c0971b7e39
- Resolves: upstream#3821 - crash related to sbus_router_destructor() - Resolves: upstream#3810 - sbus2: fix memory leak in sbus_message_bound_ref - Resolves: upstream#3819 - sssd only sets the SELinux login context if it differs from the default - Resolves: upstream#3807 - The sbus codegen script relies on "python" which might not be available on all distributions - Resolves: upstream#3820 - sudo: search with lower cased name for case insensitive domains - Resolves: upstream#3701 - [RFE] Allow changing default behavior of SSSD from an allow-any default to a deny-any default when it can't find any GPOs to apply to a user login. - Resolves: upstream#3828 - Invalid domain provider causes SSSD to abort startup - Resolves: upstream#3500 - Make sure sssd is a replacement for pam_pkcs11 also for local account authentication - Resolves: upstream#3812 - sssd 2.0.0 segfaults on startup - Resolves: upstream#3826 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated - Resolves: upstream#3827 - SSSD should log to syslog if a domain is not started due to a misconfiguration - Resolves: upstream#3830 - Printing incorrect information about domain with sssctl utility - Resolves: upstream#3489 - p11_child should work wit openssl1.0+ - Resolves: upstream#3750 - [RFE] man 5 sssd-files should mention necessary changes in nsswitch.conf - Resovles: upstream#3650 - RFE: Require smartcard authentication - Resolves: upstream#3334 - sssctl config-check does not check any special characters in domain name of domain section - Resolves: upstream#3849 - Files: The files provider always enumerates which causes duplicate when running getent passwd - Related: upstream#3855 - session not recording for local user when groups defined - Resolves: upstream#3802 - Reuse sysdb_error_to_errno() outside sysdb - Related: upstream#3493 - Remove the pysss.local interface
260 lines
8.7 KiB
Diff
260 lines
8.7 KiB
Diff
From 7c619ae08f05a7595d15cf11b64461a7d19cfaa7 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Fri, 29 Jun 2018 17:49:50 +0200
|
|
Subject: [PATCH 21/83] sysdb: extract sysdb_ldb_msg_attr_to_certmap_info()
|
|
call
|
|
|
|
Related to https://pagure.io/SSSD/sssd/issue/3500
|
|
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
---
|
|
src/db/sysdb.h | 4 ++
|
|
src/db/sysdb_certmap.c | 191 ++++++++++++++++++++++++++++---------------------
|
|
2 files changed, 112 insertions(+), 83 deletions(-)
|
|
|
|
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
|
index d72af5a..cb04e1b 100644
|
|
--- a/src/db/sysdb.h
|
|
+++ b/src/db/sysdb.h
|
|
@@ -702,6 +702,10 @@ errno_t sysdb_update_certmap(struct sysdb_ctx *sysdb,
|
|
struct certmap_info **certmaps,
|
|
bool user_name_hint);
|
|
|
|
+errno_t sysdb_ldb_msg_attr_to_certmap_info(TALLOC_CTX *mem_ctx,
|
|
+ struct ldb_message *msg,
|
|
+ struct certmap_info **certmap);
|
|
+
|
|
errno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
|
|
struct certmap_info ***certmaps,
|
|
bool *user_name_hint);
|
|
diff --git a/src/db/sysdb_certmap.c b/src/db/sysdb_certmap.c
|
|
index 6d83ba0..e61cc05 100644
|
|
--- a/src/db/sysdb_certmap.c
|
|
+++ b/src/db/sysdb_certmap.c
|
|
@@ -262,19 +262,119 @@ done:
|
|
return ret;
|
|
}
|
|
|
|
+errno_t sysdb_ldb_msg_attr_to_certmap_info(TALLOC_CTX *mem_ctx,
|
|
+ struct ldb_message *msg,
|
|
+ struct certmap_info **certmap)
|
|
+{
|
|
+ int ret;
|
|
+ size_t d;
|
|
+ size_t num_values;
|
|
+ struct certmap_info *map = NULL;
|
|
+ const char *tmp_str;
|
|
+ uint64_t tmp_uint;
|
|
+ struct ldb_message_element *tmp_el;
|
|
+
|
|
+
|
|
+ map = talloc_zero(mem_ctx, struct certmap_info);
|
|
+ if (map == NULL) {
|
|
+ return ENOMEM;
|
|
+ }
|
|
+
|
|
+ tmp_str = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
|
|
+ if (tmp_str == NULL) {
|
|
+ DEBUG(SSSDBG_MINOR_FAILURE, "The object [%s] doesn't have a name.\n",
|
|
+ ldb_dn_get_linearized(msg->dn));
|
|
+ ret = EINVAL;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ map->name = talloc_strdup(map, tmp_str);
|
|
+ if (map->name == NULL) {
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ tmp_str = ldb_msg_find_attr_as_string(msg, SYSDB_CERTMAP_MAPPING_RULE,
|
|
+ NULL);
|
|
+ if (tmp_str != NULL) {
|
|
+ map->map_rule = talloc_strdup(map, tmp_str);
|
|
+ if (map->map_rule == NULL) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ tmp_str = ldb_msg_find_attr_as_string(msg, SYSDB_CERTMAP_MATCHING_RULE,
|
|
+ NULL);
|
|
+ if (tmp_str != NULL) {
|
|
+ map->match_rule = talloc_strdup(map, tmp_str);
|
|
+ if (map->match_rule == NULL) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ tmp_uint = ldb_msg_find_attr_as_uint64(msg, SYSDB_CERTMAP_PRIORITY,
|
|
+ (uint64_t) -1);
|
|
+ if (tmp_uint != (uint64_t) -1) {
|
|
+ if (tmp_uint > UINT32_MAX) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "Priority value [%lu] too large.\n",
|
|
+ (unsigned long) tmp_uint);
|
|
+ ret = EINVAL;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ map->priority = (uint32_t) tmp_uint;
|
|
+ }
|
|
+
|
|
+ tmp_el = ldb_msg_find_element(msg, SYSDB_CERTMAP_DOMAINS);
|
|
+ if (tmp_el != NULL) {
|
|
+ num_values = tmp_el->num_values;
|
|
+ } else {
|
|
+ num_values = 0;
|
|
+ }
|
|
+
|
|
+ map->domains = talloc_zero_array(map, const char *, num_values + 1);
|
|
+ if (map->domains == NULL) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_array failed.\n");
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ for (d = 0; d < num_values; d++) {
|
|
+ map->domains[d] = talloc_strndup(map->domains,
|
|
+ (char *) tmp_el->values[d].data,
|
|
+ tmp_el->values[d].length);
|
|
+ if (map->domains[d] == NULL) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ *certmap = map;
|
|
+
|
|
+ ret = EOK;
|
|
+
|
|
+done:
|
|
+ if (ret != EOK) {
|
|
+ talloc_free(map);
|
|
+ }
|
|
+
|
|
+ return ret;
|
|
+}
|
|
+
|
|
errno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
|
|
struct certmap_info ***certmaps, bool *user_name_hint)
|
|
{
|
|
size_t c;
|
|
- size_t d;
|
|
struct ldb_dn *container_dn = NULL;
|
|
int ret;
|
|
struct certmap_info **maps = NULL;
|
|
TALLOC_CTX *tmp_ctx = NULL;
|
|
struct ldb_result *res;
|
|
- const char *tmp_str;
|
|
- uint64_t tmp_uint;
|
|
- struct ldb_message_element *tmp_el;
|
|
const char *attrs[] = {SYSDB_NAME,
|
|
SYSDB_CERTMAP_PRIORITY,
|
|
SYSDB_CERTMAP_MATCHING_RULE,
|
|
@@ -283,7 +383,6 @@ errno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
|
|
NULL};
|
|
const char *config_attrs[] = {SYSDB_CERTMAP_USER_NAME_HINT,
|
|
NULL};
|
|
- size_t num_values;
|
|
bool hint = false;
|
|
|
|
tmp_ctx = talloc_new(NULL);
|
|
@@ -332,86 +431,12 @@ errno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
|
|
}
|
|
|
|
for (c = 0; c < res->count; c++) {
|
|
- maps[c] = talloc_zero(maps, struct certmap_info);
|
|
- if (maps[c] == NULL) {
|
|
- ret = ENOMEM;
|
|
- goto done;
|
|
- }
|
|
- tmp_str = ldb_msg_find_attr_as_string(res->msgs[c], SYSDB_NAME, NULL);
|
|
- if (tmp_str == NULL) {
|
|
- DEBUG(SSSDBG_MINOR_FAILURE, "The object [%s] doesn't have a name.\n",
|
|
- ldb_dn_get_linearized(res->msgs[c]->dn));
|
|
- ret = EINVAL;
|
|
- goto done;
|
|
- }
|
|
-
|
|
- maps[c]->name = talloc_strdup(maps, tmp_str);
|
|
- if (maps[c]->name == NULL) {
|
|
- ret = ENOMEM;
|
|
- goto done;
|
|
- }
|
|
-
|
|
- tmp_str = ldb_msg_find_attr_as_string(res->msgs[c],
|
|
- SYSDB_CERTMAP_MAPPING_RULE, NULL);
|
|
- if (tmp_str != NULL) {
|
|
- maps[c]->map_rule = talloc_strdup(maps, tmp_str);
|
|
- if (maps[c]->map_rule == NULL) {
|
|
- DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
|
|
- ret = ENOMEM;
|
|
- goto done;
|
|
- }
|
|
- }
|
|
-
|
|
- tmp_str = ldb_msg_find_attr_as_string(res->msgs[c],
|
|
- SYSDB_CERTMAP_MATCHING_RULE, NULL);
|
|
- if (tmp_str != NULL) {
|
|
- maps[c]->match_rule = talloc_strdup(maps, tmp_str);
|
|
- if (maps[c]->match_rule == NULL) {
|
|
- DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
|
|
- ret = ENOMEM;
|
|
- goto done;
|
|
- }
|
|
- }
|
|
-
|
|
- tmp_uint = ldb_msg_find_attr_as_uint64(res->msgs[c],
|
|
- SYSDB_CERTMAP_PRIORITY,
|
|
- (uint64_t) -1);
|
|
- if (tmp_uint != (uint64_t) -1) {
|
|
- if (tmp_uint > UINT32_MAX) {
|
|
- DEBUG(SSSDBG_OP_FAILURE, "Priority value [%lu] too large.\n",
|
|
- (unsigned long) tmp_uint);
|
|
- ret = EINVAL;
|
|
- goto done;
|
|
- }
|
|
-
|
|
- maps[c]->priority = (uint32_t) tmp_uint;
|
|
- }
|
|
-
|
|
- tmp_el = ldb_msg_find_element(res->msgs[c], SYSDB_CERTMAP_DOMAINS);
|
|
- if (tmp_el != NULL) {
|
|
- num_values = tmp_el->num_values;
|
|
- } else {
|
|
- num_values = 0;
|
|
- }
|
|
-
|
|
- maps[c]->domains = talloc_zero_array(maps[c], const char *,
|
|
- num_values + 1);
|
|
- if (maps[c]->domains == NULL) {
|
|
- DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_array failed.\n");
|
|
- ret = ENOMEM;
|
|
+ ret = sysdb_ldb_msg_attr_to_certmap_info(maps, res->msgs[c], &maps[c]);
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
+ "sysdb_ldb_msg_attr_to_certmap_info failed.\n");
|
|
goto done;
|
|
}
|
|
-
|
|
- for (d = 0; d < num_values; d++) {
|
|
- maps[c]->domains[d] = talloc_strndup(maps[c]->domains,
|
|
- (char *) tmp_el->values[d].data,
|
|
- tmp_el->values[d].length);
|
|
- if (maps[c]->domains[d] == NULL) {
|
|
- DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
|
|
- ret = ENOMEM;
|
|
- goto done;
|
|
- }
|
|
- }
|
|
}
|
|
|
|
ret = EOK;
|
|
--
|
|
2.9.5
|
|
|