diff options
| author | Sumit Bose <sbose@redhat.com> | 2014-10-01 17:04:44 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-16 17:56:18 +0200 |
| commit | ed4a9bd4d0f7fb359bed66a8d63a92e7be633aae (patch) | |
| tree | 4ab1fcf529bf170722810c5833d68f89c5b363a1 /src/providers/ipa/ipa_id.h | |
| parent | 9c8db0a17a66c58c36966b17d004142a4aaace8d (diff) | |
| download | sssd-ed4a9bd4d0f7fb359bed66a8d63a92e7be633aae.tar.gz sssd-ed4a9bd4d0f7fb359bed66a8d63a92e7be633aae.tar.xz sssd-ed4a9bd4d0f7fb359bed66a8d63a92e7be633aae.zip | |
views: search overrides for user and group requests
If the name or the POSIX ID of a user or a group is overridden the
search request for those objects have to check the overide objects first
before looking up the original objects.
This patch adds a new request for the IPA sub-domain users which checks
the overrides first if
- SSSD is running in ipa-server-mode and a name or a POSIX ID is
searched, since we do not override the SIDs we can skip the search in
the override tree here
- if the responder indicates it has not found the corresponding object
in the cache and the input might be an override name or ID and not the
original one of an object.
If an override object was found the SID is extracted from the anchor
attribute and the original object is search by its SID. If no override
object was found the original object is search with the original input
and finally it is checked if an override object exits for the found
object.
Relates to https://fedorahosted.org/sssd/ticket/2375
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_id.h')
| -rw-r--r-- | src/providers/ipa/ipa_id.h | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index b1d68dee6..e13aded21 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -53,18 +53,20 @@ int ipa_get_netgroups_recv(struct tevent_req *req, void ipa_check_online(struct be_req *be_req); struct tevent_req *ipa_s2n_get_acct_info_send(TALLOC_CTX *mem_ctx, - struct tevent_context *ev, - struct ipa_id_ctx *ipa_ctx, - struct sdap_options *opts, - struct sss_domain_info *dom, - struct sdap_handle *sh, - int entry_type, - struct req_input *req_input); + struct tevent_context *ev, + struct ipa_id_ctx *ipa_ctx, + struct sdap_options *opts, + struct sss_domain_info *dom, + struct sysdb_attrs *override_attrs, + struct sdap_handle *sh, + int entry_type, + struct req_input *req_input); int ipa_s2n_get_acct_info_recv(struct tevent_req *req); struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct ipa_id_ctx *ipa_ctx, + struct sysdb_attrs *override_attrs, struct be_acct_req *ar); int ipa_get_subdom_acct_recv(struct tevent_req *req, int *dp_error_out); @@ -72,20 +74,33 @@ struct tevent_req *ipa_get_ad_acct_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct ipa_id_ctx *ipa_ctx, struct be_req *be_req, + struct sysdb_attrs *override_attrs, struct be_acct_req *ar); errno_t ipa_get_ad_acct_recv(struct tevent_req *req, int *dp_error_out); +errno_t get_be_acct_req_for_sid(TALLOC_CTX *mem_ctx, const char *sid, + const char *domain_name, + struct be_acct_req **_ar); + struct tevent_req *ipa_get_ad_override_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *sdap_id_ctx, struct ipa_options *ipa_options, const char *ipa_realm, const char *view_name, - const char *obj_sid); + struct be_acct_req *ar); errno_t ipa_get_ad_override_recv(struct tevent_req *req, int *dp_error_out, TALLOC_CTX *mem_ctx, struct sysdb_attrs **override_attrs); +struct tevent_req *ipa_subdomain_account_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct ipa_id_ctx *ipa_ctx, + struct be_req *be_req, + struct be_acct_req *ar); + +errno_t ipa_subdomain_account_recv(struct tevent_req *req, int *dp_error_out); + #endif |