diff options
author | Sumit Bose <sbose@redhat.com> | 2017-03-12 18:31:03 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-23 17:18:57 +0100 |
commit | 70c0648f021ded3d31313eb962e1ad140f242673 (patch) | |
tree | 387fd14af633f6cc6a8232178e40e031a1f93cb6 /src/providers | |
parent | 3994e8779d16db3e9fb30f03e5ecf5e811095ac2 (diff) | |
download | sssd-70c0648f021ded3d31313eb962e1ad140f242673.tar.gz sssd-70c0648f021ded3d31313eb962e1ad140f242673.tar.xz sssd-70c0648f021ded3d31313eb962e1ad140f242673.zip |
sdap_get_users_send(): new argument mapped_attrs
mapped_attrs can be a list of sysdb_attrs which are not available on
the server side but should be store with the cached user entry. This is
needed e.g. when the input to look up the user in LDAP is not an
attribute which is stored in LDAP but some data where LDAP attributes
are extracted from. The current use case is the certificate mapping
library which can create LDAP search filters based on content of the
certificate. To allow upcoming cache lookup to use the input directly it
is stored in the user object in the cache.
Related to https://pagure.io/SSSD/sssd/issue/3050
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/ldap_id.c | 4 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async.h | 3 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_enum.c | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_private.h | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 41 | ||||
-rw-r--r-- | src/providers/ldap/sdap_users.h | 1 |
7 files changed, 47 insertions, 7 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index e9455b538..898ddb186 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -442,7 +442,7 @@ static void users_get_search(struct tevent_req *req) state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, SDAP_SEARCH_TIMEOUT), - lookup_type); + lookup_type, NULL); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -507,7 +507,7 @@ static void users_get_done(struct tevent_req *subreq) ret = sdap_fallback_local_user(state, state->shortname, uid, &usr_attrs); if (ret == EOK) { ret = sdap_save_user(state, state->ctx->opts, state->domain, - usr_attrs[0], NULL, 0); + usr_attrs[0], NULL, NULL, 0); } } } diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 2ebde6b83..6e5800b42 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -90,7 +90,8 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx, const char **attrs, const char *filter, int timeout, - enum sdap_entry_lookup_type lookup_type); + enum sdap_entry_lookup_type lookup_type, + struct sysdb_attrs *mapped_attrs); int sdap_get_users_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, char **timestamp); diff --git a/src/providers/ldap/sdap_async_enum.c b/src/providers/ldap/sdap_async_enum.c index 387e53155..3f65059e1 100644 --- a/src/providers/ldap/sdap_async_enum.c +++ b/src/providers/ldap/sdap_async_enum.c @@ -635,7 +635,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), - SDAP_LOOKUP_ENUMERATE); + SDAP_LOOKUP_ENUMERATE, NULL); if (!subreq) { ret = ENOMEM; goto fail; diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 8c7a65bf3..79af7a3ed 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2991,7 +2991,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) DEBUG(SSSDBG_TRACE_ALL, "Storing the user\n"); ret = sdap_save_user(state, state->opts, state->dom, state->orig_user, - NULL, 0); + NULL, NULL, 0); if (ret) { goto fail; } diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h index 266bc0311..72507442a 100644 --- a/src/providers/ldap/sdap_async_private.h +++ b/src/providers/ldap/sdap_async_private.h @@ -94,6 +94,7 @@ int sdap_save_users(TALLOC_CTX *memctx, struct sdap_options *opts, struct sysdb_attrs **users, int num_users, + struct sysdb_attrs *mapped_attrs, char **_usn_value); int sdap_initgr_common_store(struct sysdb_ctx *sysdb, diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 87d91d824..3d957ab58 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -117,6 +117,7 @@ int sdap_save_user(TALLOC_CTX *memctx, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *attrs, + struct sysdb_attrs *mapped_attrs, char **_usn_value, time_t now) { @@ -511,6 +512,11 @@ int sdap_save_user(TALLOC_CTX *memctx, user_attrs, missing, cache_timeout, now); if (ret) goto done; + if (mapped_attrs != NULL) { + ret = sysdb_set_user_attr(dom, user_name, mapped_attrs, SYSDB_MOD_ADD); + if (ret) return ret; + } + if (_usn_value) { *_usn_value = talloc_steal(memctx, usn_value); } @@ -537,6 +543,7 @@ int sdap_save_users(TALLOC_CTX *memctx, struct sdap_options *opts, struct sysdb_attrs **users, int num_users, + struct sysdb_attrs *mapped_attrs, char **_usn_value) { TALLOC_CTX *tmpctx; @@ -565,11 +572,20 @@ int sdap_save_users(TALLOC_CTX *memctx, } in_transaction = true; + if (mapped_attrs != NULL) { + ret = sysdb_remove_mapped_data(dom, mapped_attrs); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_remove_mapped_data failed, " + "some cached entries might contain invalid mapping data.\n"); + } + } + now = time(NULL); for (i = 0; i < num_users; i++) { usn_value = NULL; - ret = sdap_save_user(tmpctx, opts, dom, users[i], &usn_value, now); + ret = sdap_save_user(tmpctx, opts, dom, users[i], mapped_attrs, + &usn_value, now); /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -868,6 +884,7 @@ struct sdap_get_users_state { char *higher_usn; struct sysdb_attrs **users; + struct sysdb_attrs *mapped_attrs; size_t count; }; @@ -883,7 +900,8 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx, const char **attrs, const char *filter, int timeout, - enum sdap_entry_lookup_type lookup_type) + enum sdap_entry_lookup_type lookup_type, + struct sysdb_attrs *mapped_attrs) { errno_t ret; struct tevent_req *req; @@ -900,6 +918,23 @@ struct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx, state->filter = filter; PROBE(SDAP_SEARCH_USER_SEND, state->filter); + if (mapped_attrs == NULL) { + state->mapped_attrs = NULL; + } else { + state->mapped_attrs = sysdb_new_attrs(state); + if (state->mapped_attrs == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n"); + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_copy(mapped_attrs, state->mapped_attrs); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_copy failed.\n"); + goto done; + } + } + subreq = sdap_search_user_send(state, ev, dom, opts, search_bases, sh, attrs, filter, timeout, lookup_type); if (subreq == NULL) { @@ -938,9 +973,11 @@ static void sdap_get_users_done(struct tevent_req *subreq) } PROBE(SDAP_SEARCH_USER_SAVE_BEGIN, state->filter); + ret = sdap_save_users(state, state->sysdb, state->dom, state->opts, state->users, state->count, + state->mapped_attrs, &state->higher_usn); PROBE(SDAP_SEARCH_USER_SAVE_END, state->filter); if (ret) { diff --git a/src/providers/ldap/sdap_users.h b/src/providers/ldap/sdap_users.h index 78dafb31a..a6d088a6d 100644 --- a/src/providers/ldap/sdap_users.h +++ b/src/providers/ldap/sdap_users.h @@ -34,6 +34,7 @@ int sdap_save_user(TALLOC_CTX *memctx, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *attrs, + struct sysdb_attrs *mapped_attrs, char **_usn_value, time_t now); |