sssd/0097-SYSDB-Add-sysdb_search_by_orig_dn.patch
Lukas Slebodnik 8eda442b2e Fix few bugs/regressions
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
                         on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
                         fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
                          applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
                          is applied
2017-09-12 09:22:07 +02:00

157 lines
5.8 KiB
Diff

From e5c42c2630093d3020b3c4944cce1646325bc236 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Fri, 2 Jun 2017 13:26:49 +0200
Subject: [PATCH 097/115] SYSDB: Add sysdb_search_by_orig_dn()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Three new methods have been added to sysdb's API in order to perform
search by the orig dn (which is quite common in SSSD's code base).
A common/base method called sysdb_search_by_orig_dn() is the most
important one and then a few other helpers for searching users and
groups groups directly.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
src/db/sysdb.h | 27 ++++++++++++++++------
src/db/sysdb_ops.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 86 insertions(+), 7 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index f4cad577b97e737613e11d063fe7a8664faed624..411ee9aededa1d9ee2654d8247e98a38d7666ad2 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -342,6 +342,12 @@ struct certmap_info {
const char **domains;
};
+enum sysdb_member_type {
+ SYSDB_MEMBER_USER,
+ SYSDB_MEMBER_GROUP,
+ SYSDB_MEMBER_NETGROUP,
+ SYSDB_MEMBER_SERVICE,
+};
/* These attributes are stored in the timestamp cache */
extern const char *sysdb_ts_cache_attrs[];
@@ -574,6 +580,20 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
struct sysdb_attrs *override_attrs,
struct ldb_dn *obj_dn);
+errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *domain,
+ enum sysdb_member_type type,
+ const char *member_dn,
+ const char **attrs,
+ size_t *msgs_counts,
+ struct ldb_message ***msgs);
+
+#define sysdb_search_users_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \
+ sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_MEMBER_USER, member_dn, attrs, msgs_counts, msgs);
+
+#define sysdb_search_groups_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \
+ sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_MEMBER_GROUP, member_dn, attrs, msgs_counts, msgs);
+
errno_t sysdb_search_user_override_attrs_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
@@ -1040,13 +1060,6 @@ int sysdb_store_group(struct sss_domain_info *domain,
uint64_t cache_timeout,
time_t now);
-enum sysdb_member_type {
- SYSDB_MEMBER_USER,
- SYSDB_MEMBER_GROUP,
- SYSDB_MEMBER_NETGROUP,
- SYSDB_MEMBER_SERVICE,
-};
-
int sysdb_add_group_member(struct sss_domain_info *domain,
const char *group,
const char *member,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 7ca6575ce75dab7805236c9f48dbf28a2f3946d2..4cfef68239a5f145967c942b1fb6647c5542f019 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -3236,6 +3236,72 @@ done:
return ret;
}
+static int sysdb_cache_search_users(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *domain,
+ struct ldb_context *ldb,
+ const char *sub_filter,
+ const char **attrs,
+ size_t *msgs_count,
+ struct ldb_message ***msgs);
+
+static int sysdb_cache_search_groups(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *domain,
+ struct ldb_context *ldb,
+ const char *sub_filter,
+ const char **attrs,
+ size_t *msgs_count,
+ struct ldb_message ***msgs);
+
+errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *domain,
+ enum sysdb_member_type type,
+ const char *member_dn,
+ const char **attrs,
+ size_t *msgs_count,
+ struct ldb_message ***msgs)
+{
+ TALLOC_CTX *tmp_ctx;
+ char *filter;
+ char *sanitized_dn = NULL;
+ errno_t ret;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ return ENOMEM;
+ }
+
+ ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, sanitized_dn);
+ if (filter == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ switch (type) {
+ case SYSDB_MEMBER_USER:
+ ret = sysdb_cache_search_users(mem_ctx, domain, domain->sysdb->ldb,
+ filter, attrs, msgs_count, msgs);
+ break;
+ case SYSDB_MEMBER_GROUP:
+ ret = sysdb_cache_search_groups(mem_ctx, domain, domain->sysdb->ldb,
+ filter, attrs, msgs_count, msgs);
+ break;
+ default:
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Trying to perform a search by orig_dn using a "
+ "non-supported type\n");
+ ret = EINVAL;
+ goto done;
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
/* =Custom Store (replaces-existing-data)================== */
--
2.14.1