diff options
| author | Pavel Reichl <preichl@redhat.com> | 2014-08-14 12:08:58 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-08-19 15:50:36 +0200 |
| commit | 1fe677614603cb57784dbc03f60dbe4c1ba2db44 (patch) | |
| tree | 39e5ee538ec5942a35145a84dc3124194359e0ae | |
| parent | 4417c874595600cd93e12822fab54aa5753df74a (diff) | |
| download | sssd-1fe677614603cb57784dbc03f60dbe4c1ba2db44.tar.gz sssd-1fe677614603cb57784dbc03f60dbe4c1ba2db44.tar.xz sssd-1fe677614603cb57784dbc03f60dbe4c1ba2db44.zip | |
IPA: try to resolve nested groups as poxix group
Resolves:
https://fedorahosted.org/sssd/ticket/2343
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit 08145755f66e83c304e11228c2b610a09576dd81)
| -rw-r--r-- | src/providers/ldap/sdap_async_nested_groups.c | 206 |
1 files changed, 201 insertions, 5 deletions
diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c index 3dc2a9fd3..7cee8de49 100644 --- a/src/providers/ldap/sdap_async_nested_groups.c +++ b/src/providers/ldap/sdap_async_nested_groups.c @@ -102,10 +102,22 @@ sdap_nested_group_lookup_group_send(TALLOC_CTX *mem_ctx, struct sdap_nested_group_ctx *group_ctx, struct sdap_nested_group_member *member); +static struct tevent_req * +sdap_nested_group_lookup_np_group_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sdap_nested_group_ctx *group_ctx, + struct sdap_nested_group_member *member); + + static errno_t sdap_nested_group_lookup_group_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req, struct sysdb_attrs **_group); +static errno_t +sdap_nested_group_lookup_np_group_recv(TALLOC_CTX *mem_ctx, + struct tevent_req *req, + struct sysdb_attrs **_group); + static struct tevent_req * sdap_nested_group_lookup_unknown_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, @@ -1674,6 +1686,7 @@ struct sdap_nested_group_lookup_group_state { }; static void sdap_nested_group_lookup_group_done(struct tevent_req *subreq); +static void sdap_nested_group_lookup_np_group_done(struct tevent_req *subreq); static struct tevent_req * sdap_nested_group_lookup_group_send(TALLOC_CTX *mem_ctx, @@ -1789,9 +1802,10 @@ done: tevent_req_done(req); } -static errno_t sdap_nested_group_lookup_group_recv(TALLOC_CTX *mem_ctx, - struct tevent_req *req, - struct sysdb_attrs **_group) +static errno_t +sdap_nested_group_lookup_group_recv_impl(TALLOC_CTX *mem_ctx, + struct tevent_req *req, + struct sysdb_attrs **_group) { struct sdap_nested_group_lookup_group_state *state = NULL; state = tevent_req_data(req, struct sdap_nested_group_lookup_group_state); @@ -1805,6 +1819,21 @@ static errno_t sdap_nested_group_lookup_group_recv(TALLOC_CTX *mem_ctx, return EOK; } +static errno_t sdap_nested_group_lookup_group_recv(TALLOC_CTX *mem_ctx, + struct tevent_req *req, + struct sysdb_attrs **_group) +{ + return sdap_nested_group_lookup_group_recv_impl(mem_ctx, req, _group); +} + +static errno_t +sdap_nested_group_lookup_np_group_recv(TALLOC_CTX *mem_ctx, + struct tevent_req *req, + struct sysdb_attrs **_group) +{ + return sdap_nested_group_lookup_group_recv_impl(mem_ctx, req, _group); +} + struct sdap_nested_group_lookup_unknown_state { struct tevent_context *ev; struct sdap_nested_group_ctx *group_ctx; @@ -1819,6 +1848,9 @@ sdap_nested_group_lookup_unknown_user_done(struct tevent_req *subreq); static void sdap_nested_group_lookup_unknown_group_done(struct tevent_req *subreq); +static void +sdap_nested_group_lookup_unknown_np_group_done(struct tevent_req *subreq); + static struct tevent_req * sdap_nested_group_lookup_unknown_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, @@ -1934,6 +1966,55 @@ sdap_nested_group_lookup_unknown_group_done(struct tevent_req *subreq) goto done; } + if (entry != NULL) { + /* found in groups */ + state->entry = entry; + state->type = SDAP_NESTED_GROUP_DN_GROUP; + ret = EOK; + goto done; + + } + + subreq = sdap_nested_group_lookup_np_group_send(state, + state->ev, + state->group_ctx, + state->member); + if (subreq == NULL) { + ret = ENOMEM; + goto done; + } + + tevent_req_set_callback(subreq, + sdap_nested_group_lookup_unknown_np_group_done, + req); + + ret = EAGAIN; + +done: + if (ret == EOK) { + tevent_req_done(req); + } else if (ret != EAGAIN) { + tevent_req_error(req, ret); + } +} + +static void +sdap_nested_group_lookup_unknown_np_group_done(struct tevent_req *subreq) +{ + struct sdap_nested_group_lookup_unknown_state *state = NULL; + struct tevent_req *req = NULL; + struct sysdb_attrs *entry = NULL; + errno_t ret; + + req = tevent_req_callback_data(subreq, struct tevent_req); + state = tevent_req_data(req, struct sdap_nested_group_lookup_unknown_state); + + ret = sdap_nested_group_lookup_np_group_recv(state, subreq, &entry); + talloc_zfree(subreq); + if (ret != EOK) { + goto done; + } + if (entry == NULL) { /* not found, end request */ state->entry = NULL; @@ -1942,10 +2023,9 @@ sdap_nested_group_lookup_unknown_group_done(struct tevent_req *subreq) /* found in groups */ state->entry = entry; state->type = SDAP_NESTED_GROUP_DN_GROUP; + ret = EOK; } - ret = EOK; - done: if (ret != EOK) { tevent_req_error(req, ret); @@ -2312,3 +2392,119 @@ static errno_t sdap_nested_group_deref_recv(struct tevent_req *req) return EOK; } + +static void sdap_nested_group_lookup_group_done(struct tevent_req *subreq); + +static struct tevent_req * +sdap_nested_group_lookup_np_group_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sdap_nested_group_ctx *group_ctx, + struct sdap_nested_group_member *member) +{ + struct sdap_nested_group_lookup_group_state *state = NULL; + struct tevent_req *req = NULL; + struct tevent_req *subreq = NULL; + struct sdap_attr_map *map = group_ctx->opts->np_group_map; + const char **attrs = NULL; + const char *base_filter = NULL; + const char *filter = NULL; + errno_t ret; + + req = tevent_req_create(mem_ctx, &state, + struct sdap_nested_group_lookup_group_state); + if (req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n"); + return NULL; + } + + ret = build_attrs_from_map(state, group_ctx->opts->np_group_map, + SDAP_OPTS_NP_GROUP, NULL, &attrs, NULL); + if (ret != EOK) goto immediately; + + base_filter = talloc_asprintf( + attrs,"(&(objectclass=%s)(%s=*))", + map[SDAP_OC_NP_GROUP].name, + map[SDAP_AT_NP_GROUP_NAME].name); + + if (base_filter == NULL) { + ret = ENOMEM; + goto immediately; + } + + /* use search base filter if needed */ + filter = sdap_get_id_specific_filter(state, base_filter, + member->group_filter); + if (filter == NULL) { + ret = ENOMEM; + goto immediately; + } + + /* search */ + subreq = sdap_get_generic_send(state, ev, group_ctx->opts, group_ctx->sh, + member->dn, LDAP_SCOPE_BASE, filter, attrs, + map, SDAP_OPTS_NP_GROUP, + dp_opt_get_int(group_ctx->opts->basic, + SDAP_SEARCH_TIMEOUT), + false); + if (subreq == NULL) { + ret = ENOMEM; + goto immediately; + } + + tevent_req_set_callback(subreq, sdap_nested_group_lookup_np_group_done, + req); + + return req; + +immediately: + if (ret == EOK) { + tevent_req_done(req); + } else { + tevent_req_error(req, ret); + } + tevent_req_post(req, ev); + + return req; +} + +static void sdap_nested_group_lookup_np_group_done(struct tevent_req *subreq) +{ + struct sdap_nested_group_lookup_group_state *state = NULL; + struct tevent_req *req = NULL; + struct sysdb_attrs **group = NULL; + size_t count = 0; + errno_t ret; + + req = tevent_req_callback_data(subreq, struct tevent_req); + state = tevent_req_data(req, struct sdap_nested_group_lookup_group_state); + + ret = sdap_get_generic_recv(subreq, state, &count, &group); + talloc_zfree(subreq); + if (ret == ENOENT) { + count = 0; + } else if (ret != EOK) { + goto done; + } + + if (count == 1) { + state->group = group[0]; + } else if (count == 0) { + /* group not found */ + state->group = NULL; + } else { + DEBUG(SSSDBG_OP_FAILURE, + "BASE search returned more than one records\n"); + ret = EIO; + goto done; + } + + ret = EOK; + +done: + if (ret != EOK) { + tevent_req_error(req, ret); + return; + } + + tevent_req_done(req); +} |