Hi, I found this issue while working on a related sssd bug https://fedorahosted.org/sssd/ticket/1561 .
This patch allows the clients to send a request map a UID or GID for a trusted user to the name of the user. To achieve this the Posix ID is mapped to the corresponding SID and then the SID is looked up. FreeIPA ticket is https://fedorahosted.org/freeipa/ticket/3166 . bye, Sumit
From 014f92f1beda9788721282f54fae285f57f29f95 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Thu, 11 Oct 2012 12:13:53 +0200 Subject: [PATCH] extdom: handle INP_POSIX_UID and INP_POSIX_GID requests Fixes https://fedorahosted.org/freeipa/ticket/3166 --- .../ipa-extdom-extop/ipa_extdom_common.c | 38 ++++++++++++++++++---- 1 Datei geändert, 32 Zeilen hinzugefügt(+), 6 Zeilen entfernt(-) diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c index 47d4d68d1d7f5e4f02ad68849b840eaa63f7c33d..0c054fb84d375b4e429b35af8f2dc896a475cb2b 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c @@ -329,20 +329,46 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct extdom_req *req, char *name; enum wbcSidType name_type; struct domain_info *domain_info = NULL; + uint32_t id; + enum idmap_error_code err; + char *sid_str; ret = get_domain_info(ctx, req->data.name.domain_name, &domain_info); if (ret != 0) { return LDAP_OPERATIONS_ERROR; } + if (req->input_type == INP_POSIX_UID || req->input_type == INP_POSIX_GID) { + if (req->input_type == INP_POSIX_UID) { + id = req->data.posix_uid.uid; + } else { + id = req->data.posix_gid.gid; + } + + err = sss_idmap_unix_to_sid(domain_info->idmap_ctx, id, &sid_str); + if (err != IDMAP_SUCCESS) { + ret = LDAP_OPERATIONS_ERROR; + goto done; + } + + werr = wbcStringToSid(sid_str, &sid); + free(sid_str); + if (!WBC_ERROR_IS_OK(werr)) { + ret = LDAP_OPERATIONS_ERROR; + goto done; + } + + } else if (req->input_type == INP_SID) { + werr = wbcStringToSid(req->data.sid, &sid); + if (!WBC_ERROR_IS_OK(werr)) { + ret = LDAP_OPERATIONS_ERROR; + goto done; + } + } switch (req->input_type) { + case INP_POSIX_UID: + case INP_POSIX_GID: case INP_SID: - werr = wbcStringToSid(req->data.sid, &sid); - if (!WBC_ERROR_IS_OK(werr)) { - ret = LDAP_OPERATIONS_ERROR; - goto done; - } - werr = wbcLookupSid(&sid, &domain_name, &name, &name_type); if (!WBC_ERROR_IS_OK(werr)) { ret = LDAP_OPERATIONS_ERROR; -- 1.7.11.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel