From 21bc70002db718c353724d3aea2121a2bac23218 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 7 Nov 2014 13:55:01 +0100
Subject: [PATCH 097/104] LDAP: add support for lookups by UUID
Related to https://fedorahosted.org/sssd/ticket/2481
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/providers/data_provider.h | 2 ++
src/providers/ldap/ldap_id.c | 58 +++++++++++++++++++++++++++++++++++++++----
2 files changed, 55 insertions(+), 5 deletions(-)
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index e1cb4befadba7e24a418790b10ff361b3092ec6a..5df493e9d1ae21ada6f5fd6198a6d9c36680d044 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -127,6 +127,7 @@
#define BE_FILTER_IDNUM 2
#define BE_FILTER_ENUM 3
#define BE_FILTER_SECID 4
+#define BE_FILTER_UUID 5
#define BE_REQ_USER 0x0001
#define BE_REQ_GROUP 0x0002
@@ -139,6 +140,7 @@
#define BE_REQ_HOST 0x0010
#define BE_REQ_BY_SECID 0x0011
#define BE_REQ_USER_AND_GROUP 0x0012
+#define BE_REQ_BY_UUID 0x0013
#define BE_REQ_TYPE_MASK 0x00FF
#define BE_REQ_FAST 0x1000
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index e8b3a0e1e1dce6e0c8a9b21aa7c6299108dad24d..2e58f4e49eb33a85cbb8b4144c69004c6b5b312b 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -179,6 +179,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
goto done;
}
break;
+ case BE_FILTER_UUID:
+ attr_name = ctx->opts->user_map[SDAP_AT_USER_UUID].name;
+ if (attr_name == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "UUID search not configured for this backend.\n");
+ ret = EINVAL;
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, name, &clean_name);
+ if (ret != EOK) {
+ goto done;
+ }
+ break;
default:
ret = EINVAL;
goto done;
@@ -458,8 +472,9 @@ static void users_get_done(struct tevent_req *subreq)
break;
case BE_FILTER_SECID:
- /* Since it is not clear if the SID belongs to a user or a group
- * we have nothing to do here. */
+ case BE_FILTER_UUID:
+ /* Since it is not clear if the SID/UUID belongs to a user or a
+ * group we have nothing to do here. */
break;
default:
@@ -635,6 +650,20 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
goto done;
}
break;
+ case BE_FILTER_UUID:
+ attr_name = ctx->opts->group_map[SDAP_AT_GROUP_UUID].name;
+ if (attr_name == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "UUID search not configured for this backend.\n");
+ ret = EINVAL;
+ goto done;
+ }
+
+ ret = sss_filter_sanitize(state, name, &clean_name);
+ if (ret != EOK) {
+ goto done;
+ }
+ break;
default:
ret = EINVAL;
goto done;
@@ -884,8 +913,9 @@ static void groups_get_done(struct tevent_req *subreq)
break;
case BE_FILTER_SECID:
- /* Since it is not clear if the SID belongs to a user or a group
- * we have nothing to do here. */
+ case BE_FILTER_UUID:
+ /* Since it is not clear if the SID/UUID belongs to a user or a
+ * group we have nothing to do here. */
break;
default:
@@ -1401,7 +1431,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
goto done;
}
- if (ar->filter_type == BE_FILTER_SECID) {
+ if (ar->filter_type == BE_FILTER_SECID
+ || ar->filter_type == BE_FILTER_UUID) {
ret = EINVAL;
state->err = "Invalid filter type";
goto done;
@@ -1430,6 +1461,21 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx,
noexist_delete);
break;
+ case BE_REQ_BY_UUID:
+ if (ar->filter_type != BE_FILTER_UUID) {
+ ret = EINVAL;
+ state->err = "Invalid filter type";
+ goto done;
+ }
+
+ subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx,
+ sdom, conn,
+ ar->filter_value,
+ ar->filter_type,
+ ar->attr_type,
+ noexist_delete);
+ break;
+
case BE_REQ_USER_AND_GROUP:
if (!(ar->filter_type == BE_FILTER_NAME ||
ar->filter_type == BE_FILTER_IDNUM)) {
@@ -1504,6 +1550,8 @@ sdap_handle_acct_req_done(struct tevent_req *subreq)
break;
case BE_REQ_BY_SECID:
/* Fallthrough */
+ case BE_REQ_BY_UUID:
+ /* Fallthrough */
case BE_REQ_USER_AND_GROUP:
err = "Lookup by SID failed";
ret = sdap_get_user_and_group_recv(subreq, &state->dp_error,
--
1.9.3