IPA: allow initgroups by UUID for FreeIPA users

If a FreeIPA user is searched with the help of an override name the UUID from the override anchor is used to search the user. Currently the initgroups request only allows searches by SID or name. With this patch a UUID can be used as well. Related to https://fedorahosted.org/sssd/ticket/2642 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 0f9c28eb52d2b45c8a97f709308dc11377831b8c)
author: Sumit Bose <sbose@redhat.com> 2015-04-29 16:46:14 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-05-06 10:51:36 +0200
commit: 3b00bcd8b6d53d33207005c4e7a631b6a241d300 (patch)
tree: 6f00a1719e0b01e562201ea4ecca23c20da05eb1 /src/providers/ipa/ipa_id.c
parent: a4a447b7bf394ded65c8ae872832e7cd135425d1 (diff)
download: sssd-3b00bcd8b6d53d33207005c4e7a631b6a241d300.tar.gz
sssd-3b00bcd8b6d53d33207005c4e7a631b6a241d300.tar.xz
sssd-3b00bcd8b6d53d33207005c4e7a631b6a241d300.zip
1 files changed, 14 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
index ebf5f03b8..e3a7fffc3 100644
--- a/src/providers/ipa/ipa_id.c
+++ b/src/providers/ipa/ipa_id.c
@@ -555,6 +555,7 @@ struct ipa_id_get_account_info_state {
     struct sss_domain_info *domain;
     struct be_req *be_req;
     struct be_acct_req *ar;
+    struct be_acct_req *orig_ar;
     const char *realm;
 
     struct sysdb_attrs *override_attrs;
@@ -733,13 +734,25 @@ static void ipa_id_get_account_info_got_override(struct tevent_req *subreq)
 
         if (strcmp(state->ar->domain, anchor_domain) == 0) {
 
+            state->orig_ar = state->ar;
+
             ret = get_be_acct_req_for_uuid(state, ipa_uuid,
                                            state->ar->domain,
                                            &state->ar);
             if (ret != EOK) {
-                DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_sid failed.\n");
+                DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_uuid failed.\n");
                 goto fail;
             }
+
+            if ((state->orig_ar->entry_type & BE_REQ_TYPE_MASK)
+                                                         == BE_REQ_INITGROUPS) {
+                DEBUG(SSSDBG_TRACE_ALL,
+                      "Switching back to BE_REQ_INITGROUPS.\n");
+                state->ar->entry_type = BE_REQ_INITGROUPS;
+                state->ar->filter_type = BE_FILTER_UUID;
+                state->ar->attr_type = BE_ATTR_CORE;
+            }
+
         } else {
             DEBUG(SSSDBG_MINOR_FAILURE,
                   "Anchor from a different domain [%s], expected [%s]. " \
author	Sumit Bose <sbose@redhat.com>	2015-04-29 16:46:14 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-05-06 10:51:36 +0200
commit	3b00bcd8b6d53d33207005c4e7a631b6a241d300 (patch)
tree	6f00a1719e0b01e562201ea4ecca23c20da05eb1 /src/providers/ipa/ipa_id.c
parent	a4a447b7bf394ded65c8ae872832e7cd135425d1 (diff)
download	sssd-3b00bcd8b6d53d33207005c4e7a631b6a241d300.tar.gz sssd-3b00bcd8b6d53d33207005c4e7a631b6a241d300.tar.xz sssd-3b00bcd8b6d53d33207005c4e7a631b6a241d300.zip