On Sun, Oct 19, 2014 at 10:04:29PM +0200, Jakub Hrozek wrote: > On Fri, Oct 17, 2014 at 11:53:44AM +0200, Sumit Bose wrote: > > Hi, > > > > the first patch replaces sss_nss_getsidbyname() by > > sss_nss_getorigbyname() for the new version of the extdom interface. > > The new call returns more data about the original object and allows the > > IPA client to have the same information about the object in the SSSD > > cache as the IPA servers. > > > > The second patch just removes an obsolete dependency. > > > > bye, > > Sumit > > Hi, > > I was unable to send the patches through Coverity, the RH server seems > to be having issues. I'll wait until tomorrow, if the problems persist, > we'll just skip Coverity and fix any potential problems post-push. > > > From 928c04c35601b7bc1c57c1320e4a746abc35e947 Mon Sep 17 00:00:00 2001 > > From: Sumit Bose <sb...@redhat.com> > > Date: Fri, 10 Oct 2014 10:56:37 +0200 > > Subject: [PATCH 131/132] extdom: add support for sss_nss_getorigbyname() > > [...] > > > @@ -576,13 +613,14 @@ static int handle_gid_request(enum request_types > > request_type, gid_t gid, > > enum sss_id_type id_type; > > size_t buf_len; > > char *buf = NULL; > > + struct sss_nss_kv *kv_list; > > Please set kv_list to NULL here, you're freeing the pointer > unconditionally in the done handler, but in some cases (request_type == > REQ_SIMPLE) kv_list is not set at all.
Thank you for the review. I fixed it here and at the two other places. Since sss_nss_getorigbyname() will only be available in the upcoming SSSD release I added 'BuildRequires: libsss_nss_idmap-devel >= 1.12.2' to freeipa.spec.in. New version attached. bye, Sumit
From a11f42dec7dc1aa1b8b4aef11fa24ce3dc60a109 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 10 Oct 2014 10:56:37 +0200 Subject: [PATCH 131/132] extdom: add support for sss_nss_getorigbyname() --- .../ipa-extdom-extop/ipa_extdom_common.c | 167 +++++++++++++++++---- freeipa.spec.in | 2 +- 2 files changed, 136 insertions(+), 33 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c index d1d214ae769946a89ffe1702382e5db70035fdac..df04347e3d36b33ca0a4ea2391f60d97b75a97bf 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c @@ -254,6 +254,34 @@ static int get_user_grouplist(const char *name, gid_t gid, return LDAP_SUCCESS; } +static int add_kv_list(BerElement *ber, struct sss_nss_kv *kv_list) +{ + size_t c; + int ret; + const char *single_value_string_array[] = {NULL, NULL}; + + ret = ber_printf(ber,"{"); + if (ret == -1) { + return LDAP_OPERATIONS_ERROR; + } + + for (c = 0; kv_list[c].key != NULL; c++) { + single_value_string_array[0] = kv_list[c].value; + ret = ber_printf(ber,"{s{v}}", kv_list[c].key, + single_value_string_array); + if (ret == -1) { + return LDAP_OPERATIONS_ERROR; + } + } + + ret = ber_printf(ber,"}"); + if (ret == -1) { + return LDAP_OPERATIONS_ERROR; + } + + return LDAP_SUCCESS; +} + static int pack_ber_sid(const char *sid, struct berval **berval) { BerElement *ber = NULL; @@ -285,7 +313,7 @@ static int pack_ber_user(enum response_types response_type, const char *domain_name, const char *user_name, uid_t uid, gid_t gid, const char *gecos, const char *homedir, - const char *shell, const char *sid_str, + const char *shell, struct sss_nss_kv *kv_list, struct berval **berval) { BerElement *ber = NULL; @@ -299,7 +327,6 @@ static int pack_ber_user(enum response_types response_type, size_t c; char *locat; char *short_user_name = NULL; - const char *single_value_string_array[] = {NULL, NULL}; short_user_name = strdup(user_name); if ((locat = strchr(short_user_name, SSSD_DOMAIN_SEPARATOR)) != NULL) { @@ -370,12 +397,11 @@ static int pack_ber_user(enum response_types response_type, goto done; } - single_value_string_array[0] = sid_str; - ret = ber_printf(ber,"{{s{v}}}", SSSD_SYSDB_SID_STR, - single_value_string_array); - if (ret == -1) { - ret = LDAP_OPERATIONS_ERROR; - goto done; + if (kv_list != NULL) { + ret = add_kv_list(ber, kv_list); + if (ret != LDAP_SUCCESS) { + goto done; + } } } @@ -402,7 +428,7 @@ done: static int pack_ber_group(enum response_types response_type, const char *domain_name, const char *group_name, - gid_t gid, char **members, const char *sid_str, + gid_t gid, char **members, struct sss_nss_kv *kv_list, struct berval **berval) { BerElement *ber = NULL; @@ -410,7 +436,6 @@ static int pack_ber_group(enum response_types response_type, size_t c; char *locat; char *short_group_name = NULL; - const char *single_value_string_array[] = {NULL, NULL}; short_group_name = strdup(group_name); if ((locat = strchr(short_group_name, SSSD_DOMAIN_SEPARATOR)) != NULL) { @@ -455,12 +480,11 @@ static int pack_ber_group(enum response_types response_type, goto done; } - single_value_string_array[0] = sid_str; - ret = ber_printf(ber,"{{s{v}}}", SSSD_SYSDB_SID_STR, - single_value_string_array); - if (ret == -1) { - ret = LDAP_OPERATIONS_ERROR; - goto done; + if (kv_list != NULL) { + ret = add_kv_list(ber, kv_list); + if (ret != LDAP_SUCCESS) { + goto done; + } } } @@ -521,13 +545,14 @@ static int handle_uid_request(enum request_types request_type, uid_t uid, enum sss_id_type id_type; size_t buf_len; char *buf = NULL; + struct sss_nss_kv *kv_list = NULL; ret = get_buffer(&buf_len, &buf); if (ret != LDAP_SUCCESS) { return ret; } - if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) { + if (request_type == REQ_SIMPLE) { ret = sss_nss_getsidbyid(uid, &sid_str, &id_type); if (ret != 0 || !(id_type == SSS_ID_TYPE_UID || id_type == SSS_ID_TYPE_BOTH)) { @@ -538,9 +563,7 @@ static int handle_uid_request(enum request_types request_type, uid_t uid, } goto done; } - } - if (request_type == REQ_SIMPLE) { ret = pack_ber_sid(sid_str, berval); } else { ret = getpwuid_r(uid, &pwd, buf, buf_len, &pwd_result); @@ -553,14 +576,28 @@ static int handle_uid_request(enum request_types request_type, uid_t uid, goto done; } + if (request_type == REQ_FULL_WITH_GROUPS) { + ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type); + if (ret != 0 || !(id_type == SSS_ID_TYPE_UID + || id_type == SSS_ID_TYPE_BOTH)) { + if (ret == ENOENT) { + ret = LDAP_NO_SUCH_OBJECT; + } else { + ret = LDAP_OPERATIONS_ERROR; + } + goto done; + } + } + ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER : RESP_USER_GROUPLIST), domain_name, pwd.pw_name, pwd.pw_uid, pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir, - pwd.pw_shell, sid_str, berval); + pwd.pw_shell, kv_list, berval); } done: + sss_nss_free_kv(kv_list); free(sid_str); free(buf); return ret; @@ -576,13 +613,14 @@ static int handle_gid_request(enum request_types request_type, gid_t gid, enum sss_id_type id_type; size_t buf_len; char *buf = NULL; + struct sss_nss_kv *kv_list = NULL; ret = get_buffer(&buf_len, &buf); if (ret != LDAP_SUCCESS) { return ret; } - if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) { + if (request_type == REQ_SIMPLE) { ret = sss_nss_getsidbyid(gid, &sid_str, &id_type); if (ret != 0 || id_type != SSS_ID_TYPE_GID) { if (ret == ENOENT) { @@ -592,9 +630,7 @@ static int handle_gid_request(enum request_types request_type, gid_t gid, } goto done; } - } - if (request_type == REQ_SIMPLE) { ret = pack_ber_sid(sid_str, berval); } else { ret = getgrgid_r(gid, &grp, buf, buf_len, &grp_result); @@ -607,13 +643,27 @@ static int handle_gid_request(enum request_types request_type, gid_t gid, goto done; } + if (request_type == REQ_FULL_WITH_GROUPS) { + ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type); + if (ret != 0 || !(id_type == SSS_ID_TYPE_GID + || id_type == SSS_ID_TYPE_BOTH)) { + if (ret == ENOENT) { + ret = LDAP_NO_SUCH_OBJECT; + } else { + ret = LDAP_OPERATIONS_ERROR; + } + goto done; + } + } + ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP : RESP_GROUP_MEMBERS), domain_name, grp.gr_name, grp.gr_gid, - grp.gr_mem, sid_str, berval); + grp.gr_mem, kv_list, berval); } done: + sss_nss_free_kv(kv_list); free(sid_str); free(buf); return ret; @@ -634,6 +684,7 @@ static int handle_sid_request(enum request_types request_type, const char *sid, size_t buf_len; char *buf = NULL; enum sss_id_type id_type; + struct sss_nss_kv *kv_list = NULL; ret = sss_nss_getnamebysid(sid, &fq_name, &id_type); if (ret != 0) { @@ -682,11 +733,24 @@ static int handle_sid_request(enum request_types request_type, const char *sid, goto done; } + if (request_type == REQ_FULL_WITH_GROUPS) { + ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type); + if (ret != 0 || !(id_type == SSS_ID_TYPE_UID + || id_type == SSS_ID_TYPE_BOTH)) { + if (ret == ENOENT) { + ret = LDAP_NO_SUCH_OBJECT; + } else { + ret = LDAP_OPERATIONS_ERROR; + } + goto done; + } + } + ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER : RESP_USER_GROUPLIST), domain_name, pwd.pw_name, pwd.pw_uid, pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir, - pwd.pw_shell, sid, berval); + pwd.pw_shell, kv_list, berval); break; case SSS_ID_TYPE_GID: ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result); @@ -700,10 +764,23 @@ static int handle_sid_request(enum request_types request_type, const char *sid, goto done; } + if (request_type == REQ_FULL_WITH_GROUPS) { + ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type); + if (ret != 0 || !(id_type == SSS_ID_TYPE_GID + || id_type == SSS_ID_TYPE_BOTH)) { + if (ret == ENOENT) { + ret = LDAP_NO_SUCH_OBJECT; + } else { + ret = LDAP_OPERATIONS_ERROR; + } + goto done; + } + } + ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP : RESP_GROUP_MEMBERS), domain_name, grp.gr_name, grp.gr_gid, - grp.gr_mem, sid, berval); + grp.gr_mem, kv_list, berval); break; default: ret = LDAP_OPERATIONS_ERROR; @@ -711,6 +788,7 @@ static int handle_sid_request(enum request_types request_type, const char *sid, } done: + sss_nss_free_kv(kv_list); free(fq_name); free(object_name); free(domain_name); @@ -733,6 +811,7 @@ static int handle_name_request(enum request_types request_type, enum sss_id_type id_type; size_t buf_len; char *buf = NULL; + struct sss_nss_kv *kv_list = NULL; ret = asprintf(&fq_name, "%s%c%s", name, SSSD_DOMAIN_SEPARATOR, domain_name); @@ -743,7 +822,7 @@ static int handle_name_request(enum request_types request_type, goto done; } - if (request_type == REQ_SIMPLE || request_type == REQ_FULL_WITH_GROUPS) { + if (request_type == REQ_SIMPLE) { ret = sss_nss_getsidbyname(fq_name, &sid_str, &id_type); if (ret != 0) { if (ret == ENOENT) { @@ -751,11 +830,9 @@ static int handle_name_request(enum request_types request_type, } else { ret = LDAP_OPERATIONS_ERROR; } - goto done; + goto done; } - } - if (request_type == REQ_SIMPLE) { ret = pack_ber_sid(sid_str, berval); } else { ret = get_buffer(&buf_len, &buf); @@ -772,11 +849,23 @@ static int handle_name_request(enum request_types request_type, } if (pwd_result != NULL) { + if (request_type == REQ_FULL_WITH_GROUPS) { + ret = sss_nss_getorigbyname(pwd.pw_name, &kv_list, &id_type); + if (ret != 0 || !(id_type == SSS_ID_TYPE_UID + || id_type == SSS_ID_TYPE_BOTH)) { + if (ret == ENOENT) { + ret = LDAP_NO_SUCH_OBJECT; + } else { + ret = LDAP_OPERATIONS_ERROR; + } + goto done; + } + } ret = pack_ber_user((request_type == REQ_FULL ? RESP_USER : RESP_USER_GROUPLIST), domain_name, pwd.pw_name, pwd.pw_uid, pwd.pw_gid, pwd.pw_gecos, pwd.pw_dir, - pwd.pw_shell, sid_str, berval); + pwd.pw_shell, kv_list, berval); } else { /* no user entry found */ ret = getgrnam_r(fq_name, &grp, buf, buf_len, &grp_result); if (ret != 0) { @@ -789,14 +878,28 @@ static int handle_name_request(enum request_types request_type, goto done; } + if (request_type == REQ_FULL_WITH_GROUPS) { + ret = sss_nss_getorigbyname(grp.gr_name, &kv_list, &id_type); + if (ret != 0 || !(id_type == SSS_ID_TYPE_GID + || id_type == SSS_ID_TYPE_BOTH)) { + if (ret == ENOENT) { + ret = LDAP_NO_SUCH_OBJECT; + } else { + ret = LDAP_OPERATIONS_ERROR; + } + goto done; + } + } + ret = pack_ber_group((request_type == REQ_FULL ? RESP_GROUP : RESP_GROUP_MEMBERS), domain_name, grp.gr_name, grp.gr_gid, - grp.gr_mem, sid_str, berval); + grp.gr_mem, kv_list, berval); } } done: + sss_nss_free_kv(kv_list); free(fq_name); free(sid_str); free(buf); diff --git a/freeipa.spec.in b/freeipa.spec.in index e310203727acfd25e4f2402fdcdb6333c3151cc0..5ac79a051f5b9aa1288f07bb96fed77b283a560f 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -79,7 +79,7 @@ BuildRequires: python-dns >= 1.11.1 BuildRequires: m2crypto BuildRequires: check BuildRequires: libsss_idmap-devel -BuildRequires: libsss_nss_idmap-devel +BuildRequires: libsss_nss_idmap-devel >= 1.12.2 BuildRequires: java-headless BuildRequires: rhino BuildRequires: libverto-devel -- 1.8.5.3
From 1b37cf1b0b66f3dfd7aa44f99b61b5eaf7e746ec Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Wed, 15 Oct 2014 16:21:53 +0200 Subject: [PATCH 132/132] extdom: remove unused dependency to libsss_idmap --- daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am | 3 --- daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h | 2 -- 2 files changed, 5 deletions(-) diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am b/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am index 7099a988878e2bc0cf840eab0b14fa9f40805a51..0008476796f5b20f62f2c32e7b291b787fa7a6fc 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am @@ -15,7 +15,6 @@ AM_CPPFLAGS = \ -DDATADIR=\""$(datadir)"\" \ $(LDAP_CFLAGS) \ $(WARN_CFLAGS) \ - $(SSSIDMAP_CFLAGS) \ $(SSSNSSIDMAP_CFLAGS) \ $(NULL) @@ -33,7 +32,6 @@ libipa_extdom_extop_la_LDFLAGS = -avoid-version libipa_extdom_extop_la_LIBADD = \ $(LDAP_LIBS) \ - $(SSSIDMAP_LIBS) \ $(SSSNSSIDMAP_LIBS) \ $(NULL) @@ -54,7 +52,6 @@ extdom_tests_LDADD = \ $(CHECK_LIBS) \ $(LDAP_LIBS) \ $(DIRSRV_LIBS) \ - $(SSSIDMAP_LIBS) \ $(SSSNSSIDMAP_LIBS) \ $(NULL) diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h index 90f8390d871a698dc00ef56c41be0749eaa13424..56ca5009b1aa427f6c059b78ac392c768e461e2e 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h @@ -60,7 +60,6 @@ #include <lber.h> #include <time.h> -#include <sss_idmap.h> #include <sss_nss_idmap.h> #define EXOP_EXTDOM_OID "2.16.840.1.113730.3.8.10.4" @@ -157,7 +156,6 @@ struct domain_info { char *flat_name; char *sid; char *guid; - struct sss_idmap_ctx *idmap_ctx; }; struct pwd_grp { -- 1.8.5.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel