASH_KEY_STRING; if (opt_name) { - filter = talloc_asprintf(state, "name=%s", opt_name); - state->key->str = talloc_asprintf(state->key, "%d:%s@%s", - type, opt_name, dom->name); + if (extra) { + filter = talloc_asprintf(state, "name=%s:%s", + opt_name, extra); + state->key->str = talloc_asprintf(state->key, "%d:%s:%s@%s", + type, opt_name, + extra, dom->name); + } else { + filter = talloc_asprintf(state, "name=%s", opt_name); + state->key->str = talloc_asprintf(state->key, "%d:%s@%s", + type, opt_name, dom->name); + } } else if (opt_id) { - filter = talloc_asprintf(state, "idnumber=%u", opt_id); - state->key->str = talloc_asprintf(state->key, "%d:%d@%s", - type, opt_id, dom->name); + if (extra) { + filter = talloc_asprintf(state, "idnumber=%u:%s", + opt_id, extra); + state->key->str = talloc_asprintf(state->key, "%d:%d:%s@%s", + type, opt_id, + extra, dom->name); + } else { + filter = talloc_asprintf(state, "idnumber=%u", opt_id); + state->key->str = talloc_asprintf(state->key, "%d:%d@%s", + type, opt_id, dom->name); + } } else { filter = talloc_strdup(state, ENUM_INDICATOR); state->key->str = talloc_asprintf(state->key, "%d:*@%s", diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index abed7a886..dec7f3050 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -649,7 +649,7 @@ errno_t check_cache(struct nss_dom_ctx *dctx, * immediately. */ req = sss_dp_get_account_send(cctx, cctx->rctx, dctx->domain, true, - req_type, opt_name, opt_id); + req_type, opt_name, opt_id, NULL); if (!req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending out-of-band data provider " @@ -678,7 +678,7 @@ errno_t check_cache(struct nss_dom_ctx *dctx, } req = sss_dp_get_account_send(cctx, cctx->rctx, dctx->domain, true, - req_type, opt_name, opt_id); + req_type, opt_name, opt_id, NULL); if (!req) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending data provider request\n")); @@ -1413,7 +1413,7 @@ static errno_t nss_cmd_setpwent_step(struct setent_step_ctx *step_ctx) dctx->check_provider = false; dpreq = sss_dp_get_account_send(step_ctx, rctx, dctx->domain, true, - SSS_DP_USER, NULL, 0); + SSS_DP_USER, NULL, 0, NULL); if (!dpreq) { DEBUG(SSSDBG_MINOR_FAILURE, ("Enum Cache refresh for domain [%s] failed." @@ -2720,7 +2720,7 @@ static errno_t nss_cmd_setgrent_step(struct setent_step_ctx *step_ctx) step_ctx->returned_to_mainloop = true; /* Only do this once per provider */ dpreq = sss_dp_get_account_send(step_ctx, rctx, dctx->domain, true, - SSS_DP_USER, NULL, 0); + SSS_DP_USER, NULL, 0, NULL); if (!dpreq) { DEBUG(SSSDBG_MINOR_FAILURE, ("Enum Cache refresh for domain [%s] failed." diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 4a98dd638..8cb642217 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -953,7 +953,7 @@ static int pam_check_user_search(struct pam_auth_req *preq) dpreq = sss_dp_get_account_send(preq, preq->cctx->rctx, dom, false, SSS_DP_INITGROUPS, - name, 0); + name, 0, NULL); if (!dpreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending data provider request\n")); diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c index fca6257d8..b1c3fa5e8 100644 --- a/src/responder/sudo/sudosrv_get_sudorules.c +++ b/src/responder/sudo/sudosrv_get_sudorules.c @@ -136,7 +136,7 @@ static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx) cache_expire < time(NULL)) { dpreq = sss_dp_get_account_send(cli_ctx, cli_ctx->rctx, dom, false, SSS_DP_INITGROUPS, - cmd_ctx->username, 0); + cmd_ctx->username, 0, NULL); if (!dpreq) { DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory sending data provider request\n")); -- cgit