IPA: new attribute map for non-posix groups

Create new set of attributes to be used when processing non-posix groups. Resolves: https://fedorahosted.org/sssd/ticket/2343 Reviewed-by: Michal Židek <mzidek@redhat.com> (cherry picked from commit 4c560e7b98e7ab71d22be24d2fbc468396cb634f)
author: Pavel Reichl <preichl@redhat.com> 2014-07-16 13:33:58 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-08-19 15:50:36 +0200
commit: b7afe5caaaeae1e92479284a7f555aee4ba23422 (patch)
tree: 79741f48e57f3ffa2d2ca0092a9099c172bab9b9
parent: 895f045dd4aad7f5857826cc1496cfa048a790dd (diff)
download: sssd-b7afe5caaaeae1e92479284a7f555aee4ba23422.tar.gz
sssd-b7afe5caaaeae1e92479284a7f555aee4ba23422.tar.xz
sssd-b7afe5caaaeae1e92479284a7f555aee4ba23422.zip
6 files changed, 46 insertions, 5 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index f594de27a..54d0ecf3b 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -568,6 +568,15 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
 
     ret = sdap_get_map(ipa_opts->id,
                        cdb, conf_path,
+                       ipa_np_group_map,
+                       SDAP_OPTS_NP_GROUP,
+                       &ipa_opts->id->np_group_map);
+    if (ret != EOK) {
+        goto done;
+    }
+
+    ret = sdap_get_map(ipa_opts->id,
+                       cdb, conf_path,
                        ipa_netgroup_map,
                        IPA_OPTS_NETGROUP,
                        &ipa_opts->id->netgroup_map);
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index a1334610c..52c85779f 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -213,6 +213,14 @@ struct sdap_attr_map ipa_group_map[] = {
     SDAP_ATTR_MAP_TERMINATOR
 };
 
+/* map for non-posix groups */
+struct sdap_attr_map ipa_np_group_map[] = {
+    { "ldap_group_object_class", "nestedgroup", SYSDB_GROUP_CLASS, NULL },
+    { "ldap_group_name", "cn", SYSDB_NAME, NULL },
+    { "ldap_group_member", "member", SYSDB_MEMBER, NULL },
+    SDAP_ATTR_MAP_TERMINATOR
+};
+
 struct sdap_attr_map ipa_netgroup_map[] = {
     { "ipa_netgroup_object_class", "ipaNisNetgroup", SYSDB_NETGROUP_CLASS, NULL },
     { "ipa_netgroup_name", "cn", SYSDB_NAME, NULL },
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 2d1ba5b5a..2cc8fc80e 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -927,6 +927,7 @@ struct groups_by_user_state {
 
     const char *name;
     const char **attrs;
+    const char **np_attrs;
 
     int dp_error;
     int sdap_ret;
@@ -974,6 +975,10 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
                                NULL, &state->attrs, NULL);
     if (ret != EOK) goto fail;
 
+    ret = build_attrs_from_map(state, ctx->opts->np_group_map, SDAP_OPTS_NP_GROUP,
+                               NULL, &state->np_attrs, NULL);
+    if (ret != EOK) goto fail;
+
     ret = groups_by_user_retry(req);
     if (ret != EOK) {
         goto fail;
@@ -1028,7 +1033,8 @@ static void groups_by_user_connect_done(struct tevent_req *subreq)
                                   state->ctx,
                                   state->conn,
                                   state->name,
-                                  state->attrs);
+                                  state->attrs,
+                                  state->np_attrs);
     if (!subreq) {
         tevent_req_error(req, ENOMEM);
         return;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index a766779e5..567cf42a3 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -301,6 +301,16 @@ enum sdap_group_attrs {
     SDAP_OPTS_GROUP /* attrs counter */
 };
 
+/* the objectclass must be the first attribute.
+ * Functions depend on this */
+enum sdap_np_group_attrs {
+    SDAP_OC_NP_GROUP = 0,
+    SDAP_AT_NP_GROUP_NAME,
+    SDAP_AT_NP_GROUP_MEMBER,
+
+    SDAP_OPTS_NP_GROUP /* attrs counter */
+};
+
 enum sdap_netgroup_attrs {
     SDAP_OC_NETGROUP = 0,
     SDAP_AT_NETGROUP_NAME,
@@ -413,6 +423,7 @@ struct sdap_options {
     struct sdap_attr_map *user_map;
     size_t user_map_cnt;
     struct sdap_attr_map *group_map;
+    struct sdap_attr_map *np_group_map;
     struct sdap_attr_map *netgroup_map;
     struct sdap_attr_map *service_map;
 
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 593404af3..f54ab8b57 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -134,7 +134,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
                                         struct sdap_id_ctx *id_ctx,
                                         struct sdap_id_conn_ctx *conn,
                                         const char *name,
-                                        const char **grp_attrs);
+                                        const char **grp_attrs,
+                                        const char **np_grp_attrs);
 int sdap_get_initgr_recv(struct tevent_req *req);
 
 struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 712811f83..f9004ee7e 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -706,6 +706,7 @@ struct sdap_initgr_nested_state {
     const char *orig_dn;
 
     const char **grp_attrs;
+    const char **np_grp_attrs;
 
     struct ldb_message_element *memberof;
     char *filter;
@@ -729,7 +730,8 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
                                                   struct sss_domain_info *dom,
                                                   struct sdap_handle *sh,
                                                   struct sysdb_attrs *user,
-                                                  const char **grp_attrs)
+                                                  const char **grp_attrs,
+                                                  const char **np_grp_attrs)
 {
     struct tevent_req *req;
     struct sdap_initgr_nested_state *state;
@@ -2606,6 +2608,7 @@ struct sdap_get_initgr_state {
     struct sdap_id_conn_ctx *conn;
     const char *name;
     const char **grp_attrs;
+    const char **np_grp_attrs;
     const char **user_attrs;
     char *user_base_filter;
     char *filter;
@@ -2630,7 +2633,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
                                         struct sdap_id_ctx *id_ctx,
                                         struct sdap_id_conn_ctx *conn,
                                         const char *name,
-                                        const char **grp_attrs)
+                                        const char **grp_attrs,
+                                        const char **np_grp_attrs)
 {
     struct tevent_req *req;
     struct sdap_get_initgr_state *state;
@@ -2968,9 +2972,11 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
         break;
 
     case SDAP_SCHEMA_IPA_V1:
+
         subreq = sdap_initgr_nested_send(state, state->ev, state->opts,
                                          state->sysdb, state->dom, state->sh,
-                                         state->orig_user, state->grp_attrs);
+                                         state->orig_user, state->grp_attrs,
+                                         state->np_grp_attrs);
         if (!subreq) {
             tevent_req_error(req, ENOMEM);
             return;
author	Pavel Reichl <preichl@redhat.com>	2014-07-16 13:33:58 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-08-19 15:50:36 +0200
commit	b7afe5caaaeae1e92479284a7f555aee4ba23422 (patch)
tree	79741f48e57f3ffa2d2ca0092a9099c172bab9b9
parent	895f045dd4aad7f5857826cc1496cfa048a790dd (diff)
download	sssd-b7afe5caaaeae1e92479284a7f555aee4ba23422.tar.gz sssd-b7afe5caaaeae1e92479284a7f555aee4ba23422.tar.xz sssd-b7afe5caaaeae1e92479284a7f555aee4ba23422.zip