diff options
-rw-r--r-- | Makefile.am | 11 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_nested_groups.c | 9 | ||||
-rw-r--r-- | src/tests/cmocka/test_nested_groups.c | 20 |
3 files changed, 36 insertions, 4 deletions
diff --git a/Makefile.am b/Makefile.am index e3592868c..783a8922e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1740,15 +1740,20 @@ fqnames_tests_LDADD = \ nestedgroups_tests_SOURCES = \ $(TEST_MOCK_OBJ) \ $(TEST_MOCK_PROVIDER_OBJ) \ + src/providers/ldap/sdap_idmap.c \ src/tests/cmocka/test_nested_groups.c \ - src/providers/ldap/sdap_async_nested_groups.c + src/providers/ldap/sdap_async_nested_groups.c \ + $(NULL) nestedgroups_tests_CFLAGS = \ - $(AM_CFLAGS) + $(AM_CFLAGS) \ + $(NULL) nestedgroups_tests_LDADD = \ $(CMOCKA_LIBS) \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la + libsss_idmap.la \ + libsss_test_common.la \ + $(NULL) test_sss_idmap_SOURCES = \ src/tests/cmocka/test_sss_idmap.c diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c index 305afbc9d..5398b14bc 100644 --- a/src/providers/ldap/sdap_async_nested_groups.c +++ b/src/providers/ldap/sdap_async_nested_groups.c @@ -34,6 +34,7 @@ #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_async_private.h" +#include "providers/ldap/sdap_idmap.h" #define sdap_nested_group_sysdb_search_users(domain, filter) \ sdap_nested_group_sysdb_search((domain), (filter), true) @@ -242,6 +243,7 @@ sdap_nested_group_hash_group(struct sdap_nested_group_ctx *group_ctx, errno_t ret; int32_t ad_group_type; bool posix_group = true; + bool use_id_mapping; if (group_ctx->opts->schema_type == SDAP_SCHEMA_AD) { ret = sysdb_attrs_get_int32_t(group, SYSDB_GROUP_TYPE, &ad_group_type); @@ -265,7 +267,12 @@ sdap_nested_group_hash_group(struct sdap_nested_group_ctx *group_ctx, } } - if (posix_group) { + use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping( + group_ctx->opts->idmap_ctx, + group_ctx->domain->name, + group_ctx->domain->domain_id); + + if (posix_group && !use_id_mapping) { ret = sysdb_attrs_get_uint32_t(group, map[SDAP_AT_GROUP_GID].sys_name, &gid); } diff --git a/src/tests/cmocka/test_nested_groups.c b/src/tests/cmocka/test_nested_groups.c index 0c1a53b0e..b64d67d3c 100644 --- a/src/tests/cmocka/test_nested_groups.c +++ b/src/tests/cmocka/test_nested_groups.c @@ -26,7 +26,9 @@ #include "tests/cmocka/common_mock.h" #include "tests/cmocka/common_mock_sdap.h" #include "tests/cmocka/common_mock_sysdb_objects.h" +#include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap.h" +#include "providers/ldap/sdap_idmap.h" #include "providers/ldap/sdap_async_private.h" #define TESTS_PATH "tests_ldap_nested_groups" @@ -55,6 +57,8 @@ struct nested_groups_test_ctx { struct sdap_options *sdap_opts; struct sdap_handle *sdap_handle; struct sdap_domain *sdap_domain; + struct sdap_idmap_ctx *idmap_ctx; + struct sdap_id_ctx *sdap_id_ctx; struct sysdb_attrs **users; struct sysdb_attrs **groups; @@ -391,6 +395,7 @@ static void nested_groups_test_one_group_dup_group_members(void **state) void nested_groups_test_setup(void **state) { + errno_t ret; struct nested_groups_test_ctx *test_ctx = NULL; static struct sss_test_conf_param params[] = { { "ldap_schema", "rfc2307bis" }, /* enable nested groups */ @@ -419,6 +424,21 @@ void nested_groups_test_setup(void **state) test_ctx->sdap_domain = test_ctx->sdap_opts->sdom; test_ctx->sdap_handle = mock_sdap_handle(test_ctx); assert_non_null(test_ctx->sdap_handle); + + test_ctx->sdap_id_ctx = talloc_zero(test_ctx, + struct sdap_id_ctx); + assert_non_null(test_ctx->sdap_id_ctx); + + test_ctx->sdap_id_ctx->be = talloc_zero(test_ctx->sdap_id_ctx, + struct be_ctx); + assert_non_null(test_ctx->sdap_id_ctx->be); + + test_ctx->sdap_id_ctx->opts = test_ctx->sdap_opts; + test_ctx->sdap_id_ctx->be->domain = test_ctx->tctx->dom; + + ret = sdap_idmap_init(test_ctx, test_ctx->sdap_id_ctx, &test_ctx->idmap_ctx); + assert_int_equal(ret, EOK); + test_ctx->sdap_opts->idmap_ctx = test_ctx->idmap_ctx; } void nested_groups_test_teardown(void **state) |