summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2015-04-28 20:58:15 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-05-05 16:02:38 +0200
commit145578006684481434ced78461ab8d1c3570f478 (patch)
treeb2688e5b562fa9957805289291e7e2dda22ae205
parentcffe3135f29c737f2598f3c1384bfba1694fb843 (diff)
downloadsssd-145578006684481434ced78461ab8d1c3570f478.tar.gz
sssd-145578006684481434ced78461ab8d1c3570f478.tar.xz
sssd-145578006684481434ced78461ab8d1c3570f478.zip
IPA: enhance ipa_initgr_get_overrides_send()
This patch makes ipa_initgr_get_overrides_send() public and add support to search overrides by UUID or by SID. Related to https://fedorahosted.org/sssd/ticket/2633 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r--src/db/sysdb_views.c5
-rw-r--r--src/providers/ipa/ipa_id.c63
-rw-r--r--src/providers/ipa/ipa_id.h10
3 files changed, 61 insertions, 17 deletions
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
index 945f16ac1..aadd6018f 100644
--- a/src/db/sysdb_views.c
+++ b/src/db/sysdb_views.c
@@ -739,6 +739,11 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
NULL };
bool override_attrs_found = false;
+ if (override_attrs == NULL) {
+ /* nothing to do */
+ return EOK;
+ }
+
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
index 125a17ca6..764943479 100644
--- a/src/providers/ipa/ipa_id.c
+++ b/src/providers/ipa/ipa_id.c
@@ -294,6 +294,7 @@ struct ipa_initgr_get_overrides_state {
struct ldb_message **groups;
size_t group_count;
+ const char *groups_id_attr;
size_t group_idx;
struct be_acct_req *ar;
@@ -302,13 +303,14 @@ struct ipa_initgr_get_overrides_state {
static int ipa_initgr_get_overrides_step(struct tevent_req *req);
-static struct tevent_req *
+struct tevent_req *
ipa_initgr_get_overrides_send(TALLOC_CTX *memctx,
struct tevent_context *ev,
struct ipa_id_ctx *ipa_ctx,
struct sss_domain_info *user_dom,
size_t groups_count,
- struct ldb_message **groups)
+ struct ldb_message **groups,
+ const char *groups_id_attr)
{
int ret;
struct tevent_req *req;
@@ -334,6 +336,12 @@ ipa_initgr_get_overrides_send(TALLOC_CTX *memctx,
ret = EINVAL;
goto done;
}
+ state->groups_id_attr = talloc_strdup(state, groups_id_attr);
+ if (state->groups_id_attr == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
ret = ipa_initgr_get_overrides_step(req);
done:
@@ -366,7 +374,7 @@ static int ipa_initgr_get_overrides_step(struct tevent_req *req)
}
ipa_uuid = ldb_msg_find_attr_as_string(state->groups[state->group_idx],
- SYSDB_UUID, NULL);
+ state->groups_id_attr, NULL);
if (ipa_uuid == NULL) {
/* This should never happen, the search filter used to get the list
* of groups includes "uuid=*"
@@ -377,11 +385,24 @@ static int ipa_initgr_get_overrides_step(struct tevent_req *req)
talloc_free(state->ar); /* Avoid spiking memory with many groups */
- ret = get_be_acct_req_for_uuid(state, ipa_uuid,
- state->user_dom->name, &state->ar);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n");
- return ret;
+ if (strcmp(state->groups_id_attr, SYSDB_UUID) == 0) {
+ ret = get_be_acct_req_for_uuid(state, ipa_uuid,
+ state->user_dom->name, &state->ar);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n");
+ return ret;
+ }
+ } else if (strcmp(state->groups_id_attr, SYSDB_SID_STR) == 0) {
+ ret = get_be_acct_req_for_sid(state, ipa_uuid,
+ state->user_dom->name, &state->ar);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n");
+ return ret;
+ }
+ } else {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported groups ID type [%s].\n",
+ state->groups_id_attr);
+ return EINVAL;
}
DEBUG(SSSDBG_TRACE_LIBS, "Fetching group %s\n", ipa_uuid);
@@ -408,7 +429,7 @@ static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq)
struct ipa_initgr_get_overrides_state *state = tevent_req_data(req,
struct ipa_initgr_get_overrides_state);
int ret;
- struct sysdb_attrs *override_attrs;
+ struct sysdb_attrs *override_attrs = NULL;
ret = ipa_get_ad_override_recv(subreq, &state->dp_error, state,
&override_attrs);
@@ -419,10 +440,16 @@ static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq)
return;
}
- ret = sysdb_store_override(state->user_dom, state->ipa_ctx->view_name,
- SYSDB_MEMBER_GROUP,
- override_attrs,
- state->groups[state->group_idx]->dn);
+ if (strcmp(state->ipa_ctx->view_name, SYSDB_DEFAULT_VIEW_NAME) == 0) {
+ ret = sysdb_apply_default_override(state->user_dom, override_attrs,
+ state->groups[state->group_idx]->dn);
+ } else {
+ ret = sysdb_store_override(state->user_dom,
+ state->ipa_ctx->view_name,
+ SYSDB_MEMBER_GROUP,
+ override_attrs,
+ state->groups[state->group_idx]->dn);
+ }
talloc_free(override_attrs);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_store_override failed.\n");
@@ -443,7 +470,7 @@ static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq)
tevent_req_done(req);
}
-static int ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error)
+int ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error)
{
struct ipa_initgr_get_overrides_state *state = tevent_req_data(req,
struct ipa_initgr_get_overrides_state);
@@ -882,7 +909,8 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq)
if (state->user_groups != NULL) {
subreq = ipa_initgr_get_overrides_send(state, state->ev, state->ipa_ctx,
state->domain, state->group_cnt,
- state->user_groups);
+ state->user_groups,
+ SYSDB_UUID);
if (subreq == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
ret = ENOMEM;
@@ -960,8 +988,9 @@ static void ipa_id_get_account_info_done(struct tevent_req *subreq)
if (state->user_groups != NULL) {
subreq = ipa_initgr_get_overrides_send(state, state->ev, state->ipa_ctx,
- state->domain, state->group_cnt,
- state->user_groups);
+ state->domain, state->group_cnt,
+ state->user_groups,
+ SYSDB_UUID);
if (subreq == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
ret = ENOMEM;
diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h
index 2bb5e0d38..c03ca037a 100644
--- a/src/providers/ipa/ipa_id.h
+++ b/src/providers/ipa/ipa_id.h
@@ -119,4 +119,14 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom,
struct be_acct_req *ar,
struct ldb_message **_msg);
+
+struct tevent_req *
+ipa_initgr_get_overrides_send(TALLOC_CTX *memctx,
+ struct tevent_context *ev,
+ struct ipa_id_ctx *ipa_ctx,
+ struct sss_domain_info *user_dom,
+ size_t groups_count,
+ struct ldb_message **groups,
+ const char *groups_id_attr);
+int ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error);
#endif