From 092b3c062c3568d1a01766d71a25004ee3cfc64e Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 12 Jan 2015 18:36:42 +0100
Subject: [PATCH 159/160] sysdb: fix group members with overridden names

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit fbcdc08722aa8ed17c4b114e01fbb37c02cfb2fe)
---
 src/db/sysdb.h       |  1 +
 src/db/sysdb_views.c | 73 ++++++++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 63 insertions(+), 11 deletions(-)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index b1e057107cc6e3d4ce7b7bb8e821a2414c3424a7..9e33fee37a352498ed0c987dc2ae0da3500d63d5 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -210,6 +210,7 @@
 
 #define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \
                            SYSDB_MEMBERUID, \
+                           SYSDB_MEMBER, \
                            SYSDB_GHOST, \
                            SYSDB_DEFAULT_ATTRS, \
                            SYSDB_SID_STR, \
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
index c735a7bd8588a80743d40438d010db5912f47bb5..717edf20a447003568060cf4d32bf8d47bd93e63 100644
--- a/src/db/sysdb_views.c
+++ b/src/db/sysdb_views.c
@@ -1268,6 +1268,10 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
     const char *override_dn_str;
     struct ldb_dn *override_dn;
     const char *memberuid;
+    const char *orig_name;
+    char *orig_domain;
+    char *val;
+    struct sss_domain_info *orig_dom;
 
     members = ldb_msg_find_element(obj, SYSDB_MEMBER);
     if (members == NULL || members->num_values == 0) {
@@ -1306,6 +1310,12 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
             goto done;
         }
 
+        if (ldb_msg_find_attr_as_uint64(member_obj->msgs[0],
+                                        SYSDB_UIDNUM, 0) == 0) {
+            /* Skip non-POSIX-user members i.e. groups and non-POSIX users */
+            continue;
+        }
+
         override_dn_str = ldb_msg_find_attr_as_string(member_obj->msgs[0],
                                                       SYSDB_OVERRIDE_DN, NULL);
         if (override_dn_str == NULL) {
@@ -1324,6 +1334,16 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
             goto done;
         }
 
+        orig_name = ldb_msg_find_attr_as_string(member_obj->msgs[0],
+                                                SYSDB_NAME,
+                                                NULL);
+        if (orig_name == NULL) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "Object [%s] has no name.\n",
+                  ldb_dn_get_linearized(member_obj->msgs[0]->dn));
+            ret = EINVAL;
+            goto done;
+        }
+
         memberuid = NULL;
         if (ldb_dn_compare(member_obj->msgs[0]->dn, override_dn) != 0) {
             DEBUG(SSSDBG_TRACE_ALL, "Checking override for object [%s].\n",
@@ -1347,29 +1367,60 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
             memberuid = ldb_msg_find_attr_as_string(override_obj->msgs[0],
                                                     SYSDB_NAME,
                                                     NULL);
+
+            if (memberuid != NULL) {
+                ret = sss_parse_name(tmp_ctx, domain->names, orig_name,
+                                     &orig_domain, NULL);
+                if (ret != EOK) {
+                    DEBUG(SSSDBG_OP_FAILURE,
+                         "sss_parse_name failed to split original name [%s].\n",
+                         orig_name);
+                    goto done;
+                }
+
+                if (orig_domain != NULL) {
+                    orig_dom = find_domain_by_name(get_domains_head(domain),
+                                                   orig_domain, true);
+                    if (orig_dom == NULL) {
+                        DEBUG(SSSDBG_CRIT_FAILURE,
+                              "Cannot find domain with name [%s].\n",
+                              orig_domain);
+                        ret = EINVAL;
+                        goto done;
+                    }
+                    memberuid = sss_get_domain_name(tmp_ctx, memberuid,
+                                                    orig_dom);
+                    if (memberuid == NULL) {
+                        DEBUG(SSSDBG_OP_FAILURE,
+                              "sss_get_domain_name failed.\n");
+                        ret = ENOMEM;
+                        goto done;
+                    }
+                }
+            }
         }
 
         if (memberuid == NULL) {
             DEBUG(SSSDBG_TRACE_ALL, "No override name available.\n");
 
-            memberuid = ldb_msg_find_attr_as_string(member_obj->msgs[0],
-                                                    SYSDB_NAME,
-                                                    NULL);
-            if (memberuid == NULL) {
-                DEBUG(SSSDBG_CRIT_FAILURE, "Object [%s] has no name.\n",
-                      ldb_dn_get_linearized(member_obj->msgs[0]->dn));
-                ret = EINVAL;
-                goto done;
-            }
+            memberuid = orig_name;
         }
 
-        ret = ldb_msg_add_string(obj, OVERRIDE_PREFIX SYSDB_MEMBERUID,
-                                 memberuid);
+        val = talloc_strdup(obj, memberuid);
+        if (val == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+            ret = ENOMEM;
+            goto done;
+        }
+
+        ret = ldb_msg_add_string(obj, OVERRIDE_PREFIX SYSDB_MEMBERUID, val);
         if (ret != LDB_SUCCESS) {
             DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
             ret = sysdb_error_to_errno(ret);
             goto done;
         }
+        DEBUG(SSSDBG_TRACE_ALL, "Added [%s] to [%s].\n", memberuid,
+                                OVERRIDE_PREFIX SYSDB_MEMBERUID);
 
         /* Free all temporary data of the current member to avoid memory usage
          * spikes. All temporary data should be allocated below member_dn. */
-- 
2.1.0