From 3cebae5b5569dc559896945e244e0ae9575b04d1 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 27 Oct 2014 15:11:08 +0100 Subject: [PATCH 3/5] sysdb_add_overrides_to_object: add new parameter and multi-value support With the new parameter an attribute list other than the default one can be used. Override attributes with multiple values (e.g. SSH public keys) are noew supported as well. --- src/db/sysdb.h | 3 ++- src/db/sysdb_search.c | 24 ++++++++++++++++-------- src/db/sysdb_views.c | 39 +++++++++++++++++++++++---------------- src/responder/nss/nsssrv_cmd.c | 2 +- 4 files changed, 42 insertions(+), 26 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index ebb1bbe..f582f6a 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -487,7 +487,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx, errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain, struct ldb_message *obj, - struct ldb_message *override_obj); + struct ldb_message *override_obj, + const char **req_attrs); errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain, struct ldb_message *obj); diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index dacbd23..c039aa8 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -124,7 +124,8 @@ errno_t sysdb_getpwnam_with_views(TALLOC_CTX *mem_ctx, * the original object. */ if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) { ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], - override_obj == NULL ? NULL : override_obj ->msgs[0]); + override_obj == NULL ? NULL : override_obj ->msgs[0], + NULL); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n"); goto done; @@ -229,7 +230,8 @@ errno_t sysdb_getpwuid_with_views(TALLOC_CTX *mem_ctx, * the original object. */ if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) { ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], - override_obj == NULL ? NULL : override_obj->msgs[0]); + override_obj == NULL ? NULL : override_obj->msgs[0], + NULL); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n"); goto done; @@ -314,7 +316,8 @@ int sysdb_enumpwent_with_views(TALLOC_CTX *mem_ctx, if (DOM_HAS_VIEWS(domain)) { for (c = 0; c < res->count; c++) { - ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL); + ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL, + NULL); /* enumeration assumes that the cache is up-to-date, hence we do not * need to handle ENOENT separately. */ if (ret != EOK) { @@ -426,7 +429,8 @@ int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx, } ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], - override_obj == NULL ? NULL : override_obj ->msgs[0]); + override_obj == NULL ? NULL : override_obj ->msgs[0], + NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n"); goto done; @@ -578,7 +582,8 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx, } ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], - override_obj == NULL ? NULL : override_obj ->msgs[0]); + override_obj == NULL ? NULL : override_obj ->msgs[0], + NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n"); goto done; @@ -734,7 +739,8 @@ int sysdb_enumgrent_with_views(TALLOC_CTX *mem_ctx, if (DOM_HAS_VIEWS(domain)) { for (c = 0; c < res->count; c++) { - ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL); + ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL, + NULL); /* enumeration assumes that the cache is up-to-date, hence we do not * need to handle ENOENT separately. */ if (ret != EOK) { @@ -956,7 +962,8 @@ int sysdb_initgroups_with_views(TALLOC_CTX *mem_ctx, if (DOM_HAS_VIEWS(domain)) { /* Skip user entry because it already has override values added */ for (c = 1; c < res->count; c++) { - ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL); + ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL, + NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n"); @@ -1083,7 +1090,8 @@ int sysdb_get_user_attr_with_views(TALLOC_CTX *mem_ctx, * the original object. */ if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) { ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], - override_obj == NULL ? NULL : override_obj ->msgs[0]); + override_obj == NULL ? NULL : override_obj ->msgs[0], + attrs); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n"); return ret; diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c index a42aa96..b8e90dd 100644 --- a/src/db/sysdb_views.c +++ b/src/db/sysdb_views.c @@ -958,7 +958,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx, */ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain, struct ldb_message *obj, - struct ldb_message *override_obj) + struct ldb_message *override_obj, + const char **req_attrs) { int ret; const char *override_dn_str; @@ -983,7 +984,8 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain, {NULL, NULL} }; size_t c; - const char *tmp_str; + size_t d; + struct ldb_message_element *tmp_el; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1016,12 +1018,15 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain, goto done; } - uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0); - if (uid == 0) { - /* No UID hence group object */ - attrs = group_attrs; - } else { - attrs = user_attrs; + attrs = req_attrs; + if (attrs == NULL) { + uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0); + if (uid == 0) { + /* No UID hence group object */ + attrs = group_attrs; + } else { + attrs = user_attrs; + } } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, override_dn, @@ -1050,14 +1055,16 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain, } for (c = 0; attr_map[c].attr != NULL; c++) { - tmp_str = ldb_msg_find_attr_as_string(override, attr_map[c].attr, NULL); - if (tmp_str != NULL) { - talloc_steal(obj, tmp_str); - ret = ldb_msg_add_string(obj, attr_map[c].new_attr, tmp_str); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n"); - ret = sysdb_error_to_errno(ret); - goto done; + tmp_el = ldb_msg_find_element(override, attr_map[c].attr); + if (tmp_el != NULL) { + for (d = 0; d < tmp_el->num_values; d++) { + ret = ldb_msg_add_steal_value(obj, attr_map[c].new_attr, + &tmp_el->values[d]); + if (ret != LDB_SUCCESS) { + DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_value failed.\n"); + ret = sysdb_error_to_errno(ret); + goto done; + } } } } diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 7481d49..14e2590 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -4035,7 +4035,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) if (ret == EOK && DOM_HAS_VIEWS(dom)) { for (c = 0; c < dctx->res->count; c++) { ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c], - NULL); + NULL, NULL); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n"); -- 1.8.3.1