IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

extdom: add support for sss_nss_getorigbyname()

Browse Source 
https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
This commit is contained in:
Sumit Bose 2014-10-10 10:56:37 +02:00 committed by Martin Kosek
parent 85ce380759
commit 0ee8fe11ae
2 changed files with 136 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

167
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
View File

@ -254,6 +254,34 @@ static int get_user_grouplist(const char *name, gid_t gid,
return LDAP_SUCCESS; return LDAP_SUCCESS;
} }
static int add_kv_list(BerElement *ber, struct sss_nss_kv *kv_list)
{
size_t c;
int ret;
const char *single_value_string_array[] = {NULL, NULL};
ret = ber_printf(ber,"{");
if (ret == -1) {
return LDAP_OPERATIONS_ERROR;
}
for (c = 0; kv_list[c].key != NULL; c++) {
single_value_string_array[0] = kv_list[c].value;
ret = ber_printf(ber,"{s{v}}", kv_list[c].key,
single_value_string_array);
if (ret == -1) {
return LDAP_OPERATIONS_ERROR;
}
}
ret = ber_printf(ber,"}");
if (ret == -1) {
return LDAP_OPERATIONS_ERROR;
}
return LDAP_SUCCESS;
}
static int pack_ber_sid(const char *sid, struct berval **berval) static int pack_ber_sid(const char *sid, struct berval **berval)
{ {
BerElement *ber = NULL; BerElement *ber = NULL;
@ -285,7 +313,7 @@ static int pack_ber_user(enum response_types response_type,
const char *domain_name, const char *user_name, const char *domain_name, const char *user_name,
uid_t uid, gid_t gid, uid_t uid, gid_t gid,
const char *gecos, const char *homedir, const char *gecos, const char *homedir,
const char *shell, const char *sid_str, const char *shell, struct sss_nss_kv *kv_list,
struct berval **berval) struct berval **berval)
{ {
BerElement *ber = NULL; BerElement *ber = NULL;
@ -299,7 +327,6 @@ static int pack_ber_user(enum response_types response_type,
size_t c; size_t c;
char *locat; char *locat;
char *short_user_name = NULL; char *short_user_name = NULL;
const char *single_value_string_array[] = {NULL, NULL};
short_user_name = strdup(user_name); short_user_name = strdup(user_name);
if ((locat = strchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) { if ((locat = strchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
@ -370,12 +397,11 @@ static int pack_ber_user(enum response_types response_type,
goto done; goto done;
} }
single_value_string_array[0] = sid_str; if (kv_list != NULL) {
ret = ber_printf(ber,"{{s{v}}}", SSSD_SYSDB_SID_STR, ret = add_kv_list(ber, kv_list);
single_value_string_array); if (ret != LDAP_SUCCESS) {
if (ret == -1) { goto done;
ret = LDAP_OPERATIONS_ERROR; }
goto done;
} }
} }
@ -402,7 +428,7 @@ done:
static int pack_ber_group(enum response_types response_type, static int pack_ber_group(enum response_types response_type,
const char *domain_name, const char *group_name, const char *domain_name, const char *group_name,
gid_t gid, char **members, const char *sid_str, gid_t gid, char **members, struct sss_nss_kv *kv_list,
struct berval **berval) struct berval **berval)
{ {
BerElement *ber = NULL; BerElement *ber = NULL;
@ -410,7 +436,6 @@ static int pack_ber_group(enum response_types response_type,
size_t c; size_t c;
char *locat; char *locat;
char *short_group_name = NULL; char *short_group_name = NULL;
const char *single_value_string_array[] = {NULL, NULL};
short_group_name = strdup(group_name); short_group_name = strdup(group_name);
if ((locat = strchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) { if ((locat = strchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
@ -455,12 +480,11 @@ static int pack_ber_group(enum response_types response_type,
goto done; goto done;
} }
single_value_string_array[0] = sid_str; if (kv_list != NULL) {
ret = ber_printf(ber,"{{s{v}}}", SSSD_SYSDB_SID_STR, ret = add_kv_list(ber, kv_list);
single_value_string_array); if (ret != LDAP_SUCCESS) {
if (ret == -1) { goto done;
ret = LDAP_OPERATIONS_ERROR; }
goto done;
} }
} }
@ -521,13 +545,14 @@ static int handle_uid_request(enum request_types request_type, uid_t uid,
enum sss_id_type id_type; enum sss_id_type id_type;
size_t buf_len; size_t buf_len;
char *buf = NULL; char *buf = NULL;
struct sss_nss_kv *kv_list = NULL;
ret = get_buffer(&buf_len, &buf); ret = get_buffer(&buf_len, &buf);
if (ret != LDAP_SUCCESS) { if (ret != LDAP_SUCCESS) {
return ret; return ret;
} }
if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) { if (request_type == REQ_SIMPLE) {
ret = sss_nss_getsidbyid(uid, &sid_str, &id_type); ret = sss_nss_getsidbyid(uid, &sid_str, &id_type);
if (ret != 0 || !(id_type == SSS_ID_TYPE_UID if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
|| id_type == SSS_ID_TYPE_BOTH)) { || id_type == SSS_ID_TYPE_BOTH)) {
@ -538,9 +563,7 @@ static int handle_uid_request(enum request_types request_type, uid_t uid,
} }
goto done; goto done;
} }
}
if (request_type == REQ_SIMPLE) {
ret = pack_ber_sid(sid_str, berval); ret = pack_ber_sid(sid_str, berval);
} else { } else {
ret = getpwuid_r(uid, &pwd, buf, buf_len, &pwd_result); ret = getpwuid_r(uid, &pwd, buf, buf_len, &pwd_result);
@ -553,14 +576,28 @@ static int handle_uid_request(enum request_types request_type, uid_t uid,
goto done; goto done;
} }
if (request_type == REQ_FULL_WITH_GROUPS) {
ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
|| id_type == SSS_ID_TYPE_BOTH)) {
if (ret == ENOENT) {
ret = LDAP_NO_SUCH_OBJECT;
} else {
ret = LDAP_OPERATIONS_ERROR;
}
goto done;
}
}
ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER
: RESP_USER_GROUPLIST), : RESP_USER_GROUPLIST),
domain_name, pwd.pw_name, pwd.pw_uid, domain_name, pwd.pw_name, pwd.pw_uid,
pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir, pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir,
pwd.pw_shell, sid_str, berval); pwd.pw_shell, kv_list, berval);
} }
done: done:
sss_nss_free_kv(kv_list);
free(sid_str); free(sid_str);
free(buf); free(buf);
return ret; return ret;
@ -576,13 +613,14 @@ static int handle_gid_request(enum request_types request_type, gid_t gid,
enum sss_id_type id_type; enum sss_id_type id_type;
size_t buf_len; size_t buf_len;
char *buf = NULL; char *buf = NULL;
struct sss_nss_kv *kv_list = NULL;
ret = get_buffer(&buf_len, &buf); ret = get_buffer(&buf_len, &buf);
if (ret != LDAP_SUCCESS) { if (ret != LDAP_SUCCESS) {
return ret; return ret;
} }
if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) { if (request_type == REQ_SIMPLE) {
ret = sss_nss_getsidbyid(gid, &sid_str, &id_type); ret = sss_nss_getsidbyid(gid, &sid_str, &id_type);
if (ret != 0 || id_type != SSS_ID_TYPE_GID) { if (ret != 0 || id_type != SSS_ID_TYPE_GID) {
if (ret == ENOENT) { if (ret == ENOENT) {
@ -592,9 +630,7 @@ static int handle_gid_request(enum request_types request_type, gid_t gid,
} }
goto done; goto done;
} }
}
if (request_type == REQ_SIMPLE) {
ret = pack_ber_sid(sid_str, berval); ret = pack_ber_sid(sid_str, berval);
} else { } else {
ret = getgrgid_r(gid, &grp, buf, buf_len, &grp_result); ret = getgrgid_r(gid, &grp, buf, buf_len, &grp_result);
@ -607,13 +643,27 @@ static int handle_gid_request(enum request_types request_type, gid_t gid,
goto done; goto done;
} }
if (request_type == REQ_FULL_WITH_GROUPS) {
ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
|| id_type == SSS_ID_TYPE_BOTH)) {
if (ret == ENOENT) {
ret = LDAP_NO_SUCH_OBJECT;
} else {
ret = LDAP_OPERATIONS_ERROR;
}
goto done;
}
}
ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP
: RESP_GROUP_MEMBERS), : RESP_GROUP_MEMBERS),
domain_name, grp.gr_name, grp.gr_gid, domain_name, grp.gr_name, grp.gr_gid,
grp.gr_mem, sid_str, berval); grp.gr_mem, kv_list, berval);
} }
done: done:
sss_nss_free_kv(kv_list);
free(sid_str); free(sid_str);
free(buf); free(buf);
return ret; return ret;
@ -634,6 +684,7 @@ static int handle_sid_request(enum request_types request_type, const char *sid,
size_t buf_len; size_t buf_len;
char *buf = NULL; char *buf = NULL;
enum sss_id_type id_type; enum sss_id_type id_type;
struct sss_nss_kv *kv_list = NULL;
ret = sss_nss_getnamebysid(sid, &fq_name, &id_type); ret = sss_nss_getnamebysid(sid, &fq_name, &id_type);
if (ret != 0) { if (ret != 0) {
@ -682,11 +733,24 @@ static int handle_sid_request(enum request_types request_type, const char *sid,
goto done; goto done;
} }
if (request_type == REQ_FULL_WITH_GROUPS) {
ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
|| id_type == SSS_ID_TYPE_BOTH)) {
if (ret == ENOENT) {
ret = LDAP_NO_SUCH_OBJECT;
} else {
ret = LDAP_OPERATIONS_ERROR;
}
goto done;
}
}
ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER
: RESP_USER_GROUPLIST), : RESP_USER_GROUPLIST),
domain_name, pwd.pw_name, pwd.pw_uid, domain_name, pwd.pw_name, pwd.pw_uid,
pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir, pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir,
pwd.pw_shell, sid, berval); pwd.pw_shell, kv_list, berval);
break; break;
case SSS_ID_TYPE_GID: case SSS_ID_TYPE_GID:
ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result); ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result);
@ -700,10 +764,23 @@ static int handle_sid_request(enum request_types request_type, const char *sid,
goto done; goto done;
} }
if (request_type == REQ_FULL_WITH_GROUPS) {
ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
|| id_type == SSS_ID_TYPE_BOTH)) {
if (ret == ENOENT) {
ret = LDAP_NO_SUCH_OBJECT;
} else {
ret = LDAP_OPERATIONS_ERROR;
}
goto done;
}
}
ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP
: RESP_GROUP_MEMBERS), : RESP_GROUP_MEMBERS),
domain_name, grp.gr_name, grp.gr_gid, domain_name, grp.gr_name, grp.gr_gid,
grp.gr_mem, sid, berval); grp.gr_mem, kv_list, berval);
break; break;
default: default:
ret = LDAP_OPERATIONS_ERROR; ret = LDAP_OPERATIONS_ERROR;
@ -711,6 +788,7 @@ static int handle_sid_request(enum request_types request_type, const char *sid,
} }
done: done:
sss_nss_free_kv(kv_list);
free(fq_name); free(fq_name);
free(object_name); free(object_name);
free(domain_name); free(domain_name);
@ -733,6 +811,7 @@ static int handle_name_request(enum request_types request_type,
enum sss_id_type id_type; enum sss_id_type id_type;
size_t buf_len; size_t buf_len;
char *buf = NULL; char *buf = NULL;
struct sss_nss_kv *kv_list = NULL;
ret = asprintf(&fq_name, "%s%c%s", name, SSSD_DOMAIN_SEPARATOR, ret = asprintf(&fq_name, "%s%c%s", name, SSSD_DOMAIN_SEPARATOR,
domain_name); domain_name);
@ -743,7 +822,7 @@ static int handle_name_request(enum request_types request_type,
goto done; goto done;
} }
if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) { if (request_type == REQ_SIMPLE) {
ret = sss_nss_getsidbyname(fq_name, &sid_str, &id_type); ret = sss_nss_getsidbyname(fq_name, &sid_str, &id_type);
if (ret != 0) { if (ret != 0) {
if (ret == ENOENT) { if (ret == ENOENT) {
@ -751,11 +830,9 @@ static int handle_name_request(enum request_types request_type,
} else { } else {
ret = LDAP_OPERATIONS_ERROR; ret = LDAP_OPERATIONS_ERROR;
} }
goto done; goto done;
} }
}
if (request_type == REQ_SIMPLE) {
ret = pack_ber_sid(sid_str, berval); ret = pack_ber_sid(sid_str, berval);
} else { } else {
ret = get_buffer(&buf_len, &buf); ret = get_buffer(&buf_len, &buf);
@ -772,11 +849,23 @@ static int handle_name_request(enum request_types request_type,
} }
if (pwd_result != NULL) { if (pwd_result != NULL) {
if (request_type == REQ_FULL_WITH_GROUPS) {
ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
|| id_type == SSS_ID_TYPE_BOTH)) {
if (ret == ENOENT) {
ret = LDAP_NO_SUCH_OBJECT;
} else {
ret = LDAP_OPERATIONS_ERROR;
}
goto done;
}
}
ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER
: RESP_USER_GROUPLIST), : RESP_USER_GROUPLIST),
domain_name, pwd.pw_name, pwd.pw_uid, domain_name, pwd.pw_name, pwd.pw_uid,
pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir, pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir,
pwd.pw_shell, sid_str, berval); pwd.pw_shell, kv_list, berval);
} else { /* no user entry found */ } else { /* no user entry found */
ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result); ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result);
if (ret != 0) { if (ret != 0) {
@ -789,14 +878,28 @@ static int handle_name_request(enum request_types request_type,
goto done; goto done;
} }
if (request_type == REQ_FULL_WITH_GROUPS) {
ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
|| id_type == SSS_ID_TYPE_BOTH)) {
if (ret == ENOENT) {
ret = LDAP_NO_SUCH_OBJECT;
} else {
ret = LDAP_OPERATIONS_ERROR;
}
goto done;
}
}
ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP
: RESP_GROUP_MEMBERS), : RESP_GROUP_MEMBERS),
domain_name, grp.gr_name, grp.gr_gid, domain_name, grp.gr_name, grp.gr_gid,
grp.gr_mem, sid_str, berval); grp.gr_mem, kv_list, berval);
} }
} }
done: done:
sss_nss_free_kv(kv_list);
free(fq_name); free(fq_name);
free(sid_str); free(sid_str);
free(buf); free(buf);

2
freeipa.spec.in
View File

@ -79,7 +79,7 @@ BuildRequires: python-dns >= 1.11.1
BuildRequires: m2crypto BuildRequires: m2crypto
BuildRequires: check BuildRequires: check
BuildRequires: libsss_idmap-devel BuildRequires: libsss_idmap-devel
BuildRequires: libsss_nss_idmap-devel BuildRequires: libsss_nss_idmap-devel >= 1.12.2
BuildRequires: java-headless BuildRequires: java-headless
BuildRequires: rhino BuildRequires: rhino
BuildRequires: libverto-devel BuildRequires: libverto-devel