From 3ad662a4d26c0d6ee4e382758ca7b3f0c2880d20 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 19 Jan 2011 15:39:02 -0500
Subject: Add the user's primary group to the initgroups lookup

The user may not be a direct member of their primary group, but
we still want to make sure that group is cached on the system.
---
 src/providers/ldap/ldap_id.c             | 11 ++++---
 src/providers/ldap/sdap_async.h          |  4 +--
 src/providers/ldap/sdap_async_accounts.c | 55 ++++++++++++++++++++++++++++----
 3 files changed, 56 insertions(+), 14 deletions(-)

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index ed27620ce..09f0026b0 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -588,11 +588,12 @@ static void groups_by_user_connect_done(struct tevent_req *subreq)
         return;
     }
 
-    subreq = sdap_get_initgr_send(state, state->ev,
-                                  state->ctx->be->domain,
-                                  state->ctx->be->sysdb,
-                                  state->ctx->opts, sdap_id_op_handle(state->op),
-                                  state->name, state->attrs);
+    subreq = sdap_get_initgr_send(state,
+                                  state->ev,
+                                  sdap_id_op_handle(state->op),
+                                  state->ctx,
+                                  state->name,
+                                  state->attrs);
     if (!subreq) {
         tevent_req_error(req, ENOMEM);
         return;
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 5e3771439..f7b7b568d 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -106,10 +106,8 @@ int sdap_auth_recv(struct tevent_req *req,
 
 struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
                                         struct tevent_context *ev,
-                                        struct sss_domain_info *dom,
-                                        struct sysdb_ctx *sysdb,
-                                        struct sdap_options *opts,
                                         struct sdap_handle *sh,
+                                        struct sdap_id_ctx *id_ctx,
                                         const char *name,
                                         const char **grp_attrs);
 int sdap_get_initgr_recv(struct tevent_req *req);
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index 98a2f0e54..66582751c 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -2302,6 +2302,7 @@ struct sdap_get_initgr_state {
     struct sdap_options *opts;
     struct sss_domain_info *dom;
     struct sdap_handle *sh;
+    struct sdap_id_ctx *id_ctx;
     const char *name;
     const char **grp_attrs;
 
@@ -2313,10 +2314,8 @@ static void sdap_get_initgr_done(struct tevent_req *subreq);
 
 struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
                                         struct tevent_context *ev,
-                                        struct sss_domain_info *dom,
-                                        struct sysdb_ctx *sysdb,
-                                        struct sdap_options *opts,
                                         struct sdap_handle *sh,
+                                        struct sdap_id_ctx *id_ctx,
                                         const char *name,
                                         const char **grp_attrs)
 {
@@ -2333,10 +2332,11 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
     if (!req) return NULL;
 
     state->ev = ev;
-    state->opts = opts;
-    state->sysdb = sysdb;
-    state->dom = dom;
+    state->opts = id_ctx->opts;
+    state->sysdb = id_ctx->be->sysdb;
+    state->dom = id_ctx->be->domain;
     state->sh = sh;
+    state->id_ctx = id_ctx;
     state->name = name;
     state->grp_attrs = grp_attrs;
     state->orig_user = NULL;
@@ -2504,6 +2504,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
 }
 
 static int sdap_initgr_rfc2307bis_recv(struct tevent_req *req);
+static void sdap_get_initgr_pgid(struct tevent_req *req);
 static void sdap_get_initgr_done(struct tevent_req *subreq)
 {
     struct tevent_req *req = tevent_req_callback_data(subreq,
@@ -2511,6 +2512,8 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
     struct sdap_get_initgr_state *state = tevent_req_data(req,
                                                struct sdap_get_initgr_state);
     int ret;
+    gid_t primary_gid;
+    char *gid;
 
     DEBUG(9, ("Initgroups done\n"));
 
@@ -2542,6 +2545,46 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
         return;
     }
 
+    /* We also need to update the user's primary group, since
+     * the user may not be an explicit member of that group
+     */
+    ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM, &primary_gid);
+    if (ret != EOK) {
+        DEBUG(6, ("Could not find user's primary GID\n"));
+        tevent_req_error(req, ret);
+        return;
+    }
+
+    gid = talloc_asprintf(state, "%lu", (unsigned long)primary_gid);
+    if (gid == NULL) {
+        tevent_req_error(req, ENOMEM);
+        return;
+    }
+
+    subreq = groups_get_send(req, state->ev, state->id_ctx, gid,
+                             BE_FILTER_IDNUM, BE_ATTR_ALL);
+    if (!subreq) {
+        tevent_req_error(req, ENOMEM);
+        return;
+    }
+    tevent_req_set_callback(subreq, sdap_get_initgr_pgid, req);
+
+    tevent_req_done(req);
+}
+
+static void sdap_get_initgr_pgid(struct tevent_req *subreq)
+{
+    struct tevent_req *req =
+            tevent_req_callback_data(subreq, struct tevent_req);
+    errno_t ret;
+
+    ret = groups_get_recv(subreq, NULL);
+    talloc_zfree(subreq);
+    if (ret != EOK) {
+        tevent_req_error(req, ret);
+        return;
+    }
+
     tevent_req_done(req);
 }
 
-- 
cgit