summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2016-03-29 14:12:11 +0200
committerJakub Hrozek <jhrozek@redhat.com>2016-07-07 10:26:29 +0200
commit9b29f86df7a29249ef8f485eedb8db515381c0de (patch)
treec7a60e417c70d30ce46019a87fca8181a0e411da /src/providers/ldap
parent8e8dda8561e89276a891495ae84eefe2b2170193 (diff)
downloadsssd-9b29f86df7a29249ef8f485eedb8db515381c0de.tar.gz
sssd-9b29f86df7a29249ef8f485eedb8db515381c0de.tar.xz
sssd-9b29f86df7a29249ef8f485eedb8db515381c0de.zip
LDAP: Rename DP filter value from name to filter_value
filter_value is a better name, because we don't look just by name, the same variable is used to look up certificates etc. Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/ldap_id.c111
-rw-r--r--src/providers/ldap/sdap_async.h2
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c16
3 files changed, 66 insertions, 63 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 49ce9db48..9cd215c64 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -48,7 +48,7 @@ struct users_get_state {
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
- const char *name;
+ const char *filter_value;
int filter_type;
char *filter;
@@ -71,7 +71,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
struct sdap_id_ctx *ctx,
struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
- const char *name,
+ const char *filter_value,
int filter_type,
const char *extra_value,
int attrs_type,
@@ -80,7 +80,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
struct tevent_req *req;
struct users_get_state *state;
const char *attr_name = NULL;
- char *clean_name = NULL;
+ char *clean_value = NULL;
char *endptr;
int ret;
uid_t uid;
@@ -107,7 +107,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
state->domain = sdom->dom;
state->sysdb = sdom->dom->sysdb;
- state->name = name;
+ state->filter_value = filter_value;
state->filter_type = filter_type;
state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
@@ -117,7 +117,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
switch (filter_type) {
case BE_FILTER_WILDCARD:
attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name;
- ret = sss_filter_sanitize_ex(state, name, &clean_name,
+ ret = sss_filter_sanitize_ex(state, filter_value, &clean_value,
LDAP_ALLOWED_WILDCARDS);
if (ret != EOK) {
goto done;
@@ -129,7 +129,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
} else {
attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name;
}
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_filter_sanitize(state, filter_value, &clean_value);
if (ret != EOK) {
goto done;
}
@@ -139,7 +139,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
/* If we're ID-mapping, we need to use the objectSID
* in the search filter.
*/
- uid = strtouint32(name, &endptr, 10);
+ uid = strtouint32(filter_value, &endptr, 10);
if (errno != EOK) {
ret = EINVAL;
goto done;
@@ -151,7 +151,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
if (err == IDMAP_NO_DOMAIN) {
DEBUG(SSSDBG_MINOR_FAILURE,
"[%s] did not match any configured ID mapping domain\n",
- name);
+ filter_value);
ret = sysdb_delete_user(state->domain, NULL, uid);
if (ret == ENOENT) {
@@ -163,13 +163,13 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
} else if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Mapping ID [%s] to SID failed: [%s]\n",
- name, idmap_error_string(err));
+ filter_value, idmap_error_string(err));
ret = EIO;
goto done;
}
attr_name = ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
- ret = sss_filter_sanitize(state, sid, &clean_name);
+ ret = sss_filter_sanitize(state, sid, &clean_value);
sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid);
if (ret != EOK) {
goto done;
@@ -177,7 +177,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
} else {
attr_name = ctx->opts->user_map[SDAP_AT_USER_UID].name;
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_filter_sanitize(state, filter_value, &clean_value);
if (ret != EOK) {
goto done;
}
@@ -186,7 +186,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
case BE_FILTER_SECID:
attr_name = ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_filter_sanitize(state, filter_value, &clean_value);
if (ret != EOK) {
goto done;
}
@@ -200,7 +200,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
goto done;
}
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_filter_sanitize(state, filter_value, &clean_value);
if (ret != EOK) {
goto done;
}
@@ -214,7 +214,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
goto done;
}
- ret = sss_cert_derb64_to_ldap_filter(state, name, attr_name,
+ ret = sss_cert_derb64_to_ldap_filter(state, filter_value, attr_name,
&user_filter);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
@@ -234,8 +234,8 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
}
if (user_filter == NULL) {
- user_filter = talloc_asprintf(state, "(%s=%s)", attr_name, clean_name);
- talloc_free(clean_name);
+ user_filter = talloc_asprintf(state, "(%s=%s)", attr_name, clean_value);
+ talloc_free(clean_value);
if (user_filter == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
@@ -457,13 +457,13 @@ static void users_get_done(struct tevent_req *subreq)
switch (state->filter_type) {
case BE_FILTER_NAME:
- name = state->name;
+ name = state->filter_value;
uid = -1;
fallback = true;
break;
case BE_FILTER_IDNUM:
- uid = (uid_t) strtouint32(state->name, &endptr, 10);
- if (errno || *endptr || (state->name == endptr)) {
+ uid = (uid_t) strtouint32(state->filter_value, &endptr, 10);
+ if (errno || *endptr || (state->filter_value == endptr)) {
tevent_req_error(req, errno ? errno : EINVAL);
return;
}
@@ -496,7 +496,7 @@ static void users_get_done(struct tevent_req *subreq)
tevent_req_error(req, ret);
return;
case BE_FILTER_NAME:
- ret = sysdb_delete_user(state->domain, state->name, 0);
+ ret = sysdb_delete_user(state->domain, state->filter_value, 0);
if (ret != EOK && ret != ENOENT) {
tevent_req_error(req, ret);
return;
@@ -504,8 +504,8 @@ static void users_get_done(struct tevent_req *subreq)
break;
case BE_FILTER_IDNUM:
- uid = (uid_t) strtouint32(state->name, &endptr, 10);
- if (errno || *endptr || (state->name == endptr)) {
+ uid = (uid_t) strtouint32(state->filter_value, &endptr, 10);
+ if (errno || *endptr || (state->filter_value == endptr)) {
tevent_req_error(req, errno ? errno : EINVAL);
return;
}
@@ -531,7 +531,7 @@ static void users_get_done(struct tevent_req *subreq)
break;
case BE_FILTER_CERT:
- ret = sysdb_remove_cert(state->domain, state->name);
+ ret = sysdb_remove_cert(state->domain, state->filter_value);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to remove user certificate"
"[%d]: %s\n", ret, sss_strerror(ret));
@@ -580,7 +580,7 @@ struct groups_get_state {
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
- const char *name;
+ const char *filter_value;
int filter_type;
char *filter;
@@ -604,7 +604,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
struct sdap_id_ctx *ctx,
struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
- const char *name,
+ const char *filter_value,
int filter_type,
int attrs_type,
bool noexist_delete,
@@ -613,7 +613,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
struct tevent_req *req;
struct groups_get_state *state;
const char *attr_name = NULL;
- char *clean_name;
+ char *clean_value;
char *endptr;
int ret;
gid_t gid;
@@ -642,7 +642,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
state->domain = sdom->dom;
state->sysdb = sdom->dom->sysdb;
- state->name = name;
+ state->filter_value = filter_value;
state->filter_type = filter_type;
state->use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
@@ -653,7 +653,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
switch(filter_type) {
case BE_FILTER_WILDCARD:
attr_name = ctx->opts->group_map[SDAP_AT_GROUP_NAME].name;
- ret = sss_filter_sanitize_ex(state, name, &clean_name,
+ ret = sss_filter_sanitize_ex(state, filter_value, &clean_value,
LDAP_ALLOWED_WILDCARDS);
if (ret != EOK) {
goto done;
@@ -662,7 +662,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
case BE_FILTER_NAME:
attr_name = ctx->opts->group_map[SDAP_AT_GROUP_NAME].name;
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_filter_sanitize(state, filter_value, &clean_value);
if (ret != EOK) {
goto done;
}
@@ -672,7 +672,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
/* If we're ID-mapping, we need to use the objectSID
* in the search filter.
*/
- gid = strtouint32(name, &endptr, 10);
+ gid = strtouint32(filter_value, &endptr, 10);
if (errno != EOK) {
ret = EINVAL;
goto done;
@@ -684,7 +684,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
if (err == IDMAP_NO_DOMAIN) {
DEBUG(SSSDBG_MINOR_FAILURE,
"[%s] did not match any configured ID mapping domain\n",
- name);
+ filter_value);
ret = sysdb_delete_group(state->domain, NULL, gid);
if (ret == ENOENT) {
@@ -696,13 +696,13 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
} else if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Mapping ID [%s] to SID failed: [%s]\n",
- name, idmap_error_string(err));
+ filter_value, idmap_error_string(err));
ret = EIO;
goto done;
}
attr_name = ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name;
- ret = sss_filter_sanitize(state, sid, &clean_name);
+ ret = sss_filter_sanitize(state, sid, &clean_value);
sss_idmap_free_sid(ctx->opts->idmap_ctx->map, sid);
if (ret != EOK) {
goto done;
@@ -710,7 +710,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
} else {
attr_name = ctx->opts->group_map[SDAP_AT_GROUP_GID].name;
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_filter_sanitize(state, filter_value, &clean_value);
if (ret != EOK) {
goto done;
}
@@ -719,7 +719,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
case BE_FILTER_SECID:
attr_name = ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name;
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_filter_sanitize(state, filter_value, &clean_value);
if (ret != EOK) {
goto done;
}
@@ -733,7 +733,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
goto done;
}
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_filter_sanitize(state, filter_value, &clean_value);
if (ret != EOK) {
goto done;
}
@@ -763,18 +763,18 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
state->filter = talloc_asprintf(state,
"(&(%s=%s)(%s)(%s=*))",
- attr_name, clean_name, oc_list,
+ attr_name, clean_value, oc_list,
ctx->opts->group_map[SDAP_AT_GROUP_NAME].name);
} else {
state->filter = talloc_asprintf(state,
"(&(%s=%s)(%s)(%s=*)(&(%s=*)(!(%s=0))))",
- attr_name, clean_name, oc_list,
+ attr_name, clean_value, oc_list,
ctx->opts->group_map[SDAP_AT_GROUP_NAME].name,
ctx->opts->group_map[SDAP_AT_GROUP_GID].name,
ctx->opts->group_map[SDAP_AT_GROUP_GID].name);
}
- talloc_zfree(clean_name);
+ talloc_zfree(clean_value);
if (!state->filter) {
DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
@@ -974,7 +974,7 @@ static void groups_get_done(struct tevent_req *subreq)
tevent_req_error(req, ret);
return;
case BE_FILTER_NAME:
- ret = sysdb_delete_group(state->domain, state->name, 0);
+ ret = sysdb_delete_group(state->domain, state->filter_value, 0);
if (ret != EOK && ret != ENOENT) {
tevent_req_error(req, ret);
return;
@@ -982,8 +982,8 @@ static void groups_get_done(struct tevent_req *subreq)
break;
case BE_FILTER_IDNUM:
- gid = (gid_t) strtouint32(state->name, &endptr, 10);
- if (errno || *endptr || (state->name == endptr)) {
+ gid = (gid_t) strtouint32(state->filter_value, &endptr, 10);
+ if (errno || *endptr || (state->filter_value == endptr)) {
tevent_req_error(req, errno ? errno : EINVAL);
return;
}
@@ -1049,8 +1049,8 @@ struct groups_by_user_state {
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
- const char *name;
- int name_type;
+ const char *filter_value;
+ int filter_type;
const char *extra_value;
const char **attrs;
@@ -1102,8 +1102,8 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
struct sdap_id_ctx *ctx,
struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
- const char *name,
- int name_type,
+ const char *filter_value,
+ int filter_type,
const char *extra_value,
bool noexist_delete)
{
@@ -1128,8 +1128,8 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
goto fail;
}
- state->name = name;
- state->name_type = name_type;
+ state->filter_value = filter_value;
+ state->filter_type = filter_type;
state->extra_value = extra_value;
state->domain = sdom->dom;
state->sysdb = sdom->dom->sysdb;
@@ -1191,8 +1191,8 @@ static void groups_by_user_connect_done(struct tevent_req *subreq)
sdap_id_op_handle(state->op),
state->ctx,
state->conn,
- state->name,
- state->name_type,
+ state->filter_value,
+ state->filter_type,
state->extra_value,
state->attrs);
if (!subreq) {
@@ -1229,11 +1229,14 @@ static void groups_by_user_done(struct tevent_req *subreq)
state->sdap_ret = ret;
if (ret == EOK || ret == ENOENT) {
- /* state->name is still the name used for the original req. The cached
+ /* state->filter_value is still the name used for the original req. The cached
* object might have a different name, e.g. a fully-qualified name. */
- ret = sysdb_get_real_name(state, state->domain, state->name, &cname);
+ ret = sysdb_get_real_name(state,
+ state->domain,
+ state->filter_value,
+ &cname);
if (ret != EOK) {
- cname = state->name;
+ cname = state->filter_value;
DEBUG(SSSDBG_TRACE_INTERNAL,
"Failed to canonicalize name, using [%s] [%d]: %s.\n",
cname, ret, sss_strerror(ret));
@@ -1296,7 +1299,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx,
struct sdap_id_ctx *ctx,
struct sdap_domain *sdom,
struct sdap_id_conn_ctx *conn,
- const char *name,
+ const char *filter_value,
int filter_type,
int attrs_type,
bool noexist_delete);
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index aeeebe250..2ebde6b83 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -142,7 +142,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
struct sdap_id_ctx *id_ctx,
struct sdap_id_conn_ctx *conn,
const char *name,
- int name_type,
+ int filter_type,
const char *extra_value,
const char **grp_attrs);
int sdap_get_initgr_recv(struct tevent_req *req);
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index e76f7b258..023180a53 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -2634,7 +2634,7 @@ struct sdap_get_initgr_state {
struct sdap_handle *sh;
struct sdap_id_ctx *id_ctx;
struct sdap_id_conn_ctx *conn;
- const char *name;
+ const char *filter_value;
const char **grp_attrs;
const char **user_attrs;
char *user_base_filter;
@@ -2659,8 +2659,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
struct sdap_handle *sh,
struct sdap_id_ctx *id_ctx,
struct sdap_id_conn_ctx *conn,
- const char *name,
- int name_type,
+ const char *filter_value,
+ int filter_type,
const char *extra_value,
const char **grp_attrs)
{
@@ -2684,7 +2684,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
state->sh = sh;
state->id_ctx = id_ctx;
state->conn = conn;
- state->name = name;
+ state->filter_value = filter_value;
state->grp_attrs = grp_attrs;
state->orig_user = NULL;
state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
@@ -2702,7 +2702,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
sdom->dom->name,
sdom->dom->domain_id);
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_filter_sanitize(state, filter_value, &clean_name);
if (ret != EOK) {
talloc_zfree(req);
return NULL;
@@ -2711,7 +2711,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name;
} else {
- switch (name_type) {
+ switch (filter_type) {
case BE_FILTER_SECID:
search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
break;
@@ -2849,7 +2849,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
if ((state->opts->schema_type == SDAP_SCHEMA_RFC2307) &&
(dp_opt_get_bool(state->opts->basic,
SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) {
- ret = sdap_fallback_local_user(state, state->name, -1, &usr_attrs);
+ ret = sdap_fallback_local_user(state, state->filter_value, -1, &usr_attrs);
} else {
ret = ENOENT;
}
@@ -2898,7 +2898,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
}
in_transaction = false;
- ret = sysdb_get_real_name(state, state->dom, state->name, &cname);
+ ret = sysdb_get_real_name(state, state->dom, state->filter_value, &cname);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Cannot canonicalize username\n");
tevent_req_error(req, ret);
generated by cgit (git 2.34.1) at 2024-05-10 05:55:30 +0000