dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From c12a2635adacbb321c4c2208160f2eb306333e71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Sun, 11 Oct 2015 16:45:19 +0200
Subject: [PATCH 102/104] nss: send original name and id with local views if
 possible

Resolves:
https://fedorahosted.org/sssd/ticket/2833

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 2f793681b4debbe015815f908dc12c0463711609)
---
 src/responder/nss/nsssrv_cmd.c | 131 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 128 insertions(+), 3 deletions(-)

diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index d177135db00369c2af69eb62f6a4a4aaf54ba510..39fd5b41a31796a05a1790e78cb6c425b39c47cb 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -599,6 +599,124 @@ is_refreshed_on_bg(enum sss_dp_acct_type req_type,
 
 static void nsssrv_dp_send_acct_req_done(struct tevent_req *req);
 
+static void get_dp_name_and_id(TALLOC_CTX *mem_ctx,
+                              struct sss_domain_info *dom,
+                              enum sss_dp_acct_type req_type,
+                              const char *opt_name,
+                              uint32_t opt_id,
+                              const char **_name,
+                              uint32_t *_id)
+{
+    TALLOC_CTX *tmp_ctx;
+    struct ldb_result *res = NULL;
+    const char *attr;
+    const char *name;
+    uint32_t id;
+    errno_t ret;
+
+    /* First set the same values to make things easier. */
+    *_name = opt_name;
+    *_id = opt_id;
+
+    if (!DOM_HAS_VIEWS(dom) || !is_local_view(dom->view_name)) {
+        DEBUG(SSSDBG_TRACE_FUNC, "Not a LOCAL view, continuing with "
+              "provided values.\n");
+        return;
+    }
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
+        return;
+    }
+
+    if (opt_name != NULL) {
+        switch (req_type) {
+        case SSS_DP_USER:
+        case SSS_DP_INITGROUPS:
+            ret = sysdb_getpwnam_with_views(tmp_ctx, dom, opt_name, &res);
+            if (ret != EOK) {
+                DEBUG(SSSDBG_CONF_SETTINGS,
+                      "sysdb_getpwnam_with_views() failed [%d]: %s\n",
+                      ret, sss_strerror(ret));
+                goto done;
+            }
+            break;
+        case SSS_DP_GROUP:
+            ret = sysdb_getgrnam_with_views(tmp_ctx, dom, opt_name, &res);
+            if (ret != EOK) {
+                DEBUG(SSSDBG_CONF_SETTINGS,
+                      "sysdb_getgrnam_with_views() failed [%d]: %s\n",
+                      ret, sss_strerror(ret));
+                goto done;
+            }
+            break;
+        default:
+            goto done;
+        }
+
+        if (res == NULL || res->count != 1) {
+            /* This should not happen with LOCAL view and overridden value. */
+            DEBUG(SSSDBG_TRACE_FUNC, "Entry is missing?! Continuing with "
+                  "provided values.\n");
+            goto done;
+        }
+
+        name = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL);
+        if (name == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "Bug: name cannot be NULL\n");
+            goto done;
+        }
+
+        *_name = talloc_steal(mem_ctx, name);
+    } else if (opt_id != 0) {
+        switch (req_type) {
+        case SSS_DP_USER:
+            ret = sysdb_getpwuid_with_views(tmp_ctx, dom, opt_id, &res);
+            if (ret != EOK) {
+                DEBUG(SSSDBG_CONF_SETTINGS,
+                      "sysdb_getpwuid_with_views() failed [%d]: %s\n",
+                      ret, sss_strerror(ret));
+                goto done;
+            }
+
+            attr = SYSDB_UIDNUM;
+            break;
+        case SSS_DP_GROUP:
+            ret = sysdb_getgrgid_with_views(tmp_ctx, dom, opt_id, &res);
+            if (ret != EOK) {
+                DEBUG(SSSDBG_CONF_SETTINGS,
+                      "sysdb_getgrgid_with_views() failed [%d]: %s\n",
+                      ret, sss_strerror(ret));
+                goto done;
+            }
+
+            attr = SYSDB_GIDNUM;
+            break;
+        default:
+            goto done;
+        }
+
+        if (res == NULL || res->count != 1) {
+            /* This should not happen with LOCAL view and overridden value. */
+            DEBUG(SSSDBG_TRACE_FUNC, "Entry is missing?! Continuing with "
+                  "provided values.\n");
+            goto done;
+        }
+
+        id = ldb_msg_find_attr_as_uint64(res->msgs[0], attr, 0);
+        if (id == 0) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "Bug: id cannot be 0\n");
+            goto done;
+        }
+
+        *_id = id;
+    }
+
+done:
+    talloc_free(tmp_ctx);
+}
+
 /* FIXME: do not check res->count, but get in a msgs and check in parent */
 errno_t check_cache(struct nss_dom_ctx *dctx,
                     struct nss_ctx *nctx,
@@ -616,6 +734,8 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
     struct tevent_req *req = NULL;
     struct dp_callback_ctx *cb_ctx = NULL;
     uint64_t cacheExpire = 0;
+    const char *name = opt_name;
+    uint32_t id = opt_id;
 
     /* when searching for a user or netgroup, more than one reply is a
      * db error
@@ -627,6 +747,11 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
         return ENOENT;
     }
 
+    /* In case of local view we have to always contant DP with the original
+     * name or id. */
+    get_dp_name_and_id(dctx->cmdctx, dctx->domain, req_type, opt_name, opt_id,
+                       &name, &id);
+
     /* if we have any reply let's check cache validity, but ignore netgroups
      * if refresh_expired_interval is set (which implies that another method
      * is used to refresh netgroups)
@@ -671,10 +796,10 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
          * immediately.
          */
         DEBUG(SSSDBG_TRACE_FUNC,
-             "Performing midpoint cache update on [%s]\n", opt_name);
+             "Performing midpoint cache update on [%s]\n", name);
 
         req = sss_dp_get_account_send(cctx, cctx->rctx, dctx->domain, true,
-                                      req_type, opt_name, opt_id, extra);
+                                      req_type, name, id, extra);
         if (!req) {
             DEBUG(SSSDBG_CRIT_FAILURE,
                   "Out of memory sending out-of-band data provider "
@@ -703,7 +828,7 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
         }
 
         req = sss_dp_get_account_send(cctx, cctx->rctx, dctx->domain, true,
-                                      req_type, opt_name, opt_id, extra);
+                                      req_type, name, id, extra);
         if (!req) {
             DEBUG(SSSDBG_CRIT_FAILURE,
                   "Out of memory sending data provider request\n");
-- 
2.4.3