diff options
author | Sumit Bose <sbose@redhat.com> | 2016-04-08 14:43:22 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-04-13 13:14:48 +0200 |
commit | e6e2d1575ac7feb3494649f94ef51ef13cbdce48 (patch) | |
tree | 80ff8d108d93df16e9cfbfae19c805b9fa59ae04 | |
parent | d0d7de66c9494621c1bc12384e41e5e38a77fbeb (diff) | |
download | sssd-e6e2d1575ac7feb3494649f94ef51ef13cbdce48.tar.gz sssd-e6e2d1575ac7feb3494649f94ef51ef13cbdce48.tar.xz sssd-e6e2d1575ac7feb3494649f94ef51ef13cbdce48.zip |
sss_override: do not generate DN, search object
DNs of existing objects can not be generate reliable because the use of
fully qualified names and upper and lower cases in names has to be
considered. The most reliable way to get the DN is to search the object
and take the DN from the result.
Resolves:
https://fedorahosted.org/sssd/ticket/2989
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
-rw-r--r-- | src/tools/sss_override.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/src/tools/sss_override.c b/src/tools/sss_override.c index 3eb119195..c8d3e55c1 100644 --- a/src/tools/sss_override.c +++ b/src/tools/sss_override.c @@ -584,6 +584,7 @@ static errno_t get_object_dn(TALLOC_CTX *mem_ctx, struct ldb_dn *ldb_dn; const char *str_dn; errno_t ret; + struct ldb_result *res; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -593,17 +594,36 @@ static errno_t get_object_dn(TALLOC_CTX *mem_ctx, switch (type) { case SYSDB_MEMBER_USER: - ldb_dn = sysdb_user_dn(tmp_ctx, domain, name); - break; + ret = sysdb_getpwnam(tmp_ctx, domain, name, &res); + break; case SYSDB_MEMBER_GROUP: - ldb_dn = sysdb_group_dn(tmp_ctx, domain, name); - break; + ret = sysdb_getgrnam(tmp_ctx, domain, name, &res); + break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported member type %d\n", type); - ret = ERR_INTERNAL; - goto done; + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported member type %d\n", type); + ret = ERR_INTERNAL; + goto done; } + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to look up original object in cache.\n"); + goto done; + } + + if (res->count == 0) { + DEBUG(SSSDBG_MINOR_FAILURE, "Original object not found in cache.\n"); + ret = ENOENT; + goto done; + } else if (res->count > 1) { + DEBUG(SSSDBG_CRIT_FAILURE, + "There are multiple object with name [%s] in the cache.\n", name); + ret = EINVAL; + goto done; + } + + ldb_dn = res->msgs[0]->dn; + if (ldb_dn == NULL) { ret = ENOMEM; goto done; |