diff options
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/ldap_id.c | 36 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 96 |
2 files changed, 103 insertions, 29 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 9cd215c64..6d5861208 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -47,6 +47,7 @@ struct users_get_state { struct sdap_id_op *op; struct sysdb_ctx *sysdb; struct sss_domain_info *domain; + char *shortname; const char *filter_value; int filter_type; @@ -126,12 +127,25 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, case BE_FILTER_NAME: if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { attr_name = ctx->opts->user_map[SDAP_AT_USER_PRINC].name; + + ret = sss_filter_sanitize(state, filter_value, &clean_value); + if (ret != EOK) { + goto done; + } } else { attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name; - } - ret = sss_filter_sanitize(state, filter_value, &clean_value); - if (ret != EOK) { - goto done; + + ret = sss_parse_internal_fqname(state, filter_value, + &state->shortname, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", filter_value); + goto done; + } + + ret = sss_filter_sanitize(state, state->shortname, &clean_value); + if (ret != EOK) { + goto done; + } } break; case BE_FILTER_IDNUM: @@ -452,12 +466,10 @@ static void users_get_done(struct tevent_req *subreq) (dp_opt_get_bool(state->ctx->opts->basic, SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) { struct sysdb_attrs **usr_attrs; - const char *name = NULL; bool fallback; switch (state->filter_type) { case BE_FILTER_NAME: - name = state->filter_value; uid = -1; fallback = true; break; @@ -475,7 +487,7 @@ static void users_get_done(struct tevent_req *subreq) } if (fallback) { - ret = sdap_fallback_local_user(state, name, uid, &usr_attrs); + ret = sdap_fallback_local_user(state, state->shortname, uid, &usr_attrs); if (ret == EOK) { ret = sdap_save_user(state, state->ctx->opts, state->domain, usr_attrs[0], NULL, 0); @@ -613,6 +625,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, struct tevent_req *req; struct groups_get_state *state; const char *attr_name = NULL; + char *shortname = NULL; char *clean_value; char *endptr; int ret; @@ -662,7 +675,14 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, case BE_FILTER_NAME: attr_name = ctx->opts->group_map[SDAP_AT_GROUP_NAME].name; - ret = sss_filter_sanitize(state, filter_value, &clean_value); + ret = sss_parse_internal_fqname(state, filter_value, + &shortname, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", shortname); + goto done; + } + + ret = sss_filter_sanitize(state, shortname, &clean_value); if (ret != EOK) { goto done; } diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 023180a53..383b11637 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -269,6 +269,7 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, { TALLOC_CTX *tmp_ctx; char **ldap_grouplist = NULL; + char **ldap_fqdnlist = NULL; char **add_groups; char **del_groups; int ret, tret; @@ -300,7 +301,16 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, /* Find the differences between the sysdb and LDAP lists * Groups in the sysdb only must be removed. */ - ret = diff_string_lists(tmp_ctx, ldap_grouplist, sysdb_grouplist, + ldap_fqdnlist = sss_create_internal_fqname_list( + tmp_ctx, + (const char * const *) ldap_grouplist, + domain->name); + if (ldap_fqdnlist == NULL) { + ret = ENOMEM; + goto done; + } + + ret = diff_string_lists(tmp_ctx, ldap_fqdnlist, sysdb_grouplist, &add_groups, &del_groups, NULL); if (ret != EOK) goto done; @@ -391,6 +401,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, struct sdap_initgr_rfc2307_state *state; const char **attr_filter; char *clean_name; + char *shortname; errno_t ret; char *oc_list; @@ -438,7 +449,14 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, return NULL; } - ret = sss_filter_sanitize(state, name, &clean_name); + ret = sss_parse_internal_fqname(state, name, + &shortname, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", name); + goto done; + } + + ret = sss_filter_sanitize(state, shortname, &clean_name); if (ret != EOK) { talloc_free(req); return NULL; @@ -1200,6 +1218,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) char **sysdb_parent_name_list = NULL; char **ldap_parent_name_list = NULL; + char **ldap_fqdnlist = NULL; int nparents; struct sysdb_attrs **ldap_parentlist; @@ -1269,6 +1288,15 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) } } + ldap_fqdnlist = sss_create_internal_fqname_list( + tmp_ctx, + (const char * const *) ldap_parent_name_list, + state->dom->name); + if (ldap_fqdnlist == NULL) { + ret = ENOMEM; + goto done; + } + ret = sysdb_get_direct_parents(tmp_ctx, state->dom, SYSDB_MEMBER_USER, state->username, &sysdb_parent_name_list); if (ret) { @@ -1279,7 +1307,7 @@ sdap_initgr_store_user_memberships(struct sdap_initgr_nested_state *state) } ret = diff_string_lists(tmp_ctx, - ldap_parent_name_list, sysdb_parent_name_list, + ldap_fqdnlist, sysdb_parent_name_list, &add_groups, &del_groups, NULL); if (ret != EOK) { goto done; @@ -2638,6 +2666,7 @@ struct sdap_get_initgr_state { const char **grp_attrs; const char **user_attrs; char *user_base_filter; + char *shortname; char *filter; int timeout; @@ -2702,24 +2731,49 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, sdom->dom->name, sdom->dom->domain_id); - ret = sss_filter_sanitize(state, filter_value, &clean_name); - if (ret != EOK) { - talloc_zfree(req); - return NULL; - } + switch (filter_type) { + case BE_FILTER_SECID: + search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name; - if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { - search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name; - } else { - switch (filter_type) { - case BE_FILTER_SECID: - search_attr = state->opts->user_map[SDAP_AT_USER_OBJECTSID].name; - break; - case BE_FILTER_UUID: - search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name; - break; - default: - search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + ret = sss_filter_sanitize(state, state->filter_value, &clean_name); + if (ret != EOK) { + talloc_zfree(req); + return NULL; + } + break; + case BE_FILTER_UUID: + search_attr = state->opts->user_map[SDAP_AT_USER_UUID].name; + + ret = sss_filter_sanitize(state, state->filter_value, &clean_name); + if (ret != EOK) { + talloc_zfree(req); + return NULL; + } + break; + case BE_FILTER_NAME: + if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) { + search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name; + + ret = sss_filter_sanitize(state, state->filter_value, &clean_name); + if (ret != EOK) { + talloc_zfree(req); + return NULL; + } + } else { + search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + + ret = sss_parse_internal_fqname(state, filter_value, + &state->shortname, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Cannot parse %s\n", filter_value); + goto done; + } + + ret = sss_filter_sanitize(state, state->shortname, &clean_name); + if (ret != EOK) { + talloc_zfree(req); + return NULL; + } } } @@ -2849,7 +2903,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) if ((state->opts->schema_type == SDAP_SCHEMA_RFC2307) && (dp_opt_get_bool(state->opts->basic, SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) { - ret = sdap_fallback_local_user(state, state->filter_value, -1, &usr_attrs); + ret = sdap_fallback_local_user(state, state->shortname, -1, &usr_attrs); } else { ret = ENOENT; } |