diff options
author | Ondrej Kos <okos@redhat.com> | 2013-08-21 15:01:34 +0200 |
---|---|---|
committer | Ondrej Kos <okos@redhat.com> | 2013-08-21 17:11:36 +0200 |
commit | 387d72fd09a60ba5697276102a593d7eceecd14f (patch) | |
tree | 610b466719d3a1a9aab2d85a43782103dee12bcc | |
parent | f519f6cb5a5904d4945d6f5bfae39a1ddca54012 (diff) | |
download | sssd-387d72fd09a60ba5697276102a593d7eceecd14f.tar.gz sssd-387d72fd09a60ba5697276102a593d7eceecd14f.tar.xz sssd-387d72fd09a60ba5697276102a593d7eceecd14f.zip |
t5sid
Explanation
Resolves:
https://fedorahosted.org/sssd/ticket/XXXX
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 6 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 64 |
2 files changed, 55 insertions, 15 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 6bc9579d..ddf82721 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2782,8 +2782,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) return; } - if (state->use_id_mapping - && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { + if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { /* Take advantage of AD's tokenGroups mechanism to look up all * parent groups in a single request. */ @@ -2880,8 +2879,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) case SDAP_SCHEMA_RFC2307BIS: case SDAP_SCHEMA_AD: - if (state->use_id_mapping - && state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { + if (state->opts->dc_functional_level >= DS_BEHAVIOR_WIN2008) { ret = sdap_get_ad_tokengroups_initgroups_recv(subreq); } else if (state->opts->support_matching_rule diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 89789204..b5e82044 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -365,12 +365,14 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) gid_t gid; time_t now; struct sysdb_attrs **users; + struct sysdb_attrs *group_attrs; struct ldb_message_element *el; struct ldb_message *msg; char **ldap_grouplist; char **sysdb_grouplist; char **add_groups; char **del_groups; + bool use_id_mapping; const char *attrs[] = { SYSDB_NAME, NULL }; const char *group_name; struct tevent_req *req = @@ -455,29 +457,45 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) idmap_error_string(err))); continue; } + DEBUG(SSSDBG_TRACE_LIBS, ("Processing membership SID [%s]\n", sid_str)); + + use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(state->opts->idmap_ctx, + sid_str); ret = sdap_idmap_sid_to_unix(state->opts->idmap_ctx, sid_str, &gid); if (ret == ENOTSUP) { DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n")); ret = EOK; continue; - } else if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not convert SID to GID: [%s]. Skipping\n", - strerror(ret))); - continue; } - DEBUG(SSSDBG_TRACE_LIBS, - ("Processing membership GID [%lu]\n", - gid)); + if (use_id_mapping) { + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Could not convert SID to GID: [%s]. Skipping\n", + strerror(ret))); + continue; + } + + DEBUG(SSSDBG_TRACE_LIBS, + ("Processing membership GID [%lu]\n", + gid)); + /* Check whether this GID already exists in the sysdb */ + ret = sysdb_search_group_by_gid(tmp_ctx, state->sysdb, state->domain, + gid, attrs, &msg); + } else { + DEBUG(SSSDBG_TRACE_LIBS, + ("Processing membership group SID [%s]\n", + sid_str)); + + ret = sysdb_search_group_by_sid_str(tmp_ctx, state->sysdb, + state->domain, sid_str, attrs, + &msg); + } - /* Check whether this GID already exists in the sysdb */ - ret = sysdb_search_group_by_gid(tmp_ctx, state->sysdb, state->domain, - gid, attrs, &msg); if (ret == EOK) { group_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (!group_name) { @@ -503,6 +521,30 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) strerror(ret))); goto done; } + + group_attrs = sysdb_new_attrs(tmp_ctx); + if (group_attrs == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_string(group_attrs, SYSDB_SID_STR, + sid_str); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add SID string: " + "[%s]\n", strerror(ret))); + goto done; + } + + ret = sysdb_set_group_attr(state->sysdb, + state->domain, + group_name, group_attrs, + SYSDB_MOD_REP); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not save SID string " + "[%s] to sysdb.\n")); + goto done; + } } else { /* Unexpected error */ DEBUG(SSSDBG_MINOR_FAILURE, |