summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ldap/ldap_id.c36
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c96
2 files changed, 103 insertions, 29 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 9cd215c64..6d5861208 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -47,6 +47,7 @@ struct users_get_state {
struct sdap_id_op *op;
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
+ char *shortname;
const char *filter_value;
int filter_type;
@@ -126,12 +127,25 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
case BE_FILTER_NAME:
if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
attr_name = ctx->opts->user_map[SDAP_AT_USER_PRINC].name;
+
+ ret = sss_filter_sanitize(state, filter_value, &clean_value);
+ if (ret != EOK) {
+ goto done;
+ }
} else {
attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name;
- }
- ret = sss_filter_sanitize(state, filter_value, &clean_value);
- if (ret != EOK) {
- goto done;
+
+ ret = sss_parse_internal_fqname(state, filter_value,
+ &state->shortname, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", filter_value);
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, state->shortname, &clean_value);
+ if (ret != EOK) {
+ goto done;
+ }
}
break;
case BE_FILTER_IDNUM:
@@ -452,12 +466,10 @@ static void users_get_done(struct tevent_req *subreq)
(dp_opt_get_bool(state->ctx->opts->basic,
SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) {
struct sysdb_attrs **usr_attrs;
- const char *name = NULL;
bool fallback;
switch (state->filter_type) {
case BE_FILTER_NAME:
- name = state->filter_value;
uid = -1;
fallback = true;
break;
@@ -475,7 +487,7 @@ static void users_get_done(struct tevent_req *subreq)
}
if (fallback) {
- ret = sdap_fallback_local_user(state, name, uid, &usr_attrs);
+ ret = sdap_fallback_local_user(state, state->shortname, uid, &usr_attrs);
if (ret == EOK) {
ret = sdap_save_user(state, state->ctx->opts, state->domain,
usr_attrs[0], NULL, 0);
@@ -613,6 +625,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
struct tevent_req *req;
struct groups_get_state *state;
const char *attr_name = NULL;
+ char *shortname = NULL;
char *clean_value;
char *endptr;
int ret;
@@ -662,7 +675,14 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
case BE_FILTER_NAME:
attr_name = ctx->opts->group_map[SDAP_AT_GROUP_NAME].name;
- ret = sss_filter_sanitize(state, filter_value, &clean_value);
+ ret = sss_parse_internal_fqname(state, filter_value,
+ &shortname, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", shortname);
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, shortname, &clean_value);
if (ret != EOK) {
goto done;
}
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 023180a53..383b11637 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -269,6 +269,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb,
{
TALLOC_CTX *tmp_ctx;
char **ldap_grouplist = NULL;
+ char **ldap_fqdnlist = NULL;
char **add_groups;
char **del_groups;
int ret, tret;
@@ -300,7 +301,16 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb,
/* Find the differences between the sysdb and LDAP lists
* Groups in the sysdb only must be removed.
*/
- ret = diff_string_lists(tmp_ctx, ldap_grouplist, sysdb_grouplist,
+ ldap_fqdnlist = sss_create_internal_fqname_list(
+ tmp_ctx,
+ (const char * const *) ldap_grouplist,
+ domain->name);
+ if (ldap_fqdnlist == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = diff_string_lists(tmp_ctx, ldap_fqdnlist, sysdb_grouplist,
&add_groups, &del_groups, NULL);
if (ret != EOK) goto done;
@@ -391,6 +401,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
struct sdap_initgr_rfc2307_state *state;
const char **attr_filter;
char *clean_name;
+ char *shortname;
errno_t ret;
char *oc_list;
@@ -438,7 +449,14 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
return NULL;
}
- ret = sss_filter_sanitize(state, name, &clean_name);
+ ret = sss_parse_internal_fqname(state, name,
+ &shortname, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", name);
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, shortname, &clean_name);
if (ret != EOK) {
talloc_free(req);
return NULL;
@@ -1200,6 +1218,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
char **sysdb_parent_name_list = NULL;
char **ldap_parent_name_list = NULL;
+ char **ldap_fqdnlist = NULL;
int nparents;
struct sysdb_attrs **ldap_parentlist;
@@ -1269,6 +1288,15 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
}
}
+ ldap_fqdnlist = sss_create_internal_fqname_list(
+ tmp_ctx,
+ (const char * const *) ldap_parent_name_list,
+ state->dom->name);
+ if (ldap_fqdnlist == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER,
state->username, &sysdb_parent_name_list);
if (ret) {
@@ -1279,7 +1307,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state)
}
ret = diff_string_lists(tmp_ctx,
- ldap_parent_name_list, sysdb_parent_name_list,
+ ldap_fqdnlist, sysdb_parent_name_list,
&add_groups, &del_groups, NULL);
if (ret != EOK) {
goto done;
@@ -2638,6 +2666,7 @@ struct sdap_get_initgr_state {
const char **grp_attrs;
const char **user_attrs;
char *user_base_filter;
+ char *shortname;
char *filter;
int timeout;
@@ -2702,24 +2731,49 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
sdom->dom->name,
sdom->dom->domain_id);
- ret = sss_filter_sanitize(state, filter_value, &clean_name);
- if (ret != EOK) {
- talloc_zfree(req);
- return NULL;
- }
+ switch (filter_type) {
+ case BE_FILTER_SECID:
+ search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
- if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
- search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name;
- } else {
- switch (filter_type) {
- case BE_FILTER_SECID:
- search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
- break;
- case BE_FILTER_UUID:
- search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name;
- break;
- default:
- search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name;
+ ret = sss_filter_sanitize(state, state->filter_value, &clean_name);
+ if (ret != EOK) {
+ talloc_zfree(req);
+ return NULL;
+ }
+ break;
+ case BE_FILTER_UUID:
+ search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name;
+
+ ret = sss_filter_sanitize(state, state->filter_value, &clean_name);
+ if (ret != EOK) {
+ talloc_zfree(req);
+ return NULL;
+ }
+ break;
+ case BE_FILTER_NAME:
+ if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
+ search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name;
+
+ ret = sss_filter_sanitize(state, state->filter_value, &clean_name);
+ if (ret != EOK) {
+ talloc_zfree(req);
+ return NULL;
+ }
+ } else {
+ search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name;
+
+ ret = sss_parse_internal_fqname(state, filter_value,
+ &state->shortname, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", filter_value);
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, state->shortname, &clean_name);
+ if (ret != EOK) {
+ talloc_zfree(req);
+ return NULL;
+ }
}
}
@@ -2849,7 +2903,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
if ((state->opts->schema_type == SDAP_SCHEMA_RFC2307) &&
(dp_opt_get_bool(state->opts->basic,
SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) {
- ret = sdap_fallback_local_user(state, state->filter_value, -1, &usr_attrs);
+ ret = sdap_fallback_local_user(state, state->shortname, -1, &usr_attrs);
} else {
ret = ENOENT;
}
generated by cgit (git 2.34.1) at 2024-05-27 18:06:59 +0000