summaryrefslogtreecommitdiffstats
path: root/src/responder
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2016-03-17 08:19:18 +0100
committerJakub Hrozek <jhrozek@redhat.com>2016-07-07 10:26:01 +0200
commit2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034 (patch)
treeddea07a4ba5ce486464137c8dcc8d39d7b98b11a /src/responder
parent27bf39ed3e197497cf4aca58038d788ea5b5ddbc (diff)
downloadsssd-2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034.tar.gz
sssd-2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034.tar.xz
sssd-2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034.zip
NSS: Fix NSS responder to cope with fully-qualified usernames
Adds a utility function sized_output_name() which wraps the output_name() function and returns the sized_struct structure. This function is used when formatting the output name for the client, but also when saving/deleting the memory cache entries. Its sister function sized_member_name() is very similar, but infers the domain name from memberuid or ghost attribute. Because all names internally are used in the same format, the logic to append domain or format the usename for output in the fill_XXX() family of functions is much simpler. In general, adding a domain suffix no longer relies in the domain being a subdomain, but only the dom->fqnames The parse_member() function was removed because it is no longer required. The nss test was amended to store names in the internal fqdn format on input and checks for either shortnames or qualified names with the right format created using sss_tc_fqname() on output. Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/responder')
-rw-r--r--src/responder/nss/nsssrv_cmd.c590
1 files changed, 203 insertions, 387 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index a54d3d8ba..700998974 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -193,22 +193,11 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx,
struct sss_nss_homedir_ctx *homedir_ctx)
{
const char *homedir;
- const char *orig_name = homedir_ctx->username;
- errno_t ret;
homedir = sss_view_ldb_msg_find_attr_as_string(dom, msg, SYSDB_HOMEDIR,
NULL);
homedir_ctx->original = homedir;
- /* Subdomain users store FQDN in their name attribute */
- ret = sss_parse_name_const(mem_ctx, dom->names, orig_name,
- NULL, &homedir_ctx->username);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Could not parse [%s] into "
- "name-value components.\n", orig_name);
- return NULL;
- }
-
/* Check to see which homedir_prefix to use. */
if (dom->homedir_substr != NULL) {
homedir_ctx->config_homedir_substr = dom->homedir_substr;
@@ -324,6 +313,93 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
return talloc_strdup(mem_ctx, NOLOGIN_SHELL);
}
+static int sized_output_name(TALLOC_CTX *mem_ctx,
+ struct resp_ctx *rctx,
+ const char *orig_name,
+ struct sss_domain_info *name_dom,
+ struct sized_string **_name)
+{
+ TALLOC_CTX *tmp_ctx = NULL;
+ errno_t ret;
+ char *username;
+ struct sized_string *name;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ username = sss_output_name(tmp_ctx, orig_name, name_dom->case_preserve,
+ rctx->override_space);
+ if (username == NULL) {
+ ret = EIO;
+ goto done;
+ }
+
+ if (name_dom->fqnames) {
+ username = sss_tc_fqname(tmp_ctx, name_dom->names, name_dom, username);
+ if (username == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_replace_space failed\n");
+ ret = EIO;
+ goto done;
+ }
+ }
+
+ name = talloc_zero(tmp_ctx, struct sized_string);
+ if (name == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ to_sized_string(name, username);
+ name->str = talloc_steal(name, username);
+ *_name = talloc_steal(mem_ctx, name);
+ ret = EOK;
+done:
+ talloc_zfree(tmp_ctx);
+ return ret;
+}
+
+static int sized_member_name(TALLOC_CTX *mem_ctx,
+ struct resp_ctx *rctx,
+ const char *member_name,
+ struct sized_string **_name)
+{
+ TALLOC_CTX *tmp_ctx = NULL;
+ errno_t ret;
+ char *domname;
+ struct sss_domain_info *member_dom;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ ret = sss_parse_internal_fqname(tmp_ctx, member_name, NULL, &domname);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_parse_internal_fqname failed\n");
+ goto done;
+ }
+
+ if (domname == NULL) {
+ ret = ERR_WRONG_NAME_FORMAT;
+ goto done;
+ }
+
+ member_dom = find_domain_by_name(get_domains_head(rctx->domains),
+ domname, true);
+ if (member_dom == NULL) {
+ ret = ERR_DOMAIN_NOT_FOUND;
+ goto done;
+ }
+
+ ret = sized_output_name(mem_ctx, rctx, member_name,
+ member_dom, _name);
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
static int fill_pwent(struct sss_packet *packet,
struct sss_domain_info *dom,
struct nss_ctx *nctx,
@@ -336,18 +412,15 @@ static int fill_pwent(struct sss_packet *packet,
const char *upn;
const char *tmpstr;
const char *orig_name;
- struct sized_string name;
+ struct sized_string *name;
struct sized_string gecos;
struct sized_string homedir;
struct sized_string shell;
struct sized_string pwfield;
- struct sized_string fullname;
uint32_t uid;
uint32_t gid;
size_t rsize, rp, blen;
- int fq_len = 0;
int i, ret, num;
- bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames);
const char *domain = dom->name;
bool packet_initialized = false;
int ncret;
@@ -371,10 +444,6 @@ static int fill_pwent(struct sss_packet *packet,
orig_name = ldb_msg_find_attr_as_string(msg,
OVERRIDE_PREFIX SYSDB_NAME,
NULL);
- if (orig_name != NULL && IS_SUBDOMAIN(dom)) {
- /* Override names are not fully qualified */
- add_domain = true;
- }
gid = ldb_msg_find_attr_as_uint64(msg,
OVERRIDE_PREFIX SYSDB_GIDNUM, 0);
@@ -408,8 +477,7 @@ static int fill_pwent(struct sss_packet *packet,
ncret = sss_ncache_check_user(nctx->rctx->ncache, dom, orig_name);
if (ncret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
- "User [%s@%s] filtered out! (negative cache)\n",
- orig_name, domain);
+ "User [%s] filtered out! (negative cache)\n", orig_name);
continue;
}
}
@@ -421,23 +489,14 @@ static int fill_pwent(struct sss_packet *packet,
packet_initialized = true;
}
- tmpstr = sss_get_cased_name(tmp_ctx, orig_name, dom->case_preserve);
- if (tmpstr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_get_cased_name failed, skipping\n");
- continue;
- }
-
- tmpstr = sss_replace_space(tmp_ctx, tmpstr,
- nctx->rctx->override_space);
- if (tmpstr == NULL) {
+ ret = sized_output_name(tmp_ctx, nctx->rctx, orig_name,
+ dom, &name);
+ if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_replace_space failed, skipping\n");
+ "sized_output_name failed, skipping\n");
continue;
}
- to_sized_string(&name, tmpstr);
-
tmpstr = sss_view_ldb_msg_find_attr_as_string(dom, msg, SYSDB_GECOS,
NULL);
if (!tmpstr) {
@@ -447,8 +506,7 @@ static int fill_pwent(struct sss_packet *packet,
}
ZERO_STRUCT(homedir_ctx);
-
- homedir_ctx.username = name.str;
+ homedir_ctx.username = orig_name;
homedir_ctx.uid = uid;
homedir_ctx.domain = dom->name;
homedir_ctx.upn = upn;
@@ -467,20 +525,9 @@ static int fill_pwent(struct sss_packet *packet,
to_sized_string(&shell, tmpstr);
}
- rsize = 2 * sizeof(uint32_t) + name.len + gecos.len +
+ rsize = 2 * sizeof(uint32_t) + name->len + gecos.len +
homedir.len + shell.len + pwfield.len;
- if (add_domain) {
- fq_len = sss_fqname(NULL, 0, dom->names, dom, name.str);
- if (fq_len >= 0) {
- fq_len += 1;
- rsize -= name.len;
- rsize += fq_len;
- } else {
- fq_len = 0;
- }
- }
-
ret = sss_packet_grow(packet, rsize);
if (ret != EOK) {
num = 0;
@@ -490,20 +537,8 @@ static int fill_pwent(struct sss_packet *packet,
SAFEALIGN_SET_UINT32(&body[rp], uid, &rp);
SAFEALIGN_SET_UINT32(&body[rp], gid, &rp);
-
- if (add_domain) {
- ret = sss_fqname((char *) &body[rp], fq_len, dom->names, dom, name.str);
- if (ret < 0 || ret != fq_len - 1) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Failed to generate a fully qualified name for user "
- "[%s] in [%s]! Skipping user.\n", name.str, domain);
- continue;
- }
- } else {
- memcpy(&body[rp], name.str, name.len);
- }
- to_sized_string(&fullname, (const char *)&body[rp]);
- rp += fullname.len;
+ memcpy(&body[rp], name->str, name->len);
+ rp += name->len;
memcpy(&body[rp], pwfield.str, pwfield.len);
rp += pwfield.len;
@@ -518,13 +553,13 @@ static int fill_pwent(struct sss_packet *packet,
if (pw_mmap_cache && nctx->pwd_mc_ctx) {
ret = sss_mmap_cache_pw_store(&nctx->pwd_mc_ctx,
- &fullname, &pwfield,
+ name, &pwfield,
uid, gid,
&gecos, &homedir, &shell);
if (ret != EOK && ret != ENOMEM) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to store user %s(%s) in mmap cache!\n",
- name.str, domain);
+ name->str, domain);
}
}
}
@@ -881,13 +916,14 @@ static void nsssrv_dp_send_acct_req_done(struct tevent_req *req)
cb_ctx->callback(err_maj, err_min, err_msg, cb_ctx->ptr);
}
-static int delete_entry_from_memcache(struct sss_domain_info *dom, char *name,
+static int delete_entry_from_memcache(struct sss_domain_info *dom,
+ char *name,
+ struct resp_ctx *rctx,
struct sss_mc_ctx *mc_ctx,
enum sss_mc_type type)
{
TALLOC_CTX *tmp_ctx = NULL;
- struct sized_string delete_name;
- char *fqdn = NULL;
+ struct sized_string *delete_name;
int ret;
tmp_ctx = talloc_new(NULL);
@@ -896,21 +932,15 @@ static int delete_entry_from_memcache(struct sss_domain_info *dom, char *name,
return ENOMEM;
}
- if (dom->fqnames) {
- fqdn = sss_tc_fqname(tmp_ctx, dom->names, dom, name);
- if (fqdn == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory.\n");
- ret = ENOMEM;
- goto done;
- }
- to_sized_string(&delete_name, fqdn);
- } else {
- to_sized_string(&delete_name, name);
+ ret = sized_output_name(tmp_ctx, rctx, name, dom, &delete_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sized_output_name failed: %d\n", ret);
+ goto done;
}
switch (type) {
case SSS_MC_PASSWD:
- ret = sss_mmap_cache_pw_invalidate(mc_ctx, &delete_name);
+ ret = sss_mmap_cache_pw_invalidate(mc_ctx, delete_name);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Internal failure in memory cache code: %d [%s]\n",
@@ -919,7 +949,7 @@ static int delete_entry_from_memcache(struct sss_domain_info *dom, char *name,
}
break;
case SSS_MC_GROUP:
- ret = sss_mmap_cache_gr_invalidate(mc_ctx, &delete_name);
+ ret = sss_mmap_cache_gr_invalidate(mc_ctx, delete_name);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Internal failure in memory cache code: %d [%s]\n",
@@ -928,7 +958,7 @@ static int delete_entry_from_memcache(struct sss_domain_info *dom, char *name,
}
break;
case SSS_MC_INITGROUPS:
- ret = sss_mmap_cache_initgr_invalidate(mc_ctx, &delete_name);
+ ret = sss_mmap_cache_initgr_invalidate(mc_ctx, delete_name);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Internal failure in memory cache code: %d [%s]\n",
@@ -993,14 +1023,9 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
dctx->domain = dom;
talloc_free(name);
- name = sss_get_cased_name(cmdctx, cmdctx->name, dom->case_sensitive);
- if (!name) return ENOMEM;
-
- name = sss_reverse_replace_space(dctx, name,
- nctx->rctx->override_space);
+ name = sss_resp_create_fqname(dctx, nctx->rctx, dctx->domain,
+ cmdctx->name_is_upn, cmdctx->name);
if (name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_reverse_replace_space failed\n");
return ENOMEM;
}
@@ -1028,8 +1053,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
return ENOENT;
}
- DEBUG(SSSDBG_CONF_SETTINGS,
- "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s]\n", name);
if (dom->sysdb == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
@@ -1078,9 +1102,9 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_FATAL_FAILURE,
"getpwnam call returned more than one result !?!\n");
sss_log(SSS_LOG_ERR,
- "More users have the same name [%s@%s] in SSSD cache. "
+ "More users have the same name [%s] in SSSD cache. "
"SSSD will not work correctly.\n",
- name, dom->name);
+ name);
return ENOENT;
}
@@ -1088,8 +1112,8 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
/* set negative cache only if not result of cache check */
ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
- name, dom->name);
+ DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s\n",
+ name);
}
/* if a multidomain search, try with next */
@@ -1105,14 +1129,15 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_OP_FAILURE, "No results for getpwnam call\n");
/* User not found in ldb -> delete user from memory cache. */
- ret = delete_entry_from_memcache(dctx->domain, name,
+ ret = delete_entry_from_memcache(dctx->domain, name, nctx->rctx,
nctx->pwd_mc_ctx, SSS_MC_PASSWD);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Deleting user from memcache failed.\n");
}
- ret = delete_entry_from_memcache(dctx->domain, name,
+ ret = delete_entry_from_memcache(dctx->domain,
+ name, nctx->rctx,
nctx->initgr_mc_ctx,
SSS_MC_INITGROUPS);
if (ret != EOK) {
@@ -1149,9 +1174,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
}
/* One result found */
- DEBUG(SSSDBG_TRACE_FUNC,
- "Returning info for user [%s@%s]\n", name, dom->name);
-
+ DEBUG(SSSDBG_TRACE_FUNC, "Returning info for user [%s]\n", name);
return EOK;
}
@@ -2750,53 +2773,8 @@ void nss_update_gr_memcache(struct nss_ctx *nctx)
#define MNUM_ROFFSET sizeof(uint32_t)
#define STRS_ROFFSET 2*sizeof(uint32_t)
-static int parse_member(TALLOC_CTX *mem_ctx, struct sss_domain_info *group_dom,
- const char *member, struct sss_domain_info **_member_dom,
- struct sized_string *_name, bool *_add_domain)
-{
- errno_t ret;
- char *username;
- char *domname;
- const char *use_member;
- struct sss_domain_info *member_dom;
- bool add_domain;
-
- ret = sss_parse_name(mem_ctx, group_dom->names, member, &domname, &username);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Could not parse [%s] into "
- "name-value components.\n", member);
- return ret;
- }
-
- add_domain = (!IS_SUBDOMAIN(group_dom) && group_dom->fqnames);
- use_member = member;
- member_dom = group_dom;
-
- if (IS_SUBDOMAIN(group_dom) == false && domname != NULL) {
- /* The group is stored in the parent domain, but the member comes from.
- * a subdomain. No need to add the domain component, it's already
- * present in the memberuid/ghost attribute
- */
- add_domain = false;
- }
-
- if (IS_SUBDOMAIN(group_dom) == true && domname == NULL) {
- /* The group is stored in a subdomain, but the member comes
- * from the parent domain. Need to add the domain component
- * of the parent domain
- */
- add_domain = true;
- use_member = username;
- member_dom = group_dom->parent;
- }
-
- to_sized_string(_name, use_member);
- *_add_domain = add_domain;
- *_member_dom = member_dom;
- return EOK;
-}
-
static int fill_members(struct sss_packet *packet,
+ struct resp_ctx *rctx,
struct sss_domain_info *dom,
struct nss_ctx *nctx,
struct ldb_message_element *el,
@@ -2804,105 +2782,51 @@ static int fill_members(struct sss_packet *packet,
size_t *_rsize,
int *_memnum)
{
- int i, ret = EOK;
+ int ret = EOK;
int memnum = *_memnum;
size_t rzero= *_rzero;
size_t rsize = *_rsize;
- const char *tmpstr;
- struct sized_string name;
+ struct sized_string *name;
TALLOC_CTX *tmp_ctx = NULL;
- int nlen = 0;
-
+ const char *fqname;
uint8_t *body;
size_t blen;
- const char *domain = dom->name;
- bool add_domain;
- struct sss_domain_info *member_dom;
-
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
sss_packet_get_body(packet, &body, &blen);
- for (i = 0; i < el->num_values; i++) {
- tmpstr = sss_get_cased_name(tmp_ctx, (char *)el->values[i].data,
- dom->case_preserve);
- if (tmpstr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_get_cased_name failed, skipping\n");
- continue;
- }
-
- tmpstr = sss_replace_space(tmp_ctx, tmpstr,
- nctx->rctx->override_space);
- if (tmpstr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_replace_space failed\n");
- ret = ENOMEM;
- goto done;
- }
+ for (unsigned i = 0; i < el->num_values; i++) {
+ fqname = (const char *)el->values[i].data;
if (nctx->filter_users_in_groups) {
- ret = sss_ncache_check_user(nctx->rctx->ncache, dom, tmpstr);
+ ret = sss_ncache_check_user(nctx->rctx->ncache, dom, fqname);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
- "Group [%s] member [%s@%s] filtered out!"
+ "Group [%s] member [%s] filtered out!"
" (negative cache)\n",
- (char *)&body[rzero+STRS_ROFFSET], tmpstr, domain);
+ (char *)&body[rzero+STRS_ROFFSET], fqname);
continue;
}
}
- ret = parse_member(tmp_ctx, dom, tmpstr, &member_dom, &name, &add_domain);
+ ret = sized_member_name(tmp_ctx, rctx, fqname, &name);
if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "Could not process member %s, skipping\n", tmpstr);
- continue;
- }
-
- if (add_domain) {
- nlen = sss_fqname(NULL, 0, member_dom->names, member_dom,
- name.str);
- if (nlen >= 0) {
- nlen += 1;
- } else {
- /* Other failures caught below */
- nlen = 0;
- }
- } else {
- nlen = name.len;
+ DEBUG(SSSDBG_OP_FAILURE, "sized_member_name failed: %d\n", ret);
+ goto done;
}
- ret = sss_packet_grow(packet, nlen);
+ ret = sss_packet_grow(packet, name->len);
if (ret != EOK) {
goto done;
}
sss_packet_get_body(packet, &body, &blen);
- if (add_domain) {
- ret = sss_fqname((char *)&body[rzero + rsize], nlen,
- member_dom->names, member_dom, name.str);
- if (ret < 0 || ret != nlen - 1) {
- DEBUG(SSSDBG_OP_FAILURE, "Failed to generate a fully qualified name"
- " for member [%s@%s] of group [%s]!"
- " Skipping\n", name.str, domain,
- (char *)&body[rzero+STRS_ROFFSET]);
- /* reclaim space */
- ret = sss_packet_shrink(packet, nlen);
- if (ret != EOK) {
- goto done;
- }
- continue;
- }
-
- } else {
- memcpy(&body[rzero + rsize], name.str, name.len);
- }
-
- rsize += nlen;
+ memcpy(&body[rzero + rsize], name->str, name->len);
+ rsize += name->len;
memnum++;
}
@@ -2928,16 +2852,12 @@ static int fill_grent(struct sss_packet *packet,
uint8_t *body;
size_t blen;
uint32_t gid;
- const char *tmpstr;
const char *orig_name = NULL;
- struct sized_string name;
+ struct sized_string *name;
struct sized_string pwfield;
- struct sized_string fullname;
- int fq_len = 0;
int i = 0;
int ret, num, memnum;
size_t rzero, rsize;
- bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames);
const char *domain = dom->name;
TALLOC_CTX *tmp_ctx = NULL;
@@ -2979,10 +2899,6 @@ static int fill_grent(struct sss_packet *packet,
orig_name = ldb_msg_find_attr_as_string(msg,
OVERRIDE_PREFIX SYSDB_NAME,
NULL);
- if (orig_name != NULL && IS_SUBDOMAIN(dom)) {
- /* Override names are not fully qualified */
- add_domain = true;
- }
}
if (orig_name == NULL) {
orig_name = ldb_msg_find_attr_as_string(msg,
@@ -3005,43 +2921,20 @@ static int fill_grent(struct sss_packet *packet,
ret = sss_ncache_check_group(nctx->rctx->ncache, dom, orig_name);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
- "Group [%s@%s] filtered out! (negative cache)\n",
- orig_name, domain);
+ "Group [%s] filtered out! (negative cache)\n", orig_name);
continue;
}
}
- tmpstr = sss_get_cased_name(tmp_ctx, orig_name, dom->case_preserve);
- if (tmpstr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_get_cased_name failed, skipping\n");
- continue;
- }
-
- tmpstr = sss_replace_space(tmp_ctx, tmpstr,
- nctx->rctx->override_space);
- if (tmpstr == NULL) {
+ ret = sized_output_name(tmp_ctx, nctx->rctx, orig_name, dom, &name);
+ if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_replace_space failed, skipping\n");
+ "sized_output_name failed, skipping\n");
continue;
}
- to_sized_string(&name, tmpstr);
-
/* fill in gid and name and set pointer for number of members */
- rsize = STRS_ROFFSET + name.len + pwfield.len; /* name\0x\0 */
-
- if (add_domain) {
- fq_len = sss_fqname(NULL, 0, dom->names, dom, name.str);
- if (fq_len >= 0) {
- fq_len += 1;
- rsize -= name.len;
- rsize += fq_len;
- } else {
- /* Other failures caught below */
- fq_len = 0;
- }
- }
+ rsize = STRS_ROFFSET + name->len + pwfield.len; /* name\0x\0 */
ret = sss_packet_grow(packet, rsize);
if (ret != EOK) {
@@ -3057,37 +2950,18 @@ static int fill_grent(struct sss_packet *packet,
SAFEALIGN_SET_UINT32(&body[rzero+MNUM_ROFFSET], 0, NULL);
/* 8-X: sequence of strings (name, passwd, mem..) */
- if (add_domain) {
- ret = sss_fqname((char *)&body[rzero+STRS_ROFFSET], fq_len,
- dom->names, dom, name.str);
- if (ret < 0 || ret != fq_len - 1) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Failed to generate a fully qualified name for"
- " group [%s] in [%s]! Skipping\n", name.str, domain);
- /* reclaim space */
- ret = sss_packet_shrink(packet, rsize);
- if (ret != EOK) {
- num = 0;
- goto done;
- }
- rsize = 0;
- continue;
- }
- } else {
- memcpy(&body[rzero+STRS_ROFFSET], name.str, name.len);
- }
- to_sized_string(&fullname, (const char *)&body[rzero+STRS_ROFFSET]);
+ memcpy(&body[rzero+STRS_ROFFSET], name->str, name->len);
/* group passwd field */
- memcpy(&body[rzero+STRS_ROFFSET + fullname.len],
+ memcpy(&body[rzero+STRS_ROFFSET + name->len],
pwfield.str, pwfield.len);
memnum = 0;
if (!dom->ignore_group_members) {
el = sss_view_ldb_msg_find_element(dom, msg, SYSDB_MEMBERUID);
if (el) {
- ret = fill_members(packet, dom, nctx, el, &rzero, &rsize,
- &memnum);
+ ret = fill_members(packet, nctx->rctx, dom, nctx, el,
+ &rzero, &rsize, &memnum);
if (ret != EOK) {
num = 0;
goto done;
@@ -3104,8 +2978,8 @@ static int fill_grent(struct sss_packet *packet,
num = 0;
goto done;
}
- ret = fill_members(packet, dom, nctx, el, &rzero, &rsize,
- &memnum);
+ ret = fill_members(packet, nctx->rctx, dom, nctx, el,
+ &rzero, &rsize, &memnum);
if (ret != EOK) {
num = 0;
goto done;
@@ -3123,17 +2997,16 @@ static int fill_grent(struct sss_packet *packet,
if (gr_mmap_cache && nctx->grp_mc_ctx) {
/* body was reallocated, so fullname might be pointing to
* where body used to be, not where it is */
- to_sized_string(&fullname, (const char *)&body[rzero+STRS_ROFFSET]);
ret = sss_mmap_cache_gr_store(&nctx->grp_mc_ctx,
- &fullname, &pwfield, gid, memnum,
+ name, &pwfield, gid, memnum,
(char *)&body[rzero] + STRS_ROFFSET +
- fullname.len + pwfield.len,
+ name->len + pwfield.len,
rsize - STRS_ROFFSET -
- fullname.len - pwfield.len);
+ name->len - pwfield.len);
if (ret != EOK && ret != ENOMEM) {
DEBUG(SSSDBG_OP_FAILURE,
"Failed to store group %s(%s) in mmap cache!\n",
- name.str, domain);
+ name->str, domain);
}
}
@@ -3227,14 +3100,9 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
dctx->domain = dom;
talloc_free(name);
- name = sss_get_cased_name(dctx, cmdctx->name, dom->case_sensitive);
- if (!name) return ENOMEM;
-
- name = sss_reverse_replace_space(dctx, name,
- nctx->rctx->override_space);
+ name = sss_resp_create_fqname(dctx, nctx->rctx, dctx->domain,
+ cmdctx->name_is_upn, cmdctx->name);
if (name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_reverse_replace_space failed\n");
return ENOMEM;
}
@@ -3258,8 +3126,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
return ENOENT;
}
- DEBUG(SSSDBG_CONF_SETTINGS,
- "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s]\n", name);
if (dom->sysdb == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
@@ -3278,9 +3145,9 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_FATAL_FAILURE,
"getgrnam call returned more than one result !?!\n");
sss_log(SSS_LOG_ERR,
- "More groups have the same name [%s@%s] in SSSD cache. "
+ "More groups have the same name [%s] in SSSD cache. "
"SSSD will not work correctly.\n",
- name, dom->name);
+ name);
return ENOENT;
}
@@ -3288,8 +3155,8 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
/* set negative cache only if not result of cache check */
ret = sss_ncache_set_group(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
- name, dom->name);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Cannot set negcache for %s\n", name);
}
/* if a multidomain search, try with next */
@@ -3301,7 +3168,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_OP_FAILURE, "No results for getgrnam call\n");
/* Group not found in ldb -> delete group from memory cache. */
- ret = delete_entry_from_memcache(dctx->domain, name,
+ ret = delete_entry_from_memcache(dctx->domain, name, nctx->rctx,
nctx->grp_mc_ctx, SSS_MC_GROUP);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
@@ -3337,7 +3204,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
/* One result found */
DEBUG(SSSDBG_TRACE_FUNC,
- "Returning info for group [%s@%s]\n", name, dom->name);
+ "Returning info for group [%s]\n", name);
return EOK;
}
@@ -4277,15 +4144,9 @@ static int fill_initgr(struct sss_packet *packet,
if (nctx->initgr_mc_ctx) {
struct sized_string unique_name;
- char *fq_name = sss_tc_fqname(packet, dom->names, dom, name);
- if (!fq_name) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Could not create fq name\n");
- return ENOMEM;
- }
to_sized_string(&rawname, mc_name);
- to_sized_string(&unique_name, fq_name);
+ to_sized_string(&unique_name, name);
ret = sss_mmap_cache_initgr_store(&nctx->initgr_mc_ctx, &rawname,
&unique_name, num - skipped, gids);
if (ret != EOK && ret != ENOMEM) {
@@ -4361,19 +4222,16 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
dctx->domain = dom;
talloc_zfree(cmdctx->normalized_name);
- name = sss_get_cased_name(dctx, cmdctx->name, dom->case_sensitive);
- if (!name) return ENOMEM;
- name = sss_reverse_replace_space(cmdctx, name,
- nctx->rctx->override_space);
- /* save name so it can be used in initgr reply */
- cmdctx->normalized_name = name;
+ name = sss_resp_create_fqname(dctx, nctx->rctx, dctx->domain,
+ cmdctx->name_is_upn, cmdctx->name);
if (name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_reverse_replace_space failed\n");
return ENOMEM;
}
+ /* save name so it can be used in initgr reply */
+ cmdctx->normalized_name = name;
+
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
@@ -4394,8 +4252,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
return ENOENT;
}
- DEBUG(SSSDBG_CONF_SETTINGS,
- "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s]\n", name);
if (dom->sysdb == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
@@ -4453,8 +4310,8 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
/* set negative cache only if not result of cache check */
ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
- name, dom->name);
+ DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s\n",
+ name);
}
/* if a multidomain search, try with next */
@@ -4493,8 +4350,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
}
}
- DEBUG(SSSDBG_TRACE_FUNC,
- "Initgroups for [%s@%s] completed\n", name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Initgroups for [%s] completed\n", name);
return EOK;
}
@@ -4538,7 +4394,6 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
bool user_found = false;
bool group_found = false;
struct ldb_message *msg = NULL;
- char *sysdb_name = NULL;
char *name = NULL;
char *req_name;
uint32_t req_id;
@@ -4607,42 +4462,21 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
} else {
talloc_free(name);
- talloc_zfree(sysdb_name);
- name = sss_get_cased_name(cmdctx, cmdctx->name, dom->case_sensitive);
+ name = sss_resp_create_fqname(cmdctx, nctx->rctx, dom, false, cmdctx->name);
if (name == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "sss_get_cased_name failed.\n");
ret = ENOMEM;
goto done;
}
- name = sss_reverse_replace_space(dctx, name,
- nctx->rctx->override_space);
- if (name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_reverse_replace_space failed\n");
- ret = ENOMEM;
- goto done;
- }
-
- /* For subdomains a fully qualified name is needed for
- * sysdb_search_user_by_name and sysdb_search_group_by_name. */
- if (IS_SUBDOMAIN(dom)) {
- sysdb_name = sss_tc_fqname(cmdctx, dom->names, dom, name);
- if (sysdb_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
- ret = ENOMEM;
- goto done;
- }
- }
-
-
/* verify this name has not yet been negatively cached, as user
* and groupm, or has been permanently filtered */
- ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
+ ret = sss_ncache_check_user(nctx->rctx->ncache, dom, cmdctx->name);
if (ret == EEXIST) {
- ret = sss_ncache_check_group(nctx->rctx->ncache, dom, name);
+ ret = sss_ncache_check_group(nctx->rctx->ncache,
+ dom, cmdctx->name);
if (ret == EEXIST) {
/* if neg cached, return we didn't find it */
DEBUG(SSSDBG_TRACE_FUNC,
@@ -4661,8 +4495,7 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
}
}
- DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%s@%s]\n",
- name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%s]\n", name);
}
@@ -4714,9 +4547,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
}
}
} else {
- ret = sysdb_search_user_by_name(cmdctx, dom,
- sysdb_name ? sysdb_name : name,
- attrs, &msg);
+ ret = sysdb_search_user_by_name(cmdctx, dom, name, attrs,
+ &msg);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to make request to our cache!\n");
@@ -4728,8 +4560,7 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
user_found = true;
} else {
talloc_free(msg);
- ret = sysdb_search_group_by_name(cmdctx, dom,
- sysdb_name ? sysdb_name : name,
+ ret = sysdb_search_group_by_name(cmdctx, dom, name,
attrs, &msg);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -4765,16 +4596,18 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
if (dctx->res->count == 0 && !dctx->check_provider) {
if (cmdctx->cmd == SSS_NSS_GETSIDBYNAME
|| cmdctx->cmd == SSS_NSS_GETORIGBYNAME) {
- ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
+ ret = sss_ncache_set_user(nctx->rctx->ncache, false,
+ dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
- "Cannot set negcache for %s@%s\n", name, dom->name);
+ "Cannot set negcache for %s\n", name);
}
- ret = sss_ncache_set_group(nctx->rctx->ncache, false, dom, name);
+ ret = sss_ncache_set_group(nctx->rctx->ncache, false,
+ dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
- "Cannot set negcache for %s@%s\n", name, dom->name);
+ "Cannot set negcache for %s\n", name);
}
}
/* if a multidomain search, try with next */
@@ -4823,8 +4656,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_TRACE_FUNC, "Returning info for id [%"PRIu32"@%s]\n",
cmdctx->id, dom->name);
} else {
- DEBUG(SSSDBG_TRACE_FUNC, "Returning info for user/group [%s@%s]\n",
- name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Returning info for user/group [%s]\n",
+ name);
}
/* Success. Break from the loop and return EOK */
@@ -4870,8 +4703,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
- DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%s@%s]\n", cmdctx->secid,
- dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%s]\n", cmdctx->secid);
sysdb = dom->sysdb;
if (sysdb == NULL) {
@@ -4938,9 +4770,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
}
/* One result found */
- DEBUG(SSSDBG_TRACE_FUNC, "Returning info for sid [%s@%s]\n", cmdctx->secid,
- dom->name);
-
+ DEBUG(SSSDBG_TRACE_FUNC, "Returning info for sid [%s]\n", cmdctx->secid);
return EOK;
}
@@ -5049,6 +4879,7 @@ static errno_t process_attr_list(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
if (strcmp(attr_list[c], SYSDB_USER_CERT) == 0) {
use_base64 = true;
}
+
for (d = 0; d < el->num_values; d++) {
to_sized_string(&keys[*found], attr_list[c]);
*sum += keys[*found].len;
@@ -5062,6 +4893,7 @@ static errno_t process_attr_list(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
} else {
val = el->values[d];
}
+
if (val.data == NULL || val.data[val.length] != '\0') {
DEBUG(SSSDBG_CRIT_FAILURE,
"Unexpected attribute value found for [%s].\n",
@@ -5186,6 +5018,7 @@ done:
}
static errno_t fill_name(struct sss_packet *packet,
+ struct resp_ctx *rctx,
struct sss_domain_info *dom,
enum sss_id_type id_type,
bool apply_no_view,
@@ -5194,10 +5027,7 @@ static errno_t fill_name(struct sss_packet *packet,
int ret;
TALLOC_CTX *tmp_ctx = NULL;
const char *orig_name = NULL;
- const char *cased_name;
- const char *fq_name;
- struct sized_string name;
- bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames);
+ struct sized_string *name;
uint8_t *body;
size_t blen;
size_t pctr = 0;
@@ -5211,10 +5041,6 @@ static errno_t fill_name(struct sss_packet *packet,
orig_name = ldb_msg_find_attr_as_string(msg,
OVERRIDE_PREFIX SYSDB_NAME,
NULL);
- if (orig_name != NULL && IS_SUBDOMAIN(dom)) {
- /* Override names are un-qualified */
- add_domain = true;
- }
}
}
@@ -5232,26 +5058,15 @@ static errno_t fill_name(struct sss_packet *packet,
return ENOMEM;
}
- cased_name= sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive);
- if (cased_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "sss_get_cased_name failed.\n");
- ret = ENOMEM;
+ ret = sized_output_name(tmp_ctx, rctx, orig_name, dom, &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "sized_output_name failed for %s: (%d): %s\n",
+ orig_name, ret, sss_strerror(ret));
goto done;
}
- if (add_domain) {
- fq_name = sss_tc_fqname(tmp_ctx, dom->names, dom, cased_name);
- if (fq_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
- ret = ENOMEM;
- goto done;
- }
- to_sized_string(&name, fq_name);
- } else {
- to_sized_string(&name, cased_name);
- }
-
- ret = sss_packet_grow(packet, name.len + 3 * sizeof(uint32_t));
+ ret = sss_packet_grow(packet, name->len + 3 * sizeof(uint32_t));
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sss_packet_grow failed.\n");
goto done;
@@ -5261,7 +5076,7 @@ static errno_t fill_name(struct sss_packet *packet,
SAFEALIGN_SETMEM_UINT32(body, 1, &pctr); /* Num results */
SAFEALIGN_SETMEM_UINT32(body + pctr, 0, &pctr); /* reserved */
SAFEALIGN_COPY_UINT32(body + pctr, &id_type, &pctr);
- memcpy(&body[pctr], name.str, name.len);
+ memcpy(&body[pctr], name->str, name->len);
ret = EOK;
@@ -5342,6 +5157,7 @@ static errno_t nss_cmd_getbysid_send_reply(struct nss_dom_ctx *dctx)
switch(cmdctx->cmd) {
case SSS_NSS_GETNAMEBYSID:
ret = fill_name(pctx->creq->out,
+ cctx->rctx,
dctx->domain,
id_type,
true,
@@ -5639,8 +5455,8 @@ static void users_find_by_cert_done(struct tevent_req *req)
goto done;
}
- ret = fill_name(pctx->creq->out, domain, SSS_ID_TYPE_UID, true,
- result->msgs[0]);
+ ret = fill_name(pctx->creq->out, cctx->rctx, domain,
+ SSS_ID_TYPE_UID, true, result->msgs[0]);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "fill_name failed.\n");
goto done;
generated by cgit (git 2.34.1) at 2024-05-13 04:57:11 +0000