From 87e0dcaff945f8b8f30030309e16ba26935fcb7b Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Thu, 17 Sep 2015 14:46:34 +0200 Subject: views: allow ghost members for LOCAL view LOCAL view does not allow the case when both ghost member and user override is created so it is safe to allow ghost members for this view. Resolves: https://fedorahosted.org/sssd/ticket/2790 Reviewed-by: Sumit Bose --- src/db/sysdb_search.c | 36 ++++++++++++++++++++---------------- src/responder/nss/nsssrv_cmd.c | 3 ++- 2 files changed, 22 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 5f33b225a..ab72addbc 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -482,14 +482,16 @@ int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx, /* If there are views we have to check if override values must be added to * the original object. */ if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) { - el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST); - if (el != NULL && el->num_values != 0) { - DEBUG(SSSDBG_TRACE_ALL, - "Group object [%s], contains ghost entries which must be " \ - "resolved before overrides can be applied.\n", - ldb_dn_get_linearized(orig_obj->msgs[0]->dn)); - ret = ENOENT; - goto done; + if (!is_local_view(domain->view_name)) { + el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST); + if (el != NULL && el->num_values != 0) { + DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost " + "entries which must be resolved before overrides can be " + "applied.\n", + ldb_dn_get_linearized(orig_obj->msgs[0]->dn)); + ret = ENOENT; + goto done; + } } ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], @@ -634,14 +636,16 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx, /* If there are views we have to check if override values must be added to * the original object. */ if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) { - el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST); - if (el != NULL && el->num_values != 0) { - DEBUG(SSSDBG_TRACE_ALL, - "Group object [%s], contains ghost entries which must be " \ - "resolved before overrides can be applied.\n", - ldb_dn_get_linearized(orig_obj->msgs[0]->dn)); - ret = ENOENT; - goto done; + if (!is_local_view(domain->view_name)) { + el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST); + if (el != NULL && el->num_values != 0) { + DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost " + "entries which must be resolved before overrides can be " + "applied.\n", + ldb_dn_get_linearized(orig_obj->msgs[0]->dn)); + ret = ENOENT; + goto done; + } } ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0], diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index ec7e7285a..3e95a3f5a 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -2948,7 +2948,8 @@ static int fill_grent(struct sss_packet *packet, } el = ldb_msg_find_element(msg, SYSDB_GHOST); if (el) { - if (DOM_HAS_VIEWS(dom) && el->num_values != 0) { + if (DOM_HAS_VIEWS(dom) && !is_local_view(dom->view_name) + && el->num_values != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Domain has a view [%s] but group [%s] still has " \ "ghost members.\n", dom->view_name, orig_name); -- cgit