diff options
author | Fabiano Fidêncio <fidencio@redhat.com> | 2017-06-02 13:31:43 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-09-05 11:13:31 +0200 |
commit | a5e9d34fd39c0061ca284674a6fd7cad05c6056c (patch) | |
tree | 9968d7818a29eaa34e8ac869a5cfe26eb6b9de70 /src | |
parent | 9a44e78304f09961dea5148667aef24a88f10bb0 (diff) | |
download | sssd-a5e9d34fd39c0061ca284674a6fd7cad05c6056c.tar.gz sssd-a5e9d34fd39c0061ca284674a6fd7cad05c6056c.tar.xz sssd-a5e9d34fd39c0061ca284674a6fd7cad05c6056c.zip |
IPA: Use sysdb_search_*_by_orig_dn() _hbac_users.c
Methods for searching the users, groups and entries by their orig dn
have been introduced in one of the previous commit.
Let's make use of those whenever it makes sense.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ipa/ipa_hbac_users.c | 28 |
1 files changed, 7 insertions, 21 deletions
diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c index af53fa035..0ed0e7e8d 100644 --- a/src/providers/ipa/ipa_hbac_users.c +++ b/src/providers/ipa/ipa_hbac_users.c @@ -171,9 +171,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, struct hbac_rule_element *new_users = NULL; struct ldb_message_element *el = NULL; struct ldb_message **msgs = NULL; - char *filter; - char *member_dn; - const char *member_user; + const char *member_dn; const char *attrs[] = { SYSDB_NAME, NULL }; size_t num_users = 0; size_t num_groups = 0; @@ -234,20 +232,11 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, } for (i = 0; i < el->num_values; i++) { - member_user = (const char *)el->values[i].data; - ret = sss_filter_sanitize(tmp_ctx, member_user, &member_dn); - if (ret != EOK) goto done; - - filter = talloc_asprintf(member_dn, "(%s=%s)", - SYSDB_ORIG_DN, member_dn); - if (filter == NULL) { - ret = ENOMEM; - goto done; - } + member_dn = (const char *)el->values[i].data; /* First check if this is a user */ - ret = sysdb_search_users(tmp_ctx, domain, - filter, attrs, &count, &msgs); + ret = sysdb_search_users_by_orig_dn(tmp_ctx, domain, member_dn, attrs, + &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count == 0) { ret = ENOENT; @@ -257,7 +246,6 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, if (count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, "Original DN matched multiple users. Skipping \n"); - talloc_zfree(member_dn); continue; } @@ -288,8 +276,8 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, num_users++; } else { /* Check if it is a group instead */ - ret = sysdb_search_groups(tmp_ctx, domain, filter, attrs, - &count, &msgs); + ret = sysdb_search_groups_by_orig_dn(tmp_ctx, domain, member_dn, + attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; if (ret == EOK && count == 0) { ret = ENOENT; @@ -300,7 +288,6 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_CRIT_FAILURE, "Original DN matched multiple groups. " "Skipping\n"); - talloc_zfree(member_dn); continue; } @@ -336,7 +323,7 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, * we can assume it is a non-POSIX group. */ ret = get_ipa_groupname(new_users->groups, domain->sysdb, - member_user, + member_dn, &new_users->groups[num_groups]); if (ret == EOK) { DEBUG(SSSDBG_TRACE_INTERNAL, @@ -351,7 +338,6 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, } } } - talloc_zfree(member_dn); } new_users->names[num_users] = NULL; new_users->groups[num_groups] = NULL; |