dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0158-IPA-resolve-ghost-members-if-a-non-default-view-is-a.patch

905b4d
From f20163d0e2076cbdfe48975a8ad38d471d8c5386 Mon Sep 17 00:00:00 2001
905b4d
From: Sumit Bose <sbose@redhat.com>
905b4d
Date: Wed, 10 Dec 2014 15:03:18 +0100
905b4d
Subject: [PATCH 158/160] IPA: resolve ghost members if a non-default view is
905b4d
 applied
905b4d
905b4d
Related to https://fedorahosted.org/sssd/ticket/2481
905b4d
905b4d
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
905b4d
(cherry picked from commit 765d9075bb1e10ae0f09b6c2701bfd50aeb423d4)
905b4d
---
905b4d
 src/providers/ipa/ipa_id.c            | 212 ++++++++++++++++++++++++++++++++++
905b4d
 src/providers/ipa/ipa_subdomains_id.c |   1 +
905b4d
 2 files changed, 213 insertions(+)
905b4d
905b4d
diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c
905b4d
index 5665a1835e8b0ab18325bfc68a8d8b5650730943..4df6ed0e8ee1e9886151703f424b4580db8799a4 100644
905b4d
--- a/src/providers/ipa/ipa_id.c
905b4d
+++ b/src/providers/ipa/ipa_id.c
905b4d
@@ -144,6 +144,150 @@ static void ipa_account_info_done(struct tevent_req *req)
905b4d
     sdap_handler_done(breq, dp_error, ret, error_text);
905b4d
 }
905b4d
 
905b4d
+struct ipa_resolve_user_list_state {
905b4d
+    struct tevent_context *ev;
905b4d
+    struct sdap_id_ctx *sdap_id_ctx;
905b4d
+    struct be_req *be_req;
905b4d
+    struct ldb_message_element *users;
905b4d
+    const char *domain_name;
905b4d
+    size_t user_idx;
905b4d
+
905b4d
+    int dp_error;
905b4d
+};
905b4d
+
905b4d
+static errno_t ipa_resolve_user_list_get_user_step(struct tevent_req *req);
905b4d
+static void ipa_resolve_user_list_get_user_done(struct tevent_req *subreq);
905b4d
+
905b4d
+static struct tevent_req *
905b4d
+ipa_resolve_user_list_send(TALLOC_CTX *memctx, struct tevent_context *ev,
905b4d
+                           struct be_req *be_req,
905b4d
+                           struct sdap_id_ctx *sdap_id_ctx,
905b4d
+                           const char *domain_name,
905b4d
+                           struct ldb_message_element *users)
905b4d
+{
905b4d
+    int ret;
905b4d
+    struct tevent_req *req;
905b4d
+    struct ipa_resolve_user_list_state *state;
905b4d
+
905b4d
+    req = tevent_req_create(memctx, &state,
905b4d
+                            struct ipa_resolve_user_list_state);
905b4d
+    if (req == NULL) {
905b4d
+        DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
905b4d
+        return NULL;
905b4d
+    }
905b4d
+
905b4d
+    state->ev = ev;
905b4d
+    state->sdap_id_ctx = sdap_id_ctx;
905b4d
+    state->be_req = be_req;
905b4d
+    state->domain_name = domain_name;
905b4d
+    state->users = users;
905b4d
+    state->user_idx = 0;
905b4d
+    state->dp_error = DP_ERR_FATAL;
905b4d
+
905b4d
+    ret = ipa_resolve_user_list_get_user_step(req);
905b4d
+    if (ret == EAGAIN) {
905b4d
+        return req;
905b4d
+    } else if (ret == EOK) {
905b4d
+        state->dp_error = DP_ERR_OK;
905b4d
+        tevent_req_done(req);
905b4d
+    } else {
905b4d
+        DEBUG(SSSDBG_OP_FAILURE,
905b4d
+              "ipa_resolve_user_list_get_user_step failed.\n");
905b4d
+        tevent_req_error(req, ret);
905b4d
+    }
905b4d
+    tevent_req_post(req, ev);
905b4d
+    return req;
905b4d
+}
905b4d
+
905b4d
+static errno_t ipa_resolve_user_list_get_user_step(struct tevent_req *req)
905b4d
+{
905b4d
+    int ret;
905b4d
+    struct tevent_req *subreq;
905b4d
+    struct be_acct_req *ar;
905b4d
+    struct ipa_resolve_user_list_state *state = tevent_req_data(req,
905b4d
+                                            struct ipa_resolve_user_list_state);
905b4d
+
905b4d
+    if (state->user_idx >= state->users->num_values) {
905b4d
+        return EOK;
905b4d
+    }
905b4d
+
905b4d
+    ret = get_be_acct_req_for_user_name(state,
905b4d
+                            (char *) state->users->values[state->user_idx].data,
905b4d
+                            state->domain_name, &ar);
905b4d
+    if (ret != EOK) {
905b4d
+        DEBUG(SSSDBG_OP_FAILURE, "get_be_acct_req_for_user_name failed.\n");
905b4d
+        return ret;
905b4d
+    }
905b4d
+
905b4d
+    DEBUG(SSSDBG_TRACE_ALL, "Trying to resolve user [%s].\n", ar->filter_value);
905b4d
+
905b4d
+    subreq = sdap_handle_acct_req_send(state, state->be_req, ar,
905b4d
+                                       state->sdap_id_ctx,
905b4d
+                                       state->sdap_id_ctx->opts->sdom,
905b4d
+                                       state->sdap_id_ctx->conn, true);
905b4d
+    if (subreq == NULL) {
905b4d
+        DEBUG(SSSDBG_OP_FAILURE, "sdap_handle_acct_req_send failed.\n");
905b4d
+        return ENOMEM;
905b4d
+    }
905b4d
+
905b4d
+    tevent_req_set_callback(subreq, ipa_resolve_user_list_get_user_done, req);
905b4d
+
905b4d
+    return EAGAIN;
905b4d
+}
905b4d
+
905b4d
+static void ipa_resolve_user_list_get_user_done(struct tevent_req *subreq)
905b4d
+{
905b4d
+    struct tevent_req *req = tevent_req_callback_data(subreq,
905b4d
+                                                struct tevent_req);
905b4d
+    struct ipa_resolve_user_list_state *state = tevent_req_data(req,
905b4d
+                                            struct ipa_resolve_user_list_state);
905b4d
+    int ret;
905b4d
+
905b4d
+    ret = sdap_handle_acct_req_recv(subreq, &state->dp_error, NULL, NULL);
905b4d
+    talloc_zfree(subreq);
905b4d
+    if (ret != EOK) {
905b4d
+        DEBUG(SSSDBG_OP_FAILURE, "sdap_handle_acct request failed: %d\n", ret);
905b4d
+        goto done;
905b4d
+    }
905b4d
+
905b4d
+    state->user_idx++;
905b4d
+
905b4d
+    ret = ipa_resolve_user_list_get_user_step(req);
905b4d
+    if (ret == EAGAIN) {
905b4d
+        return;
905b4d
+    }
905b4d
+    if (ret != EOK) {
905b4d
+        DEBUG(SSSDBG_OP_FAILURE,
905b4d
+              "ipa_resolve_user_list_get_user_step failed.\n");
905b4d
+    }
905b4d
+
905b4d
+done:
905b4d
+    if (ret == EOK) {
905b4d
+        state->dp_error = DP_ERR_OK;
905b4d
+        tevent_req_done(req);
905b4d
+    } else {
905b4d
+        if (state->dp_error == DP_ERR_OK) {
905b4d
+            state->dp_error = DP_ERR_FATAL;
905b4d
+        }
905b4d
+        tevent_req_error(req, ret);
905b4d
+    }
905b4d
+    return;
905b4d
+}
905b4d
+
905b4d
+static int ipa_resolve_user_list_recv(struct tevent_req *req, int *dp_error)
905b4d
+{
905b4d
+    struct ipa_resolve_user_list_state *state = tevent_req_data(req,
905b4d
+                                            struct ipa_resolve_user_list_state);
905b4d
+
905b4d
+    if (dp_error) {
905b4d
+        *dp_error = state->dp_error;
905b4d
+    }
905b4d
+
905b4d
+    TEVENT_REQ_RETURN_ON_ERROR(req);
905b4d
+
905b4d
+    return EOK;
905b4d
+}
905b4d
+
905b4d
 struct ipa_id_get_account_info_state {
905b4d
     struct tevent_context *ev;
905b4d
     struct ipa_id_ctx *ipa_ctx;
905b4d
@@ -157,6 +301,7 @@ struct ipa_id_get_account_info_state {
905b4d
 
905b4d
     struct sysdb_attrs *override_attrs;
905b4d
     struct ldb_message *obj_msg;
905b4d
+    struct ldb_message_element *ghosts;
905b4d
     int dp_error;
905b4d
 };
905b4d
 
905b4d
@@ -166,6 +311,7 @@ static errno_t ipa_id_get_account_info_get_original_step(struct tevent_req *req,
905b4d
                                                         struct be_acct_req *ar);
905b4d
 static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq);
905b4d
 static void ipa_id_get_account_info_done(struct tevent_req *subreq);
905b4d
+static void ipa_id_get_user_list_done(struct tevent_req *subreq);
905b4d
 
905b4d
 static struct tevent_req *
905b4d
 ipa_id_get_account_info_send(TALLOC_CTX *memctx, struct tevent_context *ev,
905b4d
@@ -405,6 +551,16 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq)
905b4d
         goto fail;
905b4d
     }
905b4d
 
905b4d
+    if ((state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_GROUP
905b4d
+            && state->ipa_ctx->view_name != NULL
905b4d
+            && strcmp(state->ipa_ctx->view_name,
905b4d
+                      SYSDB_DEFAULT_VIEW_NAME) != 0) {
905b4d
+        /* check for ghost members because ghost members are not allowed if a
905b4d
+         * view other than the default view is applied.*/
905b4d
+
905b4d
+        state->ghosts = ldb_msg_find_element(state->obj_msg, SYSDB_GHOST);
905b4d
+    }
905b4d
+
905b4d
     if (state->override_attrs == NULL) {
905b4d
         uuid = ldb_msg_find_attr_as_string(state->obj_msg, SYSDB_UUID, NULL);
905b4d
         if (uuid == NULL) {
905b4d
@@ -457,6 +613,21 @@ static void ipa_id_get_account_info_orig_done(struct tevent_req *subreq)
905b4d
         }
905b4d
     }
905b4d
 
905b4d
+    if (state->ghosts != NULL) {
905b4d
+        /* Resolve ghost members */
905b4d
+        subreq = ipa_resolve_user_list_send(state, state->ev, state->be_req,
905b4d
+                                            state->ipa_ctx->sdap_id_ctx,
905b4d
+                                            state->domain->name,
905b4d
+                                            state->ghosts);
905b4d
+        if (subreq == NULL) {
905b4d
+            DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
905b4d
+            ret = ENOMEM;
905b4d
+            goto fail;
905b4d
+        }
905b4d
+        tevent_req_set_callback(subreq, ipa_id_get_user_list_done, req);
905b4d
+        return;
905b4d
+    }
905b4d
+
905b4d
     state->dp_error = DP_ERR_OK;
905b4d
     tevent_req_done(req);
905b4d
     return;
905b4d
@@ -508,6 +679,47 @@ static void ipa_id_get_account_info_done(struct tevent_req *subreq)
905b4d
         goto fail;
905b4d
     }
905b4d
 
905b4d
+    if (state->ghosts != NULL) {
905b4d
+        /* Resolve ghost members */
905b4d
+        subreq = ipa_resolve_user_list_send(state, state->ev, state->be_req,
905b4d
+                                            state->ipa_ctx->sdap_id_ctx,
905b4d
+                                            state->domain->name,
905b4d
+                                            state->ghosts);
905b4d
+        if (subreq == NULL) {
905b4d
+            DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
905b4d
+            ret = ENOMEM;
905b4d
+            goto fail;
905b4d
+        }
905b4d
+        tevent_req_set_callback(subreq, ipa_id_get_user_list_done, req);
905b4d
+        return;
905b4d
+    }
905b4d
+
905b4d
+    state->dp_error = DP_ERR_OK;
905b4d
+    tevent_req_done(req);
905b4d
+    return;
905b4d
+
905b4d
+fail:
905b4d
+    state->dp_error = dp_error;
905b4d
+    tevent_req_error(req, ret);
905b4d
+    return;
905b4d
+}
905b4d
+
905b4d
+static void ipa_id_get_user_list_done(struct tevent_req *subreq)
905b4d
+{
905b4d
+    struct tevent_req *req = tevent_req_callback_data(subreq,
905b4d
+                                                struct tevent_req);
905b4d
+    struct ipa_id_get_account_info_state *state = tevent_req_data(req,
905b4d
+                                          struct ipa_id_get_account_info_state);
905b4d
+    int dp_error = DP_ERR_FATAL;
905b4d
+    int ret;
905b4d
+
905b4d
+    ret = ipa_resolve_user_list_recv(subreq, &dp_error);
905b4d
+    talloc_zfree(subreq);
905b4d
+    if (ret != EOK) {
905b4d
+        DEBUG(SSSDBG_OP_FAILURE, "IPA resolve user list %d\n", ret);
905b4d
+        goto fail;
905b4d
+    }
905b4d
+
905b4d
     state->dp_error = DP_ERR_OK;
905b4d
     tevent_req_done(req);
905b4d
     return;
905b4d
diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
905b4d
index ce5a6d1a1048eda4d8b7017bd92bc7ee76e66ef9..cf0cddf6884295268b30fc8e0209b543c1699297 100644
905b4d
--- a/src/providers/ipa/ipa_subdomains_id.c
905b4d
+++ b/src/providers/ipa/ipa_subdomains_id.c
905b4d
@@ -862,6 +862,7 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx,
905b4d
                             SYSDB_SID_STR,
905b4d
                             SYSDB_OBJECTCLASS,
905b4d
                             SYSDB_UUID,
905b4d
+                            SYSDB_GHOST,
905b4d
                             NULL };
905b4d
     char *name;
905b4d
 
905b4d
-- 
905b4d
2.1.0
905b4d