|
|
bb7cd1 |
From bab9c21c9ec7ad39555db52511f0f2e425decd94 Mon Sep 17 00:00:00 2001
|
|
|
bb7cd1 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
bb7cd1 |
Date: Fri, 24 Mar 2017 12:44:09 +0100
|
|
|
bb7cd1 |
Subject: [PATCH 64/72] IFP: Search both POSIX and non-POSIX domains
|
|
|
bb7cd1 |
MIME-Version: 1.0
|
|
|
bb7cd1 |
Content-Type: text/plain; charset=UTF-8
|
|
|
bb7cd1 |
Content-Transfer-Encoding: 8bit
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Related to:
|
|
|
bb7cd1 |
https://pagure.io/SSSD/sssd/issue/3310
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Changes the behaviour of the InfoPipe responder so that both application
|
|
|
bb7cd1 |
and POSIX domains are searched. In general, the IFP responder uses the
|
|
|
bb7cd1 |
CACHE_REQ_ANY_DOM lookup type because we can't presume the intention of
|
|
|
bb7cd1 |
the caller. Therefore, deployments that combine both POSIX and non-POSIX
|
|
|
bb7cd1 |
domains must use fully qualified names or select the right domain order
|
|
|
bb7cd1 |
manually.
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
There is one change between the POSIX and non-POSIX users or groups -
|
|
|
bb7cd1 |
the object path. For the POSIX users, the object path includes the UID
|
|
|
bb7cd1 |
or GID. Because we don't have that for the non-POSIX objects, the object
|
|
|
bb7cd1 |
name is used in the path instead.
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
bb7cd1 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
bb7cd1 |
---
|
|
|
bb7cd1 |
src/responder/ifp/ifp_groups.c | 135 ++++++++++++++++++++++-------------
|
|
|
bb7cd1 |
src/responder/ifp/ifp_users.c | 158 ++++++++++++++++++++++++++---------------
|
|
|
bb7cd1 |
src/responder/ifp/ifpsrv_cmd.c | 6 +-
|
|
|
bb7cd1 |
3 files changed, 194 insertions(+), 105 deletions(-)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
diff --git a/src/responder/ifp/ifp_groups.c b/src/responder/ifp/ifp_groups.c
|
|
|
bb7cd1 |
index 99908e96bd971bce4b4e9064a77d8413f837d743..c568c62009cd4b777919dea048fd381a91bd3460 100644
|
|
|
bb7cd1 |
--- a/src/responder/ifp/ifp_groups.c
|
|
|
bb7cd1 |
+++ b/src/responder/ifp/ifp_groups.c
|
|
|
bb7cd1 |
@@ -35,25 +35,33 @@ char * ifp_groups_build_path_from_msg(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
struct sss_domain_info *domain,
|
|
|
bb7cd1 |
struct ldb_message *msg)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
- const char *gid;
|
|
|
bb7cd1 |
+ const char *key = NULL;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- gid = ldb_msg_find_attr_as_string(msg, SYSDB_GIDNUM, NULL);
|
|
|
bb7cd1 |
+ switch (domain->type) {
|
|
|
bb7cd1 |
+ case DOM_TYPE_APPLICATION:
|
|
|
bb7cd1 |
+ key = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
|
|
|
bb7cd1 |
+ break;
|
|
|
bb7cd1 |
+ case DOM_TYPE_POSIX:
|
|
|
bb7cd1 |
+ key = ldb_msg_find_attr_as_string(msg, SYSDB_GIDNUM, NULL);
|
|
|
bb7cd1 |
+ break;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- if (gid == NULL) {
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (key == NULL) {
|
|
|
bb7cd1 |
return NULL;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- return sbus_opath_compose(mem_ctx, IFP_PATH_GROUPS, domain->name, gid);
|
|
|
bb7cd1 |
+ return sbus_opath_compose(mem_ctx, IFP_PATH_GROUPS, domain->name, key);
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
-static errno_t ifp_groups_decompose_path(struct sss_domain_info *domains,
|
|
|
bb7cd1 |
+static errno_t ifp_groups_decompose_path(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
+ struct sss_domain_info *domains,
|
|
|
bb7cd1 |
const char *path,
|
|
|
bb7cd1 |
struct sss_domain_info **_domain,
|
|
|
bb7cd1 |
- gid_t *_gid)
|
|
|
bb7cd1 |
+ char **_key)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
char **parts = NULL;
|
|
|
bb7cd1 |
struct sss_domain_info *domain;
|
|
|
bb7cd1 |
- gid_t gid;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
ret = sbus_opath_decompose_exact(NULL, path, IFP_PATH_GROUPS, 2, &parts;;
|
|
|
bb7cd1 |
@@ -67,14 +75,8 @@ static errno_t ifp_groups_decompose_path(struct sss_domain_info *domains,
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- gid = strtouint32(parts[1], NULL, 10);
|
|
|
bb7cd1 |
- ret = errno;
|
|
|
bb7cd1 |
- if (ret != EOK) {
|
|
|
bb7cd1 |
- goto done;
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
-
|
|
|
bb7cd1 |
*_domain = domain;
|
|
|
bb7cd1 |
- *_gid = gid;
|
|
|
bb7cd1 |
+ *_key = talloc_steal(mem_ctx, parts[1]);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
done:
|
|
|
bb7cd1 |
talloc_free(parts);
|
|
|
bb7cd1 |
@@ -119,7 +121,7 @@ int ifp_groups_find_by_name(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
req = cache_req_group_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
|
|
|
bb7cd1 |
ctx->rctx->ncache, 0,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM, NULL,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM, NULL,
|
|
|
bb7cd1 |
name);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
return ENOMEM;
|
|
|
bb7cd1 |
@@ -273,7 +275,7 @@ static int ifp_groups_list_by_name_step(struct ifp_list_ctx *list_ctx)
|
|
|
bb7cd1 |
req = cache_req_group_by_filter_send(list_ctx,
|
|
|
bb7cd1 |
list_ctx->ctx->rctx->ev,
|
|
|
bb7cd1 |
list_ctx->ctx->rctx,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
list_ctx->dom->name,
|
|
|
bb7cd1 |
list_ctx->filter);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
@@ -358,7 +360,7 @@ int ifp_groups_list_by_domain_and_name(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
req = cache_req_group_by_filter_send(list_ctx, ctx->rctx->ev, ctx->rctx,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
domain, filter);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
return ENOMEM;
|
|
|
bb7cd1 |
@@ -412,16 +414,65 @@ done:
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
static errno_t
|
|
|
bb7cd1 |
+ifp_groups_get_from_cache(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
+ struct sss_domain_info *domain,
|
|
|
bb7cd1 |
+ const char *key,
|
|
|
bb7cd1 |
+ struct ldb_message **_group)
|
|
|
bb7cd1 |
+{
|
|
|
bb7cd1 |
+ struct ldb_result *group_res;
|
|
|
bb7cd1 |
+ errno_t ret;
|
|
|
bb7cd1 |
+ gid_t gid;
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ switch (domain->type) {
|
|
|
bb7cd1 |
+ case DOM_TYPE_POSIX:
|
|
|
bb7cd1 |
+ gid = strtouint32(key, NULL, 10);
|
|
|
bb7cd1 |
+ ret = errno;
|
|
|
bb7cd1 |
+ if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid UID value\n");
|
|
|
bb7cd1 |
+ return ret;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ ret = sysdb_getgrgid_with_views(sbus_req, domain, gid, &group_res);
|
|
|
bb7cd1 |
+ if (ret == EOK && group_res->count == 0) {
|
|
|
bb7cd1 |
+ *_group = NULL;
|
|
|
bb7cd1 |
+ return ENOENT;
|
|
|
bb7cd1 |
+ } else if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup group %u@%s [%d]: %s\n",
|
|
|
bb7cd1 |
+ gid, domain->name, ret, sss_strerror(ret));
|
|
|
bb7cd1 |
+ return ret;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ break;
|
|
|
bb7cd1 |
+ case DOM_TYPE_APPLICATION:
|
|
|
bb7cd1 |
+ ret = sysdb_getgrnam_with_views(sbus_req, domain, key, &group_res);
|
|
|
bb7cd1 |
+ if (ret == EOK && group_res->count == 0) {
|
|
|
bb7cd1 |
+ *_group = NULL;
|
|
|
bb7cd1 |
+ return ENOENT;
|
|
|
bb7cd1 |
+ } else if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup group %s@%s [%d]: %s\n",
|
|
|
bb7cd1 |
+ key, domain->name, ret, sss_strerror(ret));
|
|
|
bb7cd1 |
+ return ret;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ break;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (group_res->count > 1) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "More groups matched by the single key\n");
|
|
|
bb7cd1 |
+ return EIO;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ *_group = group_res->msgs[0];
|
|
|
bb7cd1 |
+ return EOK;
|
|
|
bb7cd1 |
+}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+static errno_t
|
|
|
bb7cd1 |
ifp_groups_group_get(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
void *data,
|
|
|
bb7cd1 |
- gid_t *_gid,
|
|
|
bb7cd1 |
struct sss_domain_info **_domain,
|
|
|
bb7cd1 |
struct ldb_message **_group)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
struct ifp_ctx *ctx;
|
|
|
bb7cd1 |
struct sss_domain_info *domain;
|
|
|
bb7cd1 |
- struct ldb_result *res;
|
|
|
bb7cd1 |
- uid_t gid;
|
|
|
bb7cd1 |
+ char *key;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
ctx = talloc_get_type(data, struct ifp_ctx);
|
|
|
bb7cd1 |
@@ -430,8 +481,9 @@ ifp_groups_group_get(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
return ERR_INTERNAL;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_groups_decompose_path(ctx->rctx->domains, sbus_req->path,
|
|
|
bb7cd1 |
- &domain, &gid;;
|
|
|
bb7cd1 |
+ ret = ifp_groups_decompose_path(sbus_req,
|
|
|
bb7cd1 |
+ ctx->rctx->domains, sbus_req->path,
|
|
|
bb7cd1 |
+ &domain, &key);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to decompose object path"
|
|
|
bb7cd1 |
"[%s] [%d]: %s\n", sbus_req->path, ret, sss_strerror(ret));
|
|
|
bb7cd1 |
@@ -439,28 +491,15 @@ ifp_groups_group_get(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
if (_group != NULL) {
|
|
|
bb7cd1 |
- ret = sysdb_getgrgid_with_views(sbus_req, domain, gid, &res;;
|
|
|
bb7cd1 |
- if (ret == EOK && res->count == 0) {
|
|
|
bb7cd1 |
- *_group = NULL;
|
|
|
bb7cd1 |
- ret = ENOENT;
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
-
|
|
|
bb7cd1 |
- if (ret != EOK) {
|
|
|
bb7cd1 |
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup group %u@%s [%d]: %s\n",
|
|
|
bb7cd1 |
- gid, domain->name, ret, sss_strerror(ret));
|
|
|
bb7cd1 |
- } else {
|
|
|
bb7cd1 |
- *_group = res->msgs[0];
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
+ ret = ifp_groups_get_from_cache(sbus_req, domain, key, _group);
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
if (ret == EOK || ret == ENOENT) {
|
|
|
bb7cd1 |
- if (_gid != NULL) {
|
|
|
bb7cd1 |
- *_gid = gid;
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
-
|
|
|
bb7cd1 |
if (_domain != NULL) {
|
|
|
bb7cd1 |
*_domain = domain;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
+ } else if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_OP_FAILURE, "Unable to retrieve group from cache\n");
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
return ret;
|
|
|
bb7cd1 |
@@ -513,7 +552,7 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
state->ctx = ctx;
|
|
|
bb7cd1 |
state->data = data;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &group);
|
|
|
bb7cd1 |
+ ret = ifp_groups_group_get(sbus_req, data, &domain, &group);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
goto immediately;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
@@ -527,7 +566,7 @@ static struct tevent_req *resolv_ghosts_send(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
subreq = cache_req_group_by_name_send(state, ev, ctx->rctx,
|
|
|
bb7cd1 |
ctx->rctx->ncache, 0,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
domain->name,
|
|
|
bb7cd1 |
name);
|
|
|
bb7cd1 |
if (subreq == NULL) {
|
|
|
bb7cd1 |
@@ -561,7 +600,7 @@ static void resolv_ghosts_group_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
req = tevent_req_callback_data(subreq, struct tevent_req);
|
|
|
bb7cd1 |
state = tevent_req_data(req, struct resolv_ghosts_state);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_groups_group_get(state->sbus_req, state->data, NULL,
|
|
|
bb7cd1 |
+ ret = ifp_groups_group_get(state->sbus_req, state->data,
|
|
|
bb7cd1 |
&state->domain, &group);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
@@ -608,7 +647,7 @@ errno_t resolv_ghosts_step(struct tevent_req *req)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
subreq = cache_req_user_by_name_send(state, state->ev, state->ctx->rctx,
|
|
|
bb7cd1 |
state->ctx->rctx->ncache, 0,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
state->domain->name,
|
|
|
bb7cd1 |
state->ghosts[state->index]);
|
|
|
bb7cd1 |
if (subreq == NULL) {
|
|
|
bb7cd1 |
@@ -719,7 +758,7 @@ void ifp_groups_group_get_name(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &msg;;
|
|
|
bb7cd1 |
+ ret = ifp_groups_group_get(sbus_req, data, &domain, &msg;;
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
*_out = NULL;
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
@@ -744,7 +783,7 @@ void ifp_groups_group_get_gid_number(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
struct sss_domain_info *domain;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &msg;;
|
|
|
bb7cd1 |
+ ret = ifp_groups_group_get(sbus_req, data, &domain, &msg;;
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
*_out = 0;
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
@@ -763,7 +802,7 @@ void ifp_groups_group_get_unique_id(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
struct sss_domain_info *domain;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &msg;;
|
|
|
bb7cd1 |
+ ret = ifp_groups_group_get(sbus_req, data, &domain, &msg;;
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
*_out = 0;
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
@@ -803,7 +842,7 @@ ifp_groups_group_get_members(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
return ENOMEM;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &group);
|
|
|
bb7cd1 |
+ ret = ifp_groups_group_get(sbus_req, data, &domain, &group);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
@@ -954,7 +993,7 @@ int ifp_cache_object_store_group(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
struct ldb_message *group;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &group);
|
|
|
bb7cd1 |
+ ret = ifp_groups_group_get(sbus_req, data, &domain, &group);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
error = sbus_error_new(sbus_req, DBUS_ERROR_FAILED, "Failed to fetch "
|
|
|
bb7cd1 |
"group [%d]: %s\n", ret, sss_strerror(ret));
|
|
|
bb7cd1 |
@@ -973,7 +1012,7 @@ int ifp_cache_object_remove_group(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
struct ldb_message *group;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_groups_group_get(sbus_req, data, NULL, &domain, &group);
|
|
|
bb7cd1 |
+ ret = ifp_groups_group_get(sbus_req, data, &domain, &group);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
error = sbus_error_new(sbus_req, DBUS_ERROR_FAILED, "Failed to fetch "
|
|
|
bb7cd1 |
"group [%d]: %s\n", ret, sss_strerror(ret));
|
|
|
bb7cd1 |
diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c
|
|
|
bb7cd1 |
index 436bb268fa9c78d72fb744e0d338aa561a7d8764..ce9557f94351b730ee46f3cbce31613cb5901942 100644
|
|
|
bb7cd1 |
--- a/src/responder/ifp/ifp_users.c
|
|
|
bb7cd1 |
+++ b/src/responder/ifp/ifp_users.c
|
|
|
bb7cd1 |
@@ -37,25 +37,33 @@ char * ifp_users_build_path_from_msg(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
struct sss_domain_info *domain,
|
|
|
bb7cd1 |
struct ldb_message *msg)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
- const char *uid;
|
|
|
bb7cd1 |
+ const char *key = NULL;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- uid = ldb_msg_find_attr_as_string(msg, SYSDB_UIDNUM, NULL);
|
|
|
bb7cd1 |
+ switch (domain->type) {
|
|
|
bb7cd1 |
+ case DOM_TYPE_APPLICATION:
|
|
|
bb7cd1 |
+ key = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
|
|
|
bb7cd1 |
+ break;
|
|
|
bb7cd1 |
+ case DOM_TYPE_POSIX:
|
|
|
bb7cd1 |
+ key = ldb_msg_find_attr_as_string(msg, SYSDB_UIDNUM, NULL);
|
|
|
bb7cd1 |
+ break;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- if (uid == NULL) {
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (key == NULL) {
|
|
|
bb7cd1 |
return NULL;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- return sbus_opath_compose(mem_ctx, IFP_PATH_USERS, domain->name, uid);
|
|
|
bb7cd1 |
+ return sbus_opath_compose(mem_ctx, IFP_PATH_USERS, domain->name, key);
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
-static errno_t ifp_users_decompose_path(struct sss_domain_info *domains,
|
|
|
bb7cd1 |
+static errno_t ifp_users_decompose_path(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
+ struct sss_domain_info *domains,
|
|
|
bb7cd1 |
const char *path,
|
|
|
bb7cd1 |
struct sss_domain_info **_domain,
|
|
|
bb7cd1 |
- uid_t *_uid)
|
|
|
bb7cd1 |
+ char **_key)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
char **parts = NULL;
|
|
|
bb7cd1 |
struct sss_domain_info *domain;
|
|
|
bb7cd1 |
- uid_t uid;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
ret = sbus_opath_decompose_exact(NULL, path, IFP_PATH_USERS, 2, &parts;;
|
|
|
bb7cd1 |
@@ -69,14 +77,8 @@ static errno_t ifp_users_decompose_path(struct sss_domain_info *domains,
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- uid = strtouint32(parts[1], NULL, 10);
|
|
|
bb7cd1 |
- ret = errno;
|
|
|
bb7cd1 |
- if (ret != EOK) {
|
|
|
bb7cd1 |
- goto done;
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
-
|
|
|
bb7cd1 |
*_domain = domain;
|
|
|
bb7cd1 |
- *_uid = uid;
|
|
|
bb7cd1 |
+ *_key = talloc_steal(mem_ctx, parts[1]);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
done:
|
|
|
bb7cd1 |
talloc_free(parts);
|
|
|
bb7cd1 |
@@ -100,7 +102,7 @@ int ifp_users_find_by_name(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
|
|
|
bb7cd1 |
ctx->rctx->ncache, 0,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
NULL, name);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
return ENOMEM;
|
|
|
bb7cd1 |
@@ -256,7 +258,7 @@ int ifp_users_find_by_cert(struct sbus_request *sbus_req, void *data,
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
req = cache_req_user_by_cert_send(sbus_req, ctx->rctx->ev, ctx->rctx,
|
|
|
bb7cd1 |
ctx->rctx->ncache, 0,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM, NULL,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM, NULL,
|
|
|
bb7cd1 |
derb64);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
return ENOMEM;
|
|
|
bb7cd1 |
@@ -371,7 +373,7 @@ static int ifp_users_list_by_cert_step(struct ifp_list_ctx *list_ctx)
|
|
|
bb7cd1 |
list_ctx->ctx->rctx,
|
|
|
bb7cd1 |
list_ctx->ctx->rctx->ncache,
|
|
|
bb7cd1 |
0,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
list_ctx->dom->name,
|
|
|
bb7cd1 |
list_ctx->filter);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
@@ -538,7 +540,7 @@ int ifp_users_find_by_name_and_cert(struct sbus_request *sbus_req, void *data,
|
|
|
bb7cd1 |
if (name_and_cert_ctx->name != NULL) {
|
|
|
bb7cd1 |
req = cache_req_user_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
|
|
|
bb7cd1 |
ctx->rctx->ncache, 0,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
NULL,
|
|
|
bb7cd1 |
name_and_cert_ctx->name);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
@@ -621,7 +623,7 @@ static int ifp_users_find_by_name_and_cert_step(
|
|
|
bb7cd1 |
list_ctx->ctx->rctx,
|
|
|
bb7cd1 |
list_ctx->ctx->rctx->ncache,
|
|
|
bb7cd1 |
0,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
list_ctx->dom->name,
|
|
|
bb7cd1 |
list_ctx->filter);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
@@ -782,7 +784,7 @@ static int ifp_users_list_by_name_step(struct ifp_list_ctx *list_ctx)
|
|
|
bb7cd1 |
req = cache_req_user_by_filter_send(list_ctx,
|
|
|
bb7cd1 |
list_ctx->ctx->rctx->ev,
|
|
|
bb7cd1 |
list_ctx->ctx->rctx,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
list_ctx->dom->name,
|
|
|
bb7cd1 |
list_ctx->filter);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
@@ -867,7 +869,7 @@ int ifp_users_list_by_domain_and_name(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
req = cache_req_user_by_filter_send(list_ctx, ctx->rctx->ev, ctx->rctx,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
domain, filter);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
return ENOMEM;
|
|
|
bb7cd1 |
@@ -930,19 +932,69 @@ done:
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
static errno_t
|
|
|
bb7cd1 |
+ifp_users_get_from_cache(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
+ struct sss_domain_info *domain,
|
|
|
bb7cd1 |
+ const char *key,
|
|
|
bb7cd1 |
+ struct ldb_message **_user)
|
|
|
bb7cd1 |
+{
|
|
|
bb7cd1 |
+ struct ldb_result *user_res;
|
|
|
bb7cd1 |
+ errno_t ret;
|
|
|
bb7cd1 |
+ uid_t uid;
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ switch (domain->type) {
|
|
|
bb7cd1 |
+ case DOM_TYPE_POSIX:
|
|
|
bb7cd1 |
+ uid = strtouint32(key, NULL, 10);
|
|
|
bb7cd1 |
+ ret = errno;
|
|
|
bb7cd1 |
+ if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid UID value\n");
|
|
|
bb7cd1 |
+ return ret;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ ret = sysdb_getpwuid_with_views(sbus_req, domain, uid, &user_res);
|
|
|
bb7cd1 |
+ if (ret == EOK && user_res->count == 0) {
|
|
|
bb7cd1 |
+ *_user = NULL;
|
|
|
bb7cd1 |
+ return ENOENT;
|
|
|
bb7cd1 |
+ } else if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup user %u@%s [%d]: %s\n",
|
|
|
bb7cd1 |
+ uid, domain->name, ret, sss_strerror(ret));
|
|
|
bb7cd1 |
+ return ret;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ break;
|
|
|
bb7cd1 |
+ case DOM_TYPE_APPLICATION:
|
|
|
bb7cd1 |
+ ret = sysdb_getpwnam_with_views(sbus_req, domain, key, &user_res);
|
|
|
bb7cd1 |
+ if (ret == EOK && user_res->count == 0) {
|
|
|
bb7cd1 |
+ *_user = NULL;
|
|
|
bb7cd1 |
+ return ENOENT;
|
|
|
bb7cd1 |
+ } else if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup user %s@%s [%d]: %s\n",
|
|
|
bb7cd1 |
+ key, domain->name, ret, sss_strerror(ret));
|
|
|
bb7cd1 |
+ return ret;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ break;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (user_res->count > 1) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "More users matched by the single key\n");
|
|
|
bb7cd1 |
+ return EIO;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ *_user = user_res->msgs[0];
|
|
|
bb7cd1 |
+ return EOK;
|
|
|
bb7cd1 |
+}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+static errno_t
|
|
|
bb7cd1 |
ifp_users_user_get(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
struct ifp_ctx *ifp_ctx,
|
|
|
bb7cd1 |
- uid_t *_uid,
|
|
|
bb7cd1 |
struct sss_domain_info **_domain,
|
|
|
bb7cd1 |
struct ldb_message **_user)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
struct sss_domain_info *domain;
|
|
|
bb7cd1 |
- struct ldb_result *res;
|
|
|
bb7cd1 |
- uid_t uid;
|
|
|
bb7cd1 |
+ char *key;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_users_decompose_path(ifp_ctx->rctx->domains, sbus_req->path,
|
|
|
bb7cd1 |
- &domain, &uid);
|
|
|
bb7cd1 |
+ ret = ifp_users_decompose_path(sbus_req,
|
|
|
bb7cd1 |
+ ifp_ctx->rctx->domains, sbus_req->path,
|
|
|
bb7cd1 |
+ &domain, &key);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to decompose object path"
|
|
|
bb7cd1 |
"[%s] [%d]: %s\n", sbus_req->path, ret, sss_strerror(ret));
|
|
|
bb7cd1 |
@@ -950,28 +1002,15 @@ ifp_users_user_get(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
if (_user != NULL) {
|
|
|
bb7cd1 |
- ret = sysdb_getpwuid_with_views(sbus_req, domain, uid, &res;;
|
|
|
bb7cd1 |
- if (ret == EOK && res->count == 0) {
|
|
|
bb7cd1 |
- *_user = NULL;
|
|
|
bb7cd1 |
- ret = ENOENT;
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
-
|
|
|
bb7cd1 |
- if (ret != EOK) {
|
|
|
bb7cd1 |
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup user %u@%s [%d]: %s\n",
|
|
|
bb7cd1 |
- uid, domain->name, ret, sss_strerror(ret));
|
|
|
bb7cd1 |
- } else {
|
|
|
bb7cd1 |
- *_user = res->msgs[0];
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
+ ret = ifp_users_get_from_cache(sbus_req, domain, key, _user);
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
if (ret == EOK || ret == ENOENT) {
|
|
|
bb7cd1 |
- if (_uid != NULL) {
|
|
|
bb7cd1 |
- *_uid = uid;
|
|
|
bb7cd1 |
- }
|
|
|
bb7cd1 |
-
|
|
|
bb7cd1 |
if (_domain != NULL) {
|
|
|
bb7cd1 |
*_domain = domain;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
+ } else if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_OP_FAILURE, "Unable to retrieve user from cache\n");
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
return ret;
|
|
|
bb7cd1 |
@@ -1000,7 +1039,7 @@ static void ifp_users_get_as_string(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_users_user_get(sbus_req, ifp_ctx, NULL, &domain, &msg;;
|
|
|
bb7cd1 |
+ ret = ifp_users_user_get(sbus_req, ifp_ctx, &domain, &msg;;
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
@@ -1034,7 +1073,7 @@ static void ifp_users_get_name(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_users_user_get(sbus_req, ifp_ctx, NULL, &domain, &msg;;
|
|
|
bb7cd1 |
+ ret = ifp_users_user_get(sbus_req, ifp_ctx, &domain, &msg;;
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
@@ -1072,7 +1111,7 @@ static void ifp_users_get_as_uint32(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_users_user_get(sbus_req, ifp_ctx, NULL, &domain, &msg;;
|
|
|
bb7cd1 |
+ ret = ifp_users_user_get(sbus_req, ifp_ctx, &domain, &msg;;
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
@@ -1100,7 +1139,7 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
return ERR_INTERNAL;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_users_user_get(sbus_req, data, NULL, &domain, &user);
|
|
|
bb7cd1 |
+ ret = ifp_users_user_get(sbus_req, data, &domain, &user);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
return ret;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
@@ -1113,7 +1152,7 @@ int ifp_users_user_update_groups_list(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
req = cache_req_initgr_by_name_send(sbus_req, ctx->rctx->ev, ctx->rctx,
|
|
|
bb7cd1 |
ctx->rctx->ncache, 0,
|
|
|
bb7cd1 |
- CACHE_REQ_POSIX_DOM, domain->name,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM, domain->name,
|
|
|
bb7cd1 |
username);
|
|
|
bb7cd1 |
if (req == NULL) {
|
|
|
bb7cd1 |
return ENOMEM;
|
|
|
bb7cd1 |
@@ -1235,7 +1274,7 @@ void ifp_users_user_get_groups(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_users_user_get(sbus_req, ifp_ctx, NULL, &domain, &user);
|
|
|
bb7cd1 |
+ ret = ifp_users_user_get(sbus_req, ifp_ctx, &domain, &user);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
@@ -1268,7 +1307,7 @@ void ifp_users_user_get_groups(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
for (i = 0; i < res->count; i++) {
|
|
|
bb7cd1 |
gid = sss_view_ldb_msg_find_attr_as_uint64(domain, res->msgs[i],
|
|
|
bb7cd1 |
SYSDB_GIDNUM, 0);
|
|
|
bb7cd1 |
- if (gid == 0) {
|
|
|
bb7cd1 |
+ if (gid == 0 && domain->type == DOM_TYPE_POSIX) {
|
|
|
bb7cd1 |
continue;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
@@ -1293,11 +1332,12 @@ void ifp_users_user_get_extra_attributes(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
struct ifp_ctx *ifp_ctx;
|
|
|
bb7cd1 |
struct sss_domain_info *domain;
|
|
|
bb7cd1 |
+ struct ldb_message *base_user;
|
|
|
bb7cd1 |
+ const char *name;
|
|
|
bb7cd1 |
struct ldb_message **user;
|
|
|
bb7cd1 |
struct ldb_message_element *el;
|
|
|
bb7cd1 |
struct ldb_dn *basedn;
|
|
|
bb7cd1 |
size_t count;
|
|
|
bb7cd1 |
- uid_t uid;
|
|
|
bb7cd1 |
const char *filter;
|
|
|
bb7cd1 |
const char **extra;
|
|
|
bb7cd1 |
hash_table_t *table;
|
|
|
bb7cd1 |
@@ -1322,7 +1362,7 @@ void ifp_users_user_get_extra_attributes(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_users_user_get(sbus_req, data, &uid, &domain, NULL);
|
|
|
bb7cd1 |
+ ret = ifp_users_user_get(sbus_req, data, &domain, &base_user);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
@@ -1333,9 +1373,15 @@ void ifp_users_user_get_extra_attributes(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- filter = talloc_asprintf(sbus_req, "(&(%s=%s)(%s=%u))",
|
|
|
bb7cd1 |
+ name = ldb_msg_find_attr_as_string(base_user, SYSDB_NAME, NULL);
|
|
|
bb7cd1 |
+ if (name == NULL) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "A user with no name\n");
|
|
|
bb7cd1 |
+ return;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ filter = talloc_asprintf(sbus_req, "(&(%s=%s)(%s=%s))",
|
|
|
bb7cd1 |
SYSDB_OBJECTCLASS, SYSDB_USER_CLASS,
|
|
|
bb7cd1 |
- SYSDB_UIDNUM, uid);
|
|
|
bb7cd1 |
+ SYSDB_NAME, name);
|
|
|
bb7cd1 |
if (filter == NULL) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
@@ -1351,7 +1397,7 @@ void ifp_users_user_get_extra_attributes(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
if (count == 0) {
|
|
|
bb7cd1 |
- DEBUG(SSSDBG_TRACE_FUNC, "User %u not found!\n", uid);
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_TRACE_FUNC, "User %s not found!\n", name);
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
} else if (count > 1) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_CRIT_FAILURE, "More than one entry found!\n");
|
|
|
bb7cd1 |
@@ -1421,7 +1467,7 @@ int ifp_cache_object_store_user(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
struct ldb_message *user;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_users_user_get(sbus_req, data, NULL, &domain, &user);
|
|
|
bb7cd1 |
+ ret = ifp_users_user_get(sbus_req, data, &domain, &user);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
error = sbus_error_new(sbus_req, DBUS_ERROR_FAILED, "Failed to fetch "
|
|
|
bb7cd1 |
"user [%d]: %s\n", ret, sss_strerror(ret));
|
|
|
bb7cd1 |
@@ -1440,7 +1486,7 @@ int ifp_cache_object_remove_user(struct sbus_request *sbus_req,
|
|
|
bb7cd1 |
struct ldb_message *user;
|
|
|
bb7cd1 |
errno_t ret;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
- ret = ifp_users_user_get(sbus_req, data, NULL, &domain, &user);
|
|
|
bb7cd1 |
+ ret = ifp_users_user_get(sbus_req, data, &domain, &user);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
error = sbus_error_new(sbus_req, DBUS_ERROR_FAILED, "Failed to fetch "
|
|
|
bb7cd1 |
"user [%d]: %s\n", ret, sss_strerror(ret));
|
|
|
bb7cd1 |
diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
|
|
|
bb7cd1 |
index 118b5083b14bf5692c6fdd7ba90668fe514aa89d..d10f35e41dbb1623a0b9de37a4c43363cbefc1a3 100644
|
|
|
bb7cd1 |
--- a/src/responder/ifp/ifpsrv_cmd.c
|
|
|
bb7cd1 |
+++ b/src/responder/ifp/ifpsrv_cmd.c
|
|
|
bb7cd1 |
@@ -508,8 +508,12 @@ ifp_user_get_attr_lookup(struct tevent_req *subreq)
|
|
|
bb7cd1 |
return;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
+ /* IFP serves both POSIX and application domains. Requests that need
|
|
|
bb7cd1 |
+ * to differentiate between the two must be qualified
|
|
|
bb7cd1 |
+ */
|
|
|
bb7cd1 |
subreq = cache_req_send(state, state->rctx->ev, state->rctx,
|
|
|
bb7cd1 |
- state->ncache, 0, CACHE_REQ_POSIX_DOM,
|
|
|
bb7cd1 |
+ state->ncache, 0,
|
|
|
bb7cd1 |
+ CACHE_REQ_ANY_DOM,
|
|
|
bb7cd1 |
state->domname, data);
|
|
|
bb7cd1 |
if (subreq == NULL) {
|
|
|
bb7cd1 |
tevent_req_error(req, ENOMEM);
|
|
|
bb7cd1 |
--
|
|
|
bb7cd1 |
2.9.3
|
|
|
bb7cd1 |
|