dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0046-IPA-expand-ghost-members-of-AD-groups-in-server-mode.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   956cae063e19c463dbceb805f5bb04ffd039a6e0
  2.   SOURCES
  3.   0046-IPA-expand-ghost-members-of-AD-groups-in-server-mode.patch
Blob History Raw
b2d430 
From c17e7bc80adf9741054e53dc6e8d8f6afa273e18 Mon Sep 17 00:00:00 2001
b2d430 
From: Sumit Bose <sbose@redhat.com>
b2d430 
Date: Tue, 12 Jul 2016 17:09:40 +0200
b2d430 
Subject: [PATCH 46/62] IPA: expand ghost members of AD groups in server-mode
b2d430
b2d430 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
b2d430 
(cherry picked from commit 160ba891ec483c5b7d2a3fcca5bd992fc790efe0)
b2d430 
---
b2d430 
 src/providers/ipa/ipa_subdomains_id.c | 79 ++++++++++++++++++++++++++++++++++-
b2d430 
 1 file changed, 78 insertions(+), 1 deletion(-)
b2d430
b2d430 
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
b2d430 
index 65bfd33765d5799037075e599049761f18466bb2..542c596a983bcb48f4eac699f78eb956326cefa2 100644
b2d430 
--- a/src/providers/ipa/ipa_subdomains_id.c
b2d430 
+++ b/src/providers/ipa/ipa_subdomains_id.c
b2d430 
@@ -1201,6 +1201,67 @@ fail:
b2d430 
     return;
b2d430 
 }
b2d430
b2d430 
+static void ipa_check_ghost_members_done(struct tevent_req *subreq);
b2d430 
+static errno_t ipa_check_ghost_members(struct tevent_req *req)
b2d430 
+{
b2d430 
+    struct ipa_get_ad_acct_state *state = tevent_req_data(req,
b2d430 
+                                                struct ipa_get_ad_acct_state);
b2d430 
+    errno_t ret;
b2d430 
+    struct tevent_req *subreq;
b2d430 
+    struct ldb_message_element *ghosts = NULL;
b2d430 
+
b2d430 
+
b2d430 
+    if (state->obj_msg == NULL) {
b2d430 
+        ret = get_object_from_cache(state, state->obj_dom, state->ar,
b2d430 
+                                    &state->obj_msg);
b2d430 
+        if (ret == ENOENT) {
b2d430 
+            DEBUG(SSSDBG_MINOR_FAILURE,
b2d430 
+                  "Object not found, ending request\n");
b2d430 
+            return EOK;
b2d430 
+        } else if (ret != EOK) {
b2d430 
+            DEBUG(SSSDBG_OP_FAILURE, "get_object_from_cache failed.\n");
b2d430 
+            return ret;
b2d430 
+        }
b2d430 
+    }
b2d430 
+
b2d430 
+    ghosts = ldb_msg_find_element(state->obj_msg, SYSDB_GHOST);
b2d430 
+
b2d430 
+    if (ghosts != NULL) {
b2d430 
+        /* Resolve ghost members */
b2d430 
+        subreq = ipa_resolve_user_list_send(state, state->ev,
b2d430 
+                                            state->ipa_ctx,
b2d430 
+                                            state->obj_dom->name,
b2d430 
+                                            ghosts);
b2d430 
+        if (subreq == NULL) {
b2d430 
+            DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
b2d430 
+            return ENOMEM;
b2d430 
+        }
b2d430 
+        tevent_req_set_callback(subreq, ipa_check_ghost_members_done, req);
b2d430 
+        return EAGAIN;
b2d430 
+    }
b2d430 
+
b2d430 
+    return EOK;
b2d430 
+}
b2d430 
+
b2d430 
+static void ipa_check_ghost_members_done(struct tevent_req *subreq)
b2d430 
+{
b2d430 
+    struct tevent_req *req = tevent_req_callback_data(subreq,
b2d430 
+                                                struct tevent_req);
b2d430 
+    int ret;
b2d430 
+
b2d430 
+    ret = ipa_resolve_user_list_recv(subreq, NULL);
b2d430 
+    talloc_zfree(subreq);
b2d430 
+    if (ret != EOK) {
b2d430 
+        DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list request failed [%d]\n",
b2d430 
+                                  ret);
b2d430 
+        tevent_req_error(req, ret);
b2d430 
+        return;
b2d430 
+    }
b2d430 
+
b2d430 
+    tevent_req_done(req);
b2d430 
+    return;
b2d430 
+}
b2d430 
+
b2d430 
 static errno_t ipa_get_ad_apply_override_step(struct tevent_req *req)
b2d430 
 {
b2d430 
     struct ipa_get_ad_acct_state *state = tevent_req_data(req,
b2d430 
@@ -1228,11 +1289,27 @@ static errno_t ipa_get_ad_apply_override_step(struct tevent_req *req)
b2d430 
     entry_type = (state->ar->entry_type & BE_REQ_TYPE_MASK);
b2d430 
     if (entry_type != BE_REQ_INITGROUPS
b2d430 
             && entry_type != BE_REQ_USER
b2d430 
-            && entry_type != BE_REQ_BY_SECID) {
b2d430 
+            && entry_type != BE_REQ_BY_SECID
b2d430 
+            && entry_type != BE_REQ_GROUP) {
b2d430 
         tevent_req_done(req);
b2d430 
         return EOK;
b2d430 
     }
b2d430
b2d430 
+    /* expand ghost members, if any, to get group members with overrides
b2d430 
+     * right. */
b2d430 
+    if (entry_type == BE_REQ_GROUP) {
b2d430 
+        ret = ipa_check_ghost_members(req);
b2d430 
+        if (ret == EOK) {
b2d430 
+            tevent_req_done(req);
b2d430 
+            return EOK;
b2d430 
+        } else if (ret == EAGAIN) {
b2d430 
+            return EOK;
b2d430 
+        } else {
b2d430 
+            DEBUG(SSSDBG_OP_FAILURE, "ipa_check_ghost_members failed.\n");
b2d430 
+            return ret;
b2d430 
+        }
b2d430 
+    }
b2d430 
+
b2d430 
     /* Replace ID with name in search filter */
b2d430 
     if ((entry_type == BE_REQ_USER && state->ar->filter_type == BE_FILTER_IDNUM)
b2d430 
             || (entry_type == BE_REQ_INITGROUPS
b2d430 
--
b2d430 
2.4.11
b2d430

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation