Re: [Freeipa-devel] [PATCH] 131-132 extdom: add support for sss_nss_getorigbyname()

Sumit Bose Mon, 20 Oct 2014 01:44:08 -0700

On Sun, Oct 19, 2014 at 10:04:29PM +0200, Jakub Hrozek wrote:
> On Fri, Oct 17, 2014 at 11:53:44AM +0200, Sumit Bose wrote:
> > Hi,
> > 
> > the first patch replaces sss_nss_getsidbyname() by
> > sss_nss_getorigbyname() for the new version of the extdom interface.
> > The new call returns more data about the original object and allows the
> > IPA client to have the same information about the object in the SSSD
> > cache as the IPA servers.
> > 
> > The second patch just removes an obsolete dependency.
> > 
> > bye,
> > Sumit
> 
> Hi,
> 
> I was unable to send the patches through Coverity, the RH server seems
> to be having issues. I'll wait until tomorrow, if the problems persist,
> we'll just skip Coverity and fix any potential problems post-push.
> 
> > From 928c04c35601b7bc1c57c1320e4a746abc35e947 Mon Sep 17 00:00:00 2001
> > From: Sumit Bose <sb...@redhat.com>
> > Date: Fri, 10 Oct 2014 10:56:37 +0200
> > Subject: [PATCH 131/132] extdom: add support for sss_nss_getorigbyname()
> 
> [...]
> 
> > @@ -576,13 +613,14 @@ static int handle_gid_request(enum request_types 
> > request_type, gid_t gid,
> >      enum sss_id_type id_type;
> >      size_t buf_len;
> >      char *buf = NULL;
> > +    struct sss_nss_kv *kv_list;
> 
> Please set kv_list to NULL here, you're freeing the pointer
> unconditionally in the done handler, but in some cases (request_type ==
> REQ_SIMPLE) kv_list is not set at all.


Thank you for the review. I fixed it here and at the two other places.
Since sss_nss_getorigbyname() will only be available in the upcoming
SSSD release I added 'BuildRequires:  libsss_nss_idmap-devel >= 1.12.2'
to freeipa.spec.in.

New version attached.

bye,
Sumit

From a11f42dec7dc1aa1b8b4aef11fa24ce3dc60a109 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Fri, 10 Oct 2014 10:56:37 +0200
Subject: [PATCH 131/132] extdom: add support for sss_nss_getorigbyname()

---
 .../ipa-extdom-extop/ipa_extdom_common.c           | 167 +++++++++++++++++----
 freeipa.spec.in                                    |   2 +-
 2 files changed, 136 insertions(+), 33 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c 
b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
index 
d1d214ae769946a89ffe1702382e5db70035fdac..df04347e3d36b33ca0a4ea2391f60d97b75a97bf
 100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
@@ -254,6 +254,34 @@ static int get_user_grouplist(const char *name, gid_t gid,
     return LDAP_SUCCESS;
 }
 
+static int add_kv_list(BerElement *ber, struct sss_nss_kv *kv_list)
+{
+    size_t c;
+    int ret;
+    const char *single_value_string_array[] = {NULL, NULL};
+
+    ret = ber_printf(ber,"{");
+    if (ret == -1) {
+        return LDAP_OPERATIONS_ERROR;
+    }
+
+    for (c = 0; kv_list[c].key != NULL; c++) {
+        single_value_string_array[0] = kv_list[c].value;
+        ret = ber_printf(ber,"{s{v}}", kv_list[c].key,
+                                       single_value_string_array);
+        if (ret == -1) {
+            return LDAP_OPERATIONS_ERROR;
+        }
+    }
+
+    ret = ber_printf(ber,"}");
+    if (ret == -1) {
+        return LDAP_OPERATIONS_ERROR;
+    }
+
+    return LDAP_SUCCESS;
+}
+
 static int pack_ber_sid(const char *sid, struct berval **berval)
 {
     BerElement *ber = NULL;
@@ -285,7 +313,7 @@ static int pack_ber_user(enum response_types response_type,
                          const char *domain_name, const char *user_name,
                          uid_t uid, gid_t gid,
                          const char *gecos, const char *homedir,
-                         const char *shell, const char *sid_str,
+                         const char *shell, struct sss_nss_kv *kv_list,
                          struct berval **berval)
 {
     BerElement *ber = NULL;
@@ -299,7 +327,6 @@ static int pack_ber_user(enum response_types response_type,
     size_t c;
     char *locat;
     char *short_user_name = NULL;
-    const char *single_value_string_array[] = {NULL, NULL};
 
     short_user_name = strdup(user_name);
     if ((locat = strchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
@@ -370,12 +397,11 @@ static int pack_ber_user(enum response_types 
response_type,
             goto done;
         }
 
-        single_value_string_array[0] = sid_str;
-        ret = ber_printf(ber,"{{s{v}}}", SSSD_SYSDB_SID_STR,
-                                         single_value_string_array);
-        if (ret == -1) {
-            ret = LDAP_OPERATIONS_ERROR;
-            goto done;
+        if (kv_list != NULL) {
+            ret = add_kv_list(ber, kv_list);
+            if (ret != LDAP_SUCCESS) {
+                goto done;
+            }
         }
     }
 
@@ -402,7 +428,7 @@ done:
 
 static int pack_ber_group(enum response_types response_type,
                           const char *domain_name, const char *group_name,
-                          gid_t gid, char **members, const char *sid_str,
+                          gid_t gid, char **members, struct sss_nss_kv 
*kv_list,
                           struct berval **berval)
 {
     BerElement *ber = NULL;
@@ -410,7 +436,6 @@ static int pack_ber_group(enum response_types response_type,
     size_t c;
     char *locat;
     char *short_group_name = NULL;
-    const char *single_value_string_array[] = {NULL, NULL};
 
     short_group_name = strdup(group_name);
     if ((locat = strchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) {
@@ -455,12 +480,11 @@ static int pack_ber_group(enum response_types 
response_type,
             goto done;
         }
 
-        single_value_string_array[0] = sid_str;
-        ret = ber_printf(ber,"{{s{v}}}", SSSD_SYSDB_SID_STR,
-                                         single_value_string_array);
-        if (ret == -1) {
-            ret = LDAP_OPERATIONS_ERROR;
-            goto done;
+        if (kv_list != NULL) {
+            ret = add_kv_list(ber, kv_list);
+            if (ret != LDAP_SUCCESS) {
+                goto done;
+            }
         }
 
     }
@@ -521,13 +545,14 @@ static int handle_uid_request(enum request_types 
request_type, uid_t uid,
     enum sss_id_type id_type;
     size_t buf_len;
     char *buf = NULL;
+    struct sss_nss_kv *kv_list = NULL;
 
     ret = get_buffer(&buf_len, &buf);
     if (ret != LDAP_SUCCESS) {
         return ret;
     }
 
-    if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) {
+    if (request_type == REQ_SIMPLE) {
         ret = sss_nss_getsidbyid(uid, &sid_str, &id_type);
         if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
                             || id_type == SSS_ID_TYPE_BOTH)) {
@@ -538,9 +563,7 @@ static int handle_uid_request(enum request_types 
request_type, uid_t uid,
             }
             goto done;
         }
-    }
 
-    if (request_type == REQ_SIMPLE) {
         ret = pack_ber_sid(sid_str, berval);
     } else {
         ret = getpwuid_r(uid, &pwd, buf, buf_len, &pwd_result);
@@ -553,14 +576,28 @@ static int handle_uid_request(enum request_types 
request_type, uid_t uid,
             goto done;
         }
 
+        if (request_type == REQ_FULL_WITH_GROUPS) {
+            ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
+            if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
+                                || id_type == SSS_ID_TYPE_BOTH)) {
+                if (ret == ENOENT) {
+                    ret = LDAP_NO_SUCH_OBJECT;
+                } else {
+                    ret = LDAP_OPERATIONS_ERROR;
+                }
+                goto done;
+            }
+        }
+
         ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER
                                                       : RESP_USER_GROUPLIST),
                             domain_name, pwd.pw_name, pwd.pw_uid,
                             pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir,
-                            pwd.pw_shell, sid_str, berval);
+                            pwd.pw_shell, kv_list, berval);
     }
 
 done:
+    sss_nss_free_kv(kv_list);
     free(sid_str);
     free(buf);
     return ret;
@@ -576,13 +613,14 @@ static int handle_gid_request(enum request_types 
request_type, gid_t gid,
     enum sss_id_type id_type;
     size_t buf_len;
     char *buf = NULL;
+    struct sss_nss_kv *kv_list = NULL;
 
     ret = get_buffer(&buf_len, &buf);
     if (ret != LDAP_SUCCESS) {
         return ret;
     }
 
-    if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) {
+    if (request_type == REQ_SIMPLE) {
         ret = sss_nss_getsidbyid(gid, &sid_str, &id_type);
         if (ret != 0 || id_type != SSS_ID_TYPE_GID) {
             if (ret == ENOENT) {
@@ -592,9 +630,7 @@ static int handle_gid_request(enum request_types 
request_type, gid_t gid,
             }
             goto done;
         }
-    }
 
-    if (request_type == REQ_SIMPLE) {
         ret = pack_ber_sid(sid_str, berval);
     } else {
         ret = getgrgid_r(gid, &grp, buf, buf_len, &grp_result);
@@ -607,13 +643,27 @@ static int handle_gid_request(enum request_types 
request_type, gid_t gid,
             goto done;
         }
 
+        if (request_type == REQ_FULL_WITH_GROUPS) {
+            ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
+            if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
+                                || id_type == SSS_ID_TYPE_BOTH)) {
+                if (ret == ENOENT) {
+                    ret = LDAP_NO_SUCH_OBJECT;
+                } else {
+                    ret = LDAP_OPERATIONS_ERROR;
+                }
+                goto done;
+            }
+        }
+
         ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP
                                                        : RESP_GROUP_MEMBERS),
                              domain_name, grp.gr_name, grp.gr_gid,
-                             grp.gr_mem, sid_str, berval);
+                             grp.gr_mem, kv_list, berval);
     }
 
 done:
+    sss_nss_free_kv(kv_list);
     free(sid_str);
     free(buf);
     return ret;
@@ -634,6 +684,7 @@ static int handle_sid_request(enum request_types 
request_type, const char *sid,
     size_t buf_len;
     char *buf = NULL;
     enum sss_id_type id_type;
+    struct sss_nss_kv *kv_list = NULL;
 
     ret = sss_nss_getnamebysid(sid, &fq_name, &id_type);
     if (ret != 0) {
@@ -682,11 +733,24 @@ static int handle_sid_request(enum request_types 
request_type, const char *sid,
             goto done;
         }
 
+        if (request_type == REQ_FULL_WITH_GROUPS) {
+            ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
+            if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
+                                || id_type == SSS_ID_TYPE_BOTH)) {
+                if (ret == ENOENT) {
+                    ret = LDAP_NO_SUCH_OBJECT;
+                } else {
+                    ret = LDAP_OPERATIONS_ERROR;
+                }
+                goto done;
+            }
+        }
+
         ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER
                                                       : RESP_USER_GROUPLIST),
                             domain_name, pwd.pw_name, pwd.pw_uid,
                             pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir,
-                            pwd.pw_shell, sid, berval);
+                            pwd.pw_shell, kv_list, berval);
         break;
     case SSS_ID_TYPE_GID:
         ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result);
@@ -700,10 +764,23 @@ static int handle_sid_request(enum request_types 
request_type, const char *sid,
             goto done;
         }
 
+        if (request_type == REQ_FULL_WITH_GROUPS) {
+            ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
+            if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
+                                || id_type == SSS_ID_TYPE_BOTH)) {
+                if (ret == ENOENT) {
+                    ret = LDAP_NO_SUCH_OBJECT;
+                } else {
+                    ret = LDAP_OPERATIONS_ERROR;
+                }
+                goto done;
+            }
+        }
+
         ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP
                                                        : RESP_GROUP_MEMBERS),
                              domain_name, grp.gr_name, grp.gr_gid,
-                             grp.gr_mem, sid, berval);
+                             grp.gr_mem, kv_list, berval);
         break;
     default:
         ret = LDAP_OPERATIONS_ERROR;
@@ -711,6 +788,7 @@ static int handle_sid_request(enum request_types 
request_type, const char *sid,
     }
 
 done:
+    sss_nss_free_kv(kv_list);
     free(fq_name);
     free(object_name);
     free(domain_name);
@@ -733,6 +811,7 @@ static int handle_name_request(enum request_types 
request_type,
     enum sss_id_type id_type;
     size_t buf_len;
     char *buf = NULL;
+    struct sss_nss_kv *kv_list = NULL;
 
     ret = asprintf(&fq_name, "%s%c%s", name, SSSD_DOMAIN_SEPARATOR,
                                        domain_name);
@@ -743,7 +822,7 @@ static int handle_name_request(enum request_types 
request_type,
         goto done;
     }
 
-    if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) {
+    if (request_type == REQ_SIMPLE) {
         ret = sss_nss_getsidbyname(fq_name, &sid_str, &id_type);
         if (ret != 0) {
             if (ret == ENOENT) {
@@ -751,11 +830,9 @@ static int handle_name_request(enum request_types 
request_type,
             } else {
                 ret = LDAP_OPERATIONS_ERROR;
             }
-           goto done;
+            goto done;
         }
-    }
 
-    if (request_type == REQ_SIMPLE) {
         ret = pack_ber_sid(sid_str, berval);
     } else {
         ret = get_buffer(&buf_len, &buf);
@@ -772,11 +849,23 @@ static int handle_name_request(enum request_types 
request_type,
         }
 
         if (pwd_result != NULL) {
+            if (request_type == REQ_FULL_WITH_GROUPS) {
+                ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type);
+                if (ret != 0 || !(id_type == SSS_ID_TYPE_UID
+                                    || id_type == SSS_ID_TYPE_BOTH)) {
+                    if (ret == ENOENT) {
+                        ret = LDAP_NO_SUCH_OBJECT;
+                    } else {
+                        ret = LDAP_OPERATIONS_ERROR;
+                    }
+                    goto done;
+                }
+            }
             ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER
                                                           : 
RESP_USER_GROUPLIST),
                                 domain_name, pwd.pw_name, pwd.pw_uid,
                                 pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir,
-                                pwd.pw_shell, sid_str, berval);
+                                pwd.pw_shell, kv_list, berval);
         } else { /* no user entry found */
             ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result);
             if (ret != 0) {
@@ -789,14 +878,28 @@ static int handle_name_request(enum request_types 
request_type,
                 goto done;
             }
 
+            if (request_type == REQ_FULL_WITH_GROUPS) {
+                ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type);
+                if (ret != 0 || !(id_type == SSS_ID_TYPE_GID
+                                    || id_type == SSS_ID_TYPE_BOTH)) {
+                    if (ret == ENOENT) {
+                        ret = LDAP_NO_SUCH_OBJECT;
+                    } else {
+                        ret = LDAP_OPERATIONS_ERROR;
+                    }
+                    goto done;
+                }
+            }
+
             ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP
                                                            : 
RESP_GROUP_MEMBERS),
                                  domain_name, grp.gr_name, grp.gr_gid,
-                                 grp.gr_mem, sid_str, berval);
+                                 grp.gr_mem, kv_list, berval);
         }
     }
 
 done:
+    sss_nss_free_kv(kv_list);
     free(fq_name);
     free(sid_str);
     free(buf);
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 
e310203727acfd25e4f2402fdcdb6333c3151cc0..5ac79a051f5b9aa1288f07bb96fed77b283a560f
 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -79,7 +79,7 @@ BuildRequires:  python-dns >= 1.11.1
 BuildRequires:  m2crypto
 BuildRequires:  check
 BuildRequires:  libsss_idmap-devel
-BuildRequires:  libsss_nss_idmap-devel
+BuildRequires:  libsss_nss_idmap-devel >= 1.12.2
 BuildRequires:  java-headless
 BuildRequires:  rhino
 BuildRequires:  libverto-devel
-- 
1.8.5.3

From 1b37cf1b0b66f3dfd7aa44f99b61b5eaf7e746ec Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 15 Oct 2014 16:21:53 +0200
Subject: [PATCH 132/132] extdom: remove unused dependency to libsss_idmap

---
 daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am  | 3 ---
 daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h | 2 --
 2 files changed, 5 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am 
b/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am
index 
7099a988878e2bc0cf840eab0b14fa9f40805a51..0008476796f5b20f62f2c32e7b291b787fa7a6fc
 100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am
@@ -15,7 +15,6 @@ AM_CPPFLAGS =                                                 
\
        -DDATADIR=\""$(datadir)"\"                              \
        $(LDAP_CFLAGS)                                          \
        $(WARN_CFLAGS)                                          \
-       $(SSSIDMAP_CFLAGS)                                      \
        $(SSSNSSIDMAP_CFLAGS)                                   \
        $(NULL)
 
@@ -33,7 +32,6 @@ libipa_extdom_extop_la_LDFLAGS = -avoid-version
 
 libipa_extdom_extop_la_LIBADD =        \
        $(LDAP_LIBS)                    \
-       $(SSSIDMAP_LIBS)                \
        $(SSSNSSIDMAP_LIBS)     \
        $(NULL)
 
@@ -54,7 +52,6 @@ extdom_tests_LDADD =          \
        $(CHECK_LIBS)           \
        $(LDAP_LIBS)            \
        $(DIRSRV_LIBS)          \
-       $(SSSIDMAP_LIBS)        \
        $(SSSNSSIDMAP_LIBS)     \
        $(NULL)
 
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h 
b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h
index 
90f8390d871a698dc00ef56c41be0749eaa13424..56ca5009b1aa427f6c059b78ac392c768e461e2e
 100644
--- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h
+++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h
@@ -60,7 +60,6 @@
 #include <lber.h>
 #include <time.h>
 
-#include <sss_idmap.h>
 #include <sss_nss_idmap.h>
 
 #define EXOP_EXTDOM_OID "2.16.840.1.113730.3.8.10.4"
@@ -157,7 +156,6 @@ struct domain_info {
     char *flat_name;
     char *sid;
     char *guid;
-    struct sss_idmap_ctx *idmap_ctx;
 };
 
 struct pwd_grp {
-- 
1.8.5.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 131-132 extdom: add support for sss_nss_getorigbyname()

Reply via email to