|
 |
b2d430 |
From c333512b85f979ae0694055a36d8dafcf4105248 Mon Sep 17 00:00:00 2001
|
|
|
b2d430 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
b2d430 |
Date: Mon, 20 Jun 2016 12:58:16 +0200
|
|
|
b2d430 |
Subject: [PATCH 53/62] LDAP: include email in UPN searches
|
|
|
b2d430 |
|
|
|
b2d430 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
b2d430 |
(cherry picked from commit ba9ebfc49ab3bacb96213c8620411128c09f39da)
|
|
|
b2d430 |
---
|
|
|
b2d430 |
src/providers/ldap/ldap_id.c | 18 +++++++++++++----
|
|
|
b2d430 |
src/providers/ldap/sdap_async_initgroups.c | 32 ++++++++++++++++++++++++------
|
|
|
b2d430 |
2 files changed, 40 insertions(+), 10 deletions(-)
|
|
|
b2d430 |
|
|
|
b2d430 |
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
|
|
|
b2d430 |
index 0106a7b965b8d7debbefe82f60088df9ef8c608b..5b303ddbd46fd44646cdd50856c784640426ee25 100644
|
|
|
b2d430 |
--- a/src/providers/ldap/ldap_id.c
|
|
|
b2d430 |
+++ b/src/providers/ldap/ldap_id.c
|
|
|
b2d430 |
@@ -127,12 +127,22 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
|
|
|
b2d430 |
break;
|
|
|
b2d430 |
case BE_FILTER_NAME:
|
|
|
b2d430 |
if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
|
|
|
b2d430 |
- attr_name = ctx->opts->user_map[SDAP_AT_USER_PRINC].name;
|
|
|
b2d430 |
-
|
|
|
b2d430 |
ret = sss_filter_sanitize(state, filter_value, &clean_value);
|
|
|
b2d430 |
if (ret != EOK) {
|
|
|
b2d430 |
goto done;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
+ /* TODO: Do we have to check the attribute names more carefully? */
|
|
|
b2d430 |
+ user_filter = talloc_asprintf(state, "(|(%s=%s)(%s=%s))",
|
|
|
b2d430 |
+ ctx->opts->user_map[SDAP_AT_USER_PRINC].name,
|
|
|
b2d430 |
+ clean_value,
|
|
|
b2d430 |
+ ctx->opts->user_map[SDAP_AT_USER_EMAIL].name,
|
|
|
b2d430 |
+ clean_value);
|
|
|
b2d430 |
+ talloc_zfree(clean_value);
|
|
|
b2d430 |
+ if (user_filter == NULL) {
|
|
|
b2d430 |
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
|
|
|
b2d430 |
+ ret = ENOMEM;
|
|
|
b2d430 |
+ goto done;
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
} else {
|
|
|
b2d430 |
attr_name = ctx->opts->user_map[SDAP_AT_USER_NAME].name;
|
|
|
b2d430 |
|
|
|
b2d430 |
@@ -242,8 +252,8 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
|
|
|
b2d430 |
goto done;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
- if (attr_name == NULL) {
|
|
|
b2d430 |
- DEBUG(SSSDBG_OP_FAILURE, "Missing search attribute name.\n");
|
|
|
b2d430 |
+ if (attr_name == NULL && user_filter == NULL) {
|
|
|
b2d430 |
+ DEBUG(SSSDBG_OP_FAILURE, "Missing search attribute name or filter.\n");
|
|
|
b2d430 |
ret = EINVAL;
|
|
|
b2d430 |
goto done;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
|
|
|
b2d430 |
index 17593f0a268813662d6c7fbf658b1eb4599ce3c3..0a42b18662a8fe12cf048aadfef257b5d9cb48a3 100644
|
|
|
b2d430 |
--- a/src/providers/ldap/sdap_async_initgroups.c
|
|
|
b2d430 |
+++ b/src/providers/ldap/sdap_async_initgroups.c
|
|
|
b2d430 |
@@ -2736,13 +2736,25 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
|
|
|
b2d430 |
break;
|
|
|
b2d430 |
case BE_FILTER_NAME:
|
|
|
b2d430 |
if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
|
|
|
b2d430 |
- search_attr = state->opts->user_map[SDAP_AT_USER_PRINC].name;
|
|
|
b2d430 |
|
|
|
b2d430 |
ret = sss_filter_sanitize(state, state->filter_value, &clean_name);
|
|
|
b2d430 |
if (ret != EOK) {
|
|
|
b2d430 |
talloc_zfree(req);
|
|
|
b2d430 |
return NULL;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
+
|
|
|
b2d430 |
+ state->user_base_filter =
|
|
|
b2d430 |
+ talloc_asprintf(state,
|
|
|
b2d430 |
+ "(&(|(%s=%s)(%s=%s))(objectclass=%s)",
|
|
|
b2d430 |
+ state->opts->user_map[SDAP_AT_USER_PRINC].name,
|
|
|
b2d430 |
+ clean_name,
|
|
|
b2d430 |
+ state->opts->user_map[SDAP_AT_USER_EMAIL].name,
|
|
|
b2d430 |
+ clean_name,
|
|
|
b2d430 |
+ state->opts->user_map[SDAP_OC_USER].name);
|
|
|
b2d430 |
+ if (state->user_base_filter == NULL) {
|
|
|
b2d430 |
+ talloc_zfree(req);
|
|
|
b2d430 |
+ return NULL;
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
} else {
|
|
|
b2d430 |
search_attr = state->opts->user_map[SDAP_AT_USER_NAME].name;
|
|
|
b2d430 |
|
|
|
b2d430 |
@@ -2766,15 +2778,23 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
|
|
|
b2d430 |
return NULL;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
- state->user_base_filter =
|
|
|
b2d430 |
- talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)",
|
|
|
b2d430 |
- search_attr, clean_name,
|
|
|
b2d430 |
- state->opts->user_map[SDAP_OC_USER].name);
|
|
|
b2d430 |
- if (!state->user_base_filter) {
|
|
|
b2d430 |
+ if (search_attr == NULL && state->user_base_filter == NULL) {
|
|
|
b2d430 |
+ DEBUG(SSSDBG_OP_FAILURE, "Missing search attribute name or filter.\n");
|
|
|
b2d430 |
talloc_zfree(req);
|
|
|
b2d430 |
return NULL;
|
|
|
b2d430 |
}
|
|
|
b2d430 |
|
|
|
b2d430 |
+ if (state->user_base_filter == NULL) {
|
|
|
b2d430 |
+ state->user_base_filter =
|
|
|
b2d430 |
+ talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)",
|
|
|
b2d430 |
+ search_attr, clean_name,
|
|
|
b2d430 |
+ state->opts->user_map[SDAP_OC_USER].name);
|
|
|
b2d430 |
+ if (!state->user_base_filter) {
|
|
|
b2d430 |
+ talloc_zfree(req);
|
|
|
b2d430 |
+ return NULL;
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
+ }
|
|
|
b2d430 |
+
|
|
|
b2d430 |
if (use_id_mapping) {
|
|
|
b2d430 |
/* When mapping IDs or looking for SIDs, we don't want to limit
|
|
|
b2d430 |
* ourselves to users with a UID value. But there must be a SID to map
|
|
|
b2d430 |
--
|
|
|
b2d430 |
2.4.11
|
|
|
b2d430 |
|