dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 90611687b8b7b9a4d2be4625c97301660412b605 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 15 Sep 2015 11:38:40 +0200
Subject: [PATCH 70/73] sss_override: support fqn in override name

Resolves:
https://fedorahosted.org/sssd/ticket/2782

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/tools/sss_override.c | 111 +++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 93 insertions(+), 18 deletions(-)

diff --git a/src/tools/sss_override.c b/src/tools/sss_override.c
index ee8351ea97e5efe0d449dc646c6136b32ceec2c6..0d7a4690634a3993dee2119ee09fea328e494f1a 100644
--- a/src/tools/sss_override.c
+++ b/src/tools/sss_override.c
@@ -604,58 +604,133 @@ done:
     return ret;
 }
 
+static errno_t override_fqn(TALLOC_CTX *mem_ctx,
+                            struct sss_tool_ctx *tool_ctx,
+                            struct sss_domain_info *domain,
+                            const char *input,
+                            const char **_name)
+{
+    struct sss_domain_info *dom;
+    errno_t ret;
+
+    if (input == NULL) {
+        return EOK;
+    }
+
+    ret = sss_tool_parse_name(mem_ctx, tool_ctx, input, _name, &dom);
+    if (ret == EAGAIN) {
+        DEBUG(SSSDBG_OP_FAILURE, "Unable to find domain from "
+              "fqn %s\n", input);
+        fprintf(stderr, _("Changing domain is not allowed!\n"));
+        ret = EINVAL;
+    } else if (ret == EOK && dom != NULL && dom != domain) {
+        DEBUG(SSSDBG_OP_FAILURE, "Trying to change domain from "
+              "%s to %s, not allowed!\n", domain->name, dom->name);
+        fprintf(stderr, _("Changing domain is not allowed!\n"));
+        ret = EINVAL;
+    } else if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse name %s [%d]: %s\n",
+              input, ret, sss_strerror(ret));
+    }
+
+    return ret;
+}
+
 static errno_t override_user(struct sss_tool_ctx *tool_ctx,
-                             struct override_user *user)
+                             struct override_user *input_user)
 {
+    TALLOC_CTX *tmp_ctx;
+    struct override_user user;
     struct sysdb_attrs *attrs;
     errno_t ret;
 
-    ret = prepare_view_msg(user->domain);
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
+        return ENOMEM;
+    }
+
+    user = *input_user;
+
+    /* We need to parse the name and ensure that domain did not change. */
+    ret = override_fqn(tmp_ctx, tool_ctx, user.domain, user.name, &user.name);
+    if (ret != EOK) {
+        goto done;
+    }
+
+    ret = prepare_view_msg(user.domain);
     if (ret != EOK) {
-        return ret;
+        goto done;
     }
 
-    attrs = build_user_attrs(tool_ctx, user);
+    attrs = build_user_attrs(tool_ctx, &user);
     if (attrs == NULL) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to build sysdb attrs.\n");
-        return ENOMEM;
+        ret = ENOMEM;
+        goto done;
     }
 
-    ret = override_object_add(user->domain, SYSDB_MEMBER_USER, attrs,
-                              user->orig_name);
+    ret = override_object_add(user.domain, SYSDB_MEMBER_USER, attrs,
+                              user.orig_name);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add override object.\n");
-        return ret;
+        goto done;
     }
 
-    return EOK;
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+    return ret;
 }
 
 static errno_t override_group(struct sss_tool_ctx *tool_ctx,
-                              struct override_group *group)
+                              struct override_group *input_group)
 {
+    TALLOC_CTX *tmp_ctx;
+    struct override_group group;
     struct sysdb_attrs *attrs;
     errno_t ret;
 
-    ret = prepare_view_msg(group->domain);
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
+        return ENOMEM;
+    }
+
+    group = *input_group;
+
+    /* We need to parse the name and ensure that domain did not change. */
+    ret = override_fqn(tmp_ctx, tool_ctx, group.domain, group.name,
+                       &group.name);
+    if (ret != EOK) {
+        goto done;
+    }
+
+    ret = prepare_view_msg(group.domain);
     if (ret != EOK) {
-        return ret;
+        goto done;
     }
 
-    attrs = build_group_attrs(tool_ctx, group);
+    attrs = build_group_attrs(tool_ctx, &group);
     if (attrs == NULL) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to build sysdb attrs.\n");
-        return ENOMEM;
+        ret = ENOMEM;
+        goto done;
     }
 
-    ret = override_object_add(group->domain, SYSDB_MEMBER_GROUP, attrs,
-                              group->orig_name);
+    ret = override_object_add(group.domain, SYSDB_MEMBER_GROUP, attrs,
+                              group.orig_name);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add override object.\n");
-        return ret;
+        goto done;
     }
 
-    return EOK;
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+    return ret;
 }
 
 static errno_t override_object_del(struct sss_domain_info *domain,
-- 
2.4.3