[Freeipa-devel] [PATCH] 87 extdom: handle INP_POSIX_UID and INP_POSIX_GID requests

Sumit Bose sbose at redhat.com
Thu Oct 11 10:26:20 UTC 2012 

Hi,

I found this issue while working on a related sssd bug
https://fedorahosted.org/sssd/ticket/1561 .

This patch allows the clients to send a request map a UID or GID for a
trusted user to the name of the user. To achieve this the Posix ID is
mapped to the corresponding SID and then the SID is looked up.

FreeIPA ticket is https://fedorahosted.org/freeipa/ticket/3166 .

bye,
Sumit
-------------- next part --------------
From 014f92f1beda9788721282f54fae285f57f29f95 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Thu, 11 Oct 2012 12:13:53 +0200
Subject: [PATCH] extdom: handle INP_POSIX_UID and INP_POSIX_GID requests

Fixes https://fedorahosted.org/freeipa/ticket/3166
---
 .../ipa-extdom-extop/ipa_extdom_common.c           | 38 ++++++++++++++++++----
 1 Datei ge?ndert, 32 Zeilen hinzugef?gt(+), 6 Zeilen entfernt(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
index 47d4d68d1d7f5e4f02ad68849b840eaa63f7c33d..0c054fb84d375b4e429b35af8f2dc896a475cb2b 100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
@@ -329,20 +329,46 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct extdom_req *req,
     char *name;
     enum wbcSidType name_type;
     struct domain_info *domain_info = NULL;
+    uint32_t id;
+    enum idmap_error_code err;
+    char *sid_str;
 
     ret = get_domain_info(ctx, req->data.name.domain_name, &domain_info);
     if (ret != 0) {
         return LDAP_OPERATIONS_ERROR;
     }
+    if (req->input_type == INP_POSIX_UID || req->input_type == INP_POSIX_GID) {
+        if (req->input_type == INP_POSIX_UID) {
+            id = req->data.posix_uid.uid;
+        } else {
+            id = req->data.posix_gid.gid;
+        }
+
+        err = sss_idmap_unix_to_sid(domain_info->idmap_ctx, id, &sid_str);
+        if (err != IDMAP_SUCCESS) {
+            ret = LDAP_OPERATIONS_ERROR;
+            goto done;
+        }
+
+        werr = wbcStringToSid(sid_str, &sid);
+        free(sid_str);
+        if (!WBC_ERROR_IS_OK(werr)) {
+            ret = LDAP_OPERATIONS_ERROR;
+            goto done;
+        }
+
+    } else if (req->input_type == INP_SID) {
+        werr = wbcStringToSid(req->data.sid, &sid);
+        if (!WBC_ERROR_IS_OK(werr)) {
+            ret = LDAP_OPERATIONS_ERROR;
+            goto done;
+        }
+    }
 
     switch (req->input_type) {
+        case INP_POSIX_UID:
+        case INP_POSIX_GID:
         case INP_SID:
-            werr = wbcStringToSid(req->data.sid, &sid);
-            if (!WBC_ERROR_IS_OK(werr)) {
-                ret = LDAP_OPERATIONS_ERROR;
-                goto done;
-            }
-
             werr = wbcLookupSid(&sid, &domain_name, &name, &name_type);
             if (!WBC_ERROR_IS_OK(werr)) {
                 ret = LDAP_OPERATIONS_ERROR;
-- 
1.7.11.4

More information about the Freeipa-devel mailing list