diff options
| -rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 3 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_subdomains.h | 4 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_subdomains_id.c | 24 |
3 files changed, 21 insertions, 10 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index d07923cff..3830a2b4b 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -50,9 +50,6 @@ enum response_types { }; /* ==Sid2Name Extended Operation============================================= */ -#define EXOP_SID2NAME_OID "2.16.840.1.113730.3.8.10.4" -#define EXOP_SID2NAME_V1_OID "2.16.840.1.113730.3.8.10.4.1" - struct ipa_s2n_exop_state { struct sdap_handle *sh; diff --git a/src/providers/ipa/ipa_subdomains.h b/src/providers/ipa/ipa_subdomains.h index ceb862226..9b179792d 100644 --- a/src/providers/ipa/ipa_subdomains.h +++ b/src/providers/ipa/ipa_subdomains.h @@ -28,6 +28,10 @@ #include "providers/dp_backend.h" #include "providers/ipa/ipa_common.h" +/* ==Sid2Name Extended Operation============================================= */ +#define EXOP_SID2NAME_OID "2.16.840.1.113730.3.8.10.4" +#define EXOP_SID2NAME_V1_OID "2.16.840.1.113730.3.8.10.4.1" + struct be_ctx *ipa_get_subdomains_be_ctx(struct be_ctx *be_ctx); const char *get_flat_name_from_subdomain_name(struct be_ctx *be_ctx, diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 15776d2e1..1253510dc 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -386,14 +386,8 @@ struct tevent_req *ipa_get_subdom_acct_send(TALLOC_CTX *memctx, case BE_REQ_GROUP: case BE_REQ_BY_SECID: case BE_REQ_USER_AND_GROUP: - ret = EOK; - break; case BE_REQ_INITGROUPS: - ret = ENOTSUP; - DEBUG(SSSDBG_TRACE_FUNC, "Initgroups requests are not handled " \ - "by the IPA provider but are resolved " \ - "by the responder directly from the " \ - "cache.\n"); + ret = EOK; break; default: ret = EINVAL; @@ -434,6 +428,22 @@ static void ipa_get_subdom_acct_connected(struct tevent_req *subreq) return; } + if (state->entry_type == BE_REQ_INITGROUPS) { + /* With V1 of the extdom plugin a user lookup will resolve the full + * group membership of the user. */ + if (sdap_is_extension_supported(sdap_id_op_handle(state->op), + EXOP_SID2NAME_V1_OID)) { + state->entry_type = BE_REQ_USER; + } else { + DEBUG(SSSDBG_TRACE_FUNC, "Initgroups requests are not handled " \ + "by the IPA provider but are resolved " \ + "by the responder directly from the " \ + "cache.\n"); + tevent_req_error(req, ENOTSUP); + return; + } + } + req_input = talloc(state, struct req_input); if (req_input == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc failed.\n"); |