diff options
author | Michal Zidek <mzidek@redhat.com> | 2016-06-15 16:51:34 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-07 10:24:43 +0200 |
commit | 66acb466af7493a05bf6292f01747c4e8abcc3ef (patch) | |
tree | c9508e90db56a3ba11855ccb00867783d2dc3d07 /src/db | |
parent | 214d96a3f10ef27da28c0977977961611b6b441f (diff) | |
download | sssd-66acb466af7493a05bf6292f01747c4e8abcc3ef.tar.gz sssd-66acb466af7493a05bf6292f01747c4e8abcc3ef.tar.xz sssd-66acb466af7493a05bf6292f01747c4e8abcc3ef.zip |
SYSDB: convert sysdb_group_membership_mod to operate on qualified names
This patch infers the member domain from the FQDN to allow the function
to add group members from different domains.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb_ops.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 34e8a5ef4..4755ea342 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2875,16 +2875,36 @@ sysdb_group_membership_mod(struct sss_domain_info *domain, { struct ldb_dn *group_dn; struct ldb_dn *member_dn; + char *member_domname; + struct sss_domain_info *member_dom; int ret; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } + ret = sss_parse_internal_fqname(tmp_ctx, member, + NULL, &member_domname); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to parser internal fqname '%s' [%d]: %s\n", + member, ret, sss_strerror(ret)); + goto done; + } + + member_dom = find_domain_by_name(get_domains_head(domain), + member_domname, false); + if (member_dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Domain [%s] was not found\n", member_domname); + ret = EINVAL; + goto done; + } + if (type == SYSDB_MEMBER_USER) { - member_dn = sysdb_user_dn(tmp_ctx, domain, member); + member_dn = sysdb_user_dn(tmp_ctx, member_dom, member); } else if (type == SYSDB_MEMBER_GROUP) { - member_dn = sysdb_group_dn(tmp_ctx, domain, member); + member_dn = sysdb_group_dn(tmp_ctx, member_dom, member); } else { ret = EINVAL; goto done; |