From 4c560e7b98e7ab71d22be24d2fbc468396cb634f Mon Sep 17 00:00:00 2001
From: Pavel Reichl <preichl@redhat.com>
Date: Wed, 16 Jul 2014 13:33:58 +0100
Subject: IPA: new attribute map for non-posix groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Create new set of attributes to be used when processing non-posix groups.

Resolves:
https://fedorahosted.org/sssd/ticket/2343

Reviewed-by: Michal Židek <mzidek@redhat.com>
---
 src/providers/ldap/ldap_id.c               |  8 +++++++-
 src/providers/ldap/sdap.h                  | 11 +++++++++++
 src/providers/ldap/sdap_async.h            |  3 ++-
 src/providers/ldap/sdap_async_initgroups.c | 12 +++++++++---
 4 files changed, 29 insertions(+), 5 deletions(-)

(limited to 'src/providers/ldap')

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index c788b6bdd..e164cde4c 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -919,6 +919,7 @@ struct groups_by_user_state {
 
     const char *name;
     const char **attrs;
+    const char **np_attrs;
 
     int dp_error;
     int sdap_ret;
@@ -966,6 +967,10 @@ static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
                                NULL, &state->attrs, NULL);
     if (ret != EOK) goto fail;
 
+    ret = build_attrs_from_map(state, ctx->opts->np_group_map, SDAP_OPTS_NP_GROUP,
+                               NULL, &state->np_attrs, NULL);
+    if (ret != EOK) goto fail;
+
     ret = groups_by_user_retry(req);
     if (ret != EOK) {
         goto fail;
@@ -1020,7 +1025,8 @@ static void groups_by_user_connect_done(struct tevent_req *subreq)
                                   state->ctx,
                                   state->conn,
                                   state->name,
-                                  state->attrs);
+                                  state->attrs,
+                                  state->np_attrs);
     if (!subreq) {
         tevent_req_error(req, ENOMEM);
         return;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 6bab0e1c1..94048bfc7 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -302,6 +302,16 @@ enum sdap_group_attrs {
     SDAP_OPTS_GROUP /* attrs counter */
 };
 
+/* the objectclass must be the first attribute.
+ * Functions depend on this */
+enum sdap_np_group_attrs {
+    SDAP_OC_NP_GROUP = 0,
+    SDAP_AT_NP_GROUP_NAME,
+    SDAP_AT_NP_GROUP_MEMBER,
+
+    SDAP_OPTS_NP_GROUP /* attrs counter */
+};
+
 enum sdap_netgroup_attrs {
     SDAP_OC_NETGROUP = 0,
     SDAP_AT_NETGROUP_NAME,
@@ -414,6 +424,7 @@ struct sdap_options {
     struct sdap_attr_map *user_map;
     size_t user_map_cnt;
     struct sdap_attr_map *group_map;
+    struct sdap_attr_map *np_group_map;
     struct sdap_attr_map *netgroup_map;
     struct sdap_attr_map *service_map;
 
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 808254a24..2ed7cb7ea 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -134,7 +134,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
                                         struct sdap_id_ctx *id_ctx,
                                         struct sdap_id_conn_ctx *conn,
                                         const char *name,
-                                        const char **grp_attrs);
+                                        const char **grp_attrs,
+                                        const char **np_grp_attrs);
 int sdap_get_initgr_recv(struct tevent_req *req);
 
 struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx,
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 2eecdf9a3..ae442ff5c 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -706,6 +706,7 @@ struct sdap_initgr_nested_state {
     const char *orig_dn;
 
     const char **grp_attrs;
+    const char **np_grp_attrs;
 
     struct ldb_message_element *memberof;
     char *filter;
@@ -729,7 +730,8 @@ static struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
                                                   struct sss_domain_info *dom,
                                                   struct sdap_handle *sh,
                                                   struct sysdb_attrs *user,
-                                                  const char **grp_attrs)
+                                                  const char **grp_attrs,
+                                                  const char **np_grp_attrs)
 {
     struct tevent_req *req;
     struct sdap_initgr_nested_state *state;
@@ -2592,6 +2594,7 @@ struct sdap_get_initgr_state {
     struct sdap_id_conn_ctx *conn;
     const char *name;
     const char **grp_attrs;
+    const char **np_grp_attrs;
     const char **user_attrs;
     char *user_base_filter;
     char *filter;
@@ -2616,7 +2619,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx,
                                         struct sdap_id_ctx *id_ctx,
                                         struct sdap_id_conn_ctx *conn,
                                         const char *name,
-                                        const char **grp_attrs)
+                                        const char **grp_attrs,
+                                        const char **np_grp_attrs)
 {
     struct tevent_req *req;
     struct sdap_get_initgr_state *state;
@@ -2951,9 +2955,11 @@ static void sdap_get_initgr_user(struct tevent_req *subreq)
         break;
 
     case SDAP_SCHEMA_IPA_V1:
+
         subreq = sdap_initgr_nested_send(state, state->ev, state->opts,
                                          state->sysdb, state->dom, state->sh,
-                                         state->orig_user, state->grp_attrs);
+                                         state->orig_user, state->grp_attrs,
+                                         state->np_grp_attrs);
         if (!subreq) {
             tevent_req_error(req, ENOMEM);
             return;
-- 
cgit