diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-04-19 17:44:06 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-02 19:33:56 +0200 |
| commit | 1e72a17f6527d47968032fc928f489dad10705ea (patch) | |
| tree | 119fae33a671731eb6b5aed0bf64f39f55d553ce | |
| parent | 498dcbdfdfffa1aee65d53e83c7eafd5e3b084a5 (diff) | |
| download | sssd2-1e72a17f6527d47968032fc928f489dad10705ea.tar.gz sssd2-1e72a17f6527d47968032fc928f489dad10705ea.tar.xz sssd2-1e72a17f6527d47968032fc928f489dad10705ea.zip | |
sysdb: add sysdb_search_object_by_sid()
The patch add a new sysdb to find objects based on their SID. Currently
only the basic attributes needed to map SIDs to POSIX IDs and names are
requested, but this list can be extended for future use cases.
| -rw-r--r-- | src/db/sysdb.h | 8 | ||||
| -rw-r--r-- | src/db/sysdb_ops.c | 54 |
2 files changed, 62 insertions, 0 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index fb5e6450..e91143c1 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -154,6 +154,8 @@ #define SYSDB_NETGR_FILTER "(&("SYSDB_NC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" #define SYSDB_NETGR_TRIPLES_FILTER "(|("SYSDB_NAME"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_MEMBEROF"=%s))" +#define SYSDB_SID_FILTER "(&(|("SYSDB_UC")("SYSDB_GC"))("SYSDB_SID_STR"=%s))" + #define SYSDB_HAS_ENUMERATED "has_enumerated" #define SYSDB_DEFAULT_ATTRS SYSDB_LAST_UPDATE, \ @@ -848,4 +850,10 @@ errno_t sysdb_idmap_get_mappings(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, struct ldb_result **_result); +errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_result **msg); #endif /* __SYS_DB_H__ */ diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 45a7265c..710a23b0 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -3174,3 +3174,57 @@ done: talloc_free(msg); return ret; } + +errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sid_str, + const char **attrs, + struct ldb_result **msg) +{ + TALLOC_CTX *tmp_ctx; + const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, SYSDB_GIDNUM, + SYSDB_OBJECTCLASS, NULL }; + struct ldb_dn *basedn; + int ret; + struct ldb_result *res = NULL; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain->name); + if (basedn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("ldb_dn_new_fmt failed.\n")); + ret = ENOMEM; + goto done; + } + + ret = ldb_search(sysdb->ldb, tmp_ctx, &res, + basedn, LDB_SCOPE_SUBTREE, attrs?attrs:def_attrs, + SYSDB_SID_FILTER, sid_str); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("ldb_search failed.\n")); + goto done; + } + + if (res->count > 1) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Search for SID [%s] returned more than " \ + "one object.\n", sid_str)); + ret = EINVAL; + goto done; + } + + *msg = talloc_steal(mem_ctx, res); + +done: + if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_FUNC, ("No such entry.\n")); + } else if (ret) { + DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret))); + } + + talloc_zfree(tmp_ctx); + return ret; +} |