diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-04-24 17:07:22 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-04-27 15:55:42 +0200 |
| commit | dd52aacda9829bbe35ed84b8af88027a7cc8cf4d (patch) | |
| tree | 3bd473be7712dd01a6a1b3c35d06825bc2dfae27 | |
| parent | bf03ff4520d8158a6cbb09761b8206316dac13ca (diff) | |
| download | sssd-dd52aacda9829bbe35ed84b8af88027a7cc8cf4d.tar.gz sssd-dd52aacda9829bbe35ed84b8af88027a7cc8cf4d.tar.xz sssd-dd52aacda9829bbe35ed84b8af88027a7cc8cf4d.zip | |
IPA: check ghosts in groups found by uuid as well
With views and overrides groups are not allowed to have ghost members
anymore because the name of a member might be overridden. To achieve
this ghost members are looked up and resolved later during group
lookups. Currently this is only done for group lookups by name but
should happen as well if the group is looked up by uuid.
Resolves https://fedorahosted.org/sssd/ticket/2631
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 605dc7fcc848dffb7c9d270c864c70e6dff1242e)
(cherry picked from commit 1b2119aab14a4ea3ca6de0d29a661b2825bfec8d)
| -rw-r--r-- | src/providers/ipa/ipa_id.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 384e39a31..38ac4904d 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -789,10 +789,21 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq) goto fail; } + class = ldb_msg_find_attr_as_string(state->obj_msg, SYSDB_OBJECTCLASS, + NULL); + if (class == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot find an objectclass.\n"); + ret = EINVAL; + goto fail; + } + + if (state->ipa_ctx->view_name != NULL && strcmp(state->ipa_ctx->view_name, SYSDB_DEFAULT_VIEW_NAME) != 0) { - if ((state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_GROUP) { + if ((state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_GROUP + || ((state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_BY_UUID + && strcmp(class, SYSDB_GROUP_CLASS) == 0)) { /* check for ghost members because ghost members are not allowed * if a view other than the default view is applied.*/ state->ghosts = ldb_msg_find_element(state->obj_msg, SYSDB_GHOST); @@ -840,14 +851,6 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq) tevent_req_set_callback(subreq, ipa_id_get_account_info_done, req); return; } else { - class = ldb_msg_find_attr_as_string(state->obj_msg, SYSDB_OBJECTCLASS, - NULL); - if (class == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Cannot find an objectclass.\n"); - ret = EINVAL; - goto fail; - } - if (strcmp(class, SYSDB_USER_CLASS) == 0) { type = SYSDB_MEMBER_USER; } else { |