|
 |
2fc102 |
From 3cf1217a277d1103a8956e33fc0a8464227e2dd2 Mon Sep 17 00:00:00 2001
|
|
|
2fc102 |
From: Pavel Reichl <pavel.reichl@redhat.com>
|
|
|
2fc102 |
Date: Thu, 14 Nov 2013 21:34:51 +0000
|
|
|
2fc102 |
Subject: [PATCH 5/6] SSSD: Improved domain detection
|
|
|
2fc102 |
|
|
|
2fc102 |
A bit more elegant way of detection of what domain the group member belongs to
|
|
|
2fc102 |
|
|
|
2fc102 |
Resolves:
|
|
|
2fc102 |
https://fedorahosted.org/sssd/ticket/2132
|
|
|
2fc102 |
---
|
|
|
2fc102 |
src/providers/ldap/ldap_common.c | 39 ++++++++++++++++++++++++++++-----------
|
|
|
2fc102 |
src/util/sss_ldap.c | 28 +++++++++++++++++++++++-----
|
|
|
2fc102 |
src/util/sss_ldap.h | 6 ++++++
|
|
|
2fc102 |
3 files changed, 57 insertions(+), 16 deletions(-)
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
|
|
|
2fc102 |
index facf102edc792c75a563a276f3ea9f3acc3052b4..35ea81360b4ec61eca6b952cd86fc93a6eda17dc 100644
|
|
|
2fc102 |
--- a/src/providers/ldap/ldap_common.c
|
|
|
2fc102 |
+++ b/src/providers/ldap/ldap_common.c
|
|
|
2fc102 |
@@ -68,23 +68,40 @@ sdap_domain_get_by_dn(struct sdap_options *opts,
|
|
|
2fc102 |
const char *dn)
|
|
|
2fc102 |
{
|
|
|
2fc102 |
struct sdap_domain *sditer = NULL;
|
|
|
2fc102 |
- char *dc = NULL;
|
|
|
2fc102 |
+ struct sdap_domain *sdmatch = NULL;
|
|
|
2fc102 |
+ TALLOC_CTX *tmp_ctx = NULL;
|
|
|
2fc102 |
+ int match_len;
|
|
|
2fc102 |
+ int best_match_len = 0;
|
|
|
2fc102 |
|
|
|
2fc102 |
- dc = strstr(dn, "dc=");
|
|
|
2fc102 |
- if (dc == NULL) {
|
|
|
2fc102 |
- dc = strstr(dn, "DC=");
|
|
|
2fc102 |
- if (dc == NULL) {
|
|
|
2fc102 |
- return NULL;
|
|
|
2fc102 |
- }
|
|
|
2fc102 |
+ tmp_ctx = talloc_new(NULL);
|
|
|
2fc102 |
+ if (tmp_ctx == NULL) {
|
|
|
2fc102 |
+ return NULL;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
DLIST_FOR_EACH(sditer, opts->sdom) {
|
|
|
2fc102 |
- if (strcasecmp(sditer->basedn, dc) == 0) {
|
|
|
2fc102 |
- return sditer;
|
|
|
2fc102 |
+ if (sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->search_bases,
|
|
|
2fc102 |
+ NULL, &match_len)
|
|
|
2fc102 |
+ || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
|
|
|
2fc102 |
+ sditer->user_search_bases, NULL, &match_len)
|
|
|
2fc102 |
+ || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
|
|
|
2fc102 |
+ sditer->group_search_bases, NULL, &match_len)
|
|
|
2fc102 |
+ || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
|
|
|
2fc102 |
+ sditer->netgroup_search_bases, NULL, &match_len)
|
|
|
2fc102 |
+ || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
|
|
|
2fc102 |
+ sditer->sudo_search_bases, NULL, &match_len)
|
|
|
2fc102 |
+ || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
|
|
|
2fc102 |
+ sditer->service_search_bases, NULL, &match_len)
|
|
|
2fc102 |
+ || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
|
|
|
2fc102 |
+ sditer->autofs_search_bases, NULL, &match_len)) {
|
|
|
2fc102 |
+ if (best_match_len < match_len) {
|
|
|
2fc102 |
+ /*this is a longer match*/
|
|
|
2fc102 |
+ best_match_len = match_len;
|
|
|
2fc102 |
+ sdmatch = sditer;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
}
|
|
|
2fc102 |
}
|
|
|
2fc102 |
-
|
|
|
2fc102 |
- return NULL;
|
|
|
2fc102 |
+ talloc_free(tmp_ctx);
|
|
|
2fc102 |
+ return sdmatch;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
errno_t
|
|
|
2fc102 |
diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c
|
|
|
2fc102 |
index 6d7b0907ca2fa48d9cff5257ab6bbba0ae7dd5c6..e1a05e8f60afb692ac95c99a443febac72a31187 100644
|
|
|
2fc102 |
--- a/src/util/sss_ldap.c
|
|
|
2fc102 |
+++ b/src/util/sss_ldap.c
|
|
|
2fc102 |
@@ -470,10 +470,13 @@ int sss_ldap_init_recv(struct tevent_req *req, LDAP **ldap, int *sd)
|
|
|
2fc102 |
* _filter will contain combined filters from all possible search bases
|
|
|
2fc102 |
* or NULL if it should be empty
|
|
|
2fc102 |
*/
|
|
|
2fc102 |
-bool sss_ldap_dn_in_search_bases(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
- const char *dn,
|
|
|
2fc102 |
- struct sdap_search_base **search_bases,
|
|
|
2fc102 |
- char **_filter)
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+bool sss_ldap_dn_in_search_bases_len(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
+ const char *dn,
|
|
|
2fc102 |
+ struct sdap_search_base **search_bases,
|
|
|
2fc102 |
+ char **_filter,
|
|
|
2fc102 |
+ int *_match_len)
|
|
|
2fc102 |
{
|
|
|
2fc102 |
struct sdap_search_base *base;
|
|
|
2fc102 |
int basedn_len, dn_len;
|
|
|
2fc102 |
@@ -484,6 +487,7 @@ bool sss_ldap_dn_in_search_bases(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
bool backslash_found = false;
|
|
|
2fc102 |
char *filter = NULL;
|
|
|
2fc102 |
bool ret = false;
|
|
|
2fc102 |
+ int match_len;
|
|
|
2fc102 |
|
|
|
2fc102 |
if (dn == NULL) {
|
|
|
2fc102 |
DEBUG(SSSDBG_FUNC_DATA, ("dn is NULL\n"));
|
|
|
2fc102 |
@@ -511,6 +515,7 @@ bool sss_ldap_dn_in_search_bases(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
if (!base_confirmed) {
|
|
|
2fc102 |
continue;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
+ match_len = basedn_len;
|
|
|
2fc102 |
|
|
|
2fc102 |
switch (base->scope) {
|
|
|
2fc102 |
case LDAP_SCOPE_BASE:
|
|
|
2fc102 |
@@ -558,6 +563,9 @@ bool sss_ldap_dn_in_search_bases(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
* Append filter otherwise.
|
|
|
2fc102 |
*/
|
|
|
2fc102 |
ret = true;
|
|
|
2fc102 |
+ if (_match_len) {
|
|
|
2fc102 |
+ *_match_len = match_len;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
|
|
|
2fc102 |
if (base->filter == NULL || _filter == NULL) {
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
@@ -575,7 +583,8 @@ bool sss_ldap_dn_in_search_bases(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
if (filter != NULL) {
|
|
|
2fc102 |
*_filter = talloc_asprintf(mem_ctx, "(|%s)", filter);
|
|
|
2fc102 |
if (*_filter == NULL) {
|
|
|
2fc102 |
- DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_asprintf_append() failed\n"));
|
|
|
2fc102 |
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
2fc102 |
+ ("talloc_asprintf_append() failed\n"));
|
|
|
2fc102 |
ret = false;
|
|
|
2fc102 |
goto done;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
@@ -589,6 +598,15 @@ done:
|
|
|
2fc102 |
return ret;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
+bool sss_ldap_dn_in_search_bases(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
+ const char *dn,
|
|
|
2fc102 |
+ struct sdap_search_base **search_bases,
|
|
|
2fc102 |
+ char **_filter)
|
|
|
2fc102 |
+{
|
|
|
2fc102 |
+ return sss_ldap_dn_in_search_bases_len(mem_ctx, dn, search_bases, _filter,
|
|
|
2fc102 |
+ NULL);
|
|
|
2fc102 |
+}
|
|
|
2fc102 |
+
|
|
|
2fc102 |
char *sss_ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t flags)
|
|
|
2fc102 |
{
|
|
|
2fc102 |
char hex[9]; /* 4 bytes in hex + terminating zero */
|
|
|
2fc102 |
diff --git a/src/util/sss_ldap.h b/src/util/sss_ldap.h
|
|
|
2fc102 |
index e5c30eb2115d422ef5a52cc5cd75c85be8fbe2d7..f298b2fbb30cf1532f8e94504ffb83ef73880b81 100644
|
|
|
2fc102 |
--- a/src/util/sss_ldap.h
|
|
|
2fc102 |
+++ b/src/util/sss_ldap.h
|
|
|
2fc102 |
@@ -74,6 +74,12 @@ bool sss_ldap_dn_in_search_bases(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
struct sdap_search_base **search_bases,
|
|
|
2fc102 |
char **_filter);
|
|
|
2fc102 |
|
|
|
2fc102 |
+bool sss_ldap_dn_in_search_bases_len(TALLOC_CTX *mem_ctx,
|
|
|
2fc102 |
+ const char *dn,
|
|
|
2fc102 |
+ struct sdap_search_base **search_bases,
|
|
|
2fc102 |
+ char **_filter,
|
|
|
2fc102 |
+ int *_match_len);
|
|
|
2fc102 |
+
|
|
|
2fc102 |
char *sss_ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t flags);
|
|
|
2fc102 |
|
|
|
2fc102 |
#endif /* __SSS_LDAP_H__ */
|
|
|
2fc102 |
--
|
|
|
2fc102 |
1.8.4.2
|
|
|
2fc102 |
|