]>
Commit | Line | Data |
---|---|---|
92ae11e3 SS |
1 | From e6c3d9e680eab264777348389b4bcda73bd5ba6d Mon Sep 17 00:00:00 2001 |
2 | From: Jakub Hrozek <jhrozek@redhat.com> | |
3 | Date: Fri, 28 Oct 2016 13:46:02 +0200 | |
4 | Subject: [PATCH 17/39] SYSDB: Split sysdb_try_to_find_expected_dn() into | |
5 | smaller functions | |
6 | ||
7 | The function sysdb_try_to_find_expected_dn was performing several matching | |
8 | algorithms and thus it was getting big and hard to extend. This patch | |
9 | doesn't contain any functional changes, only shuffles the code around | |
10 | and splits the monolithic sysdb_try_to_find_expected_dn function into | |
11 | smaller blocks. | |
12 | ||
13 | Reviewed-by: Sumit Bose <sbose@redhat.com> | |
14 | (cherry picked from commit e5a984093ad7921c83da75272cede2b0e52ba2d6) | |
15 | (cherry picked from commit 3f3dc8c737a8e8cfc4a29d7dbaf526ec3973c7a0) | |
16 | --- | |
17 | src/db/sysdb_subdomains.c | 278 +++++++++++++++++++++++++++++----------------- | |
18 | 1 file changed, 179 insertions(+), 99 deletions(-) | |
19 | ||
20 | diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c | |
21 | index ff83f914f..b011bad6c 100644 | |
22 | --- a/src/db/sysdb_subdomains.c | |
23 | +++ b/src/db/sysdb_subdomains.c | |
24 | @@ -1145,74 +1145,29 @@ done: | |
25 | return ret; | |
26 | } | |
27 | ||
28 | -errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom, | |
29 | - const char *domain_component_name, | |
30 | - struct sysdb_attrs **usr_attrs, | |
31 | - size_t count, | |
32 | - struct sysdb_attrs **exp_usr) | |
33 | +static errno_t match_cn_users(TALLOC_CTX *tmp_ctx, | |
34 | + struct sysdb_attrs **usr_attrs, | |
35 | + size_t count, | |
36 | + const char *dom_basedn, | |
37 | + struct sysdb_attrs **_result) | |
38 | { | |
39 | - char *dom_basedn; | |
40 | - size_t dom_basedn_len; | |
41 | - char *expected_basedn; | |
42 | - size_t expected_basedn_len; | |
43 | - size_t dn_len; | |
44 | + errno_t ret; | |
45 | const char *orig_dn; | |
46 | - size_t c = 0; | |
47 | - int ret; | |
48 | - TALLOC_CTX *tmp_ctx; | |
49 | - struct ldb_context *ldb_ctx; | |
50 | - struct ldb_dn *ldb_dom_basedn; | |
51 | - int dom_basedn_comp_num; | |
52 | - struct ldb_dn *ldb_dn; | |
53 | - int dn_comp_num; | |
54 | - const char *component_name; | |
55 | + size_t dn_len; | |
56 | struct sysdb_attrs *result = NULL; | |
57 | const char *result_dn_str = NULL; | |
58 | + char *cn_users_basedn; | |
59 | + size_t cn_users_basedn_len; | |
60 | ||
61 | - if (dom == NULL || domain_component_name == NULL || usr_attrs == NULL | |
62 | - || count == 0) { | |
63 | - return EINVAL; | |
64 | - } | |
65 | - | |
66 | - tmp_ctx = talloc_new(NULL); | |
67 | - if (tmp_ctx == NULL) { | |
68 | - DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); | |
69 | - return ENOMEM; | |
70 | - } | |
71 | - | |
72 | - ret = domain_to_basedn(tmp_ctx, dom->name, &dom_basedn); | |
73 | - if (ret != EOK) { | |
74 | - DEBUG(SSSDBG_OP_FAILURE, "domain_to_basedn failed.\n"); | |
75 | - goto done; | |
76 | - } | |
77 | - expected_basedn = talloc_asprintf(tmp_ctx, "%s%s", "cn=users,", dom_basedn); | |
78 | - if (expected_basedn == NULL) { | |
79 | - ret = ENOMEM; | |
80 | - goto done; | |
81 | - } | |
82 | - | |
83 | - ldb_ctx = sysdb_ctx_get_ldb(dom->sysdb); | |
84 | - if (ldb_ctx == NULL) { | |
85 | - DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n"); | |
86 | - ret = EINVAL; | |
87 | - goto done; | |
88 | - } | |
89 | - | |
90 | - ldb_dom_basedn = ldb_dn_new(tmp_ctx, ldb_ctx, dom_basedn); | |
91 | - if (ldb_dom_basedn == NULL) { | |
92 | - DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n"); | |
93 | + cn_users_basedn = talloc_asprintf(tmp_ctx, "%s%s", "cn=users,", dom_basedn); | |
94 | + if (cn_users_basedn == NULL) { | |
95 | ret = ENOMEM; | |
96 | goto done; | |
97 | } | |
98 | + cn_users_basedn_len = strlen(cn_users_basedn); | |
99 | + DEBUG(SSSDBG_TRACE_ALL, "cn=users baseDN is [%s].\n", cn_users_basedn); | |
100 | ||
101 | - dom_basedn_comp_num = ldb_dn_get_comp_num(ldb_dom_basedn); | |
102 | - dom_basedn_comp_num++; | |
103 | - | |
104 | - DEBUG(SSSDBG_TRACE_ALL, "Expected BaseDN is [%s].\n", expected_basedn); | |
105 | - expected_basedn_len = strlen(expected_basedn); | |
106 | - dom_basedn_len = strlen(dom_basedn); | |
107 | - | |
108 | - for (c = 0; c < count; c++) { | |
109 | + for (size_t c = 0; c < count; c++) { | |
110 | ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn); | |
111 | if (ret != EOK) { | |
112 | DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n"); | |
113 | @@ -1220,9 +1175,9 @@ errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom, | |
114 | } | |
115 | dn_len = strlen(orig_dn); | |
116 | ||
117 | - if (dn_len > expected_basedn_len | |
118 | - && strcasecmp(orig_dn + (dn_len - expected_basedn_len), | |
119 | - expected_basedn) == 0) { | |
120 | + if (dn_len > cn_users_basedn_len | |
121 | + && strcasecmp(orig_dn + (dn_len - cn_users_basedn_len), | |
122 | + cn_users_basedn) == 0) { | |
123 | DEBUG(SSSDBG_TRACE_ALL, | |
124 | "Found matching dn [%s].\n", orig_dn); | |
125 | if (result != NULL) { | |
126 | @@ -1237,52 +1192,177 @@ errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom, | |
127 | } | |
128 | } | |
129 | ||
130 | - if (result == NULL) { | |
131 | - for (c = 0; c < count; c++) { | |
132 | - ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn); | |
133 | - if (ret != EOK) { | |
134 | - DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n"); | |
135 | + ret = EOK; | |
136 | +done: | |
137 | + *_result = result; | |
138 | + return ret; | |
139 | +} | |
140 | + | |
141 | +static errno_t match_non_dc_comp(TALLOC_CTX *tmp_ctx, | |
142 | + struct sss_domain_info *dom, | |
143 | + struct sysdb_attrs **usr_attrs, | |
144 | + size_t count, | |
145 | + struct ldb_dn *ldb_basedn, | |
146 | + const char *basedn, | |
147 | + const char *domain_component_name, | |
148 | + struct sysdb_attrs **_result) | |
149 | +{ | |
150 | + errno_t ret; | |
151 | + const char *orig_dn; | |
152 | + size_t orig_dn_len; | |
153 | + size_t basedn_len; | |
154 | + struct ldb_context *ldb_ctx; | |
155 | + struct ldb_dn *ldb_orig_dn; | |
156 | + int dn_comp_num; | |
157 | + int basedn_comp_num; | |
158 | + const char *component_name; | |
159 | + struct sysdb_attrs *result = NULL; | |
160 | + const char *result_dn_str = NULL; | |
161 | + | |
162 | + ldb_ctx = sysdb_ctx_get_ldb(dom->sysdb); | |
163 | + if (ldb_ctx == NULL) { | |
164 | + DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n"); | |
165 | + ret = EINVAL; | |
166 | + goto done; | |
167 | + } | |
168 | + | |
169 | + basedn_len = strlen(basedn); | |
170 | + | |
171 | + basedn_comp_num = ldb_dn_get_comp_num(ldb_basedn); | |
172 | + basedn_comp_num++; | |
173 | + | |
174 | + for (size_t c = 0; c < count; c++) { | |
175 | + ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn); | |
176 | + if (ret != EOK) { | |
177 | + DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n"); | |
178 | + goto done; | |
179 | + } | |
180 | + orig_dn_len = strlen(orig_dn); | |
181 | + | |
182 | + if (orig_dn_len > basedn_len | |
183 | + /* Does the user's original DN with the non-domain part | |
184 | + * stripped match the domain base DN? | |
185 | + */ | |
186 | + && strcasecmp(orig_dn + (orig_dn_len - basedn_len), | |
187 | + basedn) == 0) { | |
188 | + ldb_orig_dn = ldb_dn_new(tmp_ctx, ldb_ctx, orig_dn); | |
189 | + if (ldb_orig_dn == NULL) { | |
190 | + DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed"); | |
191 | + ret = ENOMEM; | |
192 | goto done; | |
193 | } | |
194 | - dn_len = strlen(orig_dn); | |
195 | - | |
196 | - if (dn_len > dom_basedn_len | |
197 | - && strcasecmp(orig_dn + (dn_len - dom_basedn_len), | |
198 | - dom_basedn) == 0) { | |
199 | - ldb_dn = ldb_dn_new(tmp_ctx, ldb_ctx, orig_dn); | |
200 | - if (ldb_dn == NULL) { | |
201 | - DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed"); | |
202 | - ret = ENOMEM; | |
203 | - goto done; | |
204 | - } | |
205 | ||
206 | - dn_comp_num = ldb_dn_get_comp_num(ldb_dn); | |
207 | - if (dn_comp_num > dom_basedn_comp_num) { | |
208 | - component_name = ldb_dn_get_component_name(ldb_dn, | |
209 | - (dn_comp_num - dom_basedn_comp_num)); | |
210 | - DEBUG(SSSDBG_TRACE_ALL, "Comparing [%s] and [%s].\n", | |
211 | - component_name, | |
212 | - domain_component_name); | |
213 | - if (component_name != NULL | |
214 | - && strcasecmp(component_name, | |
215 | - domain_component_name) != 0) { | |
216 | - DEBUG(SSSDBG_TRACE_ALL, | |
217 | - "Found matching dn [%s].\n", orig_dn); | |
218 | - if (result != NULL) { | |
219 | - DEBUG(SSSDBG_OP_FAILURE, | |
220 | - "Found 2 matching DN [%s] and [%s], " | |
221 | - "expecting only 1.\n", result_dn_str, orig_dn); | |
222 | - ret = EINVAL; | |
223 | - goto done; | |
224 | - } | |
225 | - result = usr_attrs[c]; | |
226 | - result_dn_str = orig_dn; | |
227 | + dn_comp_num = ldb_dn_get_comp_num(ldb_orig_dn); | |
228 | + if (dn_comp_num > basedn_comp_num) { | |
229 | + component_name = ldb_dn_get_component_name(ldb_orig_dn, | |
230 | + (dn_comp_num - basedn_comp_num)); | |
231 | + DEBUG(SSSDBG_TRACE_ALL, "Comparing [%s] and [%s].\n", | |
232 | + component_name, | |
233 | + domain_component_name); | |
234 | + /* If the component is NOT a DC component, then the entry | |
235 | + * must come from our domain, perhaps from a child container. | |
236 | + * If it matched the DC component, the entry was from a child | |
237 | + * subdomain different from this one. | |
238 | + */ | |
239 | + if (component_name != NULL | |
240 | + && strcasecmp(component_name, | |
241 | + domain_component_name) != 0) { | |
242 | + DEBUG(SSSDBG_TRACE_ALL, | |
243 | + "Found matching dn [%s].\n", orig_dn); | |
244 | + if (result != NULL) { | |
245 | + DEBUG(SSSDBG_OP_FAILURE, | |
246 | + "Found 2 matching DN [%s] and [%s], " | |
247 | + "expecting only 1.\n", result_dn_str, orig_dn); | |
248 | + ret = EINVAL; | |
249 | + goto done; | |
250 | } | |
251 | + result = usr_attrs[c]; | |
252 | + result_dn_str = orig_dn; | |
253 | } | |
254 | } | |
255 | } | |
256 | } | |
257 | ||
258 | + ret = EOK; | |
259 | + *_result = result; | |
260 | +done: | |
261 | + return ret; | |
262 | +} | |
263 | + | |
264 | +static errno_t match_basedn(TALLOC_CTX *tmp_ctx, | |
265 | + struct sss_domain_info *dom, | |
266 | + struct sysdb_attrs **usr_attrs, | |
267 | + size_t count, | |
268 | + const char *dom_basedn, | |
269 | + const char *domain_component_name, | |
270 | + struct sysdb_attrs **_result) | |
271 | +{ | |
272 | + struct ldb_context *ldb_ctx; | |
273 | + struct ldb_dn *ldb_dom_basedn; | |
274 | + | |
275 | + ldb_ctx = sysdb_ctx_get_ldb(dom->sysdb); | |
276 | + if (ldb_ctx == NULL) { | |
277 | + DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n"); | |
278 | + return EINVAL; | |
279 | + } | |
280 | + | |
281 | + | |
282 | + ldb_dom_basedn = ldb_dn_new(tmp_ctx, ldb_ctx, dom_basedn); | |
283 | + if (ldb_dom_basedn == NULL) { | |
284 | + DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n"); | |
285 | + return ENOMEM; | |
286 | + } | |
287 | + | |
288 | + return match_non_dc_comp(tmp_ctx, dom, | |
289 | + usr_attrs, count, | |
290 | + ldb_dom_basedn, dom_basedn, | |
291 | + domain_component_name, | |
292 | + _result); | |
293 | +} | |
294 | + | |
295 | +errno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom, | |
296 | + const char *domain_component_name, | |
297 | + struct sysdb_attrs **usr_attrs, | |
298 | + size_t count, | |
299 | + struct sysdb_attrs **exp_usr) | |
300 | +{ | |
301 | + char *dom_basedn; | |
302 | + int ret; | |
303 | + TALLOC_CTX *tmp_ctx; | |
304 | + struct sysdb_attrs *result = NULL; | |
305 | + | |
306 | + if (dom == NULL || domain_component_name == NULL | |
307 | + || usr_attrs == NULL || count == 0) { | |
308 | + return EINVAL; | |
309 | + } | |
310 | + | |
311 | + tmp_ctx = talloc_new(NULL); | |
312 | + if (tmp_ctx == NULL) { | |
313 | + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); | |
314 | + return ENOMEM; | |
315 | + } | |
316 | + | |
317 | + ret = domain_to_basedn(tmp_ctx, dom->name, &dom_basedn); | |
318 | + if (ret != EOK) { | |
319 | + DEBUG(SSSDBG_OP_FAILURE, "domain_to_basedn failed.\n"); | |
320 | + ret = EINVAL; | |
321 | + goto done; | |
322 | + } | |
323 | + | |
324 | + ret = match_cn_users(tmp_ctx, usr_attrs, count, dom_basedn, &result); | |
325 | + if (ret != EOK) { | |
326 | + goto done; | |
327 | + } | |
328 | + | |
329 | + if (result == NULL) { | |
330 | + ret = match_basedn(tmp_ctx, dom, usr_attrs, | |
331 | + count, dom_basedn, domain_component_name, | |
332 | + &result); | |
333 | + if (ret != EOK) { | |
334 | + goto done; | |
335 | + } | |
336 | + } | |
337 | + | |
338 | if (result == NULL) { | |
339 | DEBUG(SSSDBG_OP_FAILURE, "No matching DN found.\n"); | |
340 | ret = ENOENT; | |
341 | -- | |
342 | 2.11.0 | |
343 |