155 lines
5.9 KiB
Diff
155 lines
5.9 KiB
Diff
From b72e444bc1cd2fe8d9617f09b446c678d4684fff Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
|
Date: Mon, 22 Jan 2018 00:02:43 +0100
|
|
Subject: [PATCH] DESKPROFILE: Add checks for user and host category
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
freeipa-deskprofile-plugin can have both user and host category set as
|
|
"all" and when it happens, no users and groups or hosts or hostgroups
|
|
are going to be set.
|
|
|
|
Let's treat this expected (but so far missed) situation on SSSD side.
|
|
|
|
Resolves:
|
|
https://pagure.io/SSSD/sssd/issue/3449
|
|
|
|
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
---
|
|
src/providers/ipa/ipa_deskprofile_rules_util.c | 100 ++++++++++++++++++++-----
|
|
1 file changed, 82 insertions(+), 18 deletions(-)
|
|
|
|
diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c
|
|
index 53c433145..01b7d0527 100644
|
|
--- a/src/providers/ipa/ipa_deskprofile_rules_util.c
|
|
+++ b/src/providers/ipa/ipa_deskprofile_rules_util.c
|
|
@@ -684,6 +684,8 @@ ipa_deskprofile_rules_save_rule_to_disk(
|
|
TALLOC_CTX *tmp_ctx;
|
|
const char *rule_name;
|
|
const char *data;
|
|
+ const char *hostcat;
|
|
+ const char *usercat;
|
|
char *shortname;
|
|
char *domainname;
|
|
char *base_dn;
|
|
@@ -722,6 +724,28 @@ ipa_deskprofile_rules_save_rule_to_disk(
|
|
goto done;
|
|
}
|
|
|
|
+ ret = sysdb_attrs_get_string(rule, IPA_HOST_CATEGORY, &hostcat);
|
|
+ if (ret == ENOENT) {
|
|
+ hostcat = NULL;
|
|
+ } else if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_TRACE_FUNC,
|
|
+ "Failed to get the Desktop Profile Rule host category for rule "
|
|
+ "\"%s\" [%d]: %s\n",
|
|
+ rule_name, ret, sss_strerror(ret));
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ ret = sysdb_attrs_get_string(rule, IPA_USER_CATEGORY, &usercat);
|
|
+ if (ret == ENOENT) {
|
|
+ usercat = NULL;
|
|
+ } else if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_TRACE_FUNC,
|
|
+ "Failed to get the Desktop Profile Rule user category for rule "
|
|
+ "\"%s\" [%d]: %s\n",
|
|
+ rule_name, ret, sss_strerror(ret));
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
rule_prio = talloc_asprintf(tmp_ctx, "%06d", prio);
|
|
if (rule_prio == NULL) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate rule priority\n");
|
|
@@ -753,26 +777,66 @@ ipa_deskprofile_rules_save_rule_to_disk(
|
|
goto done;
|
|
}
|
|
|
|
- ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule,
|
|
- rule_name, rule_prio,
|
|
- base_dn, username,
|
|
- &user_prio, &group_prio);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
- "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n",
|
|
- ret, sss_strerror(ret));
|
|
- goto done;
|
|
+ if (usercat != NULL && strcasecmp(usercat, "all") == 0) {
|
|
+ user_prio = talloc_strdup(tmp_ctx, rule_prio);
|
|
+ if (user_prio == NULL) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "Failed to allocate the user priority "
|
|
+ "when user category is \"all\"\n");
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ group_prio = talloc_strdup(tmp_ctx, rule_prio);
|
|
+ if (group_prio == NULL) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "Failed to allocate the group priority "
|
|
+ "when user category is \"all\"\n");
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+ } else {
|
|
+ ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule,
|
|
+ rule_name, rule_prio,
|
|
+ base_dn, username,
|
|
+ &user_prio, &group_prio);
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n",
|
|
+ ret, sss_strerror(ret));
|
|
+ goto done;
|
|
+ }
|
|
}
|
|
|
|
- ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule,
|
|
- rule_name, rule_prio,
|
|
- base_dn, hostname,
|
|
- &host_prio, &hostgroup_prio);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
- "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n",
|
|
- ret, sss_strerror(ret));
|
|
- goto done;
|
|
+ if (hostcat != NULL && strcasecmp(hostcat, "all") == 0) {
|
|
+ host_prio = talloc_strdup(tmp_ctx, rule_prio);
|
|
+ if (host_prio == NULL) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "Failed to allocate the host priority "
|
|
+ "when host category is \"all\"\n");
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+
|
|
+ hostgroup_prio = talloc_strdup(tmp_ctx, rule_prio);
|
|
+ if (hostgroup_prio == NULL) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "Failed to allocate the hostgroup priority "
|
|
+ "when host category is \"all\"\n");
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
+ } else {
|
|
+ ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule,
|
|
+ rule_name, rule_prio,
|
|
+ base_dn, hostname,
|
|
+ &host_prio, &hostgroup_prio);
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n",
|
|
+ ret, sss_strerror(ret));
|
|
+ goto done;
|
|
+ }
|
|
}
|
|
|
|
ret = ipa_deskprofile_get_normalized_rule_name(mem_ctx, rule_name,
|
|
--
|
|
2.14.3
|
|
|