From b7afe5caaaeae1e92479284a7f555aee4ba23422 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Wed, 16 Jul 2014 13:33:58 +0100 Subject: IPA: new attribute map for non-posix groups MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Create new set of attributes to be used when processing non-posix groups. Resolves: https://fedorahosted.org/sssd/ticket/2343 Reviewed-by: Michal Židek (cherry picked from commit 4c560e7b98e7ab71d22be24d2fbc468396cb634f) --- src/providers/ipa/ipa_common.c | 9 +++++++++ src/providers/ipa/ipa_opts.h | 8 ++++++++ src/providers/ldap/ldap_id.c | 8 +++++++- src/providers/ldap/sdap.h | 11 +++++++++++ src/providers/ldap/sdap_async.h | 3 ++- src/providers/ldap/sdap_async_initgroups.c | 12 +++++++++--- 6 files changed, 46 insertions(+), 5 deletions(-) diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index f594de27a..54d0ecf3b 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -566,6 +566,15 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } + ret = sdap_get_map(ipa_opts->id, + cdb, conf_path, + ipa_np_group_map, + SDAP_OPTS_NP_GROUP, + &ipa_opts->id->np_group_map); + if (ret != EOK) { + goto done; + } + ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_netgroup_map, diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index a1334610c..52c85779f 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -213,6 +213,14 @@ struct sdap_attr_map ipa_group_map[] = { SDAP_ATTR_MAP_TERMINATOR }; +/* map for non-posix groups */ +struct sdap_attr_map ipa_np_group_map[] = { + { "ldap_group_object_class", "nestedgroup", SYSDB_GROUP_CLASS, NULL }, + { "ldap_group_name", "cn", SYSDB_NAME, NULL }, + { "ldap_group_member", "member", SYSDB_MEMBER, NULL }, + SDAP_ATTR_MAP_TERMINATOR +}; + struct sdap_attr_map ipa_netgroup_map[] = { { "ipa_netgroup_object_class", "ipaNisNetgroup", SYSDB_NETGROUP_CLASS, NULL }, { "ipa_netgroup_name", "cn", SYSDB_NAME, NULL }, diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index 2d1ba5b5a..2cc8fc80e 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -927,6 +927,7 @@ struct groups_by_user_state { const char *name; const char **attrs; + const char **np_attrs; int dp_error; int sdap_ret; @@ -974,6 +975,10 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, NULL, &state->attrs, NULL); if (ret != EOK) goto fail; + ret = build_attrs_from_map(state, ctx->opts->np_group_map, SDAP_OPTS_NP_GROUP, + NULL, &state->np_attrs, NULL); + if (ret != EOK) goto fail; + ret = groups_by_user_retry(req); if (ret != EOK) { goto fail; @@ -1028,7 +1033,8 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) state->ctx, state->conn, state->name, - state->attrs); + state->attrs, + state->np_attrs); if (!subreq) { tevent_req_error(req, ENOMEM); return; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index a766779e5..567cf42a3 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -301,6 +301,16 @@ enum sdap_group_attrs { SDAP_OPTS_GROUP /* attrs counter */ }; +/* the objectclass must be the first attribute. + * Functions depend on this */ +enum sdap_np_group_attrs { + SDAP_OC_NP_GROUP = 0, + SDAP_AT_NP_GROUP_NAME, + SDAP_AT_NP_GROUP_MEMBER, + + SDAP_OPTS_NP_GROUP /* attrs counter */ +}; + enum sdap_netgroup_attrs { SDAP_OC_NETGROUP = 0, SDAP_AT_NETGROUP_NAME, @@ -413,6 +423,7 @@ struct sdap_options { struct sdap_attr_map *user_map; size_t user_map_cnt; struct sdap_attr_map *group_map; + struct sdap_attr_map *np_group_map; struct sdap_attr_map *netgroup_map; struct sdap_attr_map *service_map; diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 593404af3..f54ab8b57 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -134,7 +134,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, - const char **grp_attrs); + const char **grp_attrs, + const char **np_grp_attrs); int sdap_get_initgr_recv(struct tevent_req *req); struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 712811f83..f9004ee7e 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -706,6 +706,7 @@ struct sdap_initgr_nested_state { const char *orig_dn; const char **grp_attrs; + const char **np_grp_attrs; struct ldb_message_element *memberof; char *filter; @@ -729,7 +730,8 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx, struct sss_domain_info *dom, struct sdap_handle *sh, struct sysdb_attrs *user, - const char **grp_attrs) + const char **grp_attrs, + const char **np_grp_attrs) { struct tevent_req *req; struct sdap_initgr_nested_state *state; @@ -2606,6 +2608,7 @@ struct sdap_get_initgr_state { struct sdap_id_conn_ctx *conn; const char *name; const char **grp_attrs; + const char **np_grp_attrs; const char **user_attrs; char *user_base_filter; char *filter; @@ -2630,7 +2633,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_id_ctx *id_ctx, struct sdap_id_conn_ctx *conn, const char *name, - const char **grp_attrs) + const char **grp_attrs, + const char **np_grp_attrs) { struct tevent_req *req; struct sdap_get_initgr_state *state; @@ -2968,9 +2972,11 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) break; case SDAP_SCHEMA_IPA_V1: + subreq = sdap_initgr_nested_send(state, state->ev, state->opts, state->sysdb, state->dom, state->sh, - state->orig_user, state->grp_attrs); + state->orig_user, state->grp_attrs, + state->np_grp_attrs); if (!subreq) { tevent_req_error(req, ENOMEM); return; -- cgit