diff options
| author | Simo Sorce <ssorce@redhat.com> | 2009-10-06 12:12:21 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2009-10-09 16:11:26 -0400 |
| commit | b0c4751808040afdc15ca801619c43fe192c6a35 (patch) | |
| tree | f60d85f632d1c43d9ca022448453590dce65f09f /server/db | |
| parent | e2d17ea806d273784b621583dd0490c2f69f237d (diff) | |
| download | sssd-b0c4751808040afdc15ca801619c43fe192c6a35.tar.gz sssd-b0c4751808040afdc15ca801619c43fe192c6a35.tar.xz sssd-b0c4751808040afdc15ca801619c43fe192c6a35.zip | |
Remove magicPrivateGroups option
In sssd only local is a native mpg domain, and it is forced.
All other providers will have to unroll mpg users into a user/group pair of
entries in the db. This allows the provider to automatically establish if
the remote server provides mpg users w/o possibily conflicting manual
configurations on the client trying to force an mpg behavior where none
is provided.
Diffstat (limited to 'server/db')
| -rw-r--r-- | server/db/sysdb.c | 6 | ||||
| -rw-r--r-- | server/db/sysdb_ops.c | 10 | ||||
| -rw-r--r-- | server/db/sysdb_private.h | 1 | ||||
| -rw-r--r-- | server/db/sysdb_search.c | 10 |
4 files changed, 17 insertions, 10 deletions
diff --git a/server/db/sysdb.c b/server/db/sysdb.c index 87d0de965..7a6d61660 100644 --- a/server/db/sysdb.c +++ b/server/db/sysdb.c @@ -1063,6 +1063,12 @@ static int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, ctx->ev = ev; ctx->domain = domain; + /* The local provider s the only true MPG, + * for the other domains, the provider actually unrolls MPGs */ + if (strcasecmp(domain->provider, "local") == 0) { + ctx->mpg = true; + } + ret = sysdb_get_db_file(ctx, domain, db_path, &ctx->ldb_file); if (ret != EOK) { return ret; diff --git a/server/db/sysdb_ops.c b/server/db/sysdb_ops.c index 3a53c9e5e..5743dc85c 100644 --- a/server/db/sysdb_ops.c +++ b/server/db/sysdb_ops.c @@ -1731,7 +1731,7 @@ struct tevent_req *sysdb_add_user_send(TALLOC_CTX *mem_ctx, state->shell = shell; state->attrs = attrs; - if (domain->mpg) { + if (handle->ctx->mpg) { if (gid != 0) { DEBUG(0, ("Cannot add user with arbitrary GID in MPG domain!\n")); ERROR_OUT(ret, EINVAL, fail); @@ -1753,7 +1753,7 @@ struct tevent_req *sysdb_add_user_send(TALLOC_CTX *mem_ctx, ERROR_OUT(ret, ERANGE, fail); } - if (domain->mpg) { + if (handle->ctx->mpg) { /* In MPG domains you can't have groups with the same name as users, * search if a group with the same name exists. * Don't worry about users, if we try to add a user with the same @@ -1956,7 +1956,7 @@ static void sysdb_add_user_get_id_done(struct tevent_req *subreq) tevent_req_error(req, ret); return; } - if (state->domain->mpg) { + if (state->handle->ctx->mpg) { ret = sysdb_attrs_add_uint32(id_attrs, SYSDB_GIDNUM, id); if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); @@ -2173,7 +2173,7 @@ struct tevent_req *sysdb_add_group_send(TALLOC_CTX *mem_ctx, ERROR_OUT(ret, ERANGE, fail); } - if (domain->mpg) { + if (handle->ctx->mpg) { /* In MPG domains you can't have groups with the same name as users, * search if a group with the same name exists. * Don't worry about users, if we try to add a user with the same @@ -2665,7 +2665,7 @@ static void sysdb_store_user_check(struct tevent_req *subreq) } } - if (state->uid && !state->gid && state->domain->mpg) { + if (state->uid && !state->gid && state->handle->ctx->mpg) { ret = sysdb_attrs_add_uint32(state->attrs, SYSDB_GIDNUM, state->uid); if (ret) { DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); diff --git a/server/db/sysdb_private.h b/server/db/sysdb_private.h index e380c8278..1f603eb4b 100644 --- a/server/db/sysdb_private.h +++ b/server/db/sysdb_private.h @@ -72,6 +72,7 @@ struct sysdb_ctx { struct tevent_context *ev; struct sss_domain_info *domain; + bool mpg; struct ldb_context *ldb; char *ldb_file; diff --git a/server/db/sysdb_search.c b/server/db/sysdb_search.c index 199f5a1ae..2b5dc369e 100644 --- a/server/db/sysdb_search.c +++ b/server/db/sysdb_search.c @@ -589,7 +589,7 @@ static int get_grp_callback(struct ldb_request *req, switch (rep->type) { case LDB_REPLY_ENTRY: - if (sctx->domain->mpg) { + if (sctx->ctx->mpg) { ret = mpg_convert(rep->message); if (ret != EOK) { request_ldberror(sctx, LDB_ERR_OPERATIONS_ERROR); @@ -682,7 +682,7 @@ static void grp_search(struct tevent_req *treq) return request_error(sctx, ret); } - if (sctx->domain->mpg) { + if (sctx->ctx->mpg) { base_dn = ldb_dn_new_fmt(sctx, sctx->ctx->ldb, SYSDB_DOM_BASE, sctx->domain->name); } else { @@ -726,7 +726,7 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, return ENOMEM; } - if (domain->mpg) { + if (ctx->mpg) { sctx->expression = talloc_asprintf(sctx, SYSDB_GRNAM_MPG_FILTER, name); } else { sctx->expression = talloc_asprintf(sctx, SYSDB_GRNAM_FILTER, name); @@ -765,7 +765,7 @@ int sysdb_getgrgid(TALLOC_CTX *mem_ctx, return ENOMEM; } - if (domain->mpg) { + if (ctx->mpg) { sctx->expression = talloc_asprintf(sctx, SYSDB_GRGID_MPG_FILTER, (unsigned long int)gid); @@ -809,7 +809,7 @@ int sysdb_enumgrent(TALLOC_CTX *mem_ctx, sctx->enumeration = true; - if (domain->mpg) { + if (ctx->mpg) { sctx->expression = SYSDB_GRENT_MPG_FILTER; } else { sctx->expression = SYSDB_GRENT_FILTER; |