|
 |
6b9042 |
From 52beb5e79905712a8aaabf19e52e654fc4648a94 Mon Sep 17 00:00:00 2001
|
|
|
6b9042 |
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
6b9042 |
Date: Fri, 15 Jan 2016 16:16:00 +0200
|
|
|
6b9042 |
Subject: [PATCH 06/12] nss: force lower case for memberUid attribute as per
|
|
|
6b9042 |
RFC2307
|
|
|
6b9042 |
|
|
|
6b9042 |
When memberUid attribute is generated, it has to be normalized or
|
|
|
6b9042 |
otherwise searches for members against groups in compat tree will fail.
|
|
|
6b9042 |
slapi-nis already normalizes elements of a search filter that mention
|
|
|
6b9042 |
memberUid attribute values but the original memberUid value should be
|
|
|
6b9042 |
normalized as well.
|
|
|
6b9042 |
---
|
|
|
6b9042 |
src/back-sch-nss.c | 22 ++++++++++++++++++----
|
|
|
6b9042 |
1 file changed, 18 insertions(+), 4 deletions(-)
|
|
|
6b9042 |
|
|
|
6b9042 |
diff --git a/src/back-sch-nss.c b/src/back-sch-nss.c
|
|
|
6b9042 |
index 16d4164..702590c 100644
|
|
|
6b9042 |
--- a/src/back-sch-nss.c
|
|
|
6b9042 |
+++ b/src/back-sch-nss.c
|
|
|
6b9042 |
@@ -246,8 +246,8 @@ backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd,
|
|
|
6b9042 |
return NULL;
|
|
|
6b9042 |
}
|
|
|
6b9042 |
|
|
|
6b9042 |
- dn = backend_build_dn("uid", pwd->pw_name, container_sdn);
|
|
|
6b9042 |
- if (dn == NULL) {
|
|
|
6b9042 |
+ name = (char *) slapi_utf8StrToLower((unsigned char *) pwd->pw_name);
|
|
|
6b9042 |
+ if (name == NULL) {
|
|
|
6b9042 |
slapi_log_error(SLAPI_LOG_FATAL,
|
|
|
6b9042 |
cbdata->state->plugin_desc->spd_id,
|
|
|
6b9042 |
"error building DN for uid=%s,%s skipping\n",
|
|
|
6b9042 |
@@ -256,12 +256,22 @@ backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd,
|
|
|
6b9042 |
return NULL;
|
|
|
6b9042 |
}
|
|
|
6b9042 |
|
|
|
6b9042 |
+ dn = backend_build_dn("uid", name, container_sdn);
|
|
|
6b9042 |
+ if (dn == NULL) {
|
|
|
6b9042 |
+ slapi_log_error(SLAPI_LOG_FATAL,
|
|
|
6b9042 |
+ cbdata->state->plugin_desc->spd_id,
|
|
|
6b9042 |
+ "error building DN for uid=%s,%s skipping\n",
|
|
|
6b9042 |
+ name, container_sdn);
|
|
|
6b9042 |
+ slapi_entry_free(entry);
|
|
|
6b9042 |
+ return NULL;
|
|
|
6b9042 |
+ }
|
|
|
6b9042 |
+
|
|
|
6b9042 |
slapi_entry_add_string(entry,
|
|
|
6b9042 |
"objectClass", "top");
|
|
|
6b9042 |
slapi_entry_add_string(entry,
|
|
|
6b9042 |
"objectClass", "posixAccount");
|
|
|
6b9042 |
slapi_entry_add_string(entry,
|
|
|
6b9042 |
- "uid", pwd->pw_name);
|
|
|
6b9042 |
+ "uid", name);
|
|
|
6b9042 |
slapi_entry_attr_set_uint(entry,
|
|
|
6b9042 |
"uidNumber", pwd->pw_uid);
|
|
|
6b9042 |
slapi_entry_attr_set_uint(entry,
|
|
|
6b9042 |
@@ -286,6 +296,7 @@ backend_make_user_entry_from_nsswitch_passwd(struct passwd *pwd,
|
|
|
6b9042 |
}
|
|
|
6b9042 |
|
|
|
6b9042 |
slapi_entry_set_dn(entry, dn);
|
|
|
6b9042 |
+ slapi_ch_free_string(&name);
|
|
|
6b9042 |
|
|
|
6b9042 |
#ifdef HAVE_SSS_NSS_IDMAP
|
|
|
6b9042 |
rc = sss_nss_getsidbyid(pwd->pw_uid, &sid_str, &id_type);
|
|
|
6b9042 |
@@ -520,6 +531,7 @@ backend_make_group_entry_from_nsswitch_group(struct group *grp,
|
|
|
6b9042 |
Slapi_Entry *entry;
|
|
|
6b9042 |
int rc, i;
|
|
|
6b9042 |
char *dn = NULL;
|
|
|
6b9042 |
+ char *name = NULL;
|
|
|
6b9042 |
#ifdef HAVE_SSS_NSS_IDMAP
|
|
|
6b9042 |
enum sss_id_type id_type;
|
|
|
6b9042 |
char *sid_str;
|
|
|
6b9042 |
@@ -551,7 +563,9 @@ backend_make_group_entry_from_nsswitch_group(struct group *grp,
|
|
|
6b9042 |
|
|
|
6b9042 |
if (grp->gr_mem) {
|
|
|
6b9042 |
for (i=0; grp->gr_mem[i]; i++) {
|
|
|
6b9042 |
- slapi_entry_add_string(entry, "memberUid", grp->gr_mem[i]);
|
|
|
6b9042 |
+ name = (char *) slapi_utf8StrToLower((unsigned char*) grp->gr_mem[i]);
|
|
|
6b9042 |
+ slapi_entry_add_string(entry, "memberUid", name);
|
|
|
6b9042 |
+ slapi_ch_free_string(&name);
|
|
|
6b9042 |
}
|
|
|
6b9042 |
}
|
|
|
6b9042 |
|
|
|
6b9042 |
--
|
|
|
6b9042 |
2.5.0
|
|
|
6b9042 |
|