Skip to content

Commit

Permalink
SDAP: Include struct ldb_dn in struct sdap_search_base
Browse files Browse the repository at this point in the history 
struct sdap_search_base includes the DN as a string. To better
compare the DNs it is better to use a struct ldb_dn, in addition to
the string.

The struct ldb_dn also needs to keep the associated struct ldb_context,
so we are also storing it in the structure.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
  • Loading branch information
@aplopez @pbrezina
aplopez authored and pbrezina committed Mar 27, 2023
1 parent ae691f0 commit cfc591d
Show file tree
Hide file tree
Showing 17 changed files with 155 additions and 80 deletions.
1 change: 1 addition & 0 deletions src/db/sysdb.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
#include "util/util.h"
#include "confdb/confdb.h"
#include "sss_client/sss_cli.h"
#include <ldb.h>
#include <tevent.h>

#define CACHE_SYSDB_FILE "cache_%s.ldb"
Expand Down
12 changes: 7 additions & 5 deletions src/providers/ad/ad_common.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1311,6 +1311,7 @@ ad_set_search_bases(struct sdap_options *id_opts,
size_t o;
struct sdap_domain *sdap_dom;
bool has_default;
struct ldb_context *ldb;
const int search_base_options[] = { SDAP_USER_SEARCH_BASE,
SDAP_GROUP_SEARCH_BASE,
SDAP_NETGROUP_SEARCH_BASE,
Expand All @@ -1328,6 +1329,7 @@ ad_set_search_bases(struct sdap_options *id_opts,
/* If no specific sdom was given, use the first in the list. */
sdap_dom = id_opts->sdom;
}
ldb = sysdb_ctx_get_ldb(sdap_dom->dom->sysdb);

has_default = sdap_dom->search_bases != NULL;

Expand Down Expand Up @@ -1361,31 +1363,31 @@ ad_set_search_bases(struct sdap_options *id_opts,
}

/* Default search */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
ret = sdap_parse_search_base(id_opts, ldb, id_opts->basic,
SDAP_SEARCH_BASE,
&sdap_dom->search_bases);
if (ret != EOK && ret != ENOENT) goto done;

/* User search */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
ret = sdap_parse_search_base(id_opts, ldb, id_opts->basic,
SDAP_USER_SEARCH_BASE,
&sdap_dom->user_search_bases);
if (ret != EOK && ret != ENOENT) goto done;

/* Group search base */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
ret = sdap_parse_search_base(id_opts, ldb, id_opts->basic,
SDAP_GROUP_SEARCH_BASE,
&sdap_dom->group_search_bases);
if (ret != EOK && ret != ENOENT) goto done;

/* Netgroup search */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
ret = sdap_parse_search_base(id_opts, ldb, id_opts->basic,
SDAP_NETGROUP_SEARCH_BASE,
&sdap_dom->netgroup_search_bases);
if (ret != EOK && ret != ENOENT) goto done;

/* Service search */
ret = sdap_parse_search_base(id_opts, id_opts->basic,
ret = sdap_parse_search_base(id_opts, ldb, id_opts->basic,
SDAP_SERVICE_SEARCH_BASE,
&sdap_dom->service_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
Expand Down
4 changes: 3 additions & 1 deletion src/providers/ipa/ipa_autofs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,9 @@ errno_t ipa_autofs_init(TALLOC_CTX *mem_ctx,

DEBUG(SSSDBG_TRACE_INTERNAL, "Initializing autofs IPA back end\n");

ret = ipa_get_autofs_options(id_ctx->ipa_options, be_ctx->cdb,
ret = ipa_get_autofs_options(id_ctx->ipa_options,
sysdb_ctx_get_ldb(be_ctx->domain->sysdb),
be_ctx->cdb,
be_ctx->conf_path, &id_ctx->sdap_id_ctx->opts);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get IPA autofs options\n");
Expand Down
41 changes: 24 additions & 17 deletions src/providers/ipa/ipa_common.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
#include <netdb.h>
#include <ctype.h>
#include <arpa/inet.h>
#include <ldb.h>

#include "db/sysdb_selinux.h"
#include "providers/ipa/ipa_common.h"
Expand All @@ -36,6 +37,7 @@
#include "db/sysdb_autofs.h"

#include "providers/ipa/ipa_opts.h"
#include "providers/data_provider/dp_private.h"

int ipa_get_options(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
Expand Down Expand Up @@ -122,6 +124,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
}

static errno_t ipa_parse_search_base(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
struct dp_option *opts, int class,
struct sdap_search_base ***_search_bases)
{
Expand Down Expand Up @@ -166,7 +169,7 @@ static errno_t ipa_parse_search_base(TALLOC_CTX *mem_ctx,
unparsed_base = dp_opt_get_string(opts, class);
if (!unparsed_base || unparsed_base[0] == '\0') return ENOENT;

return common_parse_search_base(mem_ctx, unparsed_base,
return common_parse_search_base(mem_ctx, unparsed_base, ldb,
class_name, NULL,
_search_bases);
}
Expand All @@ -184,6 +187,9 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
int ret;
int i;
bool server_mode;
struct ldb_context *ldb;

ldb = sysdb_ctx_get_ldb(dp->be_ctx->domain->sysdb);

tmpctx = talloc_new(ipa_opts);
if (!tmpctx) {
Expand Down Expand Up @@ -247,7 +253,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name,
dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE));
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
ret = sdap_parse_search_base(ipa_opts->id, ldb, ipa_opts->id->basic,
SDAP_SEARCH_BASE,
&ipa_opts->id->sdom->search_bases);
if (ret != EOK) goto done;
Expand Down Expand Up @@ -301,7 +307,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_USER_SEARCH_BASE));
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
ret = sdap_parse_search_base(ipa_opts->id, ldb, ipa_opts->id->basic,
SDAP_USER_SEARCH_BASE,
&ipa_opts->id->sdom->user_search_bases);
if (ret != EOK) goto done;
Expand Down Expand Up @@ -331,7 +337,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}

ret = sdap_create_search_base(bases, new_dn,
ret = sdap_create_search_base(bases, ldb, new_dn,
LDAP_SCOPE_SUBTREE,
"(objectClass=ipaIDObject)",
&new_base);
Expand Down Expand Up @@ -373,7 +379,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_GROUP_SEARCH_BASE));
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
ret = sdap_parse_search_base(ipa_opts->id, ldb, ipa_opts->id->basic,
SDAP_GROUP_SEARCH_BASE,
&ipa_opts->id->sdom->group_search_bases);
if (ret != EOK) goto done;
Expand All @@ -396,7 +402,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_NETGROUP_SEARCH_BASE));
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
ret = sdap_parse_search_base(ipa_opts->id, ldb, ipa_opts->id->basic,
SDAP_NETGROUP_SEARCH_BASE,
&ipa_opts->id->sdom->netgroup_search_bases);
if (ret != EOK) goto done;
Expand All @@ -419,7 +425,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
ipa_opts->id->basic[SDAP_HOST_SEARCH_BASE].opt_name,
value);
}
ret = sdap_parse_search_base(ipa_opts->id->basic, ipa_opts->id->basic,
ret = sdap_parse_search_base(ipa_opts->id->basic, ldb, ipa_opts->id->basic,
SDAP_HOST_SEARCH_BASE,
&ipa_opts->id->sdom->host_search_bases);
if (ret != EOK) goto done;
Expand All @@ -442,7 +448,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->basic,
IPA_HBAC_SEARCH_BASE));
}
ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
ret = ipa_parse_search_base(ipa_opts->basic, ldb, ipa_opts->basic,
IPA_HBAC_SEARCH_BASE,
&ipa_opts->hbac_search_bases);
if (ret != EOK) goto done;
Expand All @@ -465,7 +471,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->basic,
IPA_SELINUX_SEARCH_BASE));
}
ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
ret = ipa_parse_search_base(ipa_opts->basic, ldb, ipa_opts->basic,
IPA_SELINUX_SEARCH_BASE,
&ipa_opts->selinux_search_bases);
if (ret != EOK) goto done;
Expand All @@ -488,7 +494,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->basic,
IPA_DESKPROFILE_SEARCH_BASE));
}
ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
ret = ipa_parse_search_base(ipa_opts->basic, ldb, ipa_opts->basic,
IPA_DESKPROFILE_SEARCH_BASE,
&ipa_opts->deskprofile_search_bases);
if (ret != EOK) goto done;
Expand All @@ -513,7 +519,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->basic,
IPA_SUBID_RANGES_SEARCH_BASE));
}
ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
ret = ipa_parse_search_base(ipa_opts->basic, ldb, ipa_opts->basic,
IPA_SUBID_RANGES_SEARCH_BASE,
&ipa_opts->id->sdom->subid_ranges_search_bases);
if (ret != EOK) goto done;
Expand Down Expand Up @@ -557,7 +563,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_SERVICE_SEARCH_BASE));
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
ret = sdap_parse_search_base(ipa_opts->id, ldb, ipa_opts->id->basic,
SDAP_SERVICE_SEARCH_BASE,
&ipa_opts->id->sdom->service_search_bases);
if (ret != EOK) goto done;
Expand All @@ -580,7 +586,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->basic,
IPA_SUBDOMAINS_SEARCH_BASE));
}
ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
ret = ipa_parse_search_base(ipa_opts, ldb, ipa_opts->basic,
IPA_SUBDOMAINS_SEARCH_BASE,
&ipa_opts->subdomains_search_bases);
if (ret != EOK) goto done;
Expand All @@ -603,7 +609,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->basic,
IPA_MASTER_DOMAIN_SEARCH_BASE));
}
ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
ret = ipa_parse_search_base(ipa_opts, ldb, ipa_opts->basic,
IPA_MASTER_DOMAIN_SEARCH_BASE,
&ipa_opts->master_domain_search_bases);
if (ret != EOK) goto done;
Expand All @@ -626,7 +632,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->basic,
IPA_RANGES_SEARCH_BASE));
}
ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
ret = ipa_parse_search_base(ipa_opts, ldb, ipa_opts->basic,
IPA_RANGES_SEARCH_BASE,
&ipa_opts->ranges_search_bases);
if (ret != EOK) goto done;
Expand All @@ -649,7 +655,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
dp_opt_get_string(ipa_opts->basic,
IPA_VIEWS_SEARCH_BASE));
}
ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
ret = ipa_parse_search_base(ipa_opts, ldb, ipa_opts->basic,
IPA_VIEWS_SEARCH_BASE,
&ipa_opts->views_search_bases);
if (ret != EOK) goto done;
Expand Down Expand Up @@ -1141,6 +1147,7 @@ int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
}

int ipa_get_autofs_options(struct ipa_options *ipa_opts,
struct ldb_context *ldb,
struct confdb_ctx *cdb,
const char *conf_path,
struct sdap_options **_opts)
Expand Down Expand Up @@ -1187,7 +1194,7 @@ int ipa_get_autofs_options(struct ipa_options *ipa_opts,
SDAP_AUTOFS_SEARCH_BASE));
}

ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
ret = sdap_parse_search_base(ipa_opts->id, ldb, ipa_opts->id->basic,
SDAP_AUTOFS_SEARCH_BASE,
&ipa_opts->id->sdom->autofs_search_bases);
if (ret != EOK && ret != ENOENT) {
Expand Down
1 change: 1 addition & 0 deletions src/providers/ipa/ipa_common.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,7 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
struct dp_option **_opts);

int ipa_get_autofs_options(struct ipa_options *ipa_opts,
struct ldb_context *ldb,
struct confdb_ctx *cdb,
const char *conf_path,
struct sdap_options **_opts);
Expand Down
4 changes: 3 additions & 1 deletion src/providers/ipa/ipa_sudo.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,9 @@ ipa_sudo_init_ipa_schema(TALLOC_CTX *mem_ctx,
goto done;
}

ret = sdap_parse_search_base(sudo_ctx, sudo_ctx->sdap_opts->basic,
ret = sdap_parse_search_base(sudo_ctx,
sysdb_ctx_get_ldb(be_ctx->domain->sysdb),
sudo_ctx->sdap_opts->basic,
SDAP_SUDO_SEARCH_BASE,
&sudo_ctx->sudo_sb);
if (ret != EOK) {
Expand Down
6 changes: 6 additions & 0 deletions src/providers/ldap/ldap_common.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
#ifndef _LDAP_COMMON_H_
#define _LDAP_COMMON_H_

#include <ldb.h>

#include "providers/backend.h"
#include "providers/ldap/sdap.h"
#include "providers/ldap/sdap_id_op.h"
Expand Down Expand Up @@ -241,6 +243,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
struct sdap_options **_opts);

int ldap_get_sudo_options(struct confdb_ctx *cdb,
struct ldb_context *ldb,
const char *conf_path,
struct sdap_options *opts,
struct sdap_attr_map *native_map,
Expand All @@ -249,6 +252,7 @@ int ldap_get_sudo_options(struct confdb_ctx *cdb,
bool *include_netgroups);

int ldap_get_autofs_options(TALLOC_CTX *memctx,
struct ldb_context *ldb,
struct confdb_ctx *cdb,
const char *conf_path,
struct sdap_options *opts);
Expand Down Expand Up @@ -398,10 +402,12 @@ struct sdap_domain *sdap_domain_get_by_dn(struct sdap_options *opts,
const char *dn);

errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
struct dp_option *opts, int class,
struct sdap_search_base ***_search_bases);
errno_t common_parse_search_base(TALLOC_CTX *mem_ctx,
const char *unparsed_base,
struct ldb_context *ldb,
const char *class_name,
const char *old_filter,
struct sdap_search_base ***_search_bases);
Expand Down

0 comments on commit cfc591d

Please sign in to comment.