>From ef718a175135923ff16de73e33e163ddf117c0ac Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 29 May 2013 00:56:53 +0200 Subject: [PATCH 09/15] LDAP: store FQDNs for trusted users and groups Because the NSS responder expects the name attribute to contain FQDN, we must save the name as FQDN in the LDAP provider if the domain we save to is a subdomain. --- src/providers/ldap/sdap_async.c | 13 ++++++++++--- src/providers/ldap/sdap_async.h | 9 +++++---- src/providers/ldap/sdap_async_groups.c | 12 ++++++++++-- src/providers/ldap/sdap_async_netgroups.c | 2 +- src/providers/ldap/sdap_async_users.c | 12 ++++++++++-- 5 files changed, 36 insertions(+), 12 deletions(-) diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index b2bf0360ee1d1eb57ca096d5970eec1db7d94989..6a85cb16672f90f59bf2e613b9c5eae63a6f4da2 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -2267,13 +2267,15 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, - bool lowercase, + struct sss_domain_info *dom, struct sysdb_attrs *attrs) { const char **aliases = NULL; + const char *domname; errno_t ret; TALLOC_CTX *tmp_ctx; int i; + bool lowercase = !dom->case_sensitive; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -2289,8 +2291,13 @@ sdap_save_all_names(const char *name, } for (i = 0; aliases[i]; i++) { - ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, - aliases[i]); + domname = sss_get_domain_name(tmp_ctx, aliases[i], dom); + if (domname == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, domname); if (ret) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to add alias [%s] into the " "attribute list\n", aliases[i])); diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 38d94d8b49dad1a45e618fb1de853e103916f1cb..c8031c9a9d527a6d808f1ddce096de23850ebfd6 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -210,10 +210,11 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, sdap_attrs_add_ldap_attr(ldap_attrs, attr_name, attr_desc, \ true, name, attrs) -errno_t sdap_save_all_names(const char *name, - struct sysdb_attrs *ldap_attrs, - bool lowercase, - struct sysdb_attrs *attrs); +errno_t +sdap_save_all_names(const char *name, + struct sysdb_attrs *ldap_attrs, + struct sss_domain_info *dom, + struct sysdb_attrs *attrs); struct tevent_req * sdap_get_services_send(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 5a5bedc8f8bfc7ec0e998d093d3c7ddc3471e63f..04ce2f9fb3a7f105b5351045cd2da3b966cab7d6 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -429,6 +429,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, struct ldb_message_element *el; struct sysdb_attrs *group_attrs; const char *name = NULL; + char *group_name; gid_t gid; errno_t ret; char *usn_value = NULL; @@ -614,7 +615,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, goto done; } - ret = sdap_save_all_names(name, attrs, !dom->case_sensitive, group_attrs); + ret = sdap_save_all_names(name, attrs, dom, group_attrs); if (ret != EOK) { DEBUG(1, ("Failed to save group names\n")); goto done; @@ -622,8 +623,15 @@ static int sdap_save_group(TALLOC_CTX *memctx, DEBUG(6, ("Storing info for group %s\n", name)); + group_name = sss_get_domain_name(tmpctx, name, dom); + if (!group_name) { + DEBUG(SSSDBG_OP_FAILURE, ("failed to format user name,\n")); + ret = ENOMEM; + goto done; + } + ret = sdap_store_group_with_gid(ctx, dom, - name, gid, group_attrs, + group_name, gid, group_attrs, dom->group_timeout, posix_group, now); if (ret) { diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index 57dbcde8103a59ae2443a55df4fa602e0a666f4f..265fcf0ea8d3ac3a743433ce234a5faf8a673c61 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -121,7 +121,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, DEBUG(6, ("Storing info for netgroup %s\n", name)); - ret = sdap_save_all_names(name, attrs, !dom->case_sensitive, + ret = sdap_save_all_names(name, attrs, dom, netgroup_attrs); if (ret != EOK) { DEBUG(1, ("Failed to save netgroup names\n")); diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 68e646cb936c5e85a4c548d6a9324491b0fcd58f..2c9fa293965eebd17fd8f52aeab0eec71a51cbd1 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -44,6 +44,7 @@ int sdap_save_user(TALLOC_CTX *memctx, struct ldb_message_element *el; int ret; const char *name = NULL; + const char *user_name = NULL; const char *fullname = NULL; const char *pwd; const char *gecos; @@ -381,7 +382,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } } - ret = sdap_save_all_names(name, attrs, !dom->case_sensitive, user_attrs); + ret = sdap_save_all_names(name, attrs, dom, user_attrs); if (ret != EOK) { DEBUG(1, ("Failed to save user names\n")); goto done; @@ -398,7 +399,14 @@ int sdap_save_user(TALLOC_CTX *memctx, DEBUG(6, ("Storing info for user %s\n", name)); - ret = sysdb_store_user(ctx, dom, name, pwd, uid, gid, + user_name = sss_get_domain_name(tmpctx, name, dom); + if (!user_name) { + DEBUG(SSSDBG_OP_FAILURE, ("failed to format user name,\n")); + ret = ENOMEM; + goto done; + } + + ret = sysdb_store_user(ctx, dom, user_name, pwd, uid, gid, gecos, homedir, shell, orig_dn, user_attrs, missing, cache_timeout, now); if (ret) goto done; -- 1.8.2.1