int sysdb_getpwnam(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *name, struct ldb_result **_res) { TALLOC_CTX *tmp_ctx; static const char *attrs[] = SYSDB_PW_ATTRS; struct ldb_dn *base_dn; struct ldb_result *res; char *sanitized_name; char *lc_sanitized_name; const char *src_name; int ret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } base_dn = sysdb_user_base_dn(tmp_ctx, domain); if (!base_dn) { ret = ENOMEM; goto done; } /* If this is a subdomain we need to use fully qualified names for the * search as well by default */ src_name = sss_get_domain_name(tmp_ctx, name, domain); if (!src_name) { ret = ENOMEM; goto done; } ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain, &sanitized_name, &lc_sanitized_name); if (ret != EOK) { goto done; } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE, attrs, SYSDB_PWNAM_FILTER, lc_sanitized_name, sanitized_name, sanitized_name); if (ret) { ret = sysdb_error_to_errno(ret); goto done; } *_res = talloc_steal(mem_ctx, res); done: talloc_zfree(tmp_ctx); return ret; }
static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx, enum be_refresh_type type, struct sss_domain_info *domain, time_t period, char ***_values) { struct ldb_dn *base_dn = NULL; const char *class = NULL; errno_t ret; switch (type) { case BE_REFRESH_TYPE_USERS: base_dn = sysdb_user_base_dn(mem_ctx, domain); class = SYSDB_USER_CLASS; break; case BE_REFRESH_TYPE_GROUPS: base_dn = sysdb_group_base_dn(mem_ctx, domain); class = SYSDB_GROUP_CLASS; break; case BE_REFRESH_TYPE_NETGROUPS: base_dn = sysdb_netgroup_base_dn(mem_ctx, domain); class = SYSDB_NETGROUP_CLASS; break; case BE_REFRESH_TYPE_SENTINEL: return ERR_INTERNAL; break; } if (base_dn == NULL) { return ENOMEM; } ret = be_refresh_get_values_ex(mem_ctx, domain, period, class, base_dn, SYSDB_NAME, _values); talloc_free(base_dn); return ret; }
static int parse_members(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, struct sss_domain_info *domain, struct ldb_message_element *el, const char *parent_name, const char ***user_members, const char ***group_members, int *num_group_members) { struct ldb_dn *user_basedn = NULL, *group_basedn = NULL; struct ldb_dn *parent_dn = NULL; struct ldb_dn *dn = NULL; const char **um = NULL, **gm = NULL; unsigned int um_index = 0, gm_index = 0; TALLOC_CTX *tmp_ctx = NULL; int ret; int i; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { ret = ENOMEM; goto fail; } user_basedn = sysdb_user_base_dn(tmp_ctx, domain); group_basedn = sysdb_group_base_dn(tmp_ctx, domain); if (!user_basedn || !group_basedn) { ret = ENOMEM; goto fail; } um = talloc_array(mem_ctx, const char *, el->num_values+1); gm = talloc_array(mem_ctx, const char *, el->num_values+1); if (!um || !gm) { ret = ENOMEM; goto fail; } for (i = 0; i< el->num_values; ++i) { dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &(el->values[i])); /* user member or group member? */ parent_dn = ldb_dn_get_parent(tmp_ctx, dn); if (ldb_dn_compare_base(parent_dn, user_basedn) == 0) { um[um_index] = rdn_as_string(mem_ctx, dn); if (um[um_index] == NULL) { ret = ENOMEM; goto fail; } DEBUG(SSSDBG_TRACE_FUNC, "User member %s\n", um[um_index]); um_index++; } else if (ldb_dn_compare_base(parent_dn, group_basedn) == 0) { gm[gm_index] = rdn_as_string(mem_ctx, dn); if (gm[gm_index] == NULL) { ret = ENOMEM; goto fail; } if (parent_name && strcmp(gm[gm_index], parent_name) == 0) { DEBUG(SSSDBG_TRACE_FUNC, "Skipping circular nesting for group %s\n", gm[gm_index]); continue; } DEBUG(SSSDBG_TRACE_FUNC, "Group member %s\n", gm[gm_index]); gm_index++; } else { DEBUG(SSSDBG_OP_FAILURE, "Group member not a user nor group: %s\n", ldb_dn_get_linearized(dn)); ret = EIO; goto fail; } talloc_zfree(dn); talloc_zfree(parent_dn); } um[um_index] = NULL; gm[gm_index] = NULL; if (um_index > 0) { um = talloc_realloc(mem_ctx, um, const char *, um_index+1); if (!um) { ret = ENOMEM; goto fail; } } else {