diff options
Diffstat (limited to 'src/db/sysdb_views.c')
-rw-r--r-- | src/db/sysdb_views.c | 136 |
1 files changed, 62 insertions, 74 deletions
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c index 2b89e5ca4..79f513d13 100644 --- a/src/db/sysdb_views.c +++ b/src/db/sysdb_views.c @@ -1348,14 +1348,13 @@ done: } errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain, - struct ldb_message *obj) + struct ldb_message *obj, + bool expect_override_dn) { int ret; size_t c; - struct ldb_message_element *members; + struct ldb_result *res_members; TALLOC_CTX *tmp_ctx; - struct ldb_dn *member_dn; - struct ldb_result *member_obj; struct ldb_result *override_obj; static const char *member_attrs[] = SYSDB_PW_ATTRS; const char *override_dn_str; @@ -1366,12 +1365,6 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain, char *val; struct sss_domain_info *orig_dom; - members = ldb_msg_find_element(obj, SYSDB_MEMBER); - if (members == NULL || members->num_values == 0) { - DEBUG(SSSDBG_TRACE_ALL, "Group has no members.\n"); - return EOK; - } - tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); @@ -1379,38 +1372,30 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain, goto done; } - for (c = 0; c < members->num_values; c++) { - member_dn = ldb_dn_from_ldb_val(tmp_ctx, domain->sysdb->ldb, - &members->values[c]); - if (member_dn == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_from_ldb_val failed.\n"); - ret = ENOMEM; - goto done; - } - - ret = ldb_search(domain->sysdb->ldb, member_dn, &member_obj, member_dn, - LDB_SCOPE_BASE, member_attrs, NULL); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } + ret = sysdb_get_user_members_recursively(tmp_ctx, domain, obj->dn, + &res_members); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_get_user_members_recursively failed.\n"); + goto done; + } - if (member_obj->count != 1) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Base search for member object returned [%d] results.\n", - member_obj->count); - ret = EINVAL; - goto done; - } + for (c = 0; c < res_members->count; c++) { - if (ldb_msg_find_attr_as_uint64(member_obj->msgs[0], + if (ldb_msg_find_attr_as_uint64(res_members->msgs[c], SYSDB_UIDNUM, 0) == 0) { /* Skip non-POSIX-user members i.e. groups and non-POSIX users */ continue; } - override_dn_str = ldb_msg_find_attr_as_string(member_obj->msgs[0], - SYSDB_OVERRIDE_DN, NULL); + if (expect_override_dn) { + override_dn_str = ldb_msg_find_attr_as_string(res_members->msgs[c], + SYSDB_OVERRIDE_DN, + NULL); + } else { + override_dn_str = ldb_dn_get_linearized(res_members->msgs[c]->dn); + } + if (override_dn_str == NULL) { if (is_local_view(domain->view_name)) { /* LOCAL view doesn't have to have overrideDN specified. */ @@ -1420,12 +1405,12 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain, DEBUG(SSSDBG_CRIT_FAILURE, "Missing override DN for object [%s].\n", - ldb_dn_get_linearized(member_obj->msgs[0]->dn)); + ldb_dn_get_linearized(res_members->msgs[c]->dn)); ret = ENOENT; goto done; } - override_dn = ldb_dn_new(member_obj, domain->sysdb->ldb, + override_dn = ldb_dn_new(res_members, domain->sysdb->ldb, override_dn_str); if (override_dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n"); @@ -1433,22 +1418,27 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain, goto done; } - orig_name = ldb_msg_find_attr_as_string(member_obj->msgs[0], + orig_name = ldb_msg_find_attr_as_string(res_members->msgs[c], SYSDB_NAME, NULL); if (orig_name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Object [%s] has no name.\n", - ldb_dn_get_linearized(member_obj->msgs[0]->dn)); + ldb_dn_get_linearized(res_members->msgs[c]->dn)); ret = EINVAL; goto done; } - memberuid = NULL; - if (ldb_dn_compare(member_obj->msgs[0]->dn, override_dn) != 0) { + /* start with default view name, if it exists or use NULL */ + memberuid = ldb_msg_find_attr_as_string(res_members->msgs[c], + SYSDB_DEFAULT_OVERRIDE_NAME, + NULL); + + /* If there is an override object, check if the name is overridden */ + if (ldb_dn_compare(res_members->msgs[c]->dn, override_dn) != 0) { DEBUG(SSSDBG_TRACE_ALL, "Checking override for object [%s].\n", - ldb_dn_get_linearized(member_obj->msgs[0]->dn)); + ldb_dn_get_linearized(res_members->msgs[c]->dn)); - ret = ldb_search(domain->sysdb->ldb, member_obj, &override_obj, + ret = ldb_search(domain->sysdb->ldb, res_members, &override_obj, override_dn, LDB_SCOPE_BASE, member_attrs, NULL); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); @@ -1458,43 +1448,44 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain, if (override_obj->count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, "Base search for override object returned [%d] results.\n", - member_obj->count); + override_obj->count); ret = EINVAL; goto done; } memberuid = ldb_msg_find_attr_as_string(override_obj->msgs[0], SYSDB_NAME, - NULL); + memberuid); + } - if (memberuid != NULL) { - ret = sss_parse_internal_fqname(tmp_ctx, orig_name, - NULL, &orig_domain); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "sss_parse_internal_fqname failed to split [%s].\n", - orig_name); + /* add domain name if memberuid is a short name */ + if (memberuid != NULL && strchr(memberuid, '@') == NULL) { + ret = sss_parse_internal_fqname(tmp_ctx, orig_name, + NULL, &orig_domain); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sss_parse_internal_fqname failed to split [%s].\n", + orig_name); + goto done; + } + + if (orig_domain != NULL) { + orig_dom = find_domain_by_name(get_domains_head(domain), + orig_domain, true); + if (orig_dom == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot find domain with name [%s].\n", + orig_domain); + ret = ERR_DOMAIN_NOT_FOUND; goto done; } - - if (orig_domain != NULL) { - orig_dom = find_domain_by_name(get_domains_head(domain), - orig_domain, true); - if (orig_dom == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Cannot find domain with name [%s].\n", - orig_domain); - ret = ERR_DOMAIN_NOT_FOUND; - goto done; - } - memberuid = sss_create_internal_fqname(tmp_ctx, memberuid, - orig_dom->name); - if (memberuid == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "sss_create_internal_fqname failed.\n"); - ret = ENOMEM; - goto done; - } + memberuid = sss_create_internal_fqname(tmp_ctx, memberuid, + orig_dom->name); + if (memberuid == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "sss_create_internal_fqname failed.\n"); + ret = ENOMEM; + goto done; } } } @@ -1521,9 +1512,6 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain, DEBUG(SSSDBG_TRACE_ALL, "Added [%s] to [%s].\n", memberuid, OVERRIDE_PREFIX SYSDB_MEMBERUID); - /* Free all temporary data of the current member to avoid memory usage - * spikes. All temporary data should be allocated below member_dn. */ - talloc_free(member_dn); } ret = EOK; |