From 24ed6bff6cf81c7ba732a5515a2194d9e32cf354 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 20 Jun 2016 16:30:03 +0200 Subject: [PATCH 56/62] LDAP/IPA: add local email address to aliases Adding email-addresses from the local domain to the alias names is strictly not needed by might help to speed up lookups in the NSS responder. Reviewed-by: Jakub Hrozek (cherry picked from commit 9a310913d696d190db14c625080678db853a33fd) --- src/providers/ipa/ipa_s2n_exop.c | 49 ++++++++++++++++++++++++++++++++++++++++ src/providers/ldap/sdap_utils.c | 22 ++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index b28cc415b1c6dfcf06e0cb9769a36135da01b991..255dad45037a6cb8f399bf2df500215f6fb25b59 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -1885,6 +1885,49 @@ done: return ret; } +static errno_t add_emails_to_aliases(struct sysdb_attrs *attrs, + struct sss_domain_info *dom) +{ + int ret; + const char **emails; + size_t c; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + return ENOMEM; + } + + ret = sysdb_attrs_get_string_array(attrs, SYSDB_USER_EMAIL, tmp_ctx, + &emails); + if (ret == EOK) { + for (c = 0; emails[c] != NULL; c++) { + if (is_email_from_domain(emails[c], dom)) { + ret = sysdb_attrs_add_lc_name_alias_safe(attrs, emails[c]); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to add lower-cased version of email [%s] " + "into the alias list\n", emails[c]); + goto done; + } + } + } + } else if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, "No email addresses available.\n"); + } else { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_attrs_get_string_array failed, skipping ...\n"); + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, struct req_input *req_input, struct resp_attrs *attrs, @@ -2030,6 +2073,12 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, goto done; } + ret = add_emails_to_aliases(attrs->sysdb_attrs, dom); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "add_emails_to_aliases failed, skipping ...\n"); + } + if (upn == NULL) { /* We also have to store a fake UPN here, because otherwise the * krb5 child later won't be able to properly construct one as diff --git a/src/providers/ldap/sdap_utils.c b/src/providers/ldap/sdap_utils.c index 696af51d66e279d718e9af142ce5ed871eae7727..a3a9642171ca057be5a59dfae192803b84c501c8 100644 --- a/src/providers/ldap/sdap_utils.c +++ b/src/providers/ldap/sdap_utils.c @@ -87,6 +87,7 @@ sdap_save_all_names(const char *name, int i; bool lowercase = !dom->case_sensitive; bool store_as_fqdn; + const char **emails; switch (entry_type) { case SYSDB_MEMBER_USER: @@ -143,6 +144,27 @@ sdap_save_all_names(const char *name, } + ret = sysdb_attrs_get_string_array(ldap_attrs, SYSDB_USER_EMAIL, tmp_ctx, + &emails); + if (ret == EOK) { + for (i = 0; emails[i] != NULL; i++) { + if (is_email_from_domain(emails[i], dom)) { + ret = sysdb_attrs_add_lc_name_alias_safe(attrs, emails[i]); + if (ret) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to add lower-cased version of email [%s] " + "into the alias list\n", emails[i]); + goto done; + } + } + } + } else if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, "No email addresses available.\n"); + } else { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_attrs_get_string_array failed, skipping ...\n"); + } + ret = EOK; done: talloc_free(tmp_ctx); -- 2.4.11