From e5c42c2630093d3020b3c4944cce1646325bc236 Mon Sep 17 00:00:00 2001 From: Fabiano Fidêncio Date: Sep 05 2017 09:13:16 +0000 Subject: SYSDB: Add sysdb_search_by_orig_dn() Three new methods have been added to sysdb's API in order to perform search by the orig dn (which is quite common in SSSD's code base). A common/base method called sysdb_search_by_orig_dn() is the most important one and then a few other helpers for searching users and groups groups directly. Signed-off-by: Fabiano Fidêncio Reviewed-by: Jakub Hrozek Reviewed-by: Lukáš Slebodník --- diff --git a/src/db/sysdb.h b/src/db/sysdb.h index f4cad57..411ee9a 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -342,6 +342,12 @@ struct certmap_info { const char **domains; }; +enum sysdb_member_type { + SYSDB_MEMBER_USER, + SYSDB_MEMBER_GROUP, + SYSDB_MEMBER_NETGROUP, + SYSDB_MEMBER_SERVICE, +}; /* These attributes are stored in the timestamp cache */ extern const char *sysdb_ts_cache_attrs[]; @@ -574,6 +580,20 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, struct sysdb_attrs *override_attrs, struct ldb_dn *obj_dn); +errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + enum sysdb_member_type type, + const char *member_dn, + const char **attrs, + size_t *msgs_counts, + struct ldb_message ***msgs); + +#define sysdb_search_users_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \ + sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_MEMBER_USER, member_dn, attrs, msgs_counts, msgs); + +#define sysdb_search_groups_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \ + sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_MEMBER_GROUP, member_dn, attrs, msgs_counts, msgs); + errno_t sysdb_search_user_override_attrs_by_name(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *name, @@ -1040,13 +1060,6 @@ int sysdb_store_group(struct sss_domain_info *domain, uint64_t cache_timeout, time_t now); -enum sysdb_member_type { - SYSDB_MEMBER_USER, - SYSDB_MEMBER_GROUP, - SYSDB_MEMBER_NETGROUP, - SYSDB_MEMBER_SERVICE, -}; - int sysdb_add_group_member(struct sss_domain_info *domain, const char *group, const char *member, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 7ca6575..4cfef68 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -3236,6 +3236,72 @@ done: return ret; } +static int sysdb_cache_search_users(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + struct ldb_context *ldb, + const char *sub_filter, + const char **attrs, + size_t *msgs_count, + struct ldb_message ***msgs); + +static int sysdb_cache_search_groups(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + struct ldb_context *ldb, + const char *sub_filter, + const char **attrs, + size_t *msgs_count, + struct ldb_message ***msgs); + +errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + enum sysdb_member_type type, + const char *member_dn, + const char **attrs, + size_t *msgs_count, + struct ldb_message ***msgs) +{ + TALLOC_CTX *tmp_ctx; + char *filter; + char *sanitized_dn = NULL; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + ret = sss_filter_sanitize(tmp_ctx, member_dn, &sanitized_dn); + if (ret != EOK) { + goto done; + } + + filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_ORIG_DN, sanitized_dn); + if (filter == NULL) { + ret = ENOMEM; + goto done; + } + + switch (type) { + case SYSDB_MEMBER_USER: + ret = sysdb_cache_search_users(mem_ctx, domain, domain->sysdb->ldb, + filter, attrs, msgs_count, msgs); + break; + case SYSDB_MEMBER_GROUP: + ret = sysdb_cache_search_groups(mem_ctx, domain, domain->sysdb->ldb, + filter, attrs, msgs_count, msgs); + break; + default: + DEBUG(SSSDBG_CRIT_FAILURE, + "Trying to perform a search by orig_dn using a " + "non-supported type\n"); + ret = EINVAL; + goto done; + } + +done: + talloc_free(tmp_ctx); + return ret; +} /* =Custom Store (replaces-existing-data)================== */