summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2016-04-19 15:10:05 +0200
committerJakub Hrozek <jhrozek@redhat.com>2016-07-07 10:28:21 +0200
commit26c722d568b0061e0f1edb8d07093bf051d76083 (patch)
treebf558aa5b89295552bbe004502e7d0eacd888bf7
parent6181113ea79806a414aadc580e6e241a6b317763 (diff)
downloadsssd-26c722d568b0061e0f1edb8d07093bf051d76083.tar.gz
sssd-26c722d568b0061e0f1edb8d07093bf051d76083.tar.xz
sssd-26c722d568b0061e0f1edb8d07093bf051d76083.zip
SSS_OVERRIDE: Fixes for fully qualified names
Use sss_create_internal_fqname for internal cache lookups. Because the object's existence is verified using getpw* and getgr*, we keep using sss_tc_fqname there, just to feed the NSS interface the expected qualified or unqualified name format. Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat
-rw-r--r--src/tools/sss_cache.c3
-rw-r--r--src/tools/sss_override.c146
2 files changed, 87 insertions, 62 deletions
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index e44da5d48..8b1e82db1 100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -406,7 +406,8 @@ static errno_t update_all_filters(struct cache_tool_ctx *tctx,
/* Update sudo rule filter */
ret = update_filter(tctx, dinfo, tctx->sudo_rule_name,
- tctx->update_sudo_rule_filter, "(%s=%s)", false,
+ tctx->update_sudo_rule_filter,
+ "(%s=%s)", TYPE_SUDO_RULE, false,
&tctx->sudo_rule_filter);
if (ret != EOK) {
return ret;
diff --git a/src/tools/sss_override.c b/src/tools/sss_override.c
index fafed6dad..e497d12b9 100644
--- a/src/tools/sss_override.c
+++ b/src/tools/sss_override.c
@@ -32,6 +32,7 @@
struct override_user {
const char *input_name;
const char *orig_name;
+ const char *sysdb_name;
struct sss_domain_info *domain;
const char *name;
@@ -46,6 +47,7 @@ struct override_user {
struct override_group {
const char *input_name;
const char *orig_name;
+ const char *sysdb_name;
struct sss_domain_info *domain;
const char *name;
@@ -295,6 +297,7 @@ static char *build_anchor(TALLOC_CTX *mem_ctx, const char *obj_dn)
}
static struct sysdb_attrs *build_attrs(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *dom,
const char *name,
uid_t uid,
gid_t gid,
@@ -305,6 +308,7 @@ static struct sysdb_attrs *build_attrs(TALLOC_CTX *mem_ctx,
{
struct sysdb_attrs *attrs;
errno_t ret;
+ char *fqname;
attrs = sysdb_new_attrs(mem_ctx);
if (attrs == NULL) {
@@ -312,7 +316,13 @@ static struct sysdb_attrs *build_attrs(TALLOC_CTX *mem_ctx,
}
if (name != NULL) {
- ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, name);
+ fqname = sss_create_internal_fqname(attrs, name, dom->name);
+ if (fqname == NULL) {
+ return NULL;
+ }
+
+ ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, fqname);
+ talloc_free(fqname);
if (ret != EOK) {
goto done;
}
@@ -374,76 +384,55 @@ done:
static struct sysdb_attrs *build_user_attrs(TALLOC_CTX *mem_ctx,
struct override_user *user)
{
- return build_attrs(mem_ctx, user->name, user->uid, user->gid, user->home,
- user->shell, user->gecos, user->cert);
+ return build_attrs(mem_ctx, user->domain, user->name, user->uid, user->gid,
+ user->home, user->shell, user->gecos, user->cert);
}
static struct sysdb_attrs *build_group_attrs(TALLOC_CTX *mem_ctx,
struct override_group *group)
{
- return build_attrs(mem_ctx, group->name, 0, group->gid, 0, NULL, NULL, NULL);
+ return build_attrs(mem_ctx, group->domain, group->name, 0, group->gid,
+ 0, NULL, NULL, NULL);
}
static char *get_fqname(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name)
{
- char *fqname;
- int fqlen;
- int check;
+ char *fqname = NULL;
char *dummy_domain = NULL;
errno_t ret;
+ TALLOC_CTX *tmp_ctx;
+ char *shortname;
+ struct sss_domain_info *dom;
if (domain == NULL || domain->names == NULL) {
return NULL;
}
- /* check if the name already contains domain part */
- ret = sss_parse_name(mem_ctx, domain->names, name, &dummy_domain, NULL);
- if (ret == ERR_REGEX_NOMATCH) {
- DEBUG(SSSDBG_TRACE_FUNC,
- "sss_parse_name could not parse domain from [%s]. "
- "Assuming it is not FQDN.\n", name);
- } else if (ret != EOK) {
- DEBUG(SSSDBG_TRACE_FUNC,
- "sss_parse_name failed [%d]: %s\n", ret, sss_strerror(ret));
- return NULL;
- }
-
- if (dummy_domain != NULL) {
- talloc_free(dummy_domain);
- DEBUG(SSSDBG_TRACE_FUNC, "Name is already fully qualified.\n");
- fqname = talloc_strdup(mem_ctx, name);
- if (fqname == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
- return NULL;
- }
-
- return fqname;
- }
-
- /* Get length. */
- fqlen = sss_fqname(NULL, 0, domain->names, domain, name);
- if (fqlen > 0) {
- fqlen++; /* \0 */
- } else {
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
return NULL;
}
- fqname = talloc_zero_array(mem_ctx, char, fqlen);
- if (fqname == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero_array() failed\n");
- return NULL;
+ /* the name stored in sysdb already contains the lowercased domain */
+ ret = sss_parse_internal_fqname(tmp_ctx, name, &shortname, &dummy_domain);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "sss_parse_internal_fqname failed [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto done;
}
- check = sss_fqname(fqname, fqlen, domain->names, domain, name);
- if (check < 0 || check != fqlen - 1) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Failed to generate a fully qualified name "
- "for user [%s] in [%s]! Skipping user.\n", name, domain->name);
- talloc_free(fqname);
- return NULL;
+ dom = find_domain_by_name(get_domains_head(domain), dummy_domain, true);
+ if (dom == NULL) {
+ goto done;
}
+ /* Get length. */
+ fqname = sss_tc_fqname(mem_ctx, dom->names, dom, shortname);
+done:
+ talloc_free(tmp_ctx);
return fqname;
}
@@ -455,7 +444,7 @@ static char *get_sysname(TALLOC_CTX *mem_ctx,
return talloc_strdup(mem_ctx, name);
}
- return get_fqname(mem_ctx, domain, name);
+ return sss_tc_fqname(mem_ctx, domain->names, domain, name);
}
static struct sss_domain_info *
@@ -469,6 +458,7 @@ get_object_domain(enum sysdb_member_type type,
struct ldb_result *res;
const char *strtype;
char *sysname;
+ char *fqname = NULL;
bool check_next;
errno_t ret;
@@ -513,17 +503,24 @@ get_object_domain(enum sysdb_member_type type,
}
do {
+ talloc_zfree(fqname);
+ fqname = sss_create_internal_fqname(tmp_ctx, name, dom->name);
+ if (fqname == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
switch (type) {
case SYSDB_MEMBER_USER:
DEBUG(SSSDBG_TRACE_FUNC, "Trying to find user %s@%s\n",
name, dom->name);
- ret = sysdb_getpwnam(tmp_ctx, dom, name, &res);
+ ret = sysdb_getpwnam(tmp_ctx, dom, fqname, &res);
strtype = "user";
break;
case SYSDB_MEMBER_GROUP:
DEBUG(SSSDBG_TRACE_FUNC, "Trying to find group %s@%s\n",
name, dom->name);
- ret = sysdb_getgrnam(tmp_ctx, dom, name, &res);
+ ret = sysdb_getgrnam(tmp_ctx, dom, fqname, &res);
strtype = "group";
break;
default:
@@ -588,6 +585,12 @@ static errno_t get_user_domain_msg(struct sss_tool_ctx *tool_ctx,
return ENOENT;
}
+ user->sysdb_name = sss_create_internal_fqname(tool_ctx, user->orig_name,
+ newdom->name);
+ if (user->sysdb_name == NULL) {
+ return ENOMEM;
+ }
+
user->domain = newdom;
return EOK;
}
@@ -607,6 +610,12 @@ static errno_t get_group_domain_msg(struct sss_tool_ctx *tool_ctx,
return ENOENT;
}
+ group->sysdb_name = sss_create_internal_fqname(tool_ctx, group->orig_name,
+ newdom->name);
+ if (group->sysdb_name == NULL) {
+ return ENOMEM;
+ }
+
group->domain = newdom;
return EOK;
}
@@ -797,7 +806,7 @@ static errno_t override_user(struct sss_tool_ctx *tool_ctx,
}
ret = override_object_add(user.domain, SYSDB_MEMBER_USER, attrs,
- user.orig_name);
+ user.sysdb_name);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add override object.\n");
goto done;
@@ -846,7 +855,7 @@ static errno_t override_group(struct sss_tool_ctx *tool_ctx,
}
ret = override_object_add(group.domain, SYSDB_MEMBER_GROUP, attrs,
- group.orig_name);
+ group.sysdb_name);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add override object.\n");
goto done;
@@ -1119,6 +1128,8 @@ list_user_overrides(TALLOC_CTX *mem_ctx,
errno_t ret;
const char *attrs[] = SYSDB_PW_ATTRS;
struct ldb_message_element *el;
+ const char *fqname;
+ char *name;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
@@ -1147,7 +1158,14 @@ list_user_overrides(TALLOC_CTX *mem_ctx,
goto done;
}
- objs[i].name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
+ fqname = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
+ ret = sss_parse_internal_fqname(tmp_ctx, fqname, &name, NULL);
+ if (ret != EOK) {
+ ret = ERR_WRONG_NAME_FORMAT;
+ goto done;
+ }
+ objs[i].name = talloc_steal(objs, name);
+
objs[i].uid = ldb_msg_find_attr_as_uint(msgs[i], SYSDB_UIDNUM, 0);
objs[i].gid = ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0);
objs[i].home = ldb_msg_find_attr_as_string(msgs[i], SYSDB_HOMEDIR, NULL);
@@ -1169,7 +1187,6 @@ list_user_overrides(TALLOC_CTX *mem_ctx,
}
talloc_steal(objs, objs[i].orig_name);
- talloc_steal(objs, objs[i].name);
talloc_steal(objs, objs[i].home);
talloc_steal(objs, objs[i].shell);
talloc_steal(objs, objs[i].gecos);
@@ -1199,6 +1216,8 @@ list_group_overrides(TALLOC_CTX *mem_ctx,
size_t i;
errno_t ret;
const char *attrs[] = SYSDB_GRSRC_ATTRS;
+ const char *fqname;
+ char *name;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
@@ -1226,12 +1245,17 @@ list_group_overrides(TALLOC_CTX *mem_ctx,
ret = ERR_INTERNAL;
goto done;
}
+ talloc_steal(objs, objs[i].orig_name);
- objs[i].name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
- objs[i].gid = ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0);
+ fqname = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
+ ret = sss_parse_internal_fqname(tmp_ctx, fqname, &name, NULL);
+ if (ret != EOK) {
+ ret = ERR_WRONG_NAME_FORMAT;
+ goto done;
+ }
+ objs[i].name = talloc_steal(objs, name);
- talloc_steal(objs, objs[i].orig_name);
- talloc_steal(objs, objs[i].name);
+ objs[i].gid = ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0);
}
talloc_steal(mem_ctx, objs);
@@ -1424,7 +1448,7 @@ static int override_user_del(struct sss_cmdline *cmdline,
return ret;
}
- ret = override_object_del(user.domain, SYSDB_MEMBER_USER, user.orig_name);
+ ret = override_object_del(user.domain, SYSDB_MEMBER_USER, user.sysdb_name);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to delete override object.\n");
return ret;
@@ -1493,7 +1517,7 @@ static int override_user_show(struct sss_cmdline *cmdline,
}
ret = get_object_dn(tmp_ctx, input.domain, SYSDB_MEMBER_USER,
- input.orig_name, NULL, &dn);
+ input.sysdb_name, NULL, &dn);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get object dn\n");
goto done;
@@ -1680,7 +1704,7 @@ static int override_group_del(struct sss_cmdline *cmdline,
}
ret = override_object_del(group.domain, SYSDB_MEMBER_GROUP,
- group.orig_name);
+ group.sysdb_name);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to delete override object.\n");
return ret;
@@ -1749,7 +1773,7 @@ static int override_group_show(struct sss_cmdline *cmdline,
}
ret = get_object_dn(tmp_ctx, input.domain, SYSDB_MEMBER_GROUP,
- input.orig_name, NULL, &dn);
+ input.sysdb_name, NULL, &dn);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get object dn\n");
goto done;
generated by cgit (git 2.34.1) at 2024-04-25 07:09:24 +0000