From 8b8ed36516e9a40df6ac9ac46ab355fee0e5b5f0 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Wed, 14 Nov 2018 14:37:31 +0100 Subject: Support generating uidNumbers on proxy --- proxy.c | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) (limited to 'proxy.c') diff --git a/proxy.c b/proxy.c index 98151a4..275b4d1 100644 --- a/proxy.c +++ b/proxy.c @@ -4,6 +4,7 @@ #include "helper.h" #include "tmpbuffer.h" #include "ldap.h" +#include "uidmap.h" #include "lstring.h" #include #include @@ -511,16 +512,18 @@ static void request_replaceAdl(server_t *server, struct AttributeDescriptionList *adl = next; } } + // Set simple flag for there elifSETATTR(gidnumber, gidNumber); elifSETATTR(gecos, gecos); elifSETATTR(realaccount, realAccount); elifSETATTR(loginshell, loginShell); + // Further handling (uid, homeMount, objectClass, uidNumber) else request_replaceAttribute(server, &(*adl)->a, NULL, attr, FALSE); if (*adl == NULL) break; if (next == NULL) adl = &(*adl)->next; // If next is not NULL, we removed an entry, so we don't need to shift } if (!attr->hasUser) { - if (attr->homeDirectory || attr->gecos || attr->homeMount) { + if (attr->homeDirectory || attr->gecos || attr->homeMount || (server->genUidNumber && attr->uidNumber)) { struct AttributeDescriptionList *user = calloc(1, sizeof(struct AttributeDescriptionList)); user->a = server->map.uid; user->next = *adl; @@ -564,8 +567,21 @@ static BOOL request_replaceAttribute(server_t *server, struct string *attribute, else if (equals(value, &s_posixAccount)) *value = server->map.posixAccount; } else if (iequals(attribute, &s_uidnumber)) { *attribute = server->map.uidnumber; + if (attr) attr->uidNumber = TRUE; if (value == NULL) return TRUE; - if (value != NULL && !negated && value->l == 1 && value->s[0] == '0') { + if (server->genUidNumber && !(value->l == 1 && value->s[0] == '0')) { + // We're managing uidNumbers on the proxy + const struct string *name = uidmap_getNameForNumber(&server->uidmap, value); + if (name != NULL) { // Mapped to uid, so query will return all the requested fields + *attribute = server->map.uid; + *value = *name; + } else { + // Nothing, make sure query doesn't match + *value = s_uid; + } + return TRUE; + } + if (!negated && value->l == 1 && value->s[0] == '0') { // Saftey measure: Query for user with uidNumber == 0 - root; replace with something that // should never return anything *value = s_uid; @@ -657,9 +673,12 @@ static void response_replacePal(server_t *server, struct PartialAttributeList ** elifDELATTR(gidnumber, gidNumber); elifDELATTR(gecos, gecos); elifDELATTR(loginshell, loginShell); - elifDELATTR(uidnumber, uidNumber, !server->plainLdap &&); + elifDELATTR(uidnumber, uidNumber, (!server->plainLdap || server->genUidNumber) &&); elifDEL(mail); elifDELATTR(cn, cn, !iequals(&server->map.uid, &s_cn) &&); + else if (server->genUidNumber && iequals(&(*pal)->type, &server->map.uidnumber)) { + del = TRUE; + } else if (iequals(&(*pal)->type, &server->map.homemount)) { // homeDirectory is set in AD - it can either be a local path (in which case it's useless) // or a UNC path, which we can easily mount via mount.cifs @@ -698,6 +717,13 @@ static void response_replacePal(server_t *server, struct PartialAttributeList ** pal = &(*pal)->next; } if (username != NULL) { + if (server->genUidNumber && attr->uidNumber) { + // Let's supply some uidNumber + uint32_t num = uidmap_getNumberForName(&server->uidmap, username); + if (num >= 2000) { + ADDATTR(uidNumber, "%"PRIu32, num); + } + } char *user = tmpbuffer_get(); snprintf(user, TMPLEN, "%.*s", (int)username->l, username->s); if (attr->homeDirectory) { -- cgit v1.2.3-55-g7522