sssd/0069-PYSSS-Re-add-the-pysss.getgrouplist-interface.patch
Michal Židek c0971b7e39 Backport a bunch of upstream fixes
- Resolves: upstream#3821 - crash related to sbus_router_destructor()
- Resolves: upstream#3810 - sbus2: fix memory leak in sbus_message_bound_ref
- Resolves: upstream#3819 - sssd only sets the SELinux login context if it
                            differs from the default
- Resolves: upstream#3807 - The sbus codegen script relies on "python" which
                            might not be available on all distributions
- Resolves: upstream#3820 - sudo: search with lower cased name for case
                            insensitive domains
- Resolves: upstream#3701 - [RFE] Allow changing default behavior of SSSD from
                            an allow-any default to a deny-any default when it
                            can't find any GPOs to apply to a user login.
- Resolves: upstream#3828 - Invalid domain provider causes SSSD to abort
                            startup
- Resolves: upstream#3500 - Make sure sssd is a replacement for pam_pkcs11
                            also for local account authentication
- Resolves: upstream#3812 - sssd 2.0.0 segfaults on startup
- Resolves: upstream#3826 - Remove references of sss_user/group/add/del
                            commands in man pages since local provider is
                            deprecated
- Resolves: upstream#3827 - SSSD should log to syslog if a domain is not
                            started due to a misconfiguration
- Resolves: upstream#3830 - Printing incorrect information about domain with
                            sssctl utility
- Resolves: upstream#3489 - p11_child should work wit openssl1.0+
- Resolves: upstream#3750 - [RFE] man 5 sssd-files should mention necessary
                            changes in nsswitch.conf
- Resovles: upstream#3650 - RFE: Require smartcard authentication
- Resolves: upstream#3334 - sssctl config-check does not check any special
                            characters in domain name of domain section
- Resolves: upstream#3849 - Files: The files provider always enumerates
                            which causes duplicate when running getent passwd
- Related: upstream#3855 - session not recording for local user when groups
                           defined
- Resolves: upstream#3802 - Reuse sysdb_error_to_errno() outside sysdb
- Related: upstream#3493 - Remove the pysss.local interface
2018-10-24 14:40:58 +02:00

122 lines
3.3 KiB
Diff

From f0603645f5ea5f707875807b4f815400f4b79e41 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 24 Oct 2018 09:41:44 +0200
Subject: [PATCH 5/5] PYSSS: Re-add the pysss.getgrouplist() interface
Related:
https://pagure.io/SSSD/sssd/issue/3493
Commit 0e211b8ba30c3adcdeef21ca1339b194cbfffb04 was supposed to remove
only the parts of the pysss API that relate to the local domain. But it
removed also the getgrouplist() method by accident. This method is very
important to IPA, so we need to add it back.
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/python/pysss.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 83 insertions(+)
diff --git a/src/python/pysss.c b/src/python/pysss.c
index e92653a..78b8de0 100644
--- a/src/python/pysss.c
+++ b/src/python/pysss.c
@@ -215,12 +215,95 @@ static PyTypeObject pysss_password_type = {
.tp_doc = sss_py_const_p(char, "SSS password obfuscation"),
};
+/*
+ * Get list of groups user belongs to
+ */
+PyDoc_STRVAR(py_sss_getgrouplist__doc__,
+ "Get list of groups user belongs to.\n\n"
+ "NOTE: The interface uses the system NSS calls and is not limited to "
+ "users served by the SSSD!\n"
+ ":param username: name of user to get list for\n");
+
+static PyObject *py_sss_getgrouplist(PyObject *self, PyObject *args)
+{
+ char *username = NULL;
+ gid_t *groups = NULL;
+ struct passwd *pw;
+ struct group *gr;
+ int ngroups;
+ int ret;
+ Py_ssize_t i, idx;
+ PyObject *groups_tuple;
+
+ if(!PyArg_ParseTuple(args, discard_const_p(char, "s"), &username)) {
+ goto fail;
+ }
+
+ pw = getpwnam(username);
+ if (pw == NULL) {
+ goto fail;
+ }
+
+ ngroups = 32;
+ groups = malloc(sizeof(gid_t) * ngroups);
+ if (groups == NULL) {
+ goto fail;
+ }
+
+ do {
+ ret = getgrouplist(username, pw->pw_gid, groups, &ngroups);
+ if (ret < ngroups) {
+ gid_t *tmp_groups = realloc(groups, ngroups * sizeof(gid_t));
+ if (tmp_groups == NULL) {
+ goto fail;
+ }
+ groups = tmp_groups;
+ }
+ } while (ret != ngroups);
+
+ groups_tuple = PyTuple_New((Py_ssize_t) ngroups);
+ if (groups_tuple == NULL) {
+ goto fail;
+ }
+
+ /* Populate a tuple with names of groups
+ * In unlikely case of group not being able to resolve, skip it
+ * We also need to resize resulting tuple to avoid empty elements there */
+ idx = 0;
+ for (i = 0; i < ngroups; i++) {
+ gr = getgrgid(groups[i]);
+ if (gr) {
+ PyTuple_SetItem(groups_tuple, idx,
+#ifdef IS_PY3K
+ PyUnicode_FromString(gr->gr_name)
+#else
+ PyString_FromString(gr->gr_name)
+#endif
+ );
+ idx++;
+ }
+ }
+ free(groups);
+ groups = NULL;
+
+ if (i != idx) {
+ _PyTuple_Resize(&groups_tuple, idx);
+ }
+
+ return groups_tuple;
+
+fail:
+ free(groups);
+ return NULL;
+}
+
/* ==================== the sss module initialization =======================*/
/*
* Module methods
*/
static PyMethodDef module_methods[] = {
+ {"getgrouplist", py_sss_getgrouplist, METH_VARARGS, py_sss_getgrouplist__doc__},
{NULL, NULL, 0, NULL} /* Sentinel */
};
--
2.9.5