From 21bc70002db718c353724d3aea2121a2bac23218 Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Fri, 7 Nov 2014 13:55:01 +0100

Subject: [PATCH 097/104] LDAP: add support for lookups by UUID

Related to https://fedorahosted.org/sssd/ticket/2481

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

---

 src/providers/data_provider.h |  2 ++

 src/providers/ldap/ldap_id.c  | 58 +++++++++++++++++++++++++++++++++++++++----

 2 files changed, 55 insertions(+), 5 deletions(-)

diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h

index e1cb4befadba7e24a418790b10ff361b3092ec6a..5df493e9d1ae21ada6f5fd6198a6d9c36680d044 100644

--- a/src/providers/data_provider.h

+++ b/src/providers/data_provider.h

@@ -127,6 +127,7 @@

 #define BE_FILTER_IDNUM 2

 #define BE_FILTER_ENUM 3

 #define BE_FILTER_SECID 4

+#define BE_FILTER_UUID 5

 #define BE_REQ_USER          0x0001

 #define BE_REQ_GROUP         0x0002

@@ -139,6 +140,7 @@

 #define BE_REQ_HOST          0x0010

 #define BE_REQ_BY_SECID      0x0011

 #define BE_REQ_USER_AND_GROUP 0x0012

+#define BE_REQ_BY_UUID      0x0013

 #define BE_REQ_TYPE_MASK     0x00FF

 #define BE_REQ_FAST          0x1000

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c

index e8b3a0e1e1dce6e0c8a9b21aa7c6299108dad24d..2e58f4e49eb33a85cbb8b4144c69004c6b5b312b 100644

--- a/src/providers/ldap/ldap_id.c

+++ b/src/providers/ldap/ldap_id.c

@@ -179,6 +179,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,

             goto done;

         }

         break;

+    case BE_FILTER_UUID:

+        attr_name = ctx->opts->user_map[SDAP_AT_USER_UUID].name;

+        if (attr_name == NULL) {

+            DEBUG(SSSDBG_CRIT_FAILURE,

+                  "UUID search not configured for this backend.\n");

+            ret = EINVAL;

+            goto done;

+        }

+

+        ret = sss_filter_sanitize(state, name, &clean_name);

+        if (ret != EOK) {

+            goto done;

+        }

+        break;

     default:

         ret = EINVAL;

         goto done;

@@ -458,8 +472,9 @@ static void users_get_done(struct tevent_req *subreq)

             break;

         case BE_FILTER_SECID:

-            /* Since it is not clear if the SID belongs to a user or a group

-             * we have nothing to do here. */

+        case BE_FILTER_UUID:

+            /* Since it is not clear if the SID/UUID belongs to a user or a

+             * group we have nothing to do here. */

             break;

         default:

@@ -635,6 +650,20 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,

             goto done;

         }

         break;

+    case BE_FILTER_UUID:

+        attr_name = ctx->opts->group_map[SDAP_AT_GROUP_UUID].name;

+        if (attr_name == NULL) {

+            DEBUG(SSSDBG_CRIT_FAILURE,

+                  "UUID search not configured for this backend.\n");

+            ret = EINVAL;

+            goto done;

+        }

+

+        ret = sss_filter_sanitize(state, name, &clean_name);

+        if (ret != EOK) {

+            goto done;

+        }

+        break;

     default:

         ret = EINVAL;

         goto done;

@@ -884,8 +913,9 @@ static void groups_get_done(struct tevent_req *subreq)

             break;

         case BE_FILTER_SECID:

-            /* Since it is not clear if the SID belongs to a user or a group

-             * we have nothing to do here. */

+        case BE_FILTER_UUID:

+            /* Since it is not clear if the SID/UUID belongs to a user or a

+             * group we have nothing to do here. */

             break;

         default:

@@ -1401,7 +1431,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,

             goto done;

         }

-        if (ar->filter_type == BE_FILTER_SECID) {

+        if (ar->filter_type == BE_FILTER_SECID

+                || ar->filter_type == BE_FILTER_UUID) {

             ret = EINVAL;

             state->err = "Invalid filter type";

             goto done;

@@ -1430,6 +1461,21 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,

                                          noexist_delete);

         break;

+    case BE_REQ_BY_UUID:

+        if (ar->filter_type != BE_FILTER_UUID) {

+            ret = EINVAL;

+            state->err = "Invalid filter type";

+            goto done;

+        }

+

+        subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx,

+                                         sdom, conn,

+                                         ar->filter_value,

+                                         ar->filter_type,

+                                         ar->attr_type,

+                                         noexist_delete);

+        break;

+

     case BE_REQ_USER_AND_GROUP:

         if (!(ar->filter_type == BE_FILTER_NAME ||

               ar->filter_type == BE_FILTER_IDNUM)) {

@@ -1504,6 +1550,8 @@ sdap_handle_acct_req_done(struct tevent_req *subreq)

         break;

     case BE_REQ_BY_SECID:

         /* Fallthrough */

+    case BE_REQ_BY_UUID:

+        /* Fallthrough */

     case BE_REQ_USER_AND_GROUP:

         err = "Lookup by SID failed";

         ret = sdap_get_user_and_group_recv(subreq, &state->dp_error,

-- 

1.9.3