[Freeipa-devel] [PATCH] 131-132 extdom: add support for sss_nss_getorigbyname()
Sumit Bose
sbose at redhat.com
Fri Oct 17 09:53:44 UTC 2014
Hi,
the first patch replaces sss_nss_getsidbyname() by
sss_nss_getorigbyname() for the new version of the extdom interface.
The new call returns more data about the original object and allows the
IPA client to have the same information about the object in the SSSD
cache as the IPA servers.
The second patch just removes an obsolete dependency.
bye,
Sumit
-------------- next part --------------
From 928c04c35601b7bc1c57c1320e4a746abc35e947 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Fri, 10 Oct 2014 10:56:37 +0200
Subject: [PATCH 131/132] extdom: add support for sss_nss_getorigbyname()
---
.../ipa-extdom-extop/ipa_extdom_common.c | 167 +++++++++++++++++----
1 file changed, 135 insertions(+), 32 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
index d1d214ae769946a89ffe1702382e5db70035fdac..685edac2b26f425c42ff84105400a219f4cfca2f 100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
@@ -254,6 +254,34 @@ static int get_user_grouplist(const char *name, gid_t gid,
return LDAP_SUCCESS;
}
+static int add_kv_list(BerElement *ber, struct sss_nss_kv *kv_list)
+{
+ size_t c;
+ int ret;
+ const char *single_value_string_array[] = {NULL, NULL};
+
+ ret = ber_printf(ber,"{");
+ if (ret == -1) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ for (c = 0; kv_list[c].key != NULL; c++) {
+ single_value_string_array[0] = kv_list[c].value;
+ ret = ber_printf(ber,"{s{v}}", kv_list[c].key,
+ single_value_string_array);
+ if (ret == -1) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+ }
+
+ ret = ber_printf(ber,"}");
+ if (ret == -1) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+
+ return LDAP_SUCCESS;
+}
+
static int pack_ber_sid(const char *sid, struct berval **berval)
{
BerElement *ber = NULL;
@@ -285,7 +313,7 @@ static int pack_ber_user(enum response_types response_type,
const char *domain_name, const char *user_name,
uid_t uid, gid_t gid,
const char *gecos, const char *homedir,
- const char *shell, const char *sid_str,
+ const char *shell, struct sss_nss_kv *kv_list,
struct berval **berval)
{
BerElement *ber = NULL;
@@ -299,7 +327,6 @@ static int pack_ber_user(enum response_types response_type,
size_t c;
char *locat;
char *short_user_name = NULL;
- const char *single_value_string_array[] = {NULL, NULL};
short_user_name = strdup(user_name);
if ((locat = strchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
@@ -370,12 +397,11 @@ static int pack_ber_user(enum response_types response_type,
goto done;
}
- single_value_string_array[0] = sid_str;
- ret = ber_printf(ber,"{{s{v}}}", SSSD_SYSDB_SID_STR,
- single_value_string_array);
- if (ret == -1) {
- ret = LDAP_OPERATIONS_ERROR;
- goto done;
+ if (kv_list != NULL) {
+ ret = add_kv_list(ber, kv_list);
+ if (ret != LDAP_SUCCESS) {
+ goto done;
+ }
}
}
@@ -402,7 +428,7 @@ done:
static int pack_ber_group(enum response_types response_type,
const char *domain_name, const char *group_name,
- gid_t gid, char **members, const char *sid_str,
+ gid_t gid, char **members, struct sss_nss_kv *kv_list,
struct berval **berval)
{
BerElement *ber = NULL;
@@ -410,7 +436,6 @@ static int pack_ber_group(enum response_types response_type,
size_t c;
char *locat;
char *short_group_name = NULL;
- const char *single_value_string_array[] = {NULL, NULL};
short_group_name = strdup(group_name);
if ((locat = strchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
@@ -455,12 +480,11 @@ static int pack_ber_group(enum response_types response_type,
goto done;
}
- single_value_string_array[0] = sid_str;
- ret = ber_printf(ber,"{{s{v}}}", SSSD_SYSDB_SID_STR,
- single_value_string_array);
- if (ret == -1) {
- ret = LDAP_OPERATIONS_ERROR;
- goto done;
+ if (kv_list != NULL) {
+ ret = add_kv_list(ber, kv_list);
+ if (ret != LDAP_SUCCESS) {
+ goto done;
+ }
}
}
@@ -521,13 +545,14 @@ static int handle_uid_request(enum request_types request_type, uid_t uid,
enum sss_id_type id_type;
size_t buf_len;
char *buf = NULL;
+ struct sss_nss_kv *kv_list = NULL;
ret = get_buffer(&buf_len, &buf);
if (ret != LDAP_SUCCESS) {
return ret;
}
- if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) {
+ if (request_type == REQ_SIMPLE) {
ret = sss_nss_getsidbyid(uid, &sid_str, &id_type);
if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
|| id_type == SSS_ID_TYPE_BOTH)) {
@@ -538,9 +563,7 @@ static int handle_uid_request(enum request_types request_type, uid_t uid,
}
goto done;
}
- }
- if (request_type == REQ_SIMPLE) {
ret = pack_ber_sid(sid_str, berval);
} else {
ret = getpwuid_r(uid, &pwd, buf, buf_len, &pwd_result);
@@ -553,14 +576,28 @@ static int handle_uid_request(enum request_types request_type, uid_t uid,
goto done;
}
+ if (request_type == REQ_FULL_WITH_GROUPS) {
+ ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
+ if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
+ || id_type == SSS_ID_TYPE_BOTH)) {
+ if (ret == ENOENT) {
+ ret = LDAP_NO_SUCH_OBJECT;
+ } else {
+ ret = LDAP_OPERATIONS_ERROR;
+ }
+ goto done;
+ }
+ }
+
ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER
: RESP_USER_GROUPLIST),
domain_name, pwd.pw_name, pwd.pw_uid,
pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir,
- pwd.pw_shell, sid_str, berval);
+ pwd.pw_shell, kv_list, berval);
}
done:
+ sss_nss_free_kv(kv_list);
free(sid_str);
free(buf);
return ret;
@@ -576,13 +613,14 @@ static int handle_gid_request(enum request_types request_type, gid_t gid,
enum sss_id_type id_type;
size_t buf_len;
char *buf = NULL;
+ struct sss_nss_kv *kv_list;
ret = get_buffer(&buf_len, &buf);
if (ret != LDAP_SUCCESS) {
return ret;
}
- if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) {
+ if (request_type == REQ_SIMPLE) {
ret = sss_nss_getsidbyid(gid, &sid_str, &id_type);
if (ret != 0 || id_type != SSS_ID_TYPE_GID) {
if (ret == ENOENT) {
@@ -592,9 +630,7 @@ static int handle_gid_request(enum request_types request_type, gid_t gid,
}
goto done;
}
- }
- if (request_type == REQ_SIMPLE) {
ret = pack_ber_sid(sid_str, berval);
} else {
ret = getgrgid_r(gid, &grp, buf, buf_len, &grp_result);
@@ -607,13 +643,27 @@ static int handle_gid_request(enum request_types request_type, gid_t gid,
goto done;
}
+ if (request_type == REQ_FULL_WITH_GROUPS) {
+ ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
+ if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
+ || id_type == SSS_ID_TYPE_BOTH)) {
+ if (ret == ENOENT) {
+ ret = LDAP_NO_SUCH_OBJECT;
+ } else {
+ ret = LDAP_OPERATIONS_ERROR;
+ }
+ goto done;
+ }
+ }
+
ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP
: RESP_GROUP_MEMBERS),
domain_name, grp.gr_name, grp.gr_gid,
- grp.gr_mem, sid_str, berval);
+ grp.gr_mem, kv_list, berval);
}
done:
+ sss_nss_free_kv(kv_list);
free(sid_str);
free(buf);
return ret;
@@ -634,6 +684,7 @@ static int handle_sid_request(enum request_types request_type, const char *sid,
size_t buf_len;
char *buf = NULL;
enum sss_id_type id_type;
+ struct sss_nss_kv *kv_list;
ret = sss_nss_getnamebysid(sid, &fq_name, &id_type);
if (ret != 0) {
@@ -682,11 +733,24 @@ static int handle_sid_request(enum request_types request_type, const char *sid,
goto done;
}
+ if (request_type == REQ_FULL_WITH_GROUPS) {
+ ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
+ if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
+ || id_type == SSS_ID_TYPE_BOTH)) {
+ if (ret == ENOENT) {
+ ret = LDAP_NO_SUCH_OBJECT;
+ } else {
+ ret = LDAP_OPERATIONS_ERROR;
+ }
+ goto done;
+ }
+ }
+
ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER
: RESP_USER_GROUPLIST),
domain_name, pwd.pw_name, pwd.pw_uid,
pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir,
- pwd.pw_shell, sid, berval);
+ pwd.pw_shell, kv_list, berval);
break;
case SSS_ID_TYPE_GID:
ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result);
@@ -700,10 +764,23 @@ static int handle_sid_request(enum request_types request_type, const char *sid,
goto done;
}
+ if (request_type == REQ_FULL_WITH_GROUPS) {
+ ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
+ if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
+ || id_type == SSS_ID_TYPE_BOTH)) {
+ if (ret == ENOENT) {
+ ret = LDAP_NO_SUCH_OBJECT;
+ } else {
+ ret = LDAP_OPERATIONS_ERROR;
+ }
+ goto done;
+ }
+ }
+
ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP
: RESP_GROUP_MEMBERS),
domain_name, grp.gr_name, grp.gr_gid,
- grp.gr_mem, sid, berval);
+ grp.gr_mem, kv_list, berval);
break;
default:
ret = LDAP_OPERATIONS_ERROR;
@@ -711,6 +788,7 @@ static int handle_sid_request(enum request_types request_type, const char *sid,
}
done:
+ sss_nss_free_kv(kv_list);
free(fq_name);
free(object_name);
free(domain_name);
@@ -733,6 +811,7 @@ static int handle_name_request(enum request_types request_type,
enum sss_id_type id_type;
size_t buf_len;
char *buf = NULL;
+ struct sss_nss_kv *kv_list;
ret = asprintf(&fq_name, "%s%c%s", name, SSSD_DOMAIN_SEPARATOR,
domain_name);
@@ -743,7 +822,7 @@ static int handle_name_request(enum request_types request_type,
goto done;
}
- if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) {
+ if (request_type == REQ_SIMPLE) {
ret = sss_nss_getsidbyname(fq_name, &sid_str, &id_type);
if (ret != 0) {
if (ret == ENOENT) {
@@ -751,11 +830,9 @@ static int handle_name_request(enum request_types request_type,
} else {
ret = LDAP_OPERATIONS_ERROR;
}
- goto done;
+ goto done;
}
- }
- if (request_type == REQ_SIMPLE) {
ret = pack_ber_sid(sid_str, berval);
} else {
ret = get_buffer(&buf_len, &buf);
@@ -772,11 +849,23 @@ static int handle_name_request(enum request_types request_type,
}
if (pwd_result != NULL) {
+ if (request_type == REQ_FULL_WITH_GROUPS) {
+ ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
+ if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
+ || id_type == SSS_ID_TYPE_BOTH)) {
+ if (ret == ENOENT) {
+ ret = LDAP_NO_SUCH_OBJECT;
+ } else {
+ ret = LDAP_OPERATIONS_ERROR;
+ }
+ goto done;
+ }
+ }
ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER
: RESP_USER_GROUPLIST),
domain_name, pwd.pw_name, pwd.pw_uid,
pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir,
- pwd.pw_shell, sid_str, berval);
+ pwd.pw_shell, kv_list, berval);
} else { /* no user entry found */
ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result);
if (ret != 0) {
@@ -789,14 +878,28 @@ static int handle_name_request(enum request_types request_type,
goto done;
}
+ if (request_type == REQ_FULL_WITH_GROUPS) {
+ ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
+ if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
+ || id_type == SSS_ID_TYPE_BOTH)) {
+ if (ret == ENOENT) {
+ ret = LDAP_NO_SUCH_OBJECT;
+ } else {
+ ret = LDAP_OPERATIONS_ERROR;
+ }
+ goto done;
+ }
+ }
+
ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP
: RESP_GROUP_MEMBERS),
domain_name, grp.gr_name, grp.gr_gid,
- grp.gr_mem, sid_str, berval);
+ grp.gr_mem, kv_list, berval);
}
}
done:
+ sss_nss_free_kv(kv_list);
free(fq_name);
free(sid_str);
free(buf);
--
1.8.5.3
-------------- next part --------------
From f83616c145d5d14d125c663f9ac4e31cff4af81b Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Wed, 15 Oct 2014 16:21:53 +0200
Subject: [PATCH 132/132] extdom: remove unused dependency to libsss_idmap
---
daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am | 3 ---
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h | 2 --
2 files changed, 5 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am b/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am
index 7099a988878e2bc0cf840eab0b14fa9f40805a51..0008476796f5b20f62f2c32e7b291b787fa7a6fc 100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am
@@ -15,7 +15,6 @@ AM_CPPFLAGS = \
-DDATADIR=\""$(datadir)"\" \
$(LDAP_CFLAGS) \
$(WARN_CFLAGS) \
- $(SSSIDMAP_CFLAGS) \
$(SSSNSSIDMAP_CFLAGS) \
$(NULL)
@@ -33,7 +32,6 @@ libipa_extdom_extop_la_LDFLAGS = -avoid-version
libipa_extdom_extop_la_LIBADD = \
$(LDAP_LIBS) \
- $(SSSIDMAP_LIBS) \
$(SSSNSSIDMAP_LIBS) \
$(NULL)
@@ -54,7 +52,6 @@ extdom_tests_LDADD = \
$(CHECK_LIBS) \
$(LDAP_LIBS) \
$(DIRSRV_LIBS) \
- $(SSSIDMAP_LIBS) \
$(SSSNSSIDMAP_LIBS) \
$(NULL)
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h
index 90f8390d871a698dc00ef56c41be0749eaa13424..56ca5009b1aa427f6c059b78ac392c768e461e2e 100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h
@@ -60,7 +60,6 @@
#include <lber.h>
#include <time.h>
-#include <sss_idmap.h>
#include <sss_nss_idmap.h>
#define EXOP_EXTDOM_OID "2.16.840.1.113730.3.8.10.4"
@@ -157,7 +156,6 @@ struct domain_info {
char *flat_name;
char *sid;
char *guid;
- struct sss_idmap_ctx *idmap_ctx;
};
struct pwd_grp {
--
1.8.5.3
More information about the Freeipa-devel
mailing list