From 21bc70002db718c353724d3aea2121a2bac23218 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 7 Nov 2014 13:55:01 +0100 Subject: [PATCH 097/104] LDAP: add support for lookups by UUID Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek --- src/providers/data_provider.h | 2 ++ src/providers/ldap/ldap_id.c | 58 +++++++++++++++++++++++++++++++++++++++---- 2 files changed, 55 insertions(+), 5 deletions(-) diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index e1cb4befadba7e24a418790b10ff361b3092ec6a..5df493e9d1ae21ada6f5fd6198a6d9c36680d044 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -127,6 +127,7 @@ #define BE_FILTER_IDNUM 2 #define BE_FILTER_ENUM 3 #define BE_FILTER_SECID 4 +#define BE_FILTER_UUID 5 #define BE_REQ_USER 0x0001 #define BE_REQ_GROUP 0x0002 @@ -139,6 +140,7 @@ #define BE_REQ_HOST 0x0010 #define BE_REQ_BY_SECID 0x0011 #define BE_REQ_USER_AND_GROUP 0x0012 +#define BE_REQ_BY_UUID 0x0013 #define BE_REQ_TYPE_MASK 0x00FF #define BE_REQ_FAST 0x1000 diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index e8b3a0e1e1dce6e0c8a9b21aa7c6299108dad24d..2e58f4e49eb33a85cbb8b4144c69004c6b5b312b 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -179,6 +179,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, goto done; } break; + case BE_FILTER_UUID: + attr_name = ctx->opts->user_map[SDAP_AT_USER_UUID].name; + if (attr_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "UUID search not configured for this backend.\n"); + ret = EINVAL; + goto done; + } + + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto done; + } + break; default: ret = EINVAL; goto done; @@ -458,8 +472,9 @@ static void users_get_done(struct tevent_req *subreq) break; case BE_FILTER_SECID: - /* Since it is not clear if the SID belongs to a user or a group - * we have nothing to do here. */ + case BE_FILTER_UUID: + /* Since it is not clear if the SID/UUID belongs to a user or a + * group we have nothing to do here. */ break; default: @@ -635,6 +650,20 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto done; } break; + case BE_FILTER_UUID: + attr_name = ctx->opts->group_map[SDAP_AT_GROUP_UUID].name; + if (attr_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "UUID search not configured for this backend.\n"); + ret = EINVAL; + goto done; + } + + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto done; + } + break; default: ret = EINVAL; goto done; @@ -884,8 +913,9 @@ static void groups_get_done(struct tevent_req *subreq) break; case BE_FILTER_SECID: - /* Since it is not clear if the SID belongs to a user or a group - * we have nothing to do here. */ + case BE_FILTER_UUID: + /* Since it is not clear if the SID/UUID belongs to a user or a + * group we have nothing to do here. */ break; default: @@ -1401,7 +1431,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - if (ar->filter_type == BE_FILTER_SECID) { + if (ar->filter_type == BE_FILTER_SECID + || ar->filter_type == BE_FILTER_UUID) { ret = EINVAL; state->err = "Invalid filter type"; goto done; @@ -1430,6 +1461,21 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, noexist_delete); break; + case BE_REQ_BY_UUID: + if (ar->filter_type != BE_FILTER_UUID) { + ret = EINVAL; + state->err = "Invalid filter type"; + goto done; + } + + subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, + sdom, conn, + ar->filter_value, + ar->filter_type, + ar->attr_type, + noexist_delete); + break; + case BE_REQ_USER_AND_GROUP: if (!(ar->filter_type == BE_FILTER_NAME || ar->filter_type == BE_FILTER_IDNUM)) { @@ -1504,6 +1550,8 @@ sdap_handle_acct_req_done(struct tevent_req *subreq) break; case BE_REQ_BY_SECID: /* Fallthrough */ + case BE_REQ_BY_UUID: + /* Fallthrough */ case BE_REQ_USER_AND_GROUP: err = "Lookup by SID failed"; ret = sdap_get_user_and_group_recv(subreq, &state->dp_error, -- 1.9.3