Hi, while adding the SID based lookups to SSSD I would some minor issues in the extdom plugin in code paths which were not used by the current requests.
Fixes https://fedorahosted.org/freeipa/ticket/3596 bye, Sumit
From 4db38535ba86a0249c4f11d4adde814eee6547e3 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Wed, 24 Apr 2013 14:44:54 +0200 Subject: [PATCH 111/113] Do not lookup up the domain too early if only the SID is know Request with a SID as input parameter do not contain the domain name, hence is must be tried to resolve the SID first before the corresponding domain can be looked up. --- .../ipa-extdom-extop/ipa_extdom_common.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c index 660ed04c2ced547027f79b9da01ede21775ede19..e532807aa6f40191724eeb091c7bc22303960135 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c @@ -332,10 +332,13 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct extdom_req *req, enum idmap_error_code err; char *sid_str; - ret = get_domain_info(ctx, req->data.name.domain_name, &domain_info); - if (ret != 0) { - return LDAP_OPERATIONS_ERROR; + if (req->input_type != INP_SID) { + ret = get_domain_info(ctx, req->data.name.domain_name, &domain_info); + if (ret != 0) { + return LDAP_OPERATIONS_ERROR; + } } + if (req->input_type == INP_POSIX_UID || req->input_type == INP_POSIX_GID) { if (req->input_type == INP_POSIX_UID) { id = req->data.posix_uid.uid; @@ -374,6 +377,13 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct extdom_req *req, goto done; } + if (req->input_type == INP_SID) { + ret = get_domain_info(ctx, domain_name, &domain_info); + if (ret != 0) { + return LDAP_OPERATIONS_ERROR; + } + } + ret = create_response(req, domain_info, domain_name, name, &sid, name_type, res); if (ret != 0) { -- 1.8.1.4
From 31526d967dbf3a0eaca141c8d400f5c29b22f511 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 26 Apr 2013 09:21:43 +0200 Subject: [PATCH 112/113] Do not store SID string in a local buffer --- .../ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c index e532807aa6f40191724eeb091c7bc22303960135..ef474d3a175a256bfb4397fe6b21b5ca2cf35c90 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c @@ -432,7 +432,8 @@ int create_response(struct extdom_req *req, struct domain_info *domain_info, struct extdom_res *res; uint32_t id; enum idmap_error_code err; - char sid_str[WBC_SID_STRING_BUFLEN + 1]; + char *sid_str; + wbcErr werr; res = malloc(sizeof(struct extdom_res)); if (res == NULL) { @@ -450,9 +451,8 @@ int create_response(struct extdom_req *req, struct domain_info *domain_info, case INP_NAME: res->response_type = RESP_SID; - len = wbcSidToStringBuf(sid, sid_str, - WBC_SID_STRING_BUFLEN); - if (len + 1 > WBC_SID_STRING_BUFLEN) { + werr = wbcSidToString(sid, &sid_str); + if (!WBC_ERROR_IS_OK(werr)) { ret = EINVAL; goto done; } @@ -465,13 +465,14 @@ int create_response(struct extdom_req *req, struct domain_info *domain_info, } break; case REQ_FULL: - len = wbcSidToStringBuf(sid, sid_str, WBC_SID_STRING_BUFLEN); - if (len + 1 > WBC_SID_STRING_BUFLEN) { + len = wbcSidToString(sid, &sid_str); + if (!WBC_ERROR_IS_OK(werr)) { ret = EINVAL; goto done; } err = sss_idmap_sid_to_unix(domain_info->idmap_ctx, sid_str, &id); + wbcFreeMemory(sid_str); if (err != IDMAP_SUCCESS) { ret = EINVAL; goto done; @@ -566,6 +567,7 @@ int pack_response(struct extdom_res *res, struct berval **ret_val) switch (res->response_type) { case RESP_SID: ret = ber_printf(ber,"{es}", res->response_type, res->data.sid); + wbcFreeMemory(res->data.sid); break; case RESP_NAME: ret = ber_printf(ber,"{e{ss}}", res->response_type, -- 1.8.1.4
From faf8a7cd0361e07dbdad336bd0df73184afb05c7 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 26 Apr 2013 17:20:49 +0200 Subject: [PATCH 113/113] Allow ID-to-SID mappings in the extdom plugin --- daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c index ef474d3a175a256bfb4397fe6b21b5ca2cf35c90..b6136ee78cb75b37d2dcf16bd1b0e7871f5f1d84 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c @@ -449,6 +449,8 @@ int create_response(struct extdom_req *req, struct domain_info *domain_info, res->data.name.object_name = name; break; case INP_NAME: + case INP_POSIX_UID: + case INP_POSIX_GID: res->response_type = RESP_SID; werr = wbcSidToString(sid, &sid_str); -- 1.8.1.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel