diff options
author | Michal Zidek <mzidek@redhat.com> | 2016-06-15 17:03:00 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-07-07 10:25:01 +0200 |
commit | 7cc19286547260350afed9ef7176712f8fc66652 (patch) | |
tree | 4a550e8a090de7025f14765920d94c6230566480 /src/providers | |
parent | e0243c7f3638c819051b7235097a0bb2d06374fb (diff) | |
download | sssd-7cc19286547260350afed9ef7176712f8fc66652.tar.gz sssd-7cc19286547260350afed9ef7176712f8fc66652.tar.xz sssd-7cc19286547260350afed9ef7176712f8fc66652.zip |
SDAP: Save user and group aliases qualified
When saving users or groups, qualify their names. Otherwise (currently
netgroups), store a plain username.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap_async.h | 1 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 4 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_netgroups.c | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_users.c | 3 | ||||
-rw-r--r-- | src/providers/ldap/sdap_utils.c | 28 |
5 files changed, 30 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 8a14395ef..aeeebe250 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -310,6 +310,7 @@ errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, + enum sysdb_member_type entry_type, struct sysdb_attrs *attrs); struct tevent_req * diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 86f0a7d6e..d13863a1e 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -739,7 +739,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - ret = sdap_save_all_names(group_name, attrs, dom, group_attrs); + ret = sdap_save_all_names(group_name, attrs, dom, + SYSDB_MEMBER_GROUP, group_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save group names\n"); goto done; @@ -2583,6 +2584,7 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, key.type = HASH_KEY_STRING; key.str = talloc_steal(ghosts, discard_const(original_dn)); value.type = HASH_VALUE_PTR; + /* Already qualified from sdap_get_user_primary_name() */ value.ptr = talloc_steal(ghosts, discard_const(username)); ret = hash_enter(ghosts, &key, &value); if (ret != HASH_SUCCESS) { diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index ae8e56b3c..df233d956 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -121,7 +121,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); - ret = sdap_save_all_names(name, attrs, dom, + ret = sdap_save_all_names(name, attrs, dom, SYSDB_MEMBER_NETGROUP, netgroup_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save netgroup names\n"); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index c74d2aa8a..e44c045b3 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -467,7 +467,8 @@ int sdap_save_user(TALLOC_CTX *memctx, cache_timeout = dom->user_timeout; - ret = sdap_save_all_names(user_name, attrs, dom, user_attrs); + ret = sdap_save_all_names(user_name, attrs, dom, + SYSDB_MEMBER_USER, user_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save user names\n"); goto done; diff --git a/src/providers/ldap/sdap_utils.c b/src/providers/ldap/sdap_utils.c index 347206c21..696af51d6 100644 --- a/src/providers/ldap/sdap_utils.c +++ b/src/providers/ldap/sdap_utils.c @@ -77,14 +77,26 @@ errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, struct sss_domain_info *dom, + enum sysdb_member_type entry_type, struct sysdb_attrs *attrs) { const char **aliases = NULL; - const char *domname; + const char *sysdb_alias; errno_t ret; TALLOC_CTX *tmp_ctx; int i; bool lowercase = !dom->case_sensitive; + bool store_as_fqdn; + + switch (entry_type) { + case SYSDB_MEMBER_USER: + case SYSDB_MEMBER_GROUP: + store_as_fqdn = true; + break; + default: + store_as_fqdn = false; + break; + } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -100,14 +112,20 @@ sdap_save_all_names(const char *name, } for (i = 0; aliases[i]; i++) { - domname = sss_get_domain_name(tmp_ctx, aliases[i], dom); - if (domname == NULL) { + if (store_as_fqdn) { + sysdb_alias = sss_create_internal_fqname(tmp_ctx, aliases[i], + dom->name); + } else { + sysdb_alias = aliases[i]; + } + + if (sysdb_alias == NULL) { ret = ENOMEM; goto done; } if (lowercase) { - ret = sysdb_attrs_add_lc_name_alias(attrs, domname); + ret = sysdb_attrs_add_lc_name_alias(attrs, sysdb_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Failed to add lower-cased version " "of alias [%s] into the " @@ -115,7 +133,7 @@ sdap_save_all_names(const char *name, goto done; } } else { - ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, domname); + ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, sysdb_alias); if (ret) { DEBUG(SSSDBG_OP_FAILURE, "Failed to add alias [%s] into the " "attribute list\n", aliases[i]); |