From ed4a9bd4d0f7fb359bed66a8d63a92e7be633aae Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 1 Oct 2014 17:04:44 +0200 Subject: views: search overrides for user and group requests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the name or the POSIX ID of a user or a group is overridden the search request for those objects have to check the overide objects first before looking up the original objects. This patch adds a new request for the IPA sub-domain users which checks the overrides first if - SSSD is running in ipa-server-mode and a name or a POSIX ID is searched, since we do not override the SIDs we can skip the search in the override tree here - if the responder indicates it has not found the corresponding object in the cache and the input might be an override name or ID and not the original one of an object. If an override object was found the SID is extracted from the anchor attribute and the original object is search by its SID. If no override object was found the original object is search with the original input and finally it is checked if an override object exits for the found object. Relates to https://fedorahosted.org/sssd/ticket/2375 Reviewed-by: Pavel Březina --- src/providers/ipa/ipa_id.c | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) (limited to 'src/providers/ipa/ipa_id.c') diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 942feb19e..cd65f5b46 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -87,11 +87,8 @@ void ipa_account_info_handler(struct be_req *breq) * subdomain lookups are handled differently on the server * and the client */ - if (dp_opt_get_bool(ipa_ctx->ipa_options->basic, IPA_SERVER_MODE)) { - req = ipa_get_ad_acct_send(breq, be_ctx->ev, ipa_ctx, breq, ar); - } else { - req = ipa_get_subdom_acct_send(breq, be_ctx->ev, ipa_ctx, ar); - } + req = ipa_subdomain_account_send(breq, be_ctx->ev, ipa_ctx, breq, ar); + } else if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_NETGROUP) { /* netgroups are handled by a separate request function */ if (ar->filter_type != BE_FILTER_NAME) { @@ -116,24 +113,15 @@ void ipa_account_info_handler(struct be_req *breq) static void ipa_account_info_done(struct tevent_req *req) { struct be_req *breq = tevent_req_callback_data(req, struct be_req); - struct be_ctx *be_ctx = be_req_get_be_ctx(breq); - struct ipa_id_ctx *ipa_ctx; struct be_acct_req *ar = talloc_get_type(be_req_get_data(breq), struct be_acct_req); const char *error_text; int ret, dp_error; - ipa_ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data, - struct ipa_id_ctx); - if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_NETGROUP) { ret = ipa_id_get_netgroup_recv(req, &dp_error); } else { - if (dp_opt_get_bool(ipa_ctx->ipa_options->basic, IPA_SERVER_MODE)) { - ret = ipa_get_ad_acct_recv(req, &dp_error); - } else { - ret = ipa_get_subdom_acct_recv(req, &dp_error); - } + ret = ipa_subdomain_account_recv(req, &dp_error); } talloc_zfree(req); -- cgit