diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-22 12:53:17 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-30 14:09:02 +0200 |
commit | 6324eaf1fb321c41ca9883966118df6d45259b7e (patch) | |
tree | a6f7ec1250cb69a187824ecd7600e01507659343 /src/confdb | |
parent | 82843754193b177275ce16f2901edac2060a3998 (diff) | |
download | sssd-6324eaf1fb321c41ca9883966118df6d45259b7e.tar.gz sssd-6324eaf1fb321c41ca9883966118df6d45259b7e.tar.xz sssd-6324eaf1fb321c41ca9883966118df6d45259b7e.zip |
CONFDB: Introduce SSSD domain type to distinguish POSIX and application domains
Related to:
https://pagure.io/SSSD/sssd/issue/3310
Adds a new option that allows to distinguish domains that do contain
POSIX users and groups and those that don't. The POSIX domains are the
default. The non-POSIX domains are selected by selecting an
"application" type domain.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/confdb')
-rw-r--r-- | src/confdb/confdb.c | 18 | ||||
-rw-r--r-- | src/confdb/confdb.h | 15 |
2 files changed, 32 insertions, 1 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index d82fd98ee..70a1eb7b2 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1367,6 +1367,22 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, } } + domain->type = DOM_TYPE_POSIX; + tmp = ldb_msg_find_attr_as_string(res->msgs[0], + CONFDB_DOMAIN_TYPE, + CONFDB_DOMAIN_TYPE_POSIX); + if (tmp != NULL) { + if (strcasecmp(tmp, CONFDB_DOMAIN_TYPE_POSIX) == 0) { + domain->type = DOM_TYPE_POSIX; + } else if (strcasecmp(tmp, CONFDB_DOMAIN_TYPE_APP) == 0) { + domain->type = DOM_TYPE_APPLICATION; + } else { + DEBUG(SSSDBG_FATAL_FAILURE, + "Invalid value %s for [%s]\n", tmp, CONFDB_DOMAIN_TYPE); + goto done; + } + } + ret = get_entry_as_uint32(res->msgs[0], &domain->subdomain_refresh_interval, CONFDB_DOMAIN_SUBDOMAIN_REFRESH, 14400); if (ret != EOK || domain->subdomain_refresh_interval == 0) { @@ -1444,7 +1460,7 @@ int confdb_get_domains(struct confdb_ctx *cdb, if (ret) { DEBUG(SSSDBG_FATAL_FAILURE, "Error (%d [%s]) retrieving domain [%s], skipping!\n", - ret, sss_strerror(ret), domlist[i]); + ret, sss_strerror(ret), domlist[i]); continue; } diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 56a603652..a4046610f 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -209,6 +209,9 @@ #define CONFDB_DOMAIN_OFFLINE_TIMEOUT "offline_timeout" #define CONFDB_DOMAIN_SUBDOMAIN_INHERIT "subdomain_inherit" #define CONFDB_DOMAIN_CACHED_AUTH_TIMEOUT "cached_auth_timeout" +#define CONFDB_DOMAIN_TYPE "domain_type" +#define CONFDB_DOMAIN_TYPE_POSIX "posix" +#define CONFDB_DOMAIN_TYPE_APP "application" /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" @@ -261,11 +264,23 @@ enum sss_domain_state { DOM_INCONSISTENT, }; +/** Whether the domain only supports looking up POSIX entries */ +enum sss_domain_type { + /** This is the default domain type. It resolves only entries + * with the full POSIX set of attributes + */ + DOM_TYPE_POSIX, + /** In this mode, entries are typically resolved only by name */ + DOM_TYPE_APPLICATION, +}; + /** * Data structure storing all of the basic features * of a domain. */ struct sss_domain_info { + enum sss_domain_type type; + char *name; char *conn_name; char *provider; |