Resolve GIDs in the simple access provider

Changes the simple access provider's interface to be asynchronous. When
the simple access provider encounters a group that has gid, but no
meaningful name, it attempts to resolve the name using the
be_file_account_request function.

Some providers (like the AD provider) might perform initgroups
without resolving the group names. In order for the simple access
provider to work correctly, we need to resolve the groups before
performing the access check. In AD provider, the situation is
even more tricky b/c the groups HAVE name, but their name
attribute is set to SID and they are set as non-POSIX

1 files changed, 9 insertions, 2 deletions

diff --git a/src/providers/simple/simple_access.h b/src/providers/simple/simple_access.h
index abcf61ac2..1de9d898b 100644
--- a/src/providers/simple/simple_access.h
+++ b/src/providers/simple/simple_access.h
@@ -29,6 +29,7 @@
 struct simple_ctx {
     struct sysdb_ctx *sysdb;
     struct sss_domain_info *domain;
+    struct be_ctx *be_ctx;
 
     char **allow_users;
     char **deny_users;
@@ -36,6 +37,12 @@ struct simple_ctx {
     char **deny_groups;
 };
 
-errno_t simple_access_check(struct simple_ctx *ctx, const char *username,
-                            bool *access_granted);
+struct tevent_req *simple_access_check_send(TALLOC_CTX *mem_ctx,
+                                            struct tevent_context *ev,
+                                            struct simple_ctx *ctx,
+                                            const char *username);
+
+errno_t simple_access_check_recv(struct tevent_req *req,
+                                 bool *access_granted);
+
 #endif /* __SIMPLE_ACCESS_H__ */