summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-03-16 09:09:28 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-03-23 04:58:49 -0400
commitf43f7747d3f5612088f8b0ab50e73d8a9035ccf9 (patch)
tree7880ac912fdcd640f53e9d4ee6143a350f458615 /src
parenta31b54bf2eaf91a8a5e4d0b226cc127a972ef2ef (diff)
downloadsssd2-f43f7747d3f5612088f8b0ab50e73d8a9035ccf9.tar.gz
sssd2-f43f7747d3f5612088f8b0ab50e73d8a9035ccf9.tar.xz
sssd2-f43f7747d3f5612088f8b0ab50e73d8a9035ccf9.zip
RFC2307: Ignore aliases for groups
Groups in ldap with multiple values for their groupname attribute will now be compared against the RDN of the entry to determine the "primary" group name. We will save only this primary group name to the ldb cache.
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/sdap_async_accounts.c58
1 files changed, 35 insertions, 23 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index 7b3820e8..afa28670 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -669,15 +669,27 @@ static int sdap_save_group(TALLOC_CTX *memctx,
gid_t gid;
int ret;
char *usn_value = NULL;
+ TALLOC_CTX *tmpctx = NULL;
- ret = sysdb_attrs_get_el(attrs,
- opts->group_map[SDAP_AT_GROUP_NAME].sys_name, &el);
- if (ret) goto fail;
- if (el->num_values == 0) {
- ret = EINVAL;
+ tmpctx = talloc_new(memctx);
+ if (!tmpctx) {
+ ret = ENOMEM;
+ goto fail;
+ }
+
+ group_attrs = sysdb_new_attrs(tmpctx);
+ if (group_attrs == NULL) {
+ ret = ENOMEM;
+ goto fail;
+ }
+
+ ret = sysdb_attrs_primary_name(ctx, attrs,
+ opts->group_map[SDAP_AT_GROUP_NAME].name,
+ &name);
+ if (ret != EOK) {
+ DEBUG(1, ("Failed to save the group - entry has no name attribute\n"));
goto fail;
}
- name = (const char *)el->values[0].data;
ret = sysdb_attrs_get_uint32_t(attrs,
opts->group_map[SDAP_AT_GROUP_GID].sys_name,
@@ -697,12 +709,6 @@ static int sdap_save_group(TALLOC_CTX *memctx,
goto fail;
}
- group_attrs = sysdb_new_attrs(memctx);
- if (!group_attrs) {
- ret = ENOMEM;
- goto fail;
- }
-
ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el);
if (ret) {
goto fail;
@@ -713,7 +719,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
DEBUG(7, ("Adding original DN [%s] to attributes of [%s].\n",
el->values[0].data, name));
ret = sysdb_attrs_add_string(group_attrs, SYSDB_ORIG_DN,
- (const char *)el->values[0].data);
+ (const char *) el->values[0].data);
if (ret) {
goto fail;
}
@@ -751,7 +757,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
if (ret) {
goto fail;
}
- usn_value = talloc_strdup(memctx, (const char*)el->values[0].data);
+ usn_value = talloc_strdup(tmpctx, (const char*)el->values[0].data);
if (!usn_value) {
ret = ENOMEM;
goto fail;
@@ -792,20 +798,24 @@ static int sdap_save_group(TALLOC_CTX *memctx,
DEBUG(6, ("Storing info for group %s\n", name));
- ret = sysdb_store_group(memctx, ctx, dom,
+ ret = sysdb_store_group(group_attrs, ctx, dom,
name, gid, group_attrs,
dp_opt_get_int(opts->basic,
SDAP_ENTRY_CACHE_TIMEOUT));
if (ret) goto fail;
if (_usn_value) {
- *_usn_value = usn_value;
+ *_usn_value = talloc_steal(memctx, usn_value);
}
+ talloc_steal(memctx, group_attrs);
+ talloc_free(tmpctx);
return EOK;
fail:
- DEBUG(2, ("Failed to save user %s\n", name));
+ DEBUG(2, ("Failed to save group [%s]\n",
+ name ? name : "Unknown"));
+ talloc_free(tmpctx);
return ret;
}
@@ -1848,6 +1858,7 @@ static void sdap_nested_done(struct tevent_req *subreq)
/* ==Save-fake-group-list=====================================*/
static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
+ struct sdap_options *opts,
struct sss_domain_info *dom,
char **groupnames,
struct sysdb_attrs **ldap_groups,
@@ -1911,10 +1922,10 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
for (i=0; missing[i]; i++) {
/* The group is not in sysdb, need to add a fake entry */
for (ai=0; ai < ldap_groups_count; ai++) {
- ret = sysdb_attrs_get_string(ldap_groups[ai],
- SYSDB_NAME,
- &name);
- if (ret) {
+ ret = sysdb_attrs_primary_name(sysdb, ldap_groups[ai],
+ opts->group_map[SDAP_AT_GROUP_NAME].name,
+ &name);
+ if (ret != EOK) {
DEBUG(1, ("The group has no name attribute\n"));
goto fail;
}
@@ -2140,8 +2151,9 @@ static void sdap_initgr_rfc2307_process(struct tevent_req *subreq)
* member of but that are not cached in sysdb
*/
if (add_groups && add_groups[0]) {
- ret = sdap_add_incomplete_groups(state->sysdb, state->dom,
- add_groups, ldap_groups, count);
+ ret = sdap_add_incomplete_groups(state->sysdb, state->opts,
+ state->dom, add_groups,
+ ldap_groups, count);
if (ret != EOK) {
tevent_req_error(req, ret);
return;