summaryrefslogtreecommitdiffstats
path: root/src/db/sysdb_views.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/db/sysdb_views.c')
-rw-r--r--src/db/sysdb_views.c136
1 files changed, 62 insertions, 74 deletions
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
index 2b89e5ca4..79f513d13 100644
--- a/src/db/sysdb_views.c
+++ b/src/db/sysdb_views.c
@@ -1348,14 +1348,13 @@ done:
}
errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
- struct ldb_message *obj)
+ struct ldb_message *obj,
+ bool expect_override_dn)
{
int ret;
size_t c;
- struct ldb_message_element *members;
+ struct ldb_result *res_members;
TALLOC_CTX *tmp_ctx;
- struct ldb_dn *member_dn;
- struct ldb_result *member_obj;
struct ldb_result *override_obj;
static const char *member_attrs[] = SYSDB_PW_ATTRS;
const char *override_dn_str;
@@ -1366,12 +1365,6 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
char *val;
struct sss_domain_info *orig_dom;
- members = ldb_msg_find_element(obj, SYSDB_MEMBER);
- if (members == NULL || members->num_values == 0) {
- DEBUG(SSSDBG_TRACE_ALL, "Group has no members.\n");
- return EOK;
- }
-
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
@@ -1379,38 +1372,30 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
goto done;
}
- for (c = 0; c < members->num_values; c++) {
- member_dn = ldb_dn_from_ldb_val(tmp_ctx, domain->sysdb->ldb,
- &members->values[c]);
- if (member_dn == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_from_ldb_val failed.\n");
- ret = ENOMEM;
- goto done;
- }
-
- ret = ldb_search(domain->sysdb->ldb, member_dn, &member_obj, member_dn,
- LDB_SCOPE_BASE, member_attrs, NULL);
- if (ret != LDB_SUCCESS) {
- ret = sysdb_error_to_errno(ret);
- goto done;
- }
+ ret = sysdb_get_user_members_recursively(tmp_ctx, domain, obj->dn,
+ &res_members);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "sysdb_get_user_members_recursively failed.\n");
+ goto done;
+ }
- if (member_obj->count != 1) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Base search for member object returned [%d] results.\n",
- member_obj->count);
- ret = EINVAL;
- goto done;
- }
+ for (c = 0; c < res_members->count; c++) {
- if (ldb_msg_find_attr_as_uint64(member_obj->msgs[0],
+ if (ldb_msg_find_attr_as_uint64(res_members->msgs[c],
SYSDB_UIDNUM, 0) == 0) {
/* Skip non-POSIX-user members i.e. groups and non-POSIX users */
continue;
}
- override_dn_str = ldb_msg_find_attr_as_string(member_obj->msgs[0],
- SYSDB_OVERRIDE_DN, NULL);
+ if (expect_override_dn) {
+ override_dn_str = ldb_msg_find_attr_as_string(res_members->msgs[c],
+ SYSDB_OVERRIDE_DN,
+ NULL);
+ } else {
+ override_dn_str = ldb_dn_get_linearized(res_members->msgs[c]->dn);
+ }
+
if (override_dn_str == NULL) {
if (is_local_view(domain->view_name)) {
/* LOCAL view doesn't have to have overrideDN specified. */
@@ -1420,12 +1405,12 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
DEBUG(SSSDBG_CRIT_FAILURE,
"Missing override DN for object [%s].\n",
- ldb_dn_get_linearized(member_obj->msgs[0]->dn));
+ ldb_dn_get_linearized(res_members->msgs[c]->dn));
ret = ENOENT;
goto done;
}
- override_dn = ldb_dn_new(member_obj, domain->sysdb->ldb,
+ override_dn = ldb_dn_new(res_members, domain->sysdb->ldb,
override_dn_str);
if (override_dn == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
@@ -1433,22 +1418,27 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
goto done;
}
- orig_name = ldb_msg_find_attr_as_string(member_obj->msgs[0],
+ orig_name = ldb_msg_find_attr_as_string(res_members->msgs[c],
SYSDB_NAME,
NULL);
if (orig_name == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Object [%s] has no name.\n",
- ldb_dn_get_linearized(member_obj->msgs[0]->dn));
+ ldb_dn_get_linearized(res_members->msgs[c]->dn));
ret = EINVAL;
goto done;
}
- memberuid = NULL;
- if (ldb_dn_compare(member_obj->msgs[0]->dn, override_dn) != 0) {
+ /* start with default view name, if it exists or use NULL */
+ memberuid = ldb_msg_find_attr_as_string(res_members->msgs[c],
+ SYSDB_DEFAULT_OVERRIDE_NAME,
+ NULL);
+
+ /* If there is an override object, check if the name is overridden */
+ if (ldb_dn_compare(res_members->msgs[c]->dn, override_dn) != 0) {
DEBUG(SSSDBG_TRACE_ALL, "Checking override for object [%s].\n",
- ldb_dn_get_linearized(member_obj->msgs[0]->dn));
+ ldb_dn_get_linearized(res_members->msgs[c]->dn));
- ret = ldb_search(domain->sysdb->ldb, member_obj, &override_obj,
+ ret = ldb_search(domain->sysdb->ldb, res_members, &override_obj,
override_dn, LDB_SCOPE_BASE, member_attrs, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
@@ -1458,43 +1448,44 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
if (override_obj->count != 1) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Base search for override object returned [%d] results.\n",
- member_obj->count);
+ override_obj->count);
ret = EINVAL;
goto done;
}
memberuid = ldb_msg_find_attr_as_string(override_obj->msgs[0],
SYSDB_NAME,
- NULL);
+ memberuid);
+ }
- if (memberuid != NULL) {
- ret = sss_parse_internal_fqname(tmp_ctx, orig_name,
- NULL, &orig_domain);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE,
- "sss_parse_internal_fqname failed to split [%s].\n",
- orig_name);
+ /* add domain name if memberuid is a short name */
+ if (memberuid != NULL && strchr(memberuid, '@') == NULL) {
+ ret = sss_parse_internal_fqname(tmp_ctx, orig_name,
+ NULL, &orig_domain);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "sss_parse_internal_fqname failed to split [%s].\n",
+ orig_name);
+ goto done;
+ }
+
+ if (orig_domain != NULL) {
+ orig_dom = find_domain_by_name(get_domains_head(domain),
+ orig_domain, true);
+ if (orig_dom == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot find domain with name [%s].\n",
+ orig_domain);
+ ret = ERR_DOMAIN_NOT_FOUND;
goto done;
}
-
- if (orig_domain != NULL) {
- orig_dom = find_domain_by_name(get_domains_head(domain),
- orig_domain, true);
- if (orig_dom == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Cannot find domain with name [%s].\n",
- orig_domain);
- ret = ERR_DOMAIN_NOT_FOUND;
- goto done;
- }
- memberuid = sss_create_internal_fqname(tmp_ctx, memberuid,
- orig_dom->name);
- if (memberuid == NULL) {
- DEBUG(SSSDBG_OP_FAILURE,
- "sss_create_internal_fqname failed.\n");
- ret = ENOMEM;
- goto done;
- }
+ memberuid = sss_create_internal_fqname(tmp_ctx, memberuid,
+ orig_dom->name);
+ if (memberuid == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "sss_create_internal_fqname failed.\n");
+ ret = ENOMEM;
+ goto done;
}
}
}
@@ -1521,9 +1512,6 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
DEBUG(SSSDBG_TRACE_ALL, "Added [%s] to [%s].\n", memberuid,
OVERRIDE_PREFIX SYSDB_MEMBERUID);
- /* Free all temporary data of the current member to avoid memory usage
- * spikes. All temporary data should be allocated below member_dn. */
- talloc_free(member_dn);
}
ret = EOK;
generated by cgit (git 2.34.1) at 2024-06-11 10:26:28 +0000