SDAP: Extract filtering AD group to function

Patch remove code duplication. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit bad2fc8133d941e5a6c8d8016c9689e039265c61) (cherry picked from commit bdd031d274659263db5f28408d8b75c63d3485a0)
author: Lukas Slebodnik <lslebodn@redhat.com> 2015-04-13 09:44:35 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-04-14 13:18:47 +0200
commit: 5601c23a999eb83ebfd5558742900ad467eee19d (patch)
tree: 181c0f1761629856e14238fb5e373086e44ed42a
parent: 7d404844474667e29bdac68273cb10f93a381c27 (diff)
download: sssd-5601c23a999eb83ebfd5558742900ad467eee19d.tar.gz
sssd-5601c23a999eb83ebfd5558742900ad467eee19d.tar.xz
sssd-5601c23a999eb83ebfd5558742900ad467eee19d.zip
5 files changed, 101 insertions, 47 deletions
diff --git a/Makefile.am b/Makefile.am
index df3484074..973f8cb35 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1886,6 +1886,7 @@ nestedgroups_tests_SOURCES = \
     src/providers/ldap/sdap_idmap.c \
     src/tests/cmocka/test_nested_groups.c \
     src/providers/ldap/sdap_async_nested_groups.c \
+    src/providers/ldap/sdap_ad_groups.c \
     $(NULL)
 nestedgroups_tests_CFLAGS = \
     $(AM_CFLAGS) \
@@ -2412,6 +2413,7 @@ libsss_ldap_common_la_SOURCES = \
     src/providers/ldap/sdap_async_connection.c \
     src/providers/ldap/sdap_async_netgroups.c \
     src/providers/ldap/sdap_async_services.c \
+    src/providers/ldap/sdap_ad_groups.c \
     src/providers/ldap/sdap_child_helpers.c \
     src/providers/ldap/sdap_fd_events.c \
     src/providers/ldap/sdap_id_op.c \
diff --git a/src/providers/ldap/sdap_ad_groups.c b/src/providers/ldap/sdap_ad_groups.c
new file mode 100644
index 000000000..0e36328b9
--- /dev/null
+++ b/src/providers/ldap/sdap_ad_groups.c
@@ -0,0 +1,68 @@
+/*
+    SSSD
+
+    AD groups helper routines
+
+    Authors:
+        Lukas Slebodnik <lslebodn@redhat.com>
+
+    Copyright (C) 2013 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "db/sysdb.h"
+#include "providers/ldap/sdap.h"
+#include "providers/ldap/sdap_async_private.h"
+
+/* ==Group-Parsing Routines=============================================== */
+
+errno_t sdap_check_ad_group_type(struct sss_domain_info *dom,
+                                 struct sdap_options *opts,
+                                 struct sysdb_attrs *group_attrs,
+                                 const char *group_name,
+                                 bool *_need_filter)
+{
+    int32_t ad_group_type;
+    errno_t ret = EOK;
+    *_need_filter = false;
+
+    if (opts->schema_type == SDAP_SCHEMA_AD) {
+        ret = sysdb_attrs_get_int32_t(group_attrs, SYSDB_GROUP_TYPE,
+                                      &ad_group_type);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_int32_t failed.\n");
+            return ret;
+        }
+
+        DEBUG(SSSDBG_TRACE_ALL,
+              "AD group [%s] has type flags %#x.\n",
+              group_name, ad_group_type);
+
+        /* Only security groups from AD are considered for POSIX groups.
+         * Additionally only global and universal group are taken to account
+         * for trusted domains. */
+        if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY)
+            || (IS_SUBDOMAIN(dom)
+                && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL)
+                      || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) {
+            DEBUG(SSSDBG_TRACE_FUNC,
+                  "Filtering AD group [%s].\n", group_name);
+
+            *_need_filter = true;
+        }
+    }
+
+    return ret;
+}
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 454d302ea..fb1912d2b 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -510,9 +510,9 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     TALLOC_CTX *tmpctx = NULL;
     bool posix_group;
     bool use_id_mapping;
+    bool need_filter;
     char *sid_str;
     struct sss_domain_info *subdomain;
-    int32_t ad_group_type;
 
     tmpctx = talloc_new(NULL);
     if (!tmpctx) {
@@ -579,32 +579,20 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", group_name);
 
     posix_group = true;
-    if (opts->schema_type == SDAP_SCHEMA_AD) {
-        ret = sysdb_attrs_get_int32_t(attrs, SYSDB_GROUP_TYPE, &ad_group_type);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_int32_t failed.\n");
-            goto done;
-        }
+    ret = sdap_check_ad_group_type(dom, opts, attrs, group_name,
+                                   &need_filter);
+    if (ret != EOK) {
+        goto done;
+    }
+    if (need_filter) {
+        posix_group = false;
+        gid = 0;
 
-        DEBUG(SSSDBG_TRACE_ALL, "AD group [%s] has type flags %#x.\n",
-                                 group_name, ad_group_type);
-        /* Only security groups from AD are considered for POSIX groups.
-         * Additionally only global and universal group are taken to account
-         * for trusted domains. */
-        if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY)
-                || (IS_SUBDOMAIN(dom)
-                    && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL)
-                        || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) {
-            posix_group = false;
-            gid = 0;
-            DEBUG(SSSDBG_TRACE_FUNC, "Filtering AD group [%s].\n",
-                                      group_name);
-            ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, false);
-            if (ret != EOK) {
-                DEBUG(SSSDBG_OP_FAILURE,
-                      "Error: Failed to mark group as non-posix!\n");
-                return ret;
-            }
+        ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, false);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "Error: Failed to mark group as non-posix!\n");
+            return ret;
         }
     }
 
diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c
index 1eba35ae8..08e199869 100644
--- a/src/providers/ldap/sdap_async_nested_groups.c
+++ b/src/providers/ldap/sdap_async_nested_groups.c
@@ -240,32 +240,21 @@ sdap_nested_group_hash_group(struct sdap_nested_group_ctx *group_ctx,
 {
     struct sdap_attr_map *map = group_ctx->opts->group_map;
     gid_t gid;
-    errno_t ret = ENOENT;
-    int32_t ad_group_type;
+    errno_t ret;
     bool posix_group = true;
     bool use_id_mapping;
     bool can_find_gid;
+    bool need_filter;
 
-    if (group_ctx->opts->schema_type == SDAP_SCHEMA_AD) {
-        ret = sysdb_attrs_get_int32_t(group, SYSDB_GROUP_TYPE, &ad_group_type);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_int32_t failed.\n");
-            return ret;
-        }
+    ret = sdap_check_ad_group_type(group_ctx->domain, group_ctx->opts,
+                                   group, "", &need_filter);
+    if (ret != EOK) {
+        return ret;
+    }
 
-        DEBUG(SSSDBG_TRACE_ALL, "AD group has type flags %#x.\n",
-                                 ad_group_type);
-        /* Only security groups from AD are considered for POSIX groups.
-         * Additionally only global and universal group are taken to account
-         * for trusted domains. */
-        if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY)
-                || (IS_SUBDOMAIN(group_ctx->domain)
-                    && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL)
-                        || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) {
-            posix_group = false;
-            gid = 0;
-            DEBUG(SSSDBG_TRACE_FUNC, "Filtering AD group.\n");
-        }
+    if (need_filter) {
+        posix_group = false;
+        gid = 0;
     }
 
     use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h
index 3995a2ac3..db542eaf8 100644
--- a/src/providers/ldap/sdap_async_private.h
+++ b/src/providers/ldap/sdap_async_private.h
@@ -138,4 +138,11 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
                                    char **groupnames,
                                    struct sysdb_attrs **ldap_groups,
                                    int ldap_groups_count);
+
+/* from sdap_async_nested_groups.c */
+errno_t sdap_check_ad_group_type(struct sss_domain_info *dom,
+                                 struct sdap_options *opts,
+                                 struct sysdb_attrs *group_attrs,
+                                 const char *group_name,
+                                 bool *_need_filter);
 #endif /* _SDAP_ASYNC_PRIVATE_H_ */
author	Lukas Slebodnik <lslebodn@redhat.com>	2015-04-13 09:44:35 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-04-14 13:18:47 +0200
commit	5601c23a999eb83ebfd5558742900ad467eee19d (patch)
tree	181c0f1761629856e14238fb5e373086e44ed42a
parent	7d404844474667e29bdac68273cb10f93a381c27 (diff)
download	sssd-5601c23a999eb83ebfd5558742900ad467eee19d.tar.gz sssd-5601c23a999eb83ebfd5558742900ad467eee19d.tar.xz sssd-5601c23a999eb83ebfd5558742900ad467eee19d.zip