From c12a2635adacbb321c4c2208160f2eb306333e71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Sun, 11 Oct 2015 16:45:19 +0200
Subject: [PATCH 102/104] nss: send original name and id with local views if
possible
Resolves:
https://fedorahosted.org/sssd/ticket/2833
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 2f793681b4debbe015815f908dc12c0463711609)
---
src/responder/nss/nsssrv_cmd.c | 131 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 128 insertions(+), 3 deletions(-)
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index d177135db00369c2af69eb62f6a4a4aaf54ba510..39fd5b41a31796a05a1790e78cb6c425b39c47cb 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -599,6 +599,124 @@ is_refreshed_on_bg(enum sss_dp_acct_type req_type,
static void nsssrv_dp_send_acct_req_done(struct tevent_req *req);
+static void get_dp_name_and_id(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *dom,
+ enum sss_dp_acct_type req_type,
+ const char *opt_name,
+ uint32_t opt_id,
+ const char **_name,
+ uint32_t *_id)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_result *res = NULL;
+ const char *attr;
+ const char *name;
+ uint32_t id;
+ errno_t ret;
+
+ /* First set the same values to make things easier. */
+ *_name = opt_name;
+ *_id = opt_id;
+
+ if (!DOM_HAS_VIEWS(dom) || !is_local_view(dom->view_name)) {
+ DEBUG(SSSDBG_TRACE_FUNC, "Not a LOCAL view, continuing with "
+ "provided values.\n");
+ return;
+ }
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
+ return;
+ }
+
+ if (opt_name != NULL) {
+ switch (req_type) {
+ case SSS_DP_USER:
+ case SSS_DP_INITGROUPS:
+ ret = sysdb_getpwnam_with_views(tmp_ctx, dom, opt_name, &res);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "sysdb_getpwnam_with_views() failed [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
+ break;
+ case SSS_DP_GROUP:
+ ret = sysdb_getgrnam_with_views(tmp_ctx, dom, opt_name, &res);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "sysdb_getgrnam_with_views() failed [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
+ break;
+ default:
+ goto done;
+ }
+
+ if (res == NULL || res->count != 1) {
+ /* This should not happen with LOCAL view and overridden value. */
+ DEBUG(SSSDBG_TRACE_FUNC, "Entry is missing?! Continuing with "
+ "provided values.\n");
+ goto done;
+ }
+
+ name = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL);
+ if (name == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Bug: name cannot be NULL\n");
+ goto done;
+ }
+
+ *_name = talloc_steal(mem_ctx, name);
+ } else if (opt_id != 0) {
+ switch (req_type) {
+ case SSS_DP_USER:
+ ret = sysdb_getpwuid_with_views(tmp_ctx, dom, opt_id, &res);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "sysdb_getpwuid_with_views() failed [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
+
+ attr = SYSDB_UIDNUM;
+ break;
+ case SSS_DP_GROUP:
+ ret = sysdb_getgrgid_with_views(tmp_ctx, dom, opt_id, &res);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "sysdb_getgrgid_with_views() failed [%d]: %s\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
+
+ attr = SYSDB_GIDNUM;
+ break;
+ default:
+ goto done;
+ }
+
+ if (res == NULL || res->count != 1) {
+ /* This should not happen with LOCAL view and overridden value. */
+ DEBUG(SSSDBG_TRACE_FUNC, "Entry is missing?! Continuing with "
+ "provided values.\n");
+ goto done;
+ }
+
+ id = ldb_msg_find_attr_as_uint64(res->msgs[0], attr, 0);
+ if (id == 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Bug: id cannot be 0\n");
+ goto done;
+ }
+
+ *_id = id;
+ }
+
+done:
+ talloc_free(tmp_ctx);
+}
+
/* FIXME: do not check res->count, but get in a msgs and check in parent */
errno_t check_cache(struct nss_dom_ctx *dctx,
struct nss_ctx *nctx,
@@ -616,6 +734,8 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
struct tevent_req *req = NULL;
struct dp_callback_ctx *cb_ctx = NULL;
uint64_t cacheExpire = 0;
+ const char *name = opt_name;
+ uint32_t id = opt_id;
/* when searching for a user or netgroup, more than one reply is a
* db error
@@ -627,6 +747,11 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
return ENOENT;
}
+ /* In case of local view we have to always contant DP with the original
+ * name or id. */
+ get_dp_name_and_id(dctx->cmdctx, dctx->domain, req_type, opt_name, opt_id,
+ &name, &id);
+
/* if we have any reply let's check cache validity, but ignore netgroups
* if refresh_expired_interval is set (which implies that another method
* is used to refresh netgroups)
@@ -671,10 +796,10 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
* immediately.
*/
DEBUG(SSSDBG_TRACE_FUNC,
- "Performing midpoint cache update on [%s]\n", opt_name);
+ "Performing midpoint cache update on [%s]\n", name);
req = sss_dp_get_account_send(cctx, cctx->rctx, dctx->domain, true,
- req_type, opt_name, opt_id, extra);
+ req_type, name, id, extra);
if (!req) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Out of memory sending out-of-band data provider "
@@ -703,7 +828,7 @@ errno_t check_cache(struct nss_dom_ctx *dctx,
}
req = sss_dp_get_account_send(cctx, cctx->rctx, dctx->domain, true,
- req_type, opt_name, opt_id, extra);
+ req_type, name, id, extra);
if (!req) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Out of memory sending data provider request\n");
--
2.4.3