|
 |
905b4d |
From 6f86800fde61c3cd61d8d7884f0da342a616bde4 Mon Sep 17 00:00:00 2001
|
|
|
905b4d |
From: Sumit Bose <sbose@redhat.com>
|
|
|
905b4d |
Date: Mon, 27 Oct 2014 15:11:08 +0100
|
|
|
905b4d |
Subject: [PATCH 61/64] sysdb_add_overrides_to_object: add new parameter and
|
|
|
905b4d |
multi-value support
|
|
|
905b4d |
|
|
|
905b4d |
With the new parameter an attribute list other than the default one can
|
|
|
905b4d |
be used.
|
|
|
905b4d |
|
|
|
905b4d |
Override attributes with multiple values (e.g. SSH public keys) are now
|
|
|
905b4d |
supported as well.
|
|
|
905b4d |
|
|
|
905b4d |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
905b4d |
---
|
|
|
905b4d |
src/db/sysdb.h | 3 ++-
|
|
|
905b4d |
src/db/sysdb_search.c | 24 ++++++++++++++++--------
|
|
|
905b4d |
src/db/sysdb_views.c | 41 +++++++++++++++++++++++++----------------
|
|
|
905b4d |
src/responder/nss/nsssrv_cmd.c | 2 +-
|
|
|
905b4d |
4 files changed, 44 insertions(+), 26 deletions(-)
|
|
|
905b4d |
|
|
|
905b4d |
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
|
|
905b4d |
index ebb1bbedaf2df3030a012f1f0be8c5a069399cc3..f582f6a516e43a453741acacbe3ca6957e23fc37 100644
|
|
|
905b4d |
--- a/src/db/sysdb.h
|
|
|
905b4d |
+++ b/src/db/sysdb.h
|
|
|
905b4d |
@@ -487,7 +487,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
|
|
|
905b4d |
errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
|
|
|
905b4d |
struct ldb_message *obj,
|
|
|
905b4d |
- struct ldb_message *override_obj);
|
|
|
905b4d |
+ struct ldb_message *override_obj,
|
|
|
905b4d |
+ const char **req_attrs);
|
|
|
905b4d |
|
|
|
905b4d |
errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
|
|
|
905b4d |
struct ldb_message *obj);
|
|
|
905b4d |
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
|
|
|
905b4d |
index dacbd239db6be7e4c738d5bd6b495b613411b126..677257405fae51774d4cd0c17516238e74fb7592 100644
|
|
|
905b4d |
--- a/src/db/sysdb_search.c
|
|
|
905b4d |
+++ b/src/db/sysdb_search.c
|
|
|
905b4d |
@@ -124,7 +124,8 @@ errno_t sysdb_getpwnam_with_views(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
* the original object. */
|
|
|
905b4d |
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
|
|
|
905b4d |
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
|
|
|
905b4d |
- override_obj == NULL ? NULL : override_obj ->msgs[0]);
|
|
|
905b4d |
+ override_obj == NULL ? NULL : override_obj->msgs[0],
|
|
|
905b4d |
+ NULL);
|
|
|
905b4d |
if (ret != EOK && ret != ENOENT) {
|
|
|
905b4d |
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
|
|
|
905b4d |
goto done;
|
|
|
905b4d |
@@ -229,7 +230,8 @@ errno_t sysdb_getpwuid_with_views(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
* the original object. */
|
|
|
905b4d |
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
|
|
|
905b4d |
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
|
|
|
905b4d |
- override_obj == NULL ? NULL : override_obj->msgs[0]);
|
|
|
905b4d |
+ override_obj == NULL ? NULL : override_obj->msgs[0],
|
|
|
905b4d |
+ NULL);
|
|
|
905b4d |
if (ret != EOK && ret != ENOENT) {
|
|
|
905b4d |
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
|
|
|
905b4d |
goto done;
|
|
|
905b4d |
@@ -314,7 +316,8 @@ int sysdb_enumpwent_with_views(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
|
|
|
905b4d |
if (DOM_HAS_VIEWS(domain)) {
|
|
|
905b4d |
for (c = 0; c < res->count; c++) {
|
|
|
905b4d |
- ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL);
|
|
|
905b4d |
+ ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL,
|
|
|
905b4d |
+ NULL);
|
|
|
905b4d |
/* enumeration assumes that the cache is up-to-date, hence we do not
|
|
|
905b4d |
* need to handle ENOENT separately. */
|
|
|
905b4d |
if (ret != EOK) {
|
|
|
905b4d |
@@ -426,7 +429,8 @@ int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
|
|
|
905b4d |
- override_obj == NULL ? NULL : override_obj ->msgs[0]);
|
|
|
905b4d |
+ override_obj == NULL ? NULL : override_obj ->msgs[0],
|
|
|
905b4d |
+ NULL);
|
|
|
905b4d |
if (ret != EOK) {
|
|
|
905b4d |
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
|
|
|
905b4d |
goto done;
|
|
|
905b4d |
@@ -578,7 +582,8 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
|
|
|
905b4d |
- override_obj == NULL ? NULL : override_obj ->msgs[0]);
|
|
|
905b4d |
+ override_obj == NULL ? NULL : override_obj ->msgs[0],
|
|
|
905b4d |
+ NULL);
|
|
|
905b4d |
if (ret != EOK) {
|
|
|
905b4d |
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
|
|
|
905b4d |
goto done;
|
|
|
905b4d |
@@ -734,7 +739,8 @@ int sysdb_enumgrent_with_views(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
|
|
|
905b4d |
if (DOM_HAS_VIEWS(domain)) {
|
|
|
905b4d |
for (c = 0; c < res->count; c++) {
|
|
|
905b4d |
- ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL);
|
|
|
905b4d |
+ ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL,
|
|
|
905b4d |
+ NULL);
|
|
|
905b4d |
/* enumeration assumes that the cache is up-to-date, hence we do not
|
|
|
905b4d |
* need to handle ENOENT separately. */
|
|
|
905b4d |
if (ret != EOK) {
|
|
|
905b4d |
@@ -956,7 +962,8 @@ int sysdb_initgroups_with_views(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
if (DOM_HAS_VIEWS(domain)) {
|
|
|
905b4d |
/* Skip user entry because it already has override values added */
|
|
|
905b4d |
for (c = 1; c < res->count; c++) {
|
|
|
905b4d |
- ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL);
|
|
|
905b4d |
+ ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL,
|
|
|
905b4d |
+ NULL);
|
|
|
905b4d |
if (ret != EOK) {
|
|
|
905b4d |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
905b4d |
"sysdb_add_overrides_to_object failed.\n");
|
|
|
905b4d |
@@ -1083,7 +1090,8 @@ int sysdb_get_user_attr_with_views(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
* the original object. */
|
|
|
905b4d |
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
|
|
|
905b4d |
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
|
|
|
905b4d |
- override_obj == NULL ? NULL : override_obj ->msgs[0]);
|
|
|
905b4d |
+ override_obj == NULL ? NULL : override_obj ->msgs[0],
|
|
|
905b4d |
+ attrs);
|
|
|
905b4d |
if (ret != EOK && ret != ENOENT) {
|
|
|
905b4d |
DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
|
|
|
905b4d |
return ret;
|
|
|
905b4d |
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
|
|
|
905b4d |
index a42aa96ed3e0cd7c877ff0c42887ef3f03ef5e0e..f2cf370231b57c3cd2b563eec4ea2a0f3a0935bd 100644
|
|
|
905b4d |
--- a/src/db/sysdb_views.c
|
|
|
905b4d |
+++ b/src/db/sysdb_views.c
|
|
|
905b4d |
@@ -948,6 +948,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
* @param[in] domain Domain struct, needed to access the cache
|
|
|
905b4d |
* @oaram[in] obj The original object
|
|
|
905b4d |
* @param[in] override_obj The object with the override data, may be NULL
|
|
|
905b4d |
+ * @param[in] req_attrs List of attributes to be requested, if not set a
|
|
|
905b4d |
+ * default list dependig on the object type will be used
|
|
|
905b4d |
*
|
|
|
905b4d |
* @return EOK - Override data was added successfully
|
|
|
905b4d |
* @return ENOMEM - There was insufficient memory to complete the operation
|
|
|
905b4d |
@@ -958,7 +960,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
*/
|
|
|
905b4d |
errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
|
|
|
905b4d |
struct ldb_message *obj,
|
|
|
905b4d |
- struct ldb_message *override_obj)
|
|
|
905b4d |
+ struct ldb_message *override_obj,
|
|
|
905b4d |
+ const char **req_attrs)
|
|
|
905b4d |
{
|
|
|
905b4d |
int ret;
|
|
|
905b4d |
const char *override_dn_str;
|
|
|
905b4d |
@@ -983,7 +986,8 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
|
|
|
905b4d |
{NULL, NULL}
|
|
|
905b4d |
};
|
|
|
905b4d |
size_t c;
|
|
|
905b4d |
- const char *tmp_str;
|
|
|
905b4d |
+ size_t d;
|
|
|
905b4d |
+ struct ldb_message_element *tmp_el;
|
|
|
905b4d |
|
|
|
905b4d |
tmp_ctx = talloc_new(NULL);
|
|
|
905b4d |
if (tmp_ctx == NULL) {
|
|
|
905b4d |
@@ -1016,12 +1020,15 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
|
|
|
905b4d |
goto done;
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
- uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0);
|
|
|
905b4d |
- if (uid == 0) {
|
|
|
905b4d |
- /* No UID hence group object */
|
|
|
905b4d |
- attrs = group_attrs;
|
|
|
905b4d |
- } else {
|
|
|
905b4d |
- attrs = user_attrs;
|
|
|
905b4d |
+ attrs = req_attrs;
|
|
|
905b4d |
+ if (attrs == NULL) {
|
|
|
905b4d |
+ uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0);
|
|
|
905b4d |
+ if (uid == 0) {
|
|
|
905b4d |
+ /* No UID hence group object */
|
|
|
905b4d |
+ attrs = group_attrs;
|
|
|
905b4d |
+ } else {
|
|
|
905b4d |
+ attrs = user_attrs;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, override_dn,
|
|
|
905b4d |
@@ -1050,14 +1057,16 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
for (c = 0; attr_map[c].attr != NULL; c++) {
|
|
|
905b4d |
- tmp_str = ldb_msg_find_attr_as_string(override, attr_map[c].attr, NULL);
|
|
|
905b4d |
- if (tmp_str != NULL) {
|
|
|
905b4d |
- talloc_steal(obj, tmp_str);
|
|
|
905b4d |
- ret = ldb_msg_add_string(obj, attr_map[c].new_attr, tmp_str);
|
|
|
905b4d |
- if (ret != LDB_SUCCESS) {
|
|
|
905b4d |
- DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
|
|
|
905b4d |
- ret = sysdb_error_to_errno(ret);
|
|
|
905b4d |
- goto done;
|
|
|
905b4d |
+ tmp_el = ldb_msg_find_element(override, attr_map[c].attr);
|
|
|
905b4d |
+ if (tmp_el != NULL) {
|
|
|
905b4d |
+ for (d = 0; d < tmp_el->num_values; d++) {
|
|
|
905b4d |
+ ret = ldb_msg_add_steal_value(obj, attr_map[c].new_attr,
|
|
|
905b4d |
+ &tmp_el->values[d]);
|
|
|
905b4d |
+ if (ret != LDB_SUCCESS) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_value failed.\n");
|
|
|
905b4d |
+ ret = sysdb_error_to_errno(ret);
|
|
|
905b4d |
+ goto done;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
}
|
|
|
905b4d |
}
|
|
|
905b4d |
}
|
|
|
905b4d |
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
|
|
|
905b4d |
index b100aae08fc04ccf1a295745767c5445cf2e01be..ff7b6a334f4c1d9dc854296746b0ff83949acd68 100644
|
|
|
905b4d |
--- a/src/responder/nss/nsssrv_cmd.c
|
|
|
905b4d |
+++ b/src/responder/nss/nsssrv_cmd.c
|
|
|
905b4d |
@@ -4064,7 +4064,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
|
|
|
905b4d |
if (ret == EOK && DOM_HAS_VIEWS(dom)) {
|
|
|
905b4d |
for (c = 0; c < dctx->res->count; c++) {
|
|
|
905b4d |
ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c],
|
|
|
905b4d |
- NULL);
|
|
|
905b4d |
+ NULL, NULL);
|
|
|
905b4d |
if (ret != EOK) {
|
|
|
905b4d |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
905b4d |
"sysdb_add_overrides_to_object failed.\n");
|
|
|
905b4d |
--
|
|
|
905b4d |
1.9.3
|
|
|
905b4d |
|