From 803e5c235ec191ea855b1c7d420afb037946ae1f Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 7 Jul 2014 13:40:07 +0200 Subject: [PATCH 1/5] LDAP: If extra_value is 'U' do a UPN search Besides the name the responders always send an extra string attribute to the backends which is so far mostly empty. Since the only difference in the processing of a request for a user name or a user principal name is a different search attribute in the LDAP provider this extra value can be used to indicate the type of the name. Providers which do not support UPN lookup can just ignore this attribute. Related to https://fedorahosted.org/sssd/ticket/1749 --- src/providers/ldap/ldap_id.c | 15 +++++++++++++-- src/providers/ldap/sdap_async.h | 1 + src/providers/ldap/sdap_async_initgroups.c | 11 +++++++++-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index c788b6b..c100e93 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -70,6 +70,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, struct sdap_id_conn_ctx *conn, const char *name, int filter_type, + const char *extra_value, int attrs_type, bool noexist_delete) { @@ -111,7 +112,11 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, sdom->dom->domain_id); switch (filter_type) { case BE_FILTER_NAME: - attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name; + if (extra_value && extra_value[0] == 'U' && extra_value[1] == '\0') { + attr_name = ctx->opts->user_map[SDAP_AT_USER_PRINC].name; + } else { + attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name; + } ret = sss_filter_sanitize(state, name, &clean_name); if (ret != EOK) { goto done; @@ -918,6 +923,7 @@ struct groups_by_user_state { struct sss_domain_info *domain; const char *name; + const char *extra_value; const char **attrs; int dp_error; @@ -935,6 +941,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, struct sdap_domain *sdom, struct sdap_id_conn_ctx *conn, const char *name, + const char *extra_value, bool noexist_delete) { struct tevent_req *req; @@ -959,6 +966,7 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, } state->name = name; + state->extra_value = extra_value; state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; @@ -1020,6 +1028,7 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) state->ctx, state->conn, state->name, + state->extra_value, state->attrs); if (!subreq) { tevent_req_error(req, ENOMEM); @@ -1320,6 +1329,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, sdom, conn, ar->filter_value, ar->filter_type, + ar->extra_value, ar->attr_type, noexist_delete); break; @@ -1358,6 +1368,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, subreq = groups_by_user_send(breq, be_ctx->ev, id_ctx, sdom, conn, ar->filter_value, + ar->extra_value, noexist_delete); break; @@ -1701,7 +1712,7 @@ static void get_user_and_group_groups_done(struct tevent_req *subreq) * Retry with users. */ subreq = users_get_send(req, state->ev, state->id_ctx, state->sdom, state->conn, - state->filter_val, state->filter_type, + state->filter_val, state->filter_type, NULL, state->attrs_type, state->noexist_delete); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "groups_get_send failed.\n"); diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 808254a..7bb69f2 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -134,6 +134,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + const char *extra_value, const char **grp_attrs); int sdap_get_initgr_recv(struct tevent_req *req); diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index c7169dd..95d6ad7 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2629,6 +2629,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, + const char *extra_value, const char **grp_attrs) { struct tevent_req *req; @@ -2636,6 +2637,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, int ret; char *clean_name; bool use_id_mapping; + const char *search_attr; DEBUG(SSSDBG_TRACE_ALL, "Retrieving info for initgroups call\n"); @@ -2674,10 +2676,15 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, return NULL; } + if (extra_value && extra_value[0] == 'U' && extra_value[1] == '\0') { + search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name; + } else { + search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name; + } + state->user_base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)", - state->opts->user_map[SDAP_AT_USER_NAME].name, - clean_name, + search_attr, clean_name, state->opts->user_map[SDAP_OC_USER].name); if (!state->user_base_filter) { talloc_zfree(req); -- 1.8.3.1