From f76e48596bc30b19eedacd838dd306bc1607d4eb Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 13 Jul 2016 17:42:51 +0200 Subject: wip --- src/db/sysdb.h | 3 ++ src/db/sysdb_ops.c | 71 +++++++++++++++++++++++++++++++++++ src/providers/ipa/ipa_subdomains_id.c | 24 ++++++++++-- 3 files changed, 94 insertions(+), 4 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 609921fbb..15cf944d2 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -946,6 +946,9 @@ int sysdb_mod_group_member(struct sss_domain_info *domain, struct ldb_dn *group_dn, int mod_op); +errno_t sysdb_refresh_group_memberships(struct sss_domain_info *dom, + struct ldb_dn *dn); + int sysdb_store_user(struct sss_domain_info *domain, const char *name, const char *pwd, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 4755ea342..60bd746e7 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2290,6 +2290,77 @@ fail: return ret; } +errno_t sysdb_refresh_group_memberships(struct sss_domain_info *dom, + struct ldb_dn *dn) +{ + int ret; + TALLOC_CTX *tmp_ctx; + const char *attrs[] = { SYSDB_MEMBEROF, NULL }; + size_t msgs_count; + struct ldb_message **msgs; + struct ldb_message_element *groups; + size_t c; + struct ldb_dn *group_dn; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + return ENOMEM; + } + + ret = sysdb_search_entry(tmp_ctx, dom->sysdb, dn, LDB_SCOPE_BASE, NULL, + attrs, &msgs_count, &msgs); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed for [%s].\n", + ldb_dn_get_linearized(dn)); + goto done; + } + + if (msgs_count != 1) { + DEBUG(SSSDBG_OP_FAILURE, + "Expected 1 result for base search, got [%d].\n", msgs_count); + ret = EINVAL; + goto done; + } + + groups = ldb_msg_find_element(msgs[0], SYSDB_MEMBEROF); + if (groups == NULL) { + DEBUG(SSSDBG_TRACE_ALL, "[%s] is not member of any group.\n", + ldb_dn_get_linearized(dn)); + ret = EOK; + goto done; + } + + for (c = 0; c < groups->num_values; c++) { + group_dn = ldb_dn_from_ldb_val(tmp_ctx, dom->sysdb->ldb, + &groups->values[c]); + if (group_dn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_from_ldb_val failed.\n"); + ret = ENOMEM; + goto done; + } + + ret = sysdb_mod_group_member(dom, dn, group_dn, SYSDB_MOD_DEL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_mod_group_member SYSDB_MOD_DEL failed.\n"); + goto done; + } + ret = sysdb_mod_group_member(dom, dn, group_dn, SYSDB_MOD_ADD); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_mod_group_member SYSDB_MOD_ADD failed.\n"); + goto done; + } + } + + ret = EOK; +done: + talloc_free(tmp_ctx); + + return ret; +} + /* =Add-Basic-Netgroup-NO-CHECKS============================================= */ int sysdb_add_basic_netgroup(struct sss_domain_info *domain, diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 60245d8ca..7990d8c57 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -629,6 +629,7 @@ struct ipa_get_ad_acct_state { char *object_sid; struct sysdb_attrs *override_attrs; struct ldb_message *obj_msg; + struct ldb_message_element *ghosts; }; static void ipa_get_ad_acct_ad_part_done(struct tevent_req *subreq); @@ -1208,7 +1209,6 @@ static errno_t ipa_check_ghost_members(struct tevent_req *req) struct ipa_get_ad_acct_state); errno_t ret; struct tevent_req *subreq; - struct ldb_message_element *ghosts = NULL; if (state->obj_msg == NULL) { @@ -1224,14 +1224,14 @@ static errno_t ipa_check_ghost_members(struct tevent_req *req) } } - ghosts = ldb_msg_find_element(state->obj_msg, SYSDB_GHOST); + state->ghosts = ldb_msg_find_element(state->obj_msg, SYSDB_GHOST); - if (ghosts != NULL) { + if (state->ghosts != NULL) { /* Resolve ghost members */ subreq = ipa_resolve_user_list_send(state, state->ev, state->ipa_ctx, state->obj_dom->name, - ghosts); + state->ghosts); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n"); return ENOMEM; @@ -1275,6 +1275,7 @@ static errno_t ipa_get_ad_apply_override_step(struct tevent_req *req) size_t groups_count = 0; struct ldb_message **groups = NULL; const char *attrs[] = SYSDB_INITGR_ATTRS; + const char *overide_name; if (state->override_attrs != NULL) { /* We are in ipa-server-mode, so the view is the default view by @@ -1312,6 +1313,21 @@ static errno_t ipa_get_ad_apply_override_step(struct tevent_req *req) } } + + /* check if there is a override name which should replace the orignal + * name in the memberUid sttribute. */ + ret = sysdb_attrs_get_string(state->override_attrs, SYSDB_NAME, + &overide_name); + if (ret == EOK) { + ret = sysdb_refresh_group_memberships(state->obj_dom, + state->obj_msg->dn); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_replace_override_name_in_memberuid failed, " + "ignored, member names might not show overrides.\n"); + } + } + /* Replace ID with name in search filter */ if ((entry_type == BE_REQ_USER && state->ar->filter_type == BE_FILTER_IDNUM) || (entry_type == BE_REQ_INITGROUPS -- cgit