rpms/sssd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3c27c875b7
sssd/0100-SDAP-Use-sysdb_search_-_by_orig_dn-in-sdap_async_nes.patch
Lukas Slebodnik 3c27c875b7 Fix few bugs/regressions 
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
                         on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
                         fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
                          applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
                          is applied
(cherry picked from commit 8eda442b2e)
(cherry picked from commit e15fc49cbf)
(cherry picked from commit bbb90ca68c)
2017-09-12 09:30:07 +02:00

159 lines
5.8 KiB
Diff
Raw Blame History

From 4c508463be960682cf94b4e5a39be2f8f49067c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Fri, 2 Jun 2017 13:35:30 +0200
Subject: [PATCH 100/115] SDAP: Use sysdb_search_*_by_orig_dn() in
sdap_async_nested_groups.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Methods for searching the users, groups and entries by their orig dn
have been introduced in one of the previous commit.
Let's make use of those whenever it makes sense.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
src/providers/ldap/sdap_async_nested_groups.c | 61 ++++++---------------------
1 file changed, 13 insertions(+), 48 deletions(-)
diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c
index 3e3329c0e8fba1915e2e065abb0cb3f21be36e6f..9271d8cfe38d11fb1ea14960a997f0deee175b27 100644
--- a/src/providers/ldap/sdap_async_nested_groups.c
+++ b/src/providers/ldap/sdap_async_nested_groups.c
@@ -38,11 +38,11 @@
#include "providers/ldap/sdap_idmap.h"
#include "providers/ipa/ipa_dn.h"
-#define sdap_nested_group_sysdb_search_users(domain, filter) \
- sdap_nested_group_sysdb_search((domain), (filter), true)
+#define sdap_nested_group_sysdb_search_users(domain, dn) \
+ sdap_nested_group_sysdb_search((domain), (dn), true)
-#define sdap_nested_group_sysdb_search_groups(domain, filter) \
- sdap_nested_group_sysdb_search((domain), (filter), false)
+#define sdap_nested_group_sysdb_search_groups(domain, dn) \
+ sdap_nested_group_sysdb_search((domain), (dn), false)
enum sdap_nested_group_dn_type {
SDAP_NESTED_GROUP_DN_USER,
@@ -389,7 +389,7 @@ static errno_t sdap_nested_group_external_add(hash_table_t *table,
}
static errno_t sdap_nested_group_sysdb_search(struct sss_domain_info *domain,
- const char *filter,
+ const char *dn,
bool user)
{
static const char *attrs[] = {SYSDB_CACHE_EXPIRE,
@@ -403,11 +403,11 @@ static errno_t sdap_nested_group_sysdb_search(struct sss_domain_info *domain,
errno_t ret;
if (user) {
- ret = sysdb_search_users(NULL, domain, filter, attrs,
- &count, &msgs);
+ ret = sysdb_search_users_by_orig_dn(NULL, domain, dn, attrs,
+ &count, &msgs);
} else {
- ret = sysdb_search_groups(NULL, domain, filter, attrs,
- &count, &msgs);
+ ret = sysdb_search_groups_by_orig_dn(NULL, domain, dn, attrs,
+ &count, &msgs);
}
if (ret != EOK) {
goto done;
@@ -451,37 +451,17 @@ sdap_nested_group_check_cache(struct sdap_options *opts,
const char *member_dn,
enum sdap_nested_group_dn_type *_type)
{
- TALLOC_CTX *tmp_ctx = NULL;
struct sdap_domain *sdap_domain = NULL;
struct sss_domain_info *member_domain = NULL;
- char *sanitized_dn = NULL;
- char *filter = NULL;
errno_t ret;
- tmp_ctx = talloc_new(NULL);
- if (tmp_ctx == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
- return ENOMEM;
- }
-
- ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn);
- if (ret != EOK) {
- goto done;
- }
-
- filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, sanitized_dn);
- if (filter == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
/* determine correct domain of this member */
sdap_domain = sdap_domain_get_by_dn(opts, member_dn);
member_domain = sdap_domain == NULL ? domain : sdap_domain->dom;
/* search in users */
PROBE(SDAP_NESTED_GROUP_SYSDB_SEARCH_USERS_PRE);
- ret = sdap_nested_group_sysdb_search_users(member_domain, filter);
+ ret = sdap_nested_group_sysdb_search_users(member_domain, member_dn);
PROBE(SDAP_NESTED_GROUP_SYSDB_SEARCH_USERS_POST);
if (ret == EOK || ret == EAGAIN) {
/* user found */
@@ -494,7 +474,7 @@ sdap_nested_group_check_cache(struct sdap_options *opts,
/* search in groups */
PROBE(SDAP_NESTED_GROUP_SYSDB_SEARCH_GROUPS_PRE);
- ret = sdap_nested_group_sysdb_search_groups(member_domain, filter);
+ ret = sdap_nested_group_sysdb_search_groups(member_domain, member_dn);
PROBE(SDAP_NESTED_GROUP_SYSDB_SEARCH_GROUPS_POST);
if (ret == EOK || ret == EAGAIN) {
/* group found */
@@ -509,7 +489,6 @@ sdap_nested_group_check_cache(struct sdap_options *opts,
ret = ENOENT;
done:
- talloc_free(tmp_ctx);
return ret;
}
@@ -2840,8 +2819,6 @@ sdap_nested_group_memberof_dn_by_original_dn(
const char ***_parents)
{
errno_t ret;
- char *sanitized_dn;
- char *filter;
const char *attrs[] = { SYSDB_NAME,
SYSDB_MEMBEROF,
NULL };
@@ -2856,20 +2833,8 @@ sdap_nested_group_memberof_dn_by_original_dn(
return ENOMEM;
}
- ret = sss_filter_sanitize(tmp_ctx, original_dn, &sanitized_dn);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- "Cannot sanitize originalDN [%s]\n", original_dn);
- goto done;
- }
-
- filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, sanitized_dn);
- if (filter == NULL) {
- goto done;
- }
-
- ret = sysdb_search_groups(tmp_ctx, group_dom, filter, attrs,
- &count, &msgs);
+ ret = sysdb_search_groups_by_orig_dn(tmp_ctx, group_dom, original_dn,
+ attrs, &count, &msgs);
if (ret != EOK) {
goto done;
}
--
2.14.1
Reference in New Issue View Git Blame Copy Permalink