From 5925e134b87e79e60177b5861ec2a67b659aaa27 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sat, 23 Feb 2013 10:44:54 +0100 Subject: Resolve GIDs in the simple access provider Changes the simple access provider's interface to be asynchronous. When the simple access provider encounters a group that has gid, but no meaningful name, it attempts to resolve the name using the be_file_account_request function. Some providers (like the AD provider) might perform initgroups without resolving the group names. In order for the simple access provider to work correctly, we need to resolve the groups before performing the access check. In AD provider, the situation is even more tricky b/c the groups HAVE name, but their name attribute is set to SID and they are set as non-POSIX --- Makefile.am | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index dda090daf..223431da4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1008,14 +1008,22 @@ ad_ldap_opt_tests_LDADD = \ simple_access_tests_SOURCES = \ src/tests/simple_access-tests.c \ src/tests/common.c \ - src/providers/simple/simple_access.c + src/providers/simple/simple_access_check.c \ + src/providers/data_provider_be.c \ + src/providers/data_provider_fo.c \ + src/providers/data_provider_callbacks.c \ + $(SSSD_FAILOVER_OBJ) simple_access_tests_CFLAGS = \ $(AM_CFLAGS) \ - $(CHECK_CFLAGS) + $(CHECK_CFLAGS) \ + -DUNIT_TESTING simple_access_tests_LDADD = \ $(SSSD_LIBS) \ + $(CARES_LIBS) \ $(CHECK_LIBS) \ - libsss_util.la + $(PAM_LIBS) \ + libsss_util.la \ + libsss_test_common.la util_tests_SOURCES = \ src/tests/util-tests.c @@ -1347,7 +1355,8 @@ libsss_proxy_la_LDFLAGS = \ -module libsss_simple_la_SOURCES = \ - src/providers/simple/simple_access.c + src/providers/simple/simple_access.c \ + src/providers/simple/simple_access_check.c libsss_simple_la_CFLAGS = \ $(AM_CFLAGS) libsss_simple_la_LIBADD = \ -- cgit