diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2015-09-17 14:46:34 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-09-18 13:22:03 +0200 |
| commit | 87e0dcaff945f8b8f30030309e16ba26935fcb7b (patch) | |
| tree | 1d7a410f921bfe0e0a9e729ca2f3423309fbbe46 /src | |
| parent | d5e26a3ec3fa1f217f0afd045a03b29d4f88fe1d (diff) | |
| download | sssd-87e0dcaff945f8b8f30030309e16ba26935fcb7b.tar.gz sssd-87e0dcaff945f8b8f30030309e16ba26935fcb7b.tar.xz sssd-87e0dcaff945f8b8f30030309e16ba26935fcb7b.zip | |
views: allow ghost members for LOCAL view
LOCAL view does not allow the case when both ghost member and
user override is created so it is safe to allow ghost members
for this view.
Resolves:
https://fedorahosted.org/sssd/ticket/2790
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/db/sysdb_search.c | 36 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 3 |
2 files changed, 22 insertions, 17 deletions
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 5f33b225a..ab72addbc 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -482,14 +482,16 @@ int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx, /* If there are views we have to check if override values must be added to * the original object. */ if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) { - el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST); - if (el != NULL && el->num_values != 0) { - DEBUG(SSSDBG_TRACE_ALL, - "Group object [%s], contains ghost entries which must be " \ - "resolved before overrides can be applied.\n", - ldb_dn_get_linearized(orig_obj->msgs[0]->dn)); - ret = ENOENT; - goto done; + if (!is_local_view(domain->view_name)) { + el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST); + if (el != NULL && el->num_values != 0) { + DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost " + "entries which must be resolved before overrides can be " + "applied.\n", + ldb_dn_get_linearized(orig_obj->msgs[0]->dn)); + ret = ENOENT; + goto done; + } } ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], @@ -634,14 +636,16 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx, /* If there are views we have to check if override values must be added to * the original object. */ if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) { - el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST); - if (el != NULL && el->num_values != 0) { - DEBUG(SSSDBG_TRACE_ALL, - "Group object [%s], contains ghost entries which must be " \ - "resolved before overrides can be applied.\n", - ldb_dn_get_linearized(orig_obj->msgs[0]->dn)); - ret = ENOENT; - goto done; + if (!is_local_view(domain->view_name)) { + el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST); + if (el != NULL && el->num_values != 0) { + DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost " + "entries which must be resolved before overrides can be " + "applied.\n", + ldb_dn_get_linearized(orig_obj->msgs[0]->dn)); + ret = ENOENT; + goto done; + } } ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index ec7e7285a..3e95a3f5a 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -2948,7 +2948,8 @@ static int fill_grent(struct sss_packet *packet, } el = ldb_msg_find_element(msg, SYSDB_GHOST); if (el) { - if (DOM_HAS_VIEWS(dom) && el->num_values != 0) { + if (DOM_HAS_VIEWS(dom) && !is_local_view(dom->view_name) + && el->num_values != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Domain has a view [%s] but group [%s] still has " \ "ghost members.\n", dom->view_name, orig_name); |