diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-04-19 12:22:03 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-02 19:33:56 +0200 |
| commit | 1ae6d34788fd6ac2278be52b60d77c77073d98f3 (patch) | |
| tree | 04138c422f8c6fe60eeb9aaeec5e3cda18e84046 | |
| parent | 5a6e3cb57cf2d8d4118b58be0574cccea171ca19 (diff) | |
| download | sssd2-1ae6d34788fd6ac2278be52b60d77c77073d98f3.tar.gz sssd2-1ae6d34788fd6ac2278be52b60d77c77073d98f3.tar.xz sssd2-1ae6d34788fd6ac2278be52b60d77c77073d98f3.zip | |
LDAP: always store SID if available
Currently the string representation of a SID is only stored in the cache
for debugging purpose if SID based ID-mapping is used. This patch
unconditionally stores the SID if available to allow SID-to-name
mappings from the cache.
| -rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 49 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_users.c | 42 |
2 files changed, 58 insertions, 33 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index bb88d6c4..cb30d4bb 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -458,34 +458,41 @@ static int sdap_save_group(TALLOC_CTX *memctx, } DEBUG(SSSDBG_TRACE_FUNC, ("Processing group %s\n", name)); - if (use_id_mapping) { - posix_group = true; - - DEBUG(SSSDBG_TRACE_LIBS, - ("Mapping group [%s] objectSID to unix ID\n", name)); - - ret = sdap_attrs_get_sid_str( - tmpctx, opts->idmap_ctx, attrs, - opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, - &sid_str); + /* Always store SID string if available */ + ret = sdap_attrs_get_sid_str(tmpctx, opts->idmap_ctx, attrs, + opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, + &sid_str); + if (ret == EOK) { + ret = sysdb_attrs_add_string(group_attrs, SYSDB_SID_STR, sid_str); if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not identify objectSID: [%s]\n", - strerror(ret))); + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add SID string: [%s]\n", + strerror(ret))); goto done; } + } else if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, ("objectSID: not available for group [%s].\n", + name)); + sid_str = NULL; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not identify objectSID: [%s]\n", + strerror(ret))); + sid_str = NULL; + } - /* Add string representation to the cache for easier - * debugging - */ - ret = sysdb_attrs_add_string(group_attrs, SYSDB_SID_STR, sid_str); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not add SID string: [%s]\n", - strerror(ret))); + if (use_id_mapping) { + posix_group = true; + + if (sid_str == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, ("SID not available, cannot map a " \ + "unix ID to group [%s].\n", name)); + ret = ENOENT; goto done; } + DEBUG(SSSDBG_TRACE_LIBS, + ("Mapping group [%s] objectSID [%s] to unix ID\n", + name, sid_str)); + /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &gid); if (ret == ENOTSUP) { diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index ccd2f24e..68e646cb 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -132,22 +132,40 @@ int sdap_save_user(TALLOC_CTX *memctx, if (el->num_values == 0) shell = NULL; else shell = (const char *)el->values[0].data; + /* Always store SID string if available */ + ret = sdap_attrs_get_sid_str(tmpctx, opts->idmap_ctx, attrs, + opts->user_map[SDAP_AT_USER_OBJECTSID].sys_name, + &sid_str); + if (ret == EOK) { + ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, sid_str); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add SID string: [%s]\n", + strerror(ret))); + goto done; + } + } else if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, ("objectSID: not available for group [%s].\n", + name)); + sid_str = NULL; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not identify objectSID: [%s]\n", + strerror(ret))); + sid_str = NULL; + } + + /* Retrieve or map the UID as appropriate */ if (use_id_mapping) { - DEBUG(SSSDBG_TRACE_LIBS, - ("Mapping user [%s] objectSID to unix ID\n", name)); - ret = sdap_attrs_get_sid_str( - tmpctx, opts->idmap_ctx, attrs, - opts->user_map[SDAP_AT_USER_OBJECTSID].sys_name, - &sid_str); - if (ret != EOK) goto done; + if (sid_str == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, ("SID not available, cannot map a " \ + "unix ID to user [%s].\n", name)); + ret = ENOENT; + goto done; + } - /* Add string representation to the cache for easier - * debugging - */ - ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, sid_str); - if (ret != EOK) goto done; + DEBUG(SSSDBG_TRACE_LIBS, + ("Mapping user [%s] objectSID [%s] to unix ID\n", name, sid_str)); /* Convert the SID into a UNIX user ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid); |