diff options
| author | Sumit Bose <sbose@redhat.com> | 2017-03-22 14:13:05 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-29 15:09:44 +0200 |
| commit | 415d93196533a6fcd90889c67396ef5af5bf791a (patch) | |
| tree | 12310d7986592ff7382eb954afdd4dde931d56aa /src/providers | |
| parent | 1c551b1373799643f3e9ba4f696d21b8fc57dafd (diff) | |
| download | sssd-415d93196533a6fcd90889c67396ef5af5bf791a.tar.gz sssd-415d93196533a6fcd90889c67396ef5af5bf791a.tar.xz sssd-415d93196533a6fcd90889c67396ef5af5bf791a.zip | |
IPA: add mapped attributes to user from trusted domains
Allow the usage of the mapped attribute for the lookup of AD users on
IPA clients as already used for the normal LDAP lookup.
Related to https://pagure.io/SSSD/sssd/issue/3050
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index c99312274..05c32a24d 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -761,6 +761,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, struct resp_attrs *simple_attrs, const char *view_name, struct sysdb_attrs *override_attrs, + struct sysdb_attrs *mapped_attrs, bool update_initgr_timeout); static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx, @@ -1009,6 +1010,7 @@ struct ipa_s2n_get_list_state { struct resp_attrs *attrs; struct sss_domain_info *obj_domain; struct sysdb_attrs *override_attrs; + struct sysdb_attrs *mapped_attrs; }; static errno_t ipa_s2n_get_list_step(struct tevent_req *req); @@ -1025,7 +1027,8 @@ static struct tevent_req *ipa_s2n_get_list_send(TALLOC_CTX *mem_ctx, int entry_type, enum request_types request_type, enum req_input_type list_type, - char **list) + char **list, + struct sysdb_attrs *mapped_attrs) { int ret; struct ipa_s2n_get_list_state *state; @@ -1057,6 +1060,7 @@ static struct tevent_req *ipa_s2n_get_list_send(TALLOC_CTX *mem_ctx, state->request_type = request_type; state->attrs = NULL; state->override_attrs = NULL; + state->mapped_attrs = mapped_attrs; ret = ipa_s2n_get_list_step(req); if (ret != EOK) { @@ -1288,7 +1292,8 @@ static errno_t ipa_s2n_get_list_save_step(struct tevent_req *req) ret = ipa_s2n_save_objects(state->dom, &state->req_input, state->attrs, NULL, state->ipa_ctx->view_name, - state->override_attrs, false); + state->override_attrs, state->mapped_attrs, + false); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n"); return ret; @@ -1704,7 +1709,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) BE_REQ_GROUP, REQ_FULL_WITH_MEMBERS, REQ_INP_NAME, - missing_list); + missing_list, NULL); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_send failed.\n"); @@ -1732,7 +1737,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) BE_REQ_USER, REQ_FULL_WITH_MEMBERS, REQ_INP_NAME, - missing_list); + missing_list, NULL); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_send failed.\n"); @@ -1810,7 +1815,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) if (ret == ENOENT || is_default_view(state->ipa_ctx->view_name)) { ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs, - state->simple_attrs, NULL, NULL, true); + state->simple_attrs, NULL, NULL, NULL, true); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n"); goto done; @@ -1978,6 +1983,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, struct resp_attrs *simple_attrs, const char *view_name, struct sysdb_attrs *override_attrs, + struct sysdb_attrs *mapped_attrs, bool update_initgr_timeout) { int ret; @@ -2305,6 +2311,15 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom, goto done; } + if (mapped_attrs != NULL) { + ret = sysdb_set_user_attr(dom, name, mapped_attrs, + SYSDB_MOD_ADD); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_user_attr failed.\n"); + goto done; + } + } + if (gid_override_attrs != NULL) { ret = sysdb_set_user_attr(dom, name, gid_override_attrs, SYSDB_MOD_REP); @@ -2487,7 +2502,7 @@ static void ipa_s2n_get_list_done(struct tevent_req *subreq) &sid_str); if (ret == ENOENT) { ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs, - state->simple_attrs, NULL, NULL, true); + state->simple_attrs, NULL, NULL, NULL, true); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n"); goto fail; @@ -2525,7 +2540,7 @@ static void ipa_s2n_get_list_done(struct tevent_req *subreq) ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs, state->simple_attrs, state->ipa_ctx->view_name, - state->override_attrs, true); + state->override_attrs, NULL, true); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n"); tevent_req_error(req, ret); @@ -2561,7 +2576,7 @@ static void ipa_s2n_get_user_get_override_done(struct tevent_req *subreq) ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs, state->simple_attrs, state->ipa_ctx->view_name, - override_attrs, true); + override_attrs, NULL, true); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n"); tevent_req_error(req, ret); @@ -2662,7 +2677,7 @@ struct tevent_req *ipa_get_subdom_acct_process_pac_send(TALLOC_CTX *mem_ctx, dp_opt_get_int(ipa_ctx->sdap_id_ctx->opts->basic, SDAP_SEARCH_TIMEOUT), BE_REQ_BY_SECID, REQ_FULL, REQ_INP_SECID, - state->missing_sids); + state->missing_sids, NULL); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_send failed.\n"); ret = ENOMEM; |