c0971b7e39
- Resolves: upstream#3821 - crash related to sbus_router_destructor() - Resolves: upstream#3810 - sbus2: fix memory leak in sbus_message_bound_ref - Resolves: upstream#3819 - sssd only sets the SELinux login context if it differs from the default - Resolves: upstream#3807 - The sbus codegen script relies on "python" which might not be available on all distributions - Resolves: upstream#3820 - sudo: search with lower cased name for case insensitive domains - Resolves: upstream#3701 - [RFE] Allow changing default behavior of SSSD from an allow-any default to a deny-any default when it can't find any GPOs to apply to a user login. - Resolves: upstream#3828 - Invalid domain provider causes SSSD to abort startup - Resolves: upstream#3500 - Make sure sssd is a replacement for pam_pkcs11 also for local account authentication - Resolves: upstream#3812 - sssd 2.0.0 segfaults on startup - Resolves: upstream#3826 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated - Resolves: upstream#3827 - SSSD should log to syslog if a domain is not started due to a misconfiguration - Resolves: upstream#3830 - Printing incorrect information about domain with sssctl utility - Resolves: upstream#3489 - p11_child should work wit openssl1.0+ - Resolves: upstream#3750 - [RFE] man 5 sssd-files should mention necessary changes in nsswitch.conf - Resovles: upstream#3650 - RFE: Require smartcard authentication - Resolves: upstream#3334 - sssctl config-check does not check any special characters in domain name of domain section - Resolves: upstream#3849 - Files: The files provider always enumerates which causes duplicate when running getent passwd - Related: upstream#3855 - session not recording for local user when groups defined - Resolves: upstream#3802 - Reuse sysdb_error_to_errno() outside sysdb - Related: upstream#3493 - Remove the pysss.local interface
122 lines
3.3 KiB
Diff
122 lines
3.3 KiB
Diff
From f0603645f5ea5f707875807b4f815400f4b79e41 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
Date: Wed, 24 Oct 2018 09:41:44 +0200
|
|
Subject: [PATCH 5/5] PYSSS: Re-add the pysss.getgrouplist() interface
|
|
|
|
Related:
|
|
https://pagure.io/SSSD/sssd/issue/3493
|
|
|
|
Commit 0e211b8ba30c3adcdeef21ca1339b194cbfffb04 was supposed to remove
|
|
only the parts of the pysss API that relate to the local domain. But it
|
|
removed also the getgrouplist() method by accident. This method is very
|
|
important to IPA, so we need to add it back.
|
|
|
|
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
src/python/pysss.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
1 file changed, 83 insertions(+)
|
|
|
|
diff --git a/src/python/pysss.c b/src/python/pysss.c
|
|
index e92653a..78b8de0 100644
|
|
--- a/src/python/pysss.c
|
|
+++ b/src/python/pysss.c
|
|
@@ -215,12 +215,95 @@ static PyTypeObject pysss_password_type = {
|
|
.tp_doc = sss_py_const_p(char, "SSS password obfuscation"),
|
|
};
|
|
|
|
+/*
|
|
+ * Get list of groups user belongs to
|
|
+ */
|
|
+PyDoc_STRVAR(py_sss_getgrouplist__doc__,
|
|
+ "Get list of groups user belongs to.\n\n"
|
|
+ "NOTE: The interface uses the system NSS calls and is not limited to "
|
|
+ "users served by the SSSD!\n"
|
|
+ ":param username: name of user to get list for\n");
|
|
+
|
|
+static PyObject *py_sss_getgrouplist(PyObject *self, PyObject *args)
|
|
+{
|
|
+ char *username = NULL;
|
|
+ gid_t *groups = NULL;
|
|
+ struct passwd *pw;
|
|
+ struct group *gr;
|
|
+ int ngroups;
|
|
+ int ret;
|
|
+ Py_ssize_t i, idx;
|
|
+ PyObject *groups_tuple;
|
|
+
|
|
+ if(!PyArg_ParseTuple(args, discard_const_p(char, "s"), &username)) {
|
|
+ goto fail;
|
|
+ }
|
|
+
|
|
+ pw = getpwnam(username);
|
|
+ if (pw == NULL) {
|
|
+ goto fail;
|
|
+ }
|
|
+
|
|
+ ngroups = 32;
|
|
+ groups = malloc(sizeof(gid_t) * ngroups);
|
|
+ if (groups == NULL) {
|
|
+ goto fail;
|
|
+ }
|
|
+
|
|
+ do {
|
|
+ ret = getgrouplist(username, pw->pw_gid, groups, &ngroups);
|
|
+ if (ret < ngroups) {
|
|
+ gid_t *tmp_groups = realloc(groups, ngroups * sizeof(gid_t));
|
|
+ if (tmp_groups == NULL) {
|
|
+ goto fail;
|
|
+ }
|
|
+ groups = tmp_groups;
|
|
+ }
|
|
+ } while (ret != ngroups);
|
|
+
|
|
+ groups_tuple = PyTuple_New((Py_ssize_t) ngroups);
|
|
+ if (groups_tuple == NULL) {
|
|
+ goto fail;
|
|
+ }
|
|
+
|
|
+ /* Populate a tuple with names of groups
|
|
+ * In unlikely case of group not being able to resolve, skip it
|
|
+ * We also need to resize resulting tuple to avoid empty elements there */
|
|
+ idx = 0;
|
|
+ for (i = 0; i < ngroups; i++) {
|
|
+ gr = getgrgid(groups[i]);
|
|
+ if (gr) {
|
|
+ PyTuple_SetItem(groups_tuple, idx,
|
|
+#ifdef IS_PY3K
|
|
+ PyUnicode_FromString(gr->gr_name)
|
|
+#else
|
|
+ PyString_FromString(gr->gr_name)
|
|
+#endif
|
|
+ );
|
|
+ idx++;
|
|
+ }
|
|
+ }
|
|
+ free(groups);
|
|
+ groups = NULL;
|
|
+
|
|
+ if (i != idx) {
|
|
+ _PyTuple_Resize(&groups_tuple, idx);
|
|
+ }
|
|
+
|
|
+ return groups_tuple;
|
|
+
|
|
+fail:
|
|
+ free(groups);
|
|
+ return NULL;
|
|
+}
|
|
+
|
|
/* ==================== the sss module initialization =======================*/
|
|
|
|
/*
|
|
* Module methods
|
|
*/
|
|
static PyMethodDef module_methods[] = {
|
|
+ {"getgrouplist", py_sss_getgrouplist, METH_VARARGS, py_sss_getgrouplist__doc__},
|
|
{NULL, NULL, 0, NULL} /* Sentinel */
|
|
};
|
|
|
|
--
|
|
2.9.5
|
|
|