summaryrefslogtreecommitdiffstats
path: root/src/responder
diff options
context:
space:
mode:
Diffstat (limited to 'src/responder')
-rw-r--r--src/responder/nss/nsssrv_cmd.c590
1 files changed, 203 insertions, 387 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index a54d3d8ba..700998974 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -193,22 +193,11 @@ static const char *get_homedir_override(TALLOC_CTX *mem_ctx,
struct sss_nss_homedir_ctx *homedir_ctx)
{
const char *homedir;
- const char *orig_name = homedir_ctx->username;
- errno_t ret;
homedir = sss_view_ldb_msg_find_attr_as_string(dom, msg, SYSDB_HOMEDIR,
NULL);
homedir_ctx->original = homedir;
- /* Subdomain users store FQDN in their name attribute */
- ret = sss_parse_name_const(mem_ctx, dom->names, orig_name,
- NULL, &homedir_ctx->username);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Could not parse [%s] into "
- "name-value components.\n", orig_name);
- return NULL;
- }
-
/* Check to see which homedir_prefix to use. */
if (dom->homedir_substr != NULL) {
homedir_ctx->config_homedir_substr = dom->homedir_substr;
@@ -324,6 +313,93 @@ static const char *get_shell_override(TALLOC_CTX *mem_ctx,
return talloc_strdup(mem_ctx, NOLOGIN_SHELL);
}
+static int sized_output_name(TALLOC_CTX *mem_ctx,
+ struct resp_ctx *rctx,
+ const char *orig_name,
+ struct sss_domain_info *name_dom,
+ struct sized_string **_name)
+{
+ TALLOC_CTX *tmp_ctx = NULL;
+ errno_t ret;
+ char *username;
+ struct sized_string *name;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ username = sss_output_name(tmp_ctx, orig_name, name_dom->case_preserve,
+ rctx->override_space);
+ if (username == NULL) {
+ ret = EIO;
+ goto done;
+ }
+
+ if (name_dom->fqnames) {
+ username = sss_tc_fqname(tmp_ctx, name_dom->names, name_dom, username);
+ if (username == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_replace_space failed\n");
+ ret = EIO;
+ goto done;
+ }
+ }
+
+ name = talloc_zero(tmp_ctx, struct sized_string);
+ if (name == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ to_sized_string(name, username);
+ name->str = talloc_steal(name, username);
+ *_name = talloc_steal(mem_ctx, name);
+ ret = EOK;
+done:
+ talloc_zfree(tmp_ctx);
+ return ret;
+}
+
+static int sized_member_name(TALLOC_CTX *mem_ctx,
+ struct resp_ctx *rctx,
+ const char *member_name,
+ struct sized_string **_name)
+{
+ TALLOC_CTX *tmp_ctx = NULL;
+ errno_t ret;
+ char *domname;
+ struct sss_domain_info *member_dom;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ ret = sss_parse_internal_fqname(tmp_ctx, member_name, NULL, &domname);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sss_parse_internal_fqname failed\n");
+ goto done;
+ }
+
+ if (domname == NULL) {
+ ret = ERR_WRONG_NAME_FORMAT;
+ goto done;
+ }
+
+ member_dom = find_domain_by_name(get_domains_head(rctx->domains),
+ domname, true);
+ if (member_dom == NULL) {
+ ret = ERR_DOMAIN_NOT_FOUND;
+ goto done;
+ }
+
+ ret = sized_output_name(mem_ctx, rctx, member_name,
+ member_dom, _name);
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
static int fill_pwent(struct sss_packet *packet,
struct sss_domain_info *dom,
struct nss_ctx *nctx,
@@ -336,18 +412,15 @@ static int fill_pwent(struct sss_packet *packet,
const char *upn;
const char *tmpstr;
const char *orig_name;
- struct sized_string name;
+ struct sized_string *name;
struct sized_string gecos;
struct sized_string homedir;
struct sized_string shell;
struct sized_string pwfield;
- struct sized_string fullname;
uint32_t uid;
uint32_t gid;
size_t rsize, rp, blen;
- int fq_len = 0;
int i, ret, num;
- bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames);
const char *domain = dom->name;
bool packet_initialized = false;
int ncret;
@@ -371,10 +444,6 @@ static int fill_pwent(struct sss_packet *packet,
orig_name = ldb_msg_find_attr_as_string(msg,
OVERRIDE_PREFIX SYSDB_NAME,
NULL);
- if (orig_name != NULL && IS_SUBDOMAIN(dom)) {
- /* Override names are not fully qualified */
- add_domain = true;
- }
gid = ldb_msg_find_attr_as_uint64(msg,
OVERRIDE_PREFIX SYSDB_GIDNUM, 0);
@@ -408,8 +477,7 @@ static int fill_pwent(struct sss_packet *packet,
ncret = sss_ncache_check_user(nctx->rctx->ncache, dom, orig_name);
if (ncret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
- "User [%s@%s] filtered out! (negative cache)\n",
- orig_name, domain);
+ "User [%s] filtered out! (negative cache)\n", orig_name);
continue;
}
}
@@ -421,23 +489,14 @@ static int fill_pwent(struct sss_packet *packet,
packet_initialized = true;
}
- tmpstr = sss_get_cased_name(tmp_ctx, orig_name, dom->case_preserve);
- if (tmpstr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_get_cased_name failed, skipping\n");
- continue;
- }
-
- tmpstr = sss_replace_space(tmp_ctx, tmpstr,
- nctx->rctx->override_space);
- if (tmpstr == NULL) {
+ ret = sized_output_name(tmp_ctx, nctx->rctx, orig_name,
+ dom, &name);
+ if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_replace_space failed, skipping\n");
+ "sized_output_name failed, skipping\n");
continue;
}
- to_sized_string(&name, tmpstr);
-
tmpstr = sss_view_ldb_msg_find_attr_as_string(dom, msg, SYSDB_GECOS,
NULL);
if (!tmpstr) {
@@ -447,8 +506,7 @@ static int fill_pwent(struct sss_packet *packet,
}
ZERO_STRUCT(homedir_ctx);
-
- homedir_ctx.username = name.str;
+ homedir_ctx.username = orig_name;
homedir_ctx.uid = uid;
homedir_ctx.domain = dom->name;
homedir_ctx.upn = upn;
@@ -467,20 +525,9 @@ static int fill_pwent(struct sss_packet *packet,
to_sized_string(&shell, tmpstr);
}
- rsize = 2 * sizeof(uint32_t) + name.len + gecos.len +
+ rsize = 2 * sizeof(uint32_t) + name->len + gecos.len +
homedir.len + shell.len + pwfield.len;
- if (add_domain) {
- fq_len = sss_fqname(NULL, 0, dom->names, dom, name.str);
- if (fq_len >= 0) {
- fq_len += 1;
- rsize -= name.len;
- rsize += fq_len;
- } else {
- fq_len = 0;
- }
- }
-
ret = sss_packet_grow(packet, rsize);
if (ret != EOK) {
num = 0;
@@ -490,20 +537,8 @@ static int fill_pwent(struct sss_packet *packet,
SAFEALIGN_SET_UINT32(&body[rp], uid, &rp);
SAFEALIGN_SET_UINT32(&body[rp], gid, &rp);
-
- if (add_domain) {
- ret = sss_fqname((char *) &body[rp], fq_len, dom->names, dom, name.str);
- if (ret < 0 || ret != fq_len - 1) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Failed to generate a fully qualified name for user "
- "[%s] in [%s]! Skipping user.\n", name.str, domain);
- continue;
- }
- } else {
- memcpy(&body[rp], name.str, name.len);
- }
- to_sized_string(&fullname, (const char *)&body[rp]);
- rp += fullname.len;
+ memcpy(&body[rp], name->str, name->len);
+ rp += name->len;
memcpy(&body[rp], pwfield.str, pwfield.len);
rp += pwfield.len;
@@ -518,13 +553,13 @@ static int fill_pwent(struct sss_packet *packet,
if (pw_mmap_cache && nctx->pwd_mc_ctx) {
ret = sss_mmap_cache_pw_store(&nctx->pwd_mc_ctx,
- &fullname, &pwfield,
+ name, &pwfield,
uid, gid,
&gecos, &homedir, &shell);
if (ret != EOK && ret != ENOMEM) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to store user %s(%s) in mmap cache!\n",
- name.str, domain);
+ name->str, domain);
}
}
}
@@ -881,13 +916,14 @@ static void nsssrv_dp_send_acct_req_done(struct tevent_req *req)
cb_ctx->callback(err_maj, err_min, err_msg, cb_ctx->ptr);
}
-static int delete_entry_from_memcache(struct sss_domain_info *dom, char *name,
+static int delete_entry_from_memcache(struct sss_domain_info *dom,
+ char *name,
+ struct resp_ctx *rctx,
struct sss_mc_ctx *mc_ctx,
enum sss_mc_type type)
{
TALLOC_CTX *tmp_ctx = NULL;
- struct sized_string delete_name;
- char *fqdn = NULL;
+ struct sized_string *delete_name;
int ret;
tmp_ctx = talloc_new(NULL);
@@ -896,21 +932,15 @@ static int delete_entry_from_memcache(struct sss_domain_info *dom, char *name,
return ENOMEM;
}
- if (dom->fqnames) {
- fqdn = sss_tc_fqname(tmp_ctx, dom->names, dom, name);
- if (fqdn == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory.\n");
- ret = ENOMEM;
- goto done;
- }
- to_sized_string(&delete_name, fqdn);
- } else {
- to_sized_string(&delete_name, name);
+ ret = sized_output_name(tmp_ctx, rctx, name, dom, &delete_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sized_output_name failed: %d\n", ret);
+ goto done;
}
switch (type) {
case SSS_MC_PASSWD:
- ret = sss_mmap_cache_pw_invalidate(mc_ctx, &delete_name);
+ ret = sss_mmap_cache_pw_invalidate(mc_ctx, delete_name);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Internal failure in memory cache code: %d [%s]\n",
@@ -919,7 +949,7 @@ static int delete_entry_from_memcache(struct sss_domain_info *dom, char *name,
}
break;
case SSS_MC_GROUP:
- ret = sss_mmap_cache_gr_invalidate(mc_ctx, &delete_name);
+ ret = sss_mmap_cache_gr_invalidate(mc_ctx, delete_name);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Internal failure in memory cache code: %d [%s]\n",
@@ -928,7 +958,7 @@ static int delete_entry_from_memcache(struct sss_domain_info *dom, char *name,
}
break;
case SSS_MC_INITGROUPS:
- ret = sss_mmap_cache_initgr_invalidate(mc_ctx, &delete_name);
+ ret = sss_mmap_cache_initgr_invalidate(mc_ctx, delete_name);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Internal failure in memory cache code: %d [%s]\n",
@@ -993,14 +1023,9 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
dctx->domain = dom;
talloc_free(name);
- name = sss_get_cased_name(cmdctx, cmdctx->name, dom->case_sensitive);
- if (!name) return ENOMEM;
-
- name = sss_reverse_replace_space(dctx, name,
- nctx->rctx->override_space);
+ name = sss_resp_create_fqname(dctx, nctx->rctx, dctx->domain,
+ cmdctx->name_is_upn, cmdctx->name);
if (name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_reverse_replace_space failed\n");
return ENOMEM;
}
@@ -1028,8 +1053,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
return ENOENT;
}
- DEBUG(SSSDBG_CONF_SETTINGS,
- "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s]\n", name);
if (dom->sysdb == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
@@ -1078,9 +1102,9 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_FATAL_FAILURE,
"getpwnam call returned more than one result !?!\n");
sss_log(SSS_LOG_ERR,
- "More users have the same name [%s@%s] in SSSD cache. "
+ "More users have the same name [%s] in SSSD cache. "
"SSSD will not work correctly.\n",
- name, dom->name);
+ name);
return ENOENT;
}
@@ -1088,8 +1112,8 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
/* set negative cache only if not result of cache check */
ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
- name, dom->name);
+ DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s\n",
+ name);
}
/* if a multidomain search, try with next */
@@ -1105,14 +1129,15 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_OP_FAILURE, "No results for getpwnam call\n");
/* User not found in ldb -> delete user from memory cache. */
- ret = delete_entry_from_memcache(dctx->domain, name,
+ ret = delete_entry_from_memcache(dctx->domain, name, nctx->rctx,
nctx->pwd_mc_ctx, SSS_MC_PASSWD);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Deleting user from memcache failed.\n");
}
- ret = delete_entry_from_memcache(dctx->domain, name,
+ ret = delete_entry_from_memcache(dctx->domain,
+ name, nctx->rctx,
nctx->initgr_mc_ctx,
SSS_MC_INITGROUPS);
if (ret != EOK) {
@@ -1149,9 +1174,7 @@ static int nss_cmd_getpwnam_search(struct nss_dom_ctx *dctx)
}
/* One result found */
- DEBUG(SSSDBG_TRACE_FUNC,
- "Returning info for user [%s@%s]\n", name, dom->name);
-
+ DEBUG(SSSDBG_TRACE_FUNC, "Returning info for user [%s]\n", name);
return EOK;
}
@@ -2750,53 +2773,8 @@ void nss_update_gr_memcache(struct nss_ctx *nctx)
#define MNUM_ROFFSET sizeof(uint32_t)
#define STRS_ROFFSET 2*sizeof(uint32_t)
-static int parse_member(TALLOC_CTX *mem_ctx, struct sss_domain_info *group_dom,
- const char *member, struct sss_domain_info **_member_dom,
- struct sized_string *_name, bool *_add_domain)
-{
- errno_t ret;
- char *username;
- char *domname;
- const char *use_member;
- struct sss_domain_info *member_dom;
- bool add_domain;
-
- ret = sss_parse_name(mem_ctx, group_dom->names, member, &domname, &username);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Could not parse [%s] into "
- "name-value components.\n", member);
- return ret;
- }
-
- add_domain = (!IS_SUBDOMAIN(group_dom) && group_dom->fqnames);
- use_member = member;
- member_dom = group_dom;
-
- if (IS_SUBDOMAIN(group_dom) == false && domname != NULL) {
- /* The group is stored in the parent domain, but the member comes from.
- * a subdomain. No need to add the domain component, it's already
- * present in the memberuid/ghost attribute
- */
- add_domain = false;
- }
-
- if (IS_SUBDOMAIN(group_dom) == true && domname == NULL) {
- /* The group is stored in a subdomain, but the member comes
- * from the parent domain. Need to add the domain component
- * of the parent domain
- */
- add_domain = true;
- use_member = username;
- member_dom = group_dom->parent;
- }
-
- to_sized_string(_name, use_member);
- *_add_domain = add_domain;
- *_member_dom = member_dom;
- return EOK;
-}
-
static int fill_members(struct sss_packet *packet,
+ struct resp_ctx *rctx,
struct sss_domain_info *dom,
struct nss_ctx *nctx,
struct ldb_message_element *el,
@@ -2804,105 +2782,51 @@ static int fill_members(struct sss_packet *packet,
size_t *_rsize,
int *_memnum)
{
- int i, ret = EOK;
+ int ret = EOK;
int memnum = *_memnum;
size_t rzero= *_rzero;
size_t rsize = *_rsize;
- const char *tmpstr;
- struct sized_string name;
+ struct sized_string *name;
TALLOC_CTX *tmp_ctx = NULL;
- int nlen = 0;
-
+ const char *fqname;
uint8_t *body;
size_t blen;
- const char *domain = dom->name;
- bool add_domain;
- struct sss_domain_info *member_dom;
-
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
sss_packet_get_body(packet, &body, &blen);
- for (i = 0; i < el->num_values; i++) {
- tmpstr = sss_get_cased_name(tmp_ctx, (char *)el->values[i].data,
- dom->case_preserve);
- if (tmpstr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_get_cased_name failed, skipping\n");
- continue;
- }
-
- tmpstr = sss_replace_space(tmp_ctx, tmpstr,
- nctx->rctx->override_space);
- if (tmpstr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_replace_space failed\n");
- ret = ENOMEM;
- goto done;
- }
+ for (unsigned i = 0; i < el->num_values; i++) {
+ fqname = (const char *)el->values[i].data;
if (nctx->filter_users_in_groups) {
- ret = sss_ncache_check_user(nctx->rctx->ncache, dom, tmpstr);
+ ret = sss_ncache_check_user(nctx->rctx->ncache, dom, fqname);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
- "Group [%s] member [%s@%s] filtered out!"
+ "Group [%s] member [%s] filtered out!"
" (negative cache)\n",
- (char *)&body[rzero+STRS_ROFFSET], tmpstr, domain);
+ (char *)&body[rzero+STRS_ROFFSET], fqname);
continue;
}
}
- ret = parse_member(tmp_ctx, dom, tmpstr, &member_dom, &name, &add_domain);
+ ret = sized_member_name(tmp_ctx, rctx, fqname, &name);
if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE,
- "Could not process member %s, skipping\n", tmpstr);
- continue;
- }
-
- if (add_domain) {
- nlen = sss_fqname(NULL, 0, member_dom->names, member_dom,
- name.str);
- if (nlen >= 0) {
- nlen += 1;
- } else {
- /* Other failures caught below */
- nlen = 0;
- }
- } else {
- nlen = name.len;
+ DEBUG(SSSDBG_OP_FAILURE, "sized_member_name failed: %d\n", ret);
+ goto done;
}
- ret = sss_packet_grow(packet, nlen);
+ ret = sss_packet_grow(packet, name->len);
if (ret != EOK) {
goto done;
}
sss_packet_get_body(packet, &body, &blen);
- if (add_domain) {
- ret = sss_fqname((char *)&body[rzero + rsize], nlen,
- member_dom->names, member_dom, name.str);
- if (ret < 0 || ret != nlen - 1) {
- DEBUG(SSSDBG_OP_FAILURE, "Failed to generate a fully qualified name"
- " for member [%s@%s] of group [%s]!"
- " Skipping\n", name.str, domain,
- (char *)&body[rzero+STRS_ROFFSET]);
- /* reclaim space */
- ret = sss_packet_shrink(packet, nlen);
- if (ret != EOK) {
- goto done;
- }
- continue;
- }
-
- } else {
- memcpy(&body[rzero + rsize], name.str, name.len);
- }
-
- rsize += nlen;
+ memcpy(&body[rzero + rsize], name->str, name->len);
+ rsize += name->len;
memnum++;
}
@@ -2928,16 +2852,12 @@ static int fill_grent(struct sss_packet *packet,
uint8_t *body;
size_t blen;
uint32_t gid;
- const char *tmpstr;
const char *orig_name = NULL;
- struct sized_string name;
+ struct sized_string *name;
struct sized_string pwfield;
- struct sized_string fullname;
- int fq_len = 0;
int i = 0;
int ret, num, memnum;
size_t rzero, rsize;
- bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames);
const char *domain = dom->name;
TALLOC_CTX *tmp_ctx = NULL;
@@ -2979,10 +2899,6 @@ static int fill_grent(struct sss_packet *packet,
orig_name = ldb_msg_find_attr_as_string(msg,
OVERRIDE_PREFIX SYSDB_NAME,
NULL);
- if (orig_name != NULL && IS_SUBDOMAIN(dom)) {
- /* Override names are not fully qualified */
- add_domain = true;
- }
}
if (orig_name == NULL) {
orig_name = ldb_msg_find_attr_as_string(msg,
@@ -3005,43 +2921,20 @@ static int fill_grent(struct sss_packet *packet,
ret = sss_ncache_check_group(nctx->rctx->ncache, dom, orig_name);
if (ret == EEXIST) {
DEBUG(SSSDBG_TRACE_FUNC,
- "Group [%s@%s] filtered out! (negative cache)\n",
- orig_name, domain);
+ "Group [%s] filtered out! (negative cache)\n", orig_name);
continue;
}
}
- tmpstr = sss_get_cased_name(tmp_ctx, orig_name, dom->case_preserve);
- if (tmpstr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_get_cased_name failed, skipping\n");
- continue;
- }
-
- tmpstr = sss_replace_space(tmp_ctx, tmpstr,
- nctx->rctx->override_space);
- if (tmpstr == NULL) {
+ ret = sized_output_name(tmp_ctx, nctx->rctx, orig_name, dom, &name);
+ if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_replace_space failed, skipping\n");
+ "sized_output_name failed, skipping\n");
continue;
}
- to_sized_string(&name, tmpstr);
-
/* fill in gid and name and set pointer for number of members */
- rsize = STRS_ROFFSET + name.len + pwfield.len; /* name\0x\0 */
-
- if (add_domain) {
- fq_len = sss_fqname(NULL, 0, dom->names, dom, name.str);
- if (fq_len >= 0) {
- fq_len += 1;
- rsize -= name.len;
- rsize += fq_len;
- } else {
- /* Other failures caught below */
- fq_len = 0;
- }
- }
+ rsize = STRS_ROFFSET + name->len + pwfield.len; /* name\0x\0 */
ret = sss_packet_grow(packet, rsize);
if (ret != EOK) {
@@ -3057,37 +2950,18 @@ static int fill_grent(struct sss_packet *packet,
SAFEALIGN_SET_UINT32(&body[rzero+MNUM_ROFFSET], 0, NULL);
/* 8-X: sequence of strings (name, passwd, mem..) */
- if (add_domain) {
- ret = sss_fqname((char *)&body[rzero+STRS_ROFFSET], fq_len,
- dom->names, dom, name.str);
- if (ret < 0 || ret != fq_len - 1) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Failed to generate a fully qualified name for"
- " group [%s] in [%s]! Skipping\n", name.str, domain);
- /* reclaim space */
- ret = sss_packet_shrink(packet, rsize);
- if (ret != EOK) {
- num = 0;
- goto done;
- }
- rsize = 0;
- continue;
- }
- } else {
- memcpy(&body[rzero+STRS_ROFFSET], name.str, name.len);
- }
- to_sized_string(&fullname, (const char *)&body[rzero+STRS_ROFFSET]);
+ memcpy(&body[rzero+STRS_ROFFSET], name->str, name->len);
/* group passwd field */
- memcpy(&body[rzero+STRS_ROFFSET + fullname.len],
+ memcpy(&body[rzero+STRS_ROFFSET + name->len],
pwfield.str, pwfield.len);
memnum = 0;
if (!dom->ignore_group_members) {
el = sss_view_ldb_msg_find_element(dom, msg, SYSDB_MEMBERUID);
if (el) {
- ret = fill_members(packet, dom, nctx, el, &rzero, &rsize,
- &memnum);
+ ret = fill_members(packet, nctx->rctx, dom, nctx, el,
+ &rzero, &rsize, &memnum);
if (ret != EOK) {
num = 0;
goto done;
@@ -3104,8 +2978,8 @@ static int fill_grent(struct sss_packet *packet,
num = 0;
goto done;
}
- ret = fill_members(packet, dom, nctx, el, &rzero, &rsize,
- &memnum);
+ ret = fill_members(packet, nctx->rctx, dom, nctx, el,
+ &rzero, &rsize, &memnum);
if (ret != EOK) {
num = 0;
goto done;
@@ -3123,17 +2997,16 @@ static int fill_grent(struct sss_packet *packet,
if (gr_mmap_cache && nctx->grp_mc_ctx) {
/* body was reallocated, so fullname might be pointing to
* where body used to be, not where it is */
- to_sized_string(&fullname, (const char *)&body[rzero+STRS_ROFFSET]);
ret = sss_mmap_cache_gr_store(&nctx->grp_mc_ctx,
- &fullname, &pwfield, gid, memnum,
+ name, &pwfield, gid, memnum,
(char *)&body[rzero] + STRS_ROFFSET +
- fullname.len + pwfield.len,
+ name->len + pwfield.len,
rsize - STRS_ROFFSET -
- fullname.len - pwfield.len);
+ name->len - pwfield.len);
if (ret != EOK && ret != ENOMEM) {
DEBUG(SSSDBG_OP_FAILURE,
"Failed to store group %s(%s) in mmap cache!\n",
- name.str, domain);
+ name->str, domain);
}
}
@@ -3227,14 +3100,9 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
dctx->domain = dom;
talloc_free(name);
- name = sss_get_cased_name(dctx, cmdctx->name, dom->case_sensitive);
- if (!name) return ENOMEM;
-
- name = sss_reverse_replace_space(dctx, name,
- nctx->rctx->override_space);
+ name = sss_resp_create_fqname(dctx, nctx->rctx, dctx->domain,
+ cmdctx->name_is_upn, cmdctx->name);
if (name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_reverse_replace_space failed\n");
return ENOMEM;
}
@@ -3258,8 +3126,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
return ENOENT;
}
- DEBUG(SSSDBG_CONF_SETTINGS,
- "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s]\n", name);
if (dom->sysdb == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
@@ -3278,9 +3145,9 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_FATAL_FAILURE,
"getgrnam call returned more than one result !?!\n");
sss_log(SSS_LOG_ERR,
- "More groups have the same name [%s@%s] in SSSD cache. "
+ "More groups have the same name [%s] in SSSD cache. "
"SSSD will not work correctly.\n",
- name, dom->name);
+ name);
return ENOENT;
}
@@ -3288,8 +3155,8 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
/* set negative cache only if not result of cache check */
ret = sss_ncache_set_group(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
- name, dom->name);
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Cannot set negcache for %s\n", name);
}
/* if a multidomain search, try with next */
@@ -3301,7 +3168,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_OP_FAILURE, "No results for getgrnam call\n");
/* Group not found in ldb -> delete group from memory cache. */
- ret = delete_entry_from_memcache(dctx->domain, name,
+ ret = delete_entry_from_memcache(dctx->domain, name, nctx->rctx,
nctx->grp_mc_ctx, SSS_MC_GROUP);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
@@ -3337,7 +3204,7 @@ static int nss_cmd_getgrnam_search(struct nss_dom_ctx *dctx)
/* One result found */
DEBUG(SSSDBG_TRACE_FUNC,
- "Returning info for group [%s@%s]\n", name, dom->name);
+ "Returning info for group [%s]\n", name);
return EOK;
}
@@ -4277,15 +4144,9 @@ static int fill_initgr(struct sss_packet *packet,
if (nctx->initgr_mc_ctx) {
struct sized_string unique_name;
- char *fq_name = sss_tc_fqname(packet, dom->names, dom, name);
- if (!fq_name) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Could not create fq name\n");
- return ENOMEM;
- }
to_sized_string(&rawname, mc_name);
- to_sized_string(&unique_name, fq_name);
+ to_sized_string(&unique_name, name);
ret = sss_mmap_cache_initgr_store(&nctx->initgr_mc_ctx, &rawname,
&unique_name, num - skipped, gids);
if (ret != EOK && ret != ENOMEM) {
@@ -4361,19 +4222,16 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
dctx->domain = dom;
talloc_zfree(cmdctx->normalized_name);
- name = sss_get_cased_name(dctx, cmdctx->name, dom->case_sensitive);
- if (!name) return ENOMEM;
- name = sss_reverse_replace_space(cmdctx, name,
- nctx->rctx->override_space);
- /* save name so it can be used in initgr reply */
- cmdctx->normalized_name = name;
+ name = sss_resp_create_fqname(dctx, nctx->rctx, dctx->domain,
+ cmdctx->name_is_upn, cmdctx->name);
if (name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_reverse_replace_space failed\n");
return ENOMEM;
}
+ /* save name so it can be used in initgr reply */
+ cmdctx->normalized_name = name;
+
/* verify this user has not yet been negatively cached,
* or has been permanently filtered */
ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
@@ -4394,8 +4252,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
return ENOENT;
}
- DEBUG(SSSDBG_CONF_SETTINGS,
- "Requesting info for [%s@%s]\n", name, dom->name);
+ DEBUG(SSSDBG_CONF_SETTINGS, "Requesting info for [%s]\n", name);
if (dom->sysdb == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
@@ -4453,8 +4310,8 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
/* set negative cache only if not result of cache check */
ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s@%s\n",
- name, dom->name);
+ DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set negcache for %s\n",
+ name);
}
/* if a multidomain search, try with next */
@@ -4493,8 +4350,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
}
}
- DEBUG(SSSDBG_TRACE_FUNC,
- "Initgroups for [%s@%s] completed\n", name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Initgroups for [%s] completed\n", name);
return EOK;
}
@@ -4538,7 +4394,6 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
bool user_found = false;
bool group_found = false;
struct ldb_message *msg = NULL;
- char *sysdb_name = NULL;
char *name = NULL;
char *req_name;
uint32_t req_id;
@@ -4607,42 +4462,21 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
} else {
talloc_free(name);
- talloc_zfree(sysdb_name);
- name = sss_get_cased_name(cmdctx, cmdctx->name, dom->case_sensitive);
+ name = sss_resp_create_fqname(cmdctx, nctx->rctx, dom, false, cmdctx->name);
if (name == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "sss_get_cased_name failed.\n");
ret = ENOMEM;
goto done;
}
- name = sss_reverse_replace_space(dctx, name,
- nctx->rctx->override_space);
- if (name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "sss_reverse_replace_space failed\n");
- ret = ENOMEM;
- goto done;
- }
-
- /* For subdomains a fully qualified name is needed for
- * sysdb_search_user_by_name and sysdb_search_group_by_name. */
- if (IS_SUBDOMAIN(dom)) {
- sysdb_name = sss_tc_fqname(cmdctx, dom->names, dom, name);
- if (sysdb_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
- ret = ENOMEM;
- goto done;
- }
- }
-
-
/* verify this name has not yet been negatively cached, as user
* and groupm, or has been permanently filtered */
- ret = sss_ncache_check_user(nctx->rctx->ncache, dom, name);
+ ret = sss_ncache_check_user(nctx->rctx->ncache, dom, cmdctx->name);
if (ret == EEXIST) {
- ret = sss_ncache_check_group(nctx->rctx->ncache, dom, name);
+ ret = sss_ncache_check_group(nctx->rctx->ncache,
+ dom, cmdctx->name);
if (ret == EEXIST) {
/* if neg cached, return we didn't find it */
DEBUG(SSSDBG_TRACE_FUNC,
@@ -4661,8 +4495,7 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
}
}
- DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%s@%s]\n",
- name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%s]\n", name);
}
@@ -4714,9 +4547,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
}
}
} else {
- ret = sysdb_search_user_by_name(cmdctx, dom,
- sysdb_name ? sysdb_name : name,
- attrs, &msg);
+ ret = sysdb_search_user_by_name(cmdctx, dom, name, attrs,
+ &msg);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to make request to our cache!\n");
@@ -4728,8 +4560,7 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
user_found = true;
} else {
talloc_free(msg);
- ret = sysdb_search_group_by_name(cmdctx, dom,
- sysdb_name ? sysdb_name : name,
+ ret = sysdb_search_group_by_name(cmdctx, dom, name,
attrs, &msg);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -4765,16 +4596,18 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
if (dctx->res->count == 0 && !dctx->check_provider) {
if (cmdctx->cmd == SSS_NSS_GETSIDBYNAME
|| cmdctx->cmd == SSS_NSS_GETORIGBYNAME) {
- ret = sss_ncache_set_user(nctx->rctx->ncache, false, dom, name);
+ ret = sss_ncache_set_user(nctx->rctx->ncache, false,
+ dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
- "Cannot set negcache for %s@%s\n", name, dom->name);
+ "Cannot set negcache for %s\n", name);
}
- ret = sss_ncache_set_group(nctx->rctx->ncache, false, dom, name);
+ ret = sss_ncache_set_group(nctx->rctx->ncache, false,
+ dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
- "Cannot set negcache for %s@%s\n", name, dom->name);
+ "Cannot set negcache for %s\n", name);
}
}
/* if a multidomain search, try with next */
@@ -4823,8 +4656,8 @@ static errno_t nss_cmd_getsidby_search(struct nss_dom_ctx *dctx)
DEBUG(SSSDBG_TRACE_FUNC, "Returning info for id [%"PRIu32"@%s]\n",
cmdctx->id, dom->name);
} else {
- DEBUG(SSSDBG_TRACE_FUNC, "Returning info for user/group [%s@%s]\n",
- name, dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Returning info for user/group [%s]\n",
+ name);
}
/* Success. Break from the loop and return EOK */
@@ -4870,8 +4703,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
nctx = talloc_get_type(cctx->rctx->pvt_ctx, struct nss_ctx);
- DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%s@%s]\n", cmdctx->secid,
- dom->name);
+ DEBUG(SSSDBG_TRACE_FUNC, "Requesting info for [%s]\n", cmdctx->secid);
sysdb = dom->sysdb;
if (sysdb == NULL) {
@@ -4938,9 +4770,7 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)
}
/* One result found */
- DEBUG(SSSDBG_TRACE_FUNC, "Returning info for sid [%s@%s]\n", cmdctx->secid,
- dom->name);
-
+ DEBUG(SSSDBG_TRACE_FUNC, "Returning info for sid [%s]\n", cmdctx->secid);
return EOK;
}
@@ -5049,6 +4879,7 @@ static errno_t process_attr_list(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
if (strcmp(attr_list[c], SYSDB_USER_CERT) == 0) {
use_base64 = true;
}
+
for (d = 0; d < el->num_values; d++) {
to_sized_string(&keys[*found], attr_list[c]);
*sum += keys[*found].len;
@@ -5062,6 +4893,7 @@ static errno_t process_attr_list(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
} else {
val = el->values[d];
}
+
if (val.data == NULL || val.data[val.length] != '\0') {
DEBUG(SSSDBG_CRIT_FAILURE,
"Unexpected attribute value found for [%s].\n",
@@ -5186,6 +5018,7 @@ done:
}
static errno_t fill_name(struct sss_packet *packet,
+ struct resp_ctx *rctx,
struct sss_domain_info *dom,
enum sss_id_type id_type,
bool apply_no_view,
@@ -5194,10 +5027,7 @@ static errno_t fill_name(struct sss_packet *packet,
int ret;
TALLOC_CTX *tmp_ctx = NULL;
const char *orig_name = NULL;
- const char *cased_name;
- const char *fq_name;
- struct sized_string name;
- bool add_domain = (!IS_SUBDOMAIN(dom) && dom->fqnames);
+ struct sized_string *name;
uint8_t *body;
size_t blen;
size_t pctr = 0;
@@ -5211,10 +5041,6 @@ static errno_t fill_name(struct sss_packet *packet,
orig_name = ldb_msg_find_attr_as_string(msg,
OVERRIDE_PREFIX SYSDB_NAME,
NULL);
- if (orig_name != NULL && IS_SUBDOMAIN(dom)) {
- /* Override names are un-qualified */
- add_domain = true;
- }
}
}
@@ -5232,26 +5058,15 @@ static errno_t fill_name(struct sss_packet *packet,
return ENOMEM;
}
- cased_name= sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive);
- if (cased_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "sss_get_cased_name failed.\n");
- ret = ENOMEM;
+ ret = sized_output_name(tmp_ctx, rctx, orig_name, dom, &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "sized_output_name failed for %s: (%d): %s\n",
+ orig_name, ret, sss_strerror(ret));
goto done;
}
- if (add_domain) {
- fq_name = sss_tc_fqname(tmp_ctx, dom->names, dom, cased_name);
- if (fq_name == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
- ret = ENOMEM;
- goto done;
- }
- to_sized_string(&name, fq_name);
- } else {
- to_sized_string(&name, cased_name);
- }
-
- ret = sss_packet_grow(packet, name.len + 3 * sizeof(uint32_t));
+ ret = sss_packet_grow(packet, name->len + 3 * sizeof(uint32_t));
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sss_packet_grow failed.\n");
goto done;
@@ -5261,7 +5076,7 @@ static errno_t fill_name(struct sss_packet *packet,
SAFEALIGN_SETMEM_UINT32(body, 1, &pctr); /* Num results */
SAFEALIGN_SETMEM_UINT32(body + pctr, 0, &pctr); /* reserved */
SAFEALIGN_COPY_UINT32(body + pctr, &id_type, &pctr);
- memcpy(&body[pctr], name.str, name.len);
+ memcpy(&body[pctr], name->str, name->len);
ret = EOK;
@@ -5342,6 +5157,7 @@ static errno_t nss_cmd_getbysid_send_reply(struct nss_dom_ctx *dctx)
switch(cmdctx->cmd) {
case SSS_NSS_GETNAMEBYSID:
ret = fill_name(pctx->creq->out,
+ cctx->rctx,
dctx->domain,
id_type,
true,
@@ -5639,8 +5455,8 @@ static void users_find_by_cert_done(struct tevent_req *req)
goto done;
}
- ret = fill_name(pctx->creq->out, domain, SSS_ID_TYPE_UID, true,
- result->msgs[0]);
+ ret = fill_name(pctx->creq->out, cctx->rctx, domain,
+ SSS_ID_TYPE_UID, true, result->msgs[0]);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "fill_name failed.\n");
goto done;
generated by cgit (git 2.34.1) at 2024-05-27 20:30:29 +0000