diff options
author | Sumit Bose <sbose@redhat.com> | 2015-04-28 20:58:15 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-05 16:02:38 +0200 |
commit | 145578006684481434ced78461ab8d1c3570f478 (patch) | |
tree | b2688e5b562fa9957805289291e7e2dda22ae205 | |
parent | cffe3135f29c737f2598f3c1384bfba1694fb843 (diff) | |
download | sssd-145578006684481434ced78461ab8d1c3570f478.tar.gz sssd-145578006684481434ced78461ab8d1c3570f478.tar.xz sssd-145578006684481434ced78461ab8d1c3570f478.zip |
IPA: enhance ipa_initgr_get_overrides_send()
This patch makes ipa_initgr_get_overrides_send() public and add support
to search overrides by UUID or by SID.
Related to https://fedorahosted.org/sssd/ticket/2633
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r-- | src/db/sysdb_views.c | 5 | ||||
-rw-r--r-- | src/providers/ipa/ipa_id.c | 63 | ||||
-rw-r--r-- | src/providers/ipa/ipa_id.h | 10 |
3 files changed, 61 insertions, 17 deletions
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c index 945f16ac1..aadd6018f 100644 --- a/src/db/sysdb_views.c +++ b/src/db/sysdb_views.c @@ -739,6 +739,11 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, NULL }; bool override_attrs_found = false; + if (override_attrs == NULL) { + /* nothing to do */ + return EOK; + } + tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 125a17ca6..764943479 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -294,6 +294,7 @@ struct ipa_initgr_get_overrides_state { struct ldb_message **groups; size_t group_count; + const char *groups_id_attr; size_t group_idx; struct be_acct_req *ar; @@ -302,13 +303,14 @@ struct ipa_initgr_get_overrides_state { static int ipa_initgr_get_overrides_step(struct tevent_req *req); -static struct tevent_req * +struct tevent_req * ipa_initgr_get_overrides_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct ipa_id_ctx *ipa_ctx, struct sss_domain_info *user_dom, size_t groups_count, - struct ldb_message **groups) + struct ldb_message **groups, + const char *groups_id_attr) { int ret; struct tevent_req *req; @@ -334,6 +336,12 @@ ipa_initgr_get_overrides_send(TALLOC_CTX *memctx, ret = EINVAL; goto done; } + state->groups_id_attr = talloc_strdup(state, groups_id_attr); + if (state->groups_id_attr == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } ret = ipa_initgr_get_overrides_step(req); done: @@ -366,7 +374,7 @@ static int ipa_initgr_get_overrides_step(struct tevent_req *req) } ipa_uuid = ldb_msg_find_attr_as_string(state->groups[state->group_idx], - SYSDB_UUID, NULL); + state->groups_id_attr, NULL); if (ipa_uuid == NULL) { /* This should never happen, the search filter used to get the list * of groups includes "uuid=*" @@ -377,11 +385,24 @@ static int ipa_initgr_get_overrides_step(struct tevent_req *req) talloc_free(state->ar); /* Avoid spiking memory with many groups */ - ret = get_be_acct_req_for_uuid(state, ipa_uuid, - state->user_dom->name, &state->ar); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n"); - return ret; + if (strcmp(state->groups_id_attr, SYSDB_UUID) == 0) { + ret = get_be_acct_req_for_uuid(state, ipa_uuid, + state->user_dom->name, &state->ar); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n"); + return ret; + } + } else if (strcmp(state->groups_id_attr, SYSDB_SID_STR) == 0) { + ret = get_be_acct_req_for_sid(state, ipa_uuid, + state->user_dom->name, &state->ar); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n"); + return ret; + } + } else { + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported groups ID type [%s].\n", + state->groups_id_attr); + return EINVAL; } DEBUG(SSSDBG_TRACE_LIBS, "Fetching group %s\n", ipa_uuid); @@ -408,7 +429,7 @@ static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq) struct ipa_initgr_get_overrides_state *state = tevent_req_data(req, struct ipa_initgr_get_overrides_state); int ret; - struct sysdb_attrs *override_attrs; + struct sysdb_attrs *override_attrs = NULL; ret = ipa_get_ad_override_recv(subreq, &state->dp_error, state, &override_attrs); @@ -419,10 +440,16 @@ static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq) return; } - ret = sysdb_store_override(state->user_dom, state->ipa_ctx->view_name, - SYSDB_MEMBER_GROUP, - override_attrs, - state->groups[state->group_idx]->dn); + if (strcmp(state->ipa_ctx->view_name, SYSDB_DEFAULT_VIEW_NAME) == 0) { + ret = sysdb_apply_default_override(state->user_dom, override_attrs, + state->groups[state->group_idx]->dn); + } else { + ret = sysdb_store_override(state->user_dom, + state->ipa_ctx->view_name, + SYSDB_MEMBER_GROUP, + override_attrs, + state->groups[state->group_idx]->dn); + } talloc_free(override_attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_store_override failed.\n"); @@ -443,7 +470,7 @@ static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq) tevent_req_done(req); } -static int ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error) +int ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error) { struct ipa_initgr_get_overrides_state *state = tevent_req_data(req, struct ipa_initgr_get_overrides_state); @@ -882,7 +909,8 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq) if (state->user_groups != NULL) { subreq = ipa_initgr_get_overrides_send(state, state->ev, state->ipa_ctx, state->domain, state->group_cnt, - state->user_groups); + state->user_groups, + SYSDB_UUID); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n"); ret = ENOMEM; @@ -960,8 +988,9 @@ static void ipa_id_get_account_info_done(struct tevent_req *subreq) if (state->user_groups != NULL) { subreq = ipa_initgr_get_overrides_send(state, state->ev, state->ipa_ctx, - state->domain, state->group_cnt, - state->user_groups); + state->domain, state->group_cnt, + state->user_groups, + SYSDB_UUID); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n"); ret = ENOMEM; diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index 2bb5e0d38..c03ca037a 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -119,4 +119,14 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, struct be_acct_req *ar, struct ldb_message **_msg); + +struct tevent_req * +ipa_initgr_get_overrides_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct ipa_id_ctx *ipa_ctx, + struct sss_domain_info *user_dom, + size_t groups_count, + struct ldb_message **groups, + const char *groups_id_attr); +int ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error); #endif |