dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0159-sysdb-fix-group-members-with-overridden-names.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   e543c9d626dd9ae2c4419f0d768897dc2bae585a
  2.   SOURCES
  3.   0159-sysdb-fix-group-members-with-overridden-names.patch
Blob History Raw
905b4d 
From 092b3c062c3568d1a01766d71a25004ee3cfc64e Mon Sep 17 00:00:00 2001
905b4d 
From: Sumit Bose <sbose@redhat.com>
905b4d 
Date: Mon, 12 Jan 2015 18:36:42 +0100
905b4d 
Subject: [PATCH 159/160] sysdb: fix group members with overridden names
905b4d
905b4d 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
905b4d 
(cherry picked from commit fbcdc08722aa8ed17c4b114e01fbb37c02cfb2fe)
905b4d 
---
905b4d 
 src/db/sysdb.h       |  1 +
905b4d 
 src/db/sysdb_views.c | 73 ++++++++++++++++++++++++++++++++++++++++++++--------
905b4d 
 2 files changed, 63 insertions(+), 11 deletions(-)
905b4d
905b4d 
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
905b4d 
index b1e057107cc6e3d4ce7b7bb8e821a2414c3424a7..9e33fee37a352498ed0c987dc2ae0da3500d63d5 100644
905b4d 
--- a/src/db/sysdb.h
905b4d 
+++ b/src/db/sysdb.h
905b4d 
@@ -210,6 +210,7 @@
905b4d
905b4d 
 #define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \
905b4d 
                            SYSDB_MEMBERUID, \
905b4d 
+                           SYSDB_MEMBER, \
905b4d 
                            SYSDB_GHOST, \
905b4d 
                            SYSDB_DEFAULT_ATTRS, \
905b4d 
                            SYSDB_SID_STR, \
905b4d 
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
905b4d 
index c735a7bd8588a80743d40438d010db5912f47bb5..717edf20a447003568060cf4d32bf8d47bd93e63 100644
905b4d 
--- a/src/db/sysdb_views.c
905b4d 
+++ b/src/db/sysdb_views.c
905b4d 
@@ -1268,6 +1268,10 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
905b4d 
     const char *override_dn_str;
905b4d 
     struct ldb_dn *override_dn;
905b4d 
     const char *memberuid;
905b4d 
+    const char *orig_name;
905b4d 
+    char *orig_domain;
905b4d 
+    char *val;
905b4d 
+    struct sss_domain_info *orig_dom;
905b4d
905b4d 
     members = ldb_msg_find_element(obj, SYSDB_MEMBER);
905b4d 
     if (members == NULL || members->num_values == 0) {
905b4d 
@@ -1306,6 +1310,12 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
905b4d 
             goto done;
905b4d 
         }
905b4d
905b4d 
+        if (ldb_msg_find_attr_as_uint64(member_obj->msgs[0],
905b4d 
+                                        SYSDB_UIDNUM, 0) == 0) {
905b4d 
+            /* Skip non-POSIX-user members i.e. groups and non-POSIX users */
905b4d 
+            continue;
905b4d 
+        }
905b4d 
+
905b4d 
         override_dn_str = ldb_msg_find_attr_as_string(member_obj->msgs[0],
905b4d 
                                                       SYSDB_OVERRIDE_DN, NULL);
905b4d 
         if (override_dn_str == NULL) {
905b4d 
@@ -1324,6 +1334,16 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
905b4d 
             goto done;
905b4d 
         }
905b4d
905b4d 
+        orig_name = ldb_msg_find_attr_as_string(member_obj->msgs[0],
905b4d 
+                                                SYSDB_NAME,
905b4d 
+                                                NULL);
905b4d 
+        if (orig_name == NULL) {
905b4d 
+            DEBUG(SSSDBG_CRIT_FAILURE, "Object [%s] has no name.\n",
905b4d 
+                  ldb_dn_get_linearized(member_obj->msgs[0]->dn));
905b4d 
+            ret = EINVAL;
905b4d 
+            goto done;
905b4d 
+        }
905b4d 
+
905b4d 
         memberuid = NULL;
905b4d 
         if (ldb_dn_compare(member_obj->msgs[0]->dn, override_dn) != 0) {
905b4d 
             DEBUG(SSSDBG_TRACE_ALL, "Checking override for object [%s].\n",
905b4d 
@@ -1347,29 +1367,60 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
905b4d 
             memberuid = ldb_msg_find_attr_as_string(override_obj->msgs[0],
905b4d 
                                                     SYSDB_NAME,
905b4d 
                                                     NULL);
905b4d 
+
905b4d 
+            if (memberuid != NULL) {
905b4d 
+                ret = sss_parse_name(tmp_ctx, domain->names, orig_name,
905b4d 
+                                     &orig_domain, NULL);
905b4d 
+                if (ret != EOK) {
905b4d 
+                    DEBUG(SSSDBG_OP_FAILURE,
905b4d 
+                         "sss_parse_name failed to split original name [%s].\n",
905b4d 
+                         orig_name);
905b4d 
+                    goto done;
905b4d 
+                }
905b4d 
+
905b4d 
+                if (orig_domain != NULL) {
905b4d 
+                    orig_dom = find_domain_by_name(get_domains_head(domain),
905b4d 
+                                                   orig_domain, true);
905b4d 
+                    if (orig_dom == NULL) {
905b4d 
+                        DEBUG(SSSDBG_CRIT_FAILURE,
905b4d 
+                              "Cannot find domain with name [%s].\n",
905b4d 
+                              orig_domain);
905b4d 
+                        ret = EINVAL;
905b4d 
+                        goto done;
905b4d 
+                    }
905b4d 
+                    memberuid = sss_get_domain_name(tmp_ctx, memberuid,
905b4d 
+                                                    orig_dom);
905b4d 
+                    if (memberuid == NULL) {
905b4d 
+                        DEBUG(SSSDBG_OP_FAILURE,
905b4d 
+                              "sss_get_domain_name failed.\n");
905b4d 
+                        ret = ENOMEM;
905b4d 
+                        goto done;
905b4d 
+                    }
905b4d 
+                }
905b4d 
+            }
905b4d 
         }
905b4d
905b4d 
         if (memberuid == NULL) {
905b4d 
             DEBUG(SSSDBG_TRACE_ALL, "No override name available.\n");
905b4d
905b4d 
-            memberuid = ldb_msg_find_attr_as_string(member_obj->msgs[0],
905b4d 
-                                                    SYSDB_NAME,
905b4d 
-                                                    NULL);
905b4d 
-            if (memberuid == NULL) {
905b4d 
-                DEBUG(SSSDBG_CRIT_FAILURE, "Object [%s] has no name.\n",
905b4d 
-                      ldb_dn_get_linearized(member_obj->msgs[0]->dn));
905b4d 
-                ret = EINVAL;
905b4d 
-                goto done;
905b4d 
-            }
905b4d 
+            memberuid = orig_name;
905b4d 
         }
905b4d
905b4d 
-        ret = ldb_msg_add_string(obj, OVERRIDE_PREFIX SYSDB_MEMBERUID,
905b4d 
-                                 memberuid);
905b4d 
+        val = talloc_strdup(obj, memberuid);
905b4d 
+        if (val == NULL) {
905b4d 
+            DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
905b4d 
+            ret = ENOMEM;
905b4d 
+            goto done;
905b4d 
+        }
905b4d 
+
905b4d 
+        ret = ldb_msg_add_string(obj, OVERRIDE_PREFIX SYSDB_MEMBERUID, val);
905b4d 
         if (ret != LDB_SUCCESS) {
905b4d 
             DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
905b4d 
             ret = sysdb_error_to_errno(ret);
905b4d 
             goto done;
905b4d 
         }
905b4d 
+        DEBUG(SSSDBG_TRACE_ALL, "Added [%s] to [%s].\n", memberuid,
905b4d 
+                                OVERRIDE_PREFIX SYSDB_MEMBERUID);
905b4d
905b4d 
         /* Free all temporary data of the current member to avoid memory usage
905b4d 
          * spikes. All temporary data should be allocated below member_dn. */
905b4d 
--
905b4d 
2.1.0
905b4d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation