diff options
| author | Ondrej Kos <okos@redhat.com> | 2013-09-03 12:27:17 +0200 |
|---|---|---|
| committer | Ondrej Kos <okos@redhat.com> | 2013-09-03 13:11:51 +0200 |
| commit | 10c06f8e9600cac6732445e01a1bbac996bb6df8 (patch) | |
| tree | 195e43252e44e0b030d64854b0f8821664232613 | |
| parent | f6ffbca5d56c72b062807a3a1b2ac803c9c67f04 (diff) | |
| download | sssd-token2.tar.gz sssd-token2.tar.xz sssd-token2.zip | |
TOKENGROUPS TEST 109324token2
Explanation
Resolves:
https://fedorahosted.org/sssd/ticket/XXXX
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_async_initgroups_ad.c | 67 |
2 files changed, 43 insertions, 25 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 4e9aab7c..fc48f91a 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2559,6 +2559,7 @@ struct sdap_get_initgr_state { struct sdap_search_base **user_search_bases; bool use_id_mapping; + bool failed_tokengroups; }; static errno_t sdap_get_initgr_next_base(struct tevent_req *req); diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index e5649a2b..9b2a2908 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -377,6 +377,8 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) tevent_req_callback_data(subreq, struct tevent_req); struct sdap_ad_tokengroups_initgr_state *state = tevent_req_data(req, struct sdap_ad_tokengroups_initgr_state); + struct sdap_get_initgr_state *istate = + tevent_req_data(req, struct sdap_get_initgr_state); tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -464,20 +466,29 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n")); ret = EOK; continue; - } else if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not convert SID to GID: [%s]. Skipping\n", - strerror(ret))); - continue; } - DEBUG(SSSDBG_TRACE_LIBS, - ("Processing membership GID [%lu]\n", - gid)); + if (istate->use_id_mapping) { + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Could not convert SID to GID: [%s]. Skipping\n", + strerror(ret))); + continue; + } + + DEBUG(SSSDBG_TRACE_LIBS, + ("Processing membership GID [%lu]\n", + gid)); + + /* Check whether this GID already exists in the sysdb */ + ret = sysdb_search_group_by_gid(tmp_ctx, state->sysdb, state->domain, + gid, attrs, &msg); + } else { + ret = sysdb_search_group_by_sid_str(tmp_ctx, state->sysdb, + state->domain, sid_str, attrs, + &msg); + } - /* Check whether this GID already exists in the sysdb */ - ret = sysdb_search_group_by_gid(tmp_ctx, state->sysdb, state->domain, - gid, attrs, &msg); if (ret == EOK) { group_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); if (!group_name) { @@ -487,20 +498,26 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq) goto done; } } else if (ret == ENOENT) { - /* This is a new group. For now, we will store it - * under the name of its SID. When a direct lookup of - * the group or its GID occurs, it will replace this - * temporary entry. - */ - group_name = sid_str; - ret = sysdb_add_incomplete_group(state->sysdb, - state->domain, - group_name, gid, - NULL, sid_str, false, now); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Could not create incomplete group: [%s]\n", - strerror(ret))); + if (istate->use_id_mapping) { + /* This is a new group. For now, we will store it + * under the name of its SID. When a direct lookup of + * the group or its GID occurs, it will replace this + * temporary entry. + */ + group_name = sid_str; + ret = sysdb_add_incomplete_group(state->sysdb, + state->domain, + group_name, gid, + NULL, sid_str, false, now); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Could not create incomplete group: [%s]\n", + strerror(ret))); + goto done; + } + } else { + istate->failed_tokengroups = true; + ret = EOK; goto done; } } else { |