dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 6f86800fde61c3cd61d8d7884f0da342a616bde4 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 27 Oct 2014 15:11:08 +0100
Subject: [PATCH 61/64] sysdb_add_overrides_to_object: add new parameter and
 multi-value support

With the new parameter an attribute list other than the default one can
be used.

Override attributes with multiple values (e.g. SSH public keys) are now
supported as well.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/db/sysdb.h                 |  3 ++-
 src/db/sysdb_search.c          | 24 ++++++++++++++++--------
 src/db/sysdb_views.c           | 41 +++++++++++++++++++++++++----------------
 src/responder/nss/nsssrv_cmd.c |  2 +-
 4 files changed, 44 insertions(+), 26 deletions(-)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index ebb1bbedaf2df3030a012f1f0be8c5a069399cc3..f582f6a516e43a453741acacbe3ca6957e23fc37 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -487,7 +487,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
 
 errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
                                       struct ldb_message *obj,
-                                      struct ldb_message *override_obj);
+                                      struct ldb_message *override_obj,
+                                      const char **req_attrs);
 
 errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
                                          struct ldb_message *obj);
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index dacbd239db6be7e4c738d5bd6b495b613411b126..677257405fae51774d4cd0c17516238e74fb7592 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -124,7 +124,8 @@ errno_t sysdb_getpwnam_with_views(TALLOC_CTX *mem_ctx,
      * the original object. */
     if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
         ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
-                          override_obj == NULL ? NULL : override_obj ->msgs[0]);
+                          override_obj == NULL ? NULL : override_obj->msgs[0],
+                          NULL);
         if (ret != EOK && ret != ENOENT) {
             DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
             goto done;
@@ -229,7 +230,8 @@ errno_t sysdb_getpwuid_with_views(TALLOC_CTX *mem_ctx,
      * the original object. */
     if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
         ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
-                           override_obj == NULL ? NULL : override_obj->msgs[0]);
+                           override_obj == NULL ? NULL : override_obj->msgs[0],
+                           NULL);
         if (ret != EOK && ret != ENOENT) {
             DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
             goto done;
@@ -314,7 +316,8 @@ int sysdb_enumpwent_with_views(TALLOC_CTX *mem_ctx,
 
     if (DOM_HAS_VIEWS(domain)) {
         for (c = 0; c < res->count; c++) {
-            ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL);
+            ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL,
+                                                NULL);
             /* enumeration assumes that the cache is up-to-date, hence we do not
              * need to handle ENOENT separately. */
             if (ret != EOK) {
@@ -426,7 +429,8 @@ int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx,
         }
 
         ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
-                          override_obj == NULL ? NULL : override_obj ->msgs[0]);
+                          override_obj == NULL ? NULL : override_obj ->msgs[0],
+                          NULL);
         if (ret != EOK) {
             DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
             goto done;
@@ -578,7 +582,8 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
         }
 
         ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
-                          override_obj == NULL ? NULL : override_obj ->msgs[0]);
+                          override_obj == NULL ? NULL : override_obj ->msgs[0],
+                          NULL);
         if (ret != EOK) {
             DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
             goto done;
@@ -734,7 +739,8 @@ int sysdb_enumgrent_with_views(TALLOC_CTX *mem_ctx,
 
     if (DOM_HAS_VIEWS(domain)) {
         for (c = 0; c < res->count; c++) {
-            ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL);
+            ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL,
+                                                NULL);
             /* enumeration assumes that the cache is up-to-date, hence we do not
              * need to handle ENOENT separately. */
             if (ret != EOK) {
@@ -956,7 +962,8 @@ int sysdb_initgroups_with_views(TALLOC_CTX *mem_ctx,
     if (DOM_HAS_VIEWS(domain)) {
         /* Skip user entry because it already has override values added */
         for (c = 1; c < res->count; c++) {
-            ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL);
+            ret = sysdb_add_overrides_to_object(domain, res->msgs[c], NULL,
+                                                NULL);
             if (ret != EOK) {
                 DEBUG(SSSDBG_OP_FAILURE,
                       "sysdb_add_overrides_to_object failed.\n");
@@ -1083,7 +1090,8 @@ int sysdb_get_user_attr_with_views(TALLOC_CTX *mem_ctx,
      * the original object. */
     if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
         ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
-                          override_obj == NULL ? NULL : override_obj ->msgs[0]);
+                          override_obj == NULL ? NULL : override_obj ->msgs[0],
+                          attrs);
         if (ret != EOK && ret != ENOENT) {
             DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_overrides_to_object failed.\n");
             return ret;
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
index a42aa96ed3e0cd7c877ff0c42887ef3f03ef5e0e..f2cf370231b57c3cd2b563eec4ea2a0f3a0935bd 100644
--- a/src/db/sysdb_views.c
+++ b/src/db/sysdb_views.c
@@ -948,6 +948,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
  * @param[in] domain Domain struct, needed to access the cache
  * @oaram[in] obj The original object
  * @param[in] override_obj The object with the override data, may be NULL
+ * @param[in] req_attrs List of attributes to be requested, if not set a
+ *                      default list dependig on the object type will be used
  *
  * @return EOK - Override data was added successfully
  * @return ENOMEM - There was insufficient memory to complete the operation
@@ -958,7 +960,8 @@ errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
  */
 errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
                                       struct ldb_message *obj,
-                                      struct ldb_message *override_obj)
+                                      struct ldb_message *override_obj,
+                                      const char **req_attrs)
 {
     int ret;
     const char *override_dn_str;
@@ -983,7 +986,8 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
         {NULL, NULL}
     };
     size_t c;
-    const char *tmp_str;
+    size_t d;
+    struct ldb_message_element *tmp_el;
 
     tmp_ctx = talloc_new(NULL);
     if (tmp_ctx == NULL) {
@@ -1016,12 +1020,15 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
             goto done;
         }
 
-        uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0);
-        if (uid == 0) {
-            /* No UID hence group object */
-            attrs = group_attrs;
-        } else {
-            attrs = user_attrs;
+        attrs = req_attrs;
+        if (attrs == NULL) {
+            uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0);
+            if (uid == 0) {
+                /* No UID hence group object */
+                attrs = group_attrs;
+            } else {
+                attrs = user_attrs;
+            }
         }
 
         ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, override_dn,
@@ -1050,14 +1057,16 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
     }
 
     for (c = 0; attr_map[c].attr != NULL; c++) {
-        tmp_str = ldb_msg_find_attr_as_string(override, attr_map[c].attr, NULL);
-        if (tmp_str != NULL) {
-            talloc_steal(obj, tmp_str);
-            ret = ldb_msg_add_string(obj, attr_map[c].new_attr, tmp_str);
-            if (ret != LDB_SUCCESS) {
-                DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
-                ret = sysdb_error_to_errno(ret);
-                goto done;
+        tmp_el = ldb_msg_find_element(override, attr_map[c].attr);
+        if (tmp_el != NULL) {
+            for (d = 0; d < tmp_el->num_values; d++) {
+                ret = ldb_msg_add_steal_value(obj, attr_map[c].new_attr,
+                                              &tmp_el->values[d]);
+                if (ret != LDB_SUCCESS) {
+                    DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_value failed.\n");
+                    ret = sysdb_error_to_errno(ret);
+                    goto done;
+                }
             }
         }
     }
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index b100aae08fc04ccf1a295745767c5445cf2e01be..ff7b6a334f4c1d9dc854296746b0ff83949acd68 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -4064,7 +4064,7 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
             if (ret == EOK && DOM_HAS_VIEWS(dom)) {
                 for (c = 0; c < dctx->res->count; c++) {
                     ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c],
-                                                        NULL);
+                                                        NULL, NULL);
                     if (ret != EOK) {
                         DEBUG(SSSDBG_OP_FAILURE,
                               "sysdb_add_overrides_to_object failed.\n");
-- 
1.9.3