summaryrefslogtreecommitdiffstats
path: root/src/providers/ldap/sdap_async_initgroups.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap/sdap_async_initgroups.c')
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c96
1 files changed, 75 insertions, 21 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 023180a53..383b11637 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -269,6 +269,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb,
{
TALLOC_CTX *tmp_ctx;
char **ldap_grouplist = NULL;
+ char **ldap_fqdnlist = NULL;
char **add_groups;
char **del_groups;
int ret, tret;
@@ -300,7 +301,16 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb,
/* Find the differences between the sysdb and LDAP lists
* Groups in the sysdb only must be removed.
*/
- ret = diff_string_lists(tmp_ctx, ldap_grouplist, sysdb_grouplist,
+ ldap_fqdnlist = sss_create_internal_fqname_list(
+ tmp_ctx,
+ (const char * const *) ldap_grouplist,
+ domain->name);
+ if (ldap_fqdnlist == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = diff_string_lists(tmp_ctx, ldap_fqdnlist, sysdb_grouplist,
&add_groups, &del_groups, NULL);
if (ret != EOK) goto done;
@@ -391,6 +401,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
struct sdap_initgr_rfc2307_state *state;
const char **attr_filter;
char *clean_name;
+ char *shortname;
errno_t ret;
char *oc_list;
@@ -438,7 +449,14 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
return NULL;
}
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_parse_internal_fqname(state, name,
+ &shortname, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", name);
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, shortname, &clean_name);
if (ret != EOK) {
talloc_free(req);
return NULL;
@@ -1200,6 +1218,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
char **sysdb_parent_name_list = NULL;
char **ldap_parent_name_list = NULL;
+ char **ldap_fqdnlist = NULL;
int nparents;
struct sysdb_attrs **ldap_parentlist;
@@ -1269,6 +1288,15 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
}
}
+ ldap_fqdnlist = sss_create_internal_fqname_list(
+ tmp_ctx,
+ (const char * const *) ldap_parent_name_list,
+ state->dom->name);
+ if (ldap_fqdnlist == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER,
state->username, &sysdb_parent_name_list);
if (ret) {
@@ -1279,7 +1307,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
}
ret = diff_string_lists(tmp_ctx,
- ldap_parent_name_list, sysdb_parent_name_list,
+ ldap_fqdnlist, sysdb_parent_name_list,
&add_groups, &del_groups, NULL);
if (ret != EOK) {
goto done;
@@ -2638,6 +2666,7 @@ struct sdap_get_initgr_state {
const char **grp_attrs;
const char **user_attrs;
char *user_base_filter;
+ char *shortname;
char *filter;
int timeout;
@@ -2702,24 +2731,49 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
sdom->dom->name,
sdom->dom->domain_id);
- ret = sss_filter_sanitize(state, filter_value, &clean_name);
- if (ret != EOK) {
- talloc_zfree(req);
- return NULL;
- }
+ switch (filter_type) {
+ case BE_FILTER_SECID:
+ search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
- if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
- search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name;
- } else {
- switch (filter_type) {
- case BE_FILTER_SECID:
- search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
- break;
- case BE_FILTER_UUID:
- search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name;
- break;
- default:
- search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name;
+ ret = sss_filter_sanitize(state, state->filter_value, &clean_name);
+ if (ret != EOK) {
+ talloc_zfree(req);
+ return NULL;
+ }
+ break;
+ case BE_FILTER_UUID:
+ search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name;
+
+ ret = sss_filter_sanitize(state, state->filter_value, &clean_name);
+ if (ret != EOK) {
+ talloc_zfree(req);
+ return NULL;
+ }
+ break;
+ case BE_FILTER_NAME:
+ if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
+ search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name;
+
+ ret = sss_filter_sanitize(state, state->filter_value, &clean_name);
+ if (ret != EOK) {
+ talloc_zfree(req);
+ return NULL;
+ }
+ } else {
+ search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name;
+
+ ret = sss_parse_internal_fqname(state, filter_value,
+ &state->shortname, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", filter_value);
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, state->shortname, &clean_name);
+ if (ret != EOK) {
+ talloc_zfree(req);
+ return NULL;
+ }
}
}
@@ -2849,7 +2903,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
if ((state->opts->schema_type == SDAP_SCHEMA_RFC2307) &&
(dp_opt_get_bool(state->opts->basic,
SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) {
- ret = sdap_fallback_local_user(state, state->filter_value, -1, &usr_attrs);
+ ret = sdap_fallback_local_user(state, state->shortname, -1, &usr_attrs);
} else {
ret = ENOENT;
}
generated by cgit (git 2.34.1) at 2024-05-05 23:58:34 +0000