|
 |
6cf099 |
From 90611687b8b7b9a4d2be4625c97301660412b605 Mon Sep 17 00:00:00 2001
|
|
|
6cf099 |
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
|
6cf099 |
Date: Tue, 15 Sep 2015 11:38:40 +0200
|
|
|
6cf099 |
Subject: [PATCH 70/73] sss_override: support fqn in override name
|
|
|
6cf099 |
|
|
|
6cf099 |
Resolves:
|
|
|
6cf099 |
https://fedorahosted.org/sssd/ticket/2782
|
|
|
6cf099 |
|
|
|
6cf099 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
6cf099 |
---
|
|
|
6cf099 |
src/tools/sss_override.c | 111 +++++++++++++++++++++++++++++++++++++++--------
|
|
|
6cf099 |
1 file changed, 93 insertions(+), 18 deletions(-)
|
|
|
6cf099 |
|
|
|
6cf099 |
diff --git a/src/tools/sss_override.c b/src/tools/sss_override.c
|
|
|
6cf099 |
index ee8351ea97e5efe0d449dc646c6136b32ceec2c6..0d7a4690634a3993dee2119ee09fea328e494f1a 100644
|
|
|
6cf099 |
--- a/src/tools/sss_override.c
|
|
|
6cf099 |
+++ b/src/tools/sss_override.c
|
|
|
6cf099 |
@@ -604,58 +604,133 @@ done:
|
|
|
6cf099 |
return ret;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
+static errno_t override_fqn(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
+ struct sss_tool_ctx *tool_ctx,
|
|
|
6cf099 |
+ struct sss_domain_info *domain,
|
|
|
6cf099 |
+ const char *input,
|
|
|
6cf099 |
+ const char **_name)
|
|
|
6cf099 |
+{
|
|
|
6cf099 |
+ struct sss_domain_info *dom;
|
|
|
6cf099 |
+ errno_t ret;
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ if (input == NULL) {
|
|
|
6cf099 |
+ return EOK;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ ret = sss_tool_parse_name(mem_ctx, tool_ctx, input, _name, &dom;;
|
|
|
6cf099 |
+ if (ret == EAGAIN) {
|
|
|
6cf099 |
+ DEBUG(SSSDBG_OP_FAILURE, "Unable to find domain from "
|
|
|
6cf099 |
+ "fqn %s\n", input);
|
|
|
6cf099 |
+ fprintf(stderr, _("Changing domain is not allowed!\n"));
|
|
|
6cf099 |
+ ret = EINVAL;
|
|
|
6cf099 |
+ } else if (ret == EOK && dom != NULL && dom != domain) {
|
|
|
6cf099 |
+ DEBUG(SSSDBG_OP_FAILURE, "Trying to change domain from "
|
|
|
6cf099 |
+ "%s to %s, not allowed!\n", domain->name, dom->name);
|
|
|
6cf099 |
+ fprintf(stderr, _("Changing domain is not allowed!\n"));
|
|
|
6cf099 |
+ ret = EINVAL;
|
|
|
6cf099 |
+ } else if (ret != EOK) {
|
|
|
6cf099 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse name %s [%d]: %s\n",
|
|
|
6cf099 |
+ input, ret, sss_strerror(ret));
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ return ret;
|
|
|
6cf099 |
+}
|
|
|
6cf099 |
+
|
|
|
6cf099 |
static errno_t override_user(struct sss_tool_ctx *tool_ctx,
|
|
|
6cf099 |
- struct override_user *user)
|
|
|
6cf099 |
+ struct override_user *input_user)
|
|
|
6cf099 |
{
|
|
|
6cf099 |
+ TALLOC_CTX *tmp_ctx;
|
|
|
6cf099 |
+ struct override_user user;
|
|
|
6cf099 |
struct sysdb_attrs *attrs;
|
|
|
6cf099 |
errno_t ret;
|
|
|
6cf099 |
|
|
|
6cf099 |
- ret = prepare_view_msg(user->domain);
|
|
|
6cf099 |
+ tmp_ctx = talloc_new(NULL);
|
|
|
6cf099 |
+ if (tmp_ctx == NULL) {
|
|
|
6cf099 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
|
|
|
6cf099 |
+ return ENOMEM;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ user = *input_user;
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ /* We need to parse the name and ensure that domain did not change. */
|
|
|
6cf099 |
+ ret = override_fqn(tmp_ctx, tool_ctx, user.domain, user.name, &user.name);
|
|
|
6cf099 |
+ if (ret != EOK) {
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ ret = prepare_view_msg(user.domain);
|
|
|
6cf099 |
if (ret != EOK) {
|
|
|
6cf099 |
- return ret;
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
- attrs = build_user_attrs(tool_ctx, user);
|
|
|
6cf099 |
+ attrs = build_user_attrs(tool_ctx, &user);
|
|
|
6cf099 |
if (attrs == NULL) {
|
|
|
6cf099 |
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to build sysdb attrs.\n");
|
|
|
6cf099 |
- return ENOMEM;
|
|
|
6cf099 |
+ ret = ENOMEM;
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
- ret = override_object_add(user->domain, SYSDB_MEMBER_USER, attrs,
|
|
|
6cf099 |
- user->orig_name);
|
|
|
6cf099 |
+ ret = override_object_add(user.domain, SYSDB_MEMBER_USER, attrs,
|
|
|
6cf099 |
+ user.orig_name);
|
|
|
6cf099 |
if (ret != EOK) {
|
|
|
6cf099 |
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add override object.\n");
|
|
|
6cf099 |
- return ret;
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
- return EOK;
|
|
|
6cf099 |
+ ret = EOK;
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+done:
|
|
|
6cf099 |
+ talloc_free(tmp_ctx);
|
|
|
6cf099 |
+ return ret;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
static errno_t override_group(struct sss_tool_ctx *tool_ctx,
|
|
|
6cf099 |
- struct override_group *group)
|
|
|
6cf099 |
+ struct override_group *input_group)
|
|
|
6cf099 |
{
|
|
|
6cf099 |
+ TALLOC_CTX *tmp_ctx;
|
|
|
6cf099 |
+ struct override_group group;
|
|
|
6cf099 |
struct sysdb_attrs *attrs;
|
|
|
6cf099 |
errno_t ret;
|
|
|
6cf099 |
|
|
|
6cf099 |
- ret = prepare_view_msg(group->domain);
|
|
|
6cf099 |
+ tmp_ctx = talloc_new(NULL);
|
|
|
6cf099 |
+ if (tmp_ctx == NULL) {
|
|
|
6cf099 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
|
|
|
6cf099 |
+ return ENOMEM;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ group = *input_group;
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ /* We need to parse the name and ensure that domain did not change. */
|
|
|
6cf099 |
+ ret = override_fqn(tmp_ctx, tool_ctx, group.domain, group.name,
|
|
|
6cf099 |
+ &group.name);
|
|
|
6cf099 |
+ if (ret != EOK) {
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ ret = prepare_view_msg(group.domain);
|
|
|
6cf099 |
if (ret != EOK) {
|
|
|
6cf099 |
- return ret;
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
- attrs = build_group_attrs(tool_ctx, group);
|
|
|
6cf099 |
+ attrs = build_group_attrs(tool_ctx, &group);
|
|
|
6cf099 |
if (attrs == NULL) {
|
|
|
6cf099 |
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to build sysdb attrs.\n");
|
|
|
6cf099 |
- return ENOMEM;
|
|
|
6cf099 |
+ ret = ENOMEM;
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
- ret = override_object_add(group->domain, SYSDB_MEMBER_GROUP, attrs,
|
|
|
6cf099 |
- group->orig_name);
|
|
|
6cf099 |
+ ret = override_object_add(group.domain, SYSDB_MEMBER_GROUP, attrs,
|
|
|
6cf099 |
+ group.orig_name);
|
|
|
6cf099 |
if (ret != EOK) {
|
|
|
6cf099 |
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add override object.\n");
|
|
|
6cf099 |
- return ret;
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
- return EOK;
|
|
|
6cf099 |
+ ret = EOK;
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+done:
|
|
|
6cf099 |
+ talloc_free(tmp_ctx);
|
|
|
6cf099 |
+ return ret;
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
static errno_t override_object_del(struct sss_domain_info *domain,
|
|
|
6cf099 |
--
|
|
|
6cf099 |
2.4.3
|
|
|
6cf099 |
|