URL: https://github.com/SSSD/sssd/pull/881 Author: pbrezina Title: #881: 1.16: ifp: let cache_req parse input name so it can fallback to upn search Action: opened
PR body: """ UPN search expects that the input name is in its fully qualified form. However, GetUserAttr calls cache_req with unqualified username therefore it never fallback to UPN search. Steps to reproduce: 1. Configure SSSD against AD 2. Set UPN to `testuser...@ad.vm` 3. Run: ``` dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe org.freedesktop.sssd.infopipe.GetUserAttr string:testuser...@ad.vm array:string:name Error sbus.Error.NotFound: No such file or directory ``` Resolves: https://pagure.io/SSSD/sssd/issue/4065 Added also one patch to fix issue I found. In case of error we did not call `tevent_req_post`. This was also in the original code and I missed it there. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/881/head:pr881 git checkout pr881
From f3925a50a323e1ff05eab4bdbbafa2007b8dce47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Thu, 12 Sep 2019 15:41:16 +0200 Subject: [PATCH 1/2] ifp: let cache_req parse input name so it can fallback to upn search UPN search expects that the input name is in its fully qualified form. However, GetUserAttr calls cache_req with unqualified username therefore it never fallback to UPN search. Steps to reproduce: 1. Configure SSSD against AD 2. Set UPN to `testuser...@ad.vm` 3. Run: ``` dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe org.freedesktop.sssd.infopipe.GetUserAttr string:testuser...@ad.vm array:string:name Error sbus.Error.NotFound: No such file or directory ``` Resolves: https://pagure.io/SSSD/sssd/issue/4065 --- src/responder/ifp/ifpsrv_cmd.c | 77 +++++++++------------------------- 1 file changed, 19 insertions(+), 58 deletions(-) diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c index 38932b7cd4..d94b4c0b25 100644 --- a/src/responder/ifp/ifpsrv_cmd.c +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -474,113 +474,74 @@ ifp_user_get_groups_reply(struct sss_domain_info *domain, } struct ifp_user_get_attr_state { - const char *inp; const char **attrs; struct ldb_result *res; enum sss_dp_acct_type search_type; - char *inp_name; - char *domname; - struct sss_domain_info *dom; struct resp_ctx *rctx; struct sss_nc_ctx *ncache; }; -static void ifp_user_get_attr_lookup(struct tevent_req *subreq); static void ifp_user_get_attr_done(struct tevent_req *subreq); static struct tevent_req * ifp_user_get_attr_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, struct sss_nc_ctx *ncache, enum sss_dp_acct_type search_type, - const char *inp, const char **attrs) + const char *input, const char **attrs) { errno_t ret; struct tevent_req *req; struct tevent_req *subreq; struct ifp_user_get_attr_state *state; + struct cache_req_data *data; req = tevent_req_create(mem_ctx, &state, struct ifp_user_get_attr_state); if (req == NULL) { return NULL; } - state->inp = inp; state->attrs = attrs; state->rctx = rctx; state->ncache = ncache; state->search_type = search_type; - subreq = sss_parse_inp_send(req, rctx, rctx->default_domain, inp); - if (subreq == NULL) { - ret = ENOMEM; - goto done; - } - tevent_req_set_callback(subreq, ifp_user_get_attr_lookup, req); - - ret = EOK; -done: - if (ret != EOK) { - tevent_req_error(req, ret); - } - return req; -} - -static void -ifp_user_get_attr_lookup(struct tevent_req *subreq) -{ - struct ifp_user_get_attr_state *state = NULL; - struct tevent_req *req = NULL; - struct cache_req_data *data; - errno_t ret; - - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct ifp_user_get_attr_state); - - ret = sss_parse_inp_recv(subreq, state, - &state->inp_name, &state->domname); - talloc_zfree(subreq); - if (ret != EOK) { - tevent_req_error(req, ret); - return; - } - switch (state->search_type) { case SSS_DP_USER: - data = cache_req_data_name(state, CACHE_REQ_USER_BY_NAME, - state->inp_name); + data = cache_req_data_name(state, CACHE_REQ_USER_BY_NAME, input); break; case SSS_DP_INITGROUPS: - data = cache_req_data_name(state, CACHE_REQ_INITGROUPS, - state->inp_name); + data = cache_req_data_name(state, CACHE_REQ_INITGROUPS, input); break; default: DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported search type [%d]!\n", state->search_type); - tevent_req_error(req, ERR_INTERNAL); - return; + ret = ERR_INTERNAL; + goto done; } if (data == NULL) { - tevent_req_error(req, ENOMEM); - return; + ret = ENOMEM; + goto done; } - /* IFP serves both POSIX and application domains. Requests that need - * to differentiate between the two must be qualified - */ - subreq = cache_req_send(state, state->rctx->ev, state->rctx, - state->ncache, 0, - CACHE_REQ_ANY_DOM, - state->domname, data); + subreq = cache_req_send(state, state->rctx->ev, state->rctx, state->ncache, + 0, CACHE_REQ_ANY_DOM, NULL, data); if (subreq == NULL) { - tevent_req_error(req, ENOMEM); - return; + ret = ENOMEM; + goto done; } tevent_req_set_callback(subreq, ifp_user_get_attr_done, req); + + ret = EOK; +done: + if (ret != EOK) { + tevent_req_error(req, ret); + } + return req; } static void ifp_user_get_attr_done(struct tevent_req *subreq) From c0c108d392db261790d64c5fbe7d496e2beafc9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Thu, 12 Sep 2019 15:44:07 +0200 Subject: [PATCH 2/2] ifp: call tevent_req_post in case of error in ifp_user_get_attr_send --- src/responder/ifp/ifpsrv_cmd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c index d94b4c0b25..ca6e4fa3c3 100644 --- a/src/responder/ifp/ifpsrv_cmd.c +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -540,7 +540,9 @@ ifp_user_get_attr_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx, done: if (ret != EOK) { tevent_req_error(req, ret); + tevent_req_post(req, rctx->ev); } + return req; }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org