199 lines
8.7 KiB
Diff
199 lines
8.7 KiB
Diff
From 58a19d50888b1a7da0ee78b49e7d3dcbebc8614d Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Tue, 28 Apr 2015 20:58:15 +0200
|
|
Subject: [PATCH 79/99] IPA: enhance ipa_initgr_get_overrides_send()
|
|
|
|
This patch makes ipa_initgr_get_overrides_send() public and add support
|
|
to search overrides by UUID or by SID.
|
|
|
|
Related to https://fedorahosted.org/sssd/ticket/2633
|
|
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
(cherry picked from commit 145578006684481434ced78461ab8d1c3570f478)
|
|
---
|
|
src/db/sysdb_views.c | 5 ++++
|
|
src/providers/ipa/ipa_id.c | 63 +++++++++++++++++++++++++++++++++-------------
|
|
src/providers/ipa/ipa_id.h | 10 ++++++++
|
|
3 files changed, 61 insertions(+), 17 deletions(-)
|
|
|
|
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
|
|
index 945f16ac1753e3b4dfa0c799b00ad177b24d438c..aadd6018f4d1e2ca33e2e00dd8b13b55a8c03f3e 100644
|
|
--- a/src/db/sysdb_views.c
|
|
+++ b/src/db/sysdb_views.c
|
|
@@ -739,6 +739,11 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
|
|
NULL };
|
|
bool override_attrs_found = false;
|
|
|
|
+ if (override_attrs == NULL) {
|
|
+ /* nothing to do */
|
|
+ return EOK;
|
|
+ }
|
|
+
|
|
tmp_ctx = talloc_new(NULL);
|
|
if (tmp_ctx == NULL) {
|
|
DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
|
|
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
|
|
index 38ac4904dcd97c3e241b28143e1f7b8fade37d70..ebf5f03b822e00aa04e45eeca79b8dade67631d2 100644
|
|
--- a/src/providers/ipa/ipa_id.c
|
|
+++ b/src/providers/ipa/ipa_id.c
|
|
@@ -294,6 +294,7 @@ struct ipa_initgr_get_overrides_state {
|
|
|
|
struct ldb_message **groups;
|
|
size_t group_count;
|
|
+ const char *groups_id_attr;
|
|
size_t group_idx;
|
|
struct be_acct_req *ar;
|
|
|
|
@@ -302,13 +303,14 @@ struct ipa_initgr_get_overrides_state {
|
|
|
|
static int ipa_initgr_get_overrides_step(struct tevent_req *req);
|
|
|
|
-static struct tevent_req *
|
|
+struct tevent_req *
|
|
ipa_initgr_get_overrides_send(TALLOC_CTX *memctx,
|
|
struct tevent_context *ev,
|
|
struct ipa_id_ctx *ipa_ctx,
|
|
struct sss_domain_info *user_dom,
|
|
size_t groups_count,
|
|
- struct ldb_message **groups)
|
|
+ struct ldb_message **groups,
|
|
+ const char *groups_id_attr)
|
|
{
|
|
int ret;
|
|
struct tevent_req *req;
|
|
@@ -334,6 +336,12 @@ ipa_initgr_get_overrides_send(TALLOC_CTX *memctx,
|
|
ret = EINVAL;
|
|
goto done;
|
|
}
|
|
+ state->groups_id_attr = talloc_strdup(state, groups_id_attr);
|
|
+ if (state->groups_id_attr == NULL) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
|
|
+ ret = ENOMEM;
|
|
+ goto done;
|
|
+ }
|
|
|
|
ret = ipa_initgr_get_overrides_step(req);
|
|
done:
|
|
@@ -366,7 +374,7 @@ static int ipa_initgr_get_overrides_step(struct tevent_req *req)
|
|
}
|
|
|
|
ipa_uuid = ldb_msg_find_attr_as_string(state->groups[state->group_idx],
|
|
- SYSDB_UUID, NULL);
|
|
+ state->groups_id_attr, NULL);
|
|
if (ipa_uuid == NULL) {
|
|
/* This should never happen, the search filter used to get the list
|
|
* of groups includes "uuid=*"
|
|
@@ -377,11 +385,24 @@ static int ipa_initgr_get_overrides_step(struct tevent_req *req)
|
|
|
|
talloc_free(state->ar); /* Avoid spiking memory with many groups */
|
|
|
|
- ret = get_be_acct_req_for_uuid(state, ipa_uuid,
|
|
- state->user_dom->name, &state->ar);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n");
|
|
- return ret;
|
|
+ if (strcmp(state->groups_id_attr, SYSDB_UUID) == 0) {
|
|
+ ret = get_be_acct_req_for_uuid(state, ipa_uuid,
|
|
+ state->user_dom->name, &state->ar);
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n");
|
|
+ return ret;
|
|
+ }
|
|
+ } else if (strcmp(state->groups_id_attr, SYSDB_SID_STR) == 0) {
|
|
+ ret = get_be_acct_req_for_sid(state, ipa_uuid,
|
|
+ state->user_dom->name, &state->ar);
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n");
|
|
+ return ret;
|
|
+ }
|
|
+ } else {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported groups ID type [%s].\n",
|
|
+ state->groups_id_attr);
|
|
+ return EINVAL;
|
|
}
|
|
|
|
DEBUG(SSSDBG_TRACE_LIBS, "Fetching group %s\n", ipa_uuid);
|
|
@@ -408,7 +429,7 @@ static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq)
|
|
struct ipa_initgr_get_overrides_state *state = tevent_req_data(req,
|
|
struct ipa_initgr_get_overrides_state);
|
|
int ret;
|
|
- struct sysdb_attrs *override_attrs;
|
|
+ struct sysdb_attrs *override_attrs = NULL;
|
|
|
|
ret = ipa_get_ad_override_recv(subreq, &state->dp_error, state,
|
|
&override_attrs);
|
|
@@ -419,10 +440,16 @@ static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq)
|
|
return;
|
|
}
|
|
|
|
- ret = sysdb_store_override(state->user_dom, state->ipa_ctx->view_name,
|
|
- SYSDB_MEMBER_GROUP,
|
|
- override_attrs,
|
|
- state->groups[state->group_idx]->dn);
|
|
+ if (strcmp(state->ipa_ctx->view_name, SYSDB_DEFAULT_VIEW_NAME) == 0) {
|
|
+ ret = sysdb_apply_default_override(state->user_dom, override_attrs,
|
|
+ state->groups[state->group_idx]->dn);
|
|
+ } else {
|
|
+ ret = sysdb_store_override(state->user_dom,
|
|
+ state->ipa_ctx->view_name,
|
|
+ SYSDB_MEMBER_GROUP,
|
|
+ override_attrs,
|
|
+ state->groups[state->group_idx]->dn);
|
|
+ }
|
|
talloc_free(override_attrs);
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_OP_FAILURE, "sysdb_store_override failed.\n");
|
|
@@ -443,7 +470,7 @@ static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq)
|
|
tevent_req_done(req);
|
|
}
|
|
|
|
-static int ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error)
|
|
+int ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error)
|
|
{
|
|
struct ipa_initgr_get_overrides_state *state = tevent_req_data(req,
|
|
struct ipa_initgr_get_overrides_state);
|
|
@@ -884,7 +911,8 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq)
|
|
if (state->user_groups != NULL) {
|
|
subreq = ipa_initgr_get_overrides_send(state, state->ev, state->ipa_ctx,
|
|
state->domain, state->group_cnt,
|
|
- state->user_groups);
|
|
+ state->user_groups,
|
|
+ SYSDB_UUID);
|
|
if (subreq == NULL) {
|
|
DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
|
|
ret = ENOMEM;
|
|
@@ -962,8 +990,9 @@ static void ipa_id_get_account_info_done(struct tevent_req *subreq)
|
|
|
|
if (state->user_groups != NULL) {
|
|
subreq = ipa_initgr_get_overrides_send(state, state->ev, state->ipa_ctx,
|
|
- state->domain, state->group_cnt,
|
|
- state->user_groups);
|
|
+ state->domain, state->group_cnt,
|
|
+ state->user_groups,
|
|
+ SYSDB_UUID);
|
|
if (subreq == NULL) {
|
|
DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
|
|
ret = ENOMEM;
|
|
diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h
|
|
index 2bb5e0d38f42d4bbb04854dfb04804fecf6257e8..c03ca037a2850478a8f4933bac4fcf8bd70ada04 100644
|
|
--- a/src/providers/ipa/ipa_id.h
|
|
+++ b/src/providers/ipa/ipa_id.h
|
|
@@ -119,4 +119,14 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx,
|
|
struct sss_domain_info *dom,
|
|
struct be_acct_req *ar,
|
|
struct ldb_message **_msg);
|
|
+
|
|
+struct tevent_req *
|
|
+ipa_initgr_get_overrides_send(TALLOC_CTX *memctx,
|
|
+ struct tevent_context *ev,
|
|
+ struct ipa_id_ctx *ipa_ctx,
|
|
+ struct sss_domain_info *user_dom,
|
|
+ size_t groups_count,
|
|
+ struct ldb_message **groups,
|
|
+ const char *groups_id_attr);
|
|
+int ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error);
|
|
#endif
|
|
--
|
|
2.4.0
|
|
|