|
|
905b4d |
From f20163d0e2076cbdfe48975a8ad38d471d8c5386 Mon Sep 17 00:00:00 2001
|
|
|
905b4d |
From: Sumit Bose <sbose@redhat.com>
|
|
|
905b4d |
Date: Wed, 10 Dec 2014 15:03:18 +0100
|
|
|
905b4d |
Subject: [PATCH 158/160] IPA: resolve ghost members if a non-default view is
|
|
|
905b4d |
applied
|
|
|
905b4d |
|
|
|
905b4d |
Related to https://fedorahosted.org/sssd/ticket/2481
|
|
|
905b4d |
|
|
|
905b4d |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
905b4d |
(cherry picked from commit 765d9075bb1e10ae0f09b6c2701bfd50aeb423d4)
|
|
|
905b4d |
---
|
|
|
905b4d |
src/providers/ipa/ipa_id.c | 212 ++++++++++++++++++++++++++++++++++
|
|
|
905b4d |
src/providers/ipa/ipa_subdomains_id.c | 1 +
|
|
|
905b4d |
2 files changed, 213 insertions(+)
|
|
|
905b4d |
|
|
|
905b4d |
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
|
|
|
905b4d |
index 5665a1835e8b0ab18325bfc68a8d8b5650730943..4df6ed0e8ee1e9886151703f424b4580db8799a4 100644
|
|
|
905b4d |
--- a/src/providers/ipa/ipa_id.c
|
|
|
905b4d |
+++ b/src/providers/ipa/ipa_id.c
|
|
|
905b4d |
@@ -144,6 +144,150 @@ static void ipa_account_info_done(struct tevent_req *req)
|
|
|
905b4d |
sdap_handler_done(breq, dp_error, ret, error_text);
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
+struct ipa_resolve_user_list_state {
|
|
|
905b4d |
+ struct tevent_context *ev;
|
|
|
905b4d |
+ struct sdap_id_ctx *sdap_id_ctx;
|
|
|
905b4d |
+ struct be_req *be_req;
|
|
|
905b4d |
+ struct ldb_message_element *users;
|
|
|
905b4d |
+ const char *domain_name;
|
|
|
905b4d |
+ size_t user_idx;
|
|
|
905b4d |
+
|
|
|
905b4d |
+ int dp_error;
|
|
|
905b4d |
+};
|
|
|
905b4d |
+
|
|
|
905b4d |
+static errno_t ipa_resolve_user_list_get_user_step(struct tevent_req *req);
|
|
|
905b4d |
+static void ipa_resolve_user_list_get_user_done(struct tevent_req *subreq);
|
|
|
905b4d |
+
|
|
|
905b4d |
+static struct tevent_req *
|
|
|
905b4d |
+ipa_resolve_user_list_send(TALLOC_CTX *memctx, struct tevent_context *ev,
|
|
|
905b4d |
+ struct be_req *be_req,
|
|
|
905b4d |
+ struct sdap_id_ctx *sdap_id_ctx,
|
|
|
905b4d |
+ const char *domain_name,
|
|
|
905b4d |
+ struct ldb_message_element *users)
|
|
|
905b4d |
+{
|
|
|
905b4d |
+ int ret;
|
|
|
905b4d |
+ struct tevent_req *req;
|
|
|
905b4d |
+ struct ipa_resolve_user_list_state *state;
|
|
|
905b4d |
+
|
|
|
905b4d |
+ req = tevent_req_create(memctx, &state,
|
|
|
905b4d |
+ struct ipa_resolve_user_list_state);
|
|
|
905b4d |
+ if (req == NULL) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
|
|
|
905b4d |
+ return NULL;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+ state->ev = ev;
|
|
|
905b4d |
+ state->sdap_id_ctx = sdap_id_ctx;
|
|
|
905b4d |
+ state->be_req = be_req;
|
|
|
905b4d |
+ state->domain_name = domain_name;
|
|
|
905b4d |
+ state->users = users;
|
|
|
905b4d |
+ state->user_idx = 0;
|
|
|
905b4d |
+ state->dp_error = DP_ERR_FATAL;
|
|
|
905b4d |
+
|
|
|
905b4d |
+ ret = ipa_resolve_user_list_get_user_step(req);
|
|
|
905b4d |
+ if (ret == EAGAIN) {
|
|
|
905b4d |
+ return req;
|
|
|
905b4d |
+ } else if (ret == EOK) {
|
|
|
905b4d |
+ state->dp_error = DP_ERR_OK;
|
|
|
905b4d |
+ tevent_req_done(req);
|
|
|
905b4d |
+ } else {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
905b4d |
+ "ipa_resolve_user_list_get_user_step failed.\n");
|
|
|
905b4d |
+ tevent_req_error(req, ret);
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+ tevent_req_post(req, ev);
|
|
|
905b4d |
+ return req;
|
|
|
905b4d |
+}
|
|
|
905b4d |
+
|
|
|
905b4d |
+static errno_t ipa_resolve_user_list_get_user_step(struct tevent_req *req)
|
|
|
905b4d |
+{
|
|
|
905b4d |
+ int ret;
|
|
|
905b4d |
+ struct tevent_req *subreq;
|
|
|
905b4d |
+ struct be_acct_req *ar;
|
|
|
905b4d |
+ struct ipa_resolve_user_list_state *state = tevent_req_data(req,
|
|
|
905b4d |
+ struct ipa_resolve_user_list_state);
|
|
|
905b4d |
+
|
|
|
905b4d |
+ if (state->user_idx >= state->users->num_values) {
|
|
|
905b4d |
+ return EOK;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+ ret = get_be_acct_req_for_user_name(state,
|
|
|
905b4d |
+ (char *) state->users->values[state->user_idx].data,
|
|
|
905b4d |
+ state->domain_name, &ar);
|
|
|
905b4d |
+ if (ret != EOK) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_user_name failed.\n");
|
|
|
905b4d |
+ return ret;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+ DEBUG(SSSDBG_TRACE_ALL, "Trying to resolve user [%s].\n", ar->filter_value);
|
|
|
905b4d |
+
|
|
|
905b4d |
+ subreq = sdap_handle_acct_req_send(state, state->be_req, ar,
|
|
|
905b4d |
+ state->sdap_id_ctx,
|
|
|
905b4d |
+ state->sdap_id_ctx->opts->sdom,
|
|
|
905b4d |
+ state->sdap_id_ctx->conn, true);
|
|
|
905b4d |
+ if (subreq == NULL) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_handle_acct_req_send failed.\n");
|
|
|
905b4d |
+ return ENOMEM;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+ tevent_req_set_callback(subreq, ipa_resolve_user_list_get_user_done, req);
|
|
|
905b4d |
+
|
|
|
905b4d |
+ return EAGAIN;
|
|
|
905b4d |
+}
|
|
|
905b4d |
+
|
|
|
905b4d |
+static void ipa_resolve_user_list_get_user_done(struct tevent_req *subreq)
|
|
|
905b4d |
+{
|
|
|
905b4d |
+ struct tevent_req *req = tevent_req_callback_data(subreq,
|
|
|
905b4d |
+ struct tevent_req);
|
|
|
905b4d |
+ struct ipa_resolve_user_list_state *state = tevent_req_data(req,
|
|
|
905b4d |
+ struct ipa_resolve_user_list_state);
|
|
|
905b4d |
+ int ret;
|
|
|
905b4d |
+
|
|
|
905b4d |
+ ret = sdap_handle_acct_req_recv(subreq, &state->dp_error, NULL, NULL);
|
|
|
905b4d |
+ talloc_zfree(subreq);
|
|
|
905b4d |
+ if (ret != EOK) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_handle_acct request failed: %d\n", ret);
|
|
|
905b4d |
+ goto done;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+ state->user_idx++;
|
|
|
905b4d |
+
|
|
|
905b4d |
+ ret = ipa_resolve_user_list_get_user_step(req);
|
|
|
905b4d |
+ if (ret == EAGAIN) {
|
|
|
905b4d |
+ return;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+ if (ret != EOK) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
905b4d |
+ "ipa_resolve_user_list_get_user_step failed.\n");
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+done:
|
|
|
905b4d |
+ if (ret == EOK) {
|
|
|
905b4d |
+ state->dp_error = DP_ERR_OK;
|
|
|
905b4d |
+ tevent_req_done(req);
|
|
|
905b4d |
+ } else {
|
|
|
905b4d |
+ if (state->dp_error == DP_ERR_OK) {
|
|
|
905b4d |
+ state->dp_error = DP_ERR_FATAL;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+ tevent_req_error(req, ret);
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+ return;
|
|
|
905b4d |
+}
|
|
|
905b4d |
+
|
|
|
905b4d |
+static int ipa_resolve_user_list_recv(struct tevent_req *req, int *dp_error)
|
|
|
905b4d |
+{
|
|
|
905b4d |
+ struct ipa_resolve_user_list_state *state = tevent_req_data(req,
|
|
|
905b4d |
+ struct ipa_resolve_user_list_state);
|
|
|
905b4d |
+
|
|
|
905b4d |
+ if (dp_error) {
|
|
|
905b4d |
+ *dp_error = state->dp_error;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+ TEVENT_REQ_RETURN_ON_ERROR(req);
|
|
|
905b4d |
+
|
|
|
905b4d |
+ return EOK;
|
|
|
905b4d |
+}
|
|
|
905b4d |
+
|
|
|
905b4d |
struct ipa_id_get_account_info_state {
|
|
|
905b4d |
struct tevent_context *ev;
|
|
|
905b4d |
struct ipa_id_ctx *ipa_ctx;
|
|
|
905b4d |
@@ -157,6 +301,7 @@ struct ipa_id_get_account_info_state {
|
|
|
905b4d |
|
|
|
905b4d |
struct sysdb_attrs *override_attrs;
|
|
|
905b4d |
struct ldb_message *obj_msg;
|
|
|
905b4d |
+ struct ldb_message_element *ghosts;
|
|
|
905b4d |
int dp_error;
|
|
|
905b4d |
};
|
|
|
905b4d |
|
|
|
905b4d |
@@ -166,6 +311,7 @@ static errno_t ipa_id_get_account_info_get_original_step(struct tevent_req *req,
|
|
|
905b4d |
struct be_acct_req *ar);
|
|
|
905b4d |
static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq);
|
|
|
905b4d |
static void ipa_id_get_account_info_done(struct tevent_req *subreq);
|
|
|
905b4d |
+static void ipa_id_get_user_list_done(struct tevent_req *subreq);
|
|
|
905b4d |
|
|
|
905b4d |
static struct tevent_req *
|
|
|
905b4d |
ipa_id_get_account_info_send(TALLOC_CTX *memctx, struct tevent_context *ev,
|
|
|
905b4d |
@@ -405,6 +551,16 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq)
|
|
|
905b4d |
goto fail;
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
+ if ((state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_GROUP
|
|
|
905b4d |
+ && state->ipa_ctx->view_name != NULL
|
|
|
905b4d |
+ && strcmp(state->ipa_ctx->view_name,
|
|
|
905b4d |
+ SYSDB_DEFAULT_VIEW_NAME) != 0) {
|
|
|
905b4d |
+ /* check for ghost members because ghost members are not allowed if a
|
|
|
905b4d |
+ * view other than the default view is applied.*/
|
|
|
905b4d |
+
|
|
|
905b4d |
+ state->ghosts = ldb_msg_find_element(state->obj_msg, SYSDB_GHOST);
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
if (state->override_attrs == NULL) {
|
|
|
905b4d |
uuid = ldb_msg_find_attr_as_string(state->obj_msg, SYSDB_UUID, NULL);
|
|
|
905b4d |
if (uuid == NULL) {
|
|
|
905b4d |
@@ -457,6 +613,21 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq)
|
|
|
905b4d |
}
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
+ if (state->ghosts != NULL) {
|
|
|
905b4d |
+ /* Resolve ghost members */
|
|
|
905b4d |
+ subreq = ipa_resolve_user_list_send(state, state->ev, state->be_req,
|
|
|
905b4d |
+ state->ipa_ctx->sdap_id_ctx,
|
|
|
905b4d |
+ state->domain->name,
|
|
|
905b4d |
+ state->ghosts);
|
|
|
905b4d |
+ if (subreq == NULL) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
|
|
|
905b4d |
+ ret = ENOMEM;
|
|
|
905b4d |
+ goto fail;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+ tevent_req_set_callback(subreq, ipa_id_get_user_list_done, req);
|
|
|
905b4d |
+ return;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
state->dp_error = DP_ERR_OK;
|
|
|
905b4d |
tevent_req_done(req);
|
|
|
905b4d |
return;
|
|
|
905b4d |
@@ -508,6 +679,47 @@ static void ipa_id_get_account_info_done(struct tevent_req *subreq)
|
|
|
905b4d |
goto fail;
|
|
|
905b4d |
}
|
|
|
905b4d |
|
|
|
905b4d |
+ if (state->ghosts != NULL) {
|
|
|
905b4d |
+ /* Resolve ghost members */
|
|
|
905b4d |
+ subreq = ipa_resolve_user_list_send(state, state->ev, state->be_req,
|
|
|
905b4d |
+ state->ipa_ctx->sdap_id_ctx,
|
|
|
905b4d |
+ state->domain->name,
|
|
|
905b4d |
+ state->ghosts);
|
|
|
905b4d |
+ if (subreq == NULL) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
|
|
|
905b4d |
+ ret = ENOMEM;
|
|
|
905b4d |
+ goto fail;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+ tevent_req_set_callback(subreq, ipa_id_get_user_list_done, req);
|
|
|
905b4d |
+ return;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
+ state->dp_error = DP_ERR_OK;
|
|
|
905b4d |
+ tevent_req_done(req);
|
|
|
905b4d |
+ return;
|
|
|
905b4d |
+
|
|
|
905b4d |
+fail:
|
|
|
905b4d |
+ state->dp_error = dp_error;
|
|
|
905b4d |
+ tevent_req_error(req, ret);
|
|
|
905b4d |
+ return;
|
|
|
905b4d |
+}
|
|
|
905b4d |
+
|
|
|
905b4d |
+static void ipa_id_get_user_list_done(struct tevent_req *subreq)
|
|
|
905b4d |
+{
|
|
|
905b4d |
+ struct tevent_req *req = tevent_req_callback_data(subreq,
|
|
|
905b4d |
+ struct tevent_req);
|
|
|
905b4d |
+ struct ipa_id_get_account_info_state *state = tevent_req_data(req,
|
|
|
905b4d |
+ struct ipa_id_get_account_info_state);
|
|
|
905b4d |
+ int dp_error = DP_ERR_FATAL;
|
|
|
905b4d |
+ int ret;
|
|
|
905b4d |
+
|
|
|
905b4d |
+ ret = ipa_resolve_user_list_recv(subreq, &dp_error);
|
|
|
905b4d |
+ talloc_zfree(subreq);
|
|
|
905b4d |
+ if (ret != EOK) {
|
|
|
905b4d |
+ DEBUG(SSSDBG_OP_FAILURE, "IPA resolve user list %d\n", ret);
|
|
|
905b4d |
+ goto fail;
|
|
|
905b4d |
+ }
|
|
|
905b4d |
+
|
|
|
905b4d |
state->dp_error = DP_ERR_OK;
|
|
|
905b4d |
tevent_req_done(req);
|
|
|
905b4d |
return;
|
|
|
905b4d |
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
|
|
|
905b4d |
index ce5a6d1a1048eda4d8b7017bd92bc7ee76e66ef9..cf0cddf6884295268b30fc8e0209b543c1699297 100644
|
|
|
905b4d |
--- a/src/providers/ipa/ipa_subdomains_id.c
|
|
|
905b4d |
+++ b/src/providers/ipa/ipa_subdomains_id.c
|
|
|
905b4d |
@@ -862,6 +862,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx,
|
|
|
905b4d |
SYSDB_SID_STR,
|
|
|
905b4d |
SYSDB_OBJECTCLASS,
|
|
|
905b4d |
SYSDB_UUID,
|
|
|
905b4d |
+ SYSDB_GHOST,
|
|
|
905b4d |
NULL };
|
|
|
905b4d |
char *name;
|
|
|
905b4d |
|
|
|
905b4d |
--
|
|
|
905b4d |
2.1.0
|
|
|
905b4d |
|