Hi,
while adding the SID based lookups to SSSD I would some minor issues in
the extdom plugin in code paths which were not used by the current
requests.
Fixes https://fedorahosted.org/freeipa/ticket/3596
bye,
Sumit
From 4db38535ba86a0249c4f11d4adde814eee6547e3 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 24 Apr 2013 14:44:54 +0200
Subject: [PATCH 111/113] Do not lookup up the domain too early if only the SID
is know
Request with a SID as input parameter do not contain the domain name,
hence is must be tried to resolve the SID first before the corresponding
domain can be looked up.
---
.../ipa-extdom-extop/ipa_extdom_common.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
index
660ed04c2ced547027f79b9da01ede21775ede19..e532807aa6f40191724eeb091c7bc22303960135
100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
@@ -332,10 +332,13 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct
extdom_req *req,
enum idmap_error_code err;
char *sid_str;
- ret = get_domain_info(ctx, req->data.name.domain_name, &domain_info);
- if (ret != 0) {
- return LDAP_OPERATIONS_ERROR;
+ if (req->input_type != INP_SID) {
+ ret = get_domain_info(ctx, req->data.name.domain_name, &domain_info);
+ if (ret != 0) {
+ return LDAP_OPERATIONS_ERROR;
+ }
}
+
if (req->input_type == INP_POSIX_UID || req->input_type == INP_POSIX_GID) {
if (req->input_type == INP_POSIX_UID) {
id = req->data.posix_uid.uid;
@@ -374,6 +377,13 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct
extdom_req *req,
goto done;
}
+ if (req->input_type == INP_SID) {
+ ret = get_domain_info(ctx, domain_name, &domain_info);
+ if (ret != 0) {
+ return LDAP_OPERATIONS_ERROR;
+ }
+ }
+
ret = create_response(req, domain_info, domain_name, name, &sid,
name_type, res);
if (ret != 0) {
--
1.8.1.4
From 31526d967dbf3a0eaca141c8d400f5c29b22f511 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Fri, 26 Apr 2013 09:21:43 +0200
Subject: [PATCH 112/113] Do not store SID string in a local buffer
---
.../ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
index
e532807aa6f40191724eeb091c7bc22303960135..ef474d3a175a256bfb4397fe6b21b5ca2cf35c90
100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
@@ -432,7 +432,8 @@ int create_response(struct extdom_req *req, struct
domain_info *domain_info,
struct extdom_res *res;
uint32_t id;
enum idmap_error_code err;
- char sid_str[WBC_SID_STRING_BUFLEN + 1];
+ char *sid_str;
+ wbcErr werr;
res = malloc(sizeof(struct extdom_res));
if (res == NULL) {
@@ -450,9 +451,8 @@ int create_response(struct extdom_req *req, struct
domain_info *domain_info,
case INP_NAME:
res->response_type = RESP_SID;
- len = wbcSidToStringBuf(sid, sid_str,
- WBC_SID_STRING_BUFLEN);
- if (len + 1 > WBC_SID_STRING_BUFLEN) {
+ werr = wbcSidToString(sid, &sid_str);
+ if (!WBC_ERROR_IS_OK(werr)) {
ret = EINVAL;
goto done;
}
@@ -465,13 +465,14 @@ int create_response(struct extdom_req *req, struct
domain_info *domain_info,
}
break;
case REQ_FULL:
- len = wbcSidToStringBuf(sid, sid_str, WBC_SID_STRING_BUFLEN);
- if (len + 1 > WBC_SID_STRING_BUFLEN) {
+ len = wbcSidToString(sid, &sid_str);
+ if (!WBC_ERROR_IS_OK(werr)) {
ret = EINVAL;
goto done;
}
err = sss_idmap_sid_to_unix(domain_info->idmap_ctx, sid_str, &id);
+ wbcFreeMemory(sid_str);
if (err != IDMAP_SUCCESS) {
ret = EINVAL;
goto done;
@@ -566,6 +567,7 @@ int pack_response(struct extdom_res *res, struct berval
**ret_val)
switch (res->response_type) {
case RESP_SID:
ret = ber_printf(ber,"{es}", res->response_type, res->data.sid);
+ wbcFreeMemory(res->data.sid);
break;
case RESP_NAME:
ret = ber_printf(ber,"{e{ss}}", res->response_type,
--
1.8.1.4
From faf8a7cd0361e07dbdad336bd0df73184afb05c7 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Fri, 26 Apr 2013 17:20:49 +0200
Subject: [PATCH 113/113] Allow ID-to-SID mappings in the extdom plugin
---
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
index
ef474d3a175a256bfb4397fe6b21b5ca2cf35c90..b6136ee78cb75b37d2dcf16bd1b0e7871f5f1d84
100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
@@ -449,6 +449,8 @@ int create_response(struct extdom_req *req, struct
domain_info *domain_info,
res->data.name.object_name = name;
break;
case INP_NAME:
+ case INP_POSIX_UID:
+ case INP_POSIX_GID:
res->response_type = RESP_SID;
werr = wbcSidToString(sid, &sid_str);
--
1.8.1.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
