|
 |
6cf099 |
From 8d728461964488b29cdcd431210872eaee9bc9f7 Mon Sep 17 00:00:00 2001
|
|
|
6cf099 |
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
|
6cf099 |
Date: Thu, 17 Sep 2015 14:46:34 +0200
|
|
|
6cf099 |
Subject: [PATCH 73/73] views: allow ghost members for LOCAL view
|
|
|
6cf099 |
|
|
|
6cf099 |
LOCAL view does not allow the case when both ghost member and
|
|
|
6cf099 |
user override is created so it is safe to allow ghost members
|
|
|
6cf099 |
for this view.
|
|
|
6cf099 |
|
|
|
6cf099 |
Resolves:
|
|
|
6cf099 |
https://fedorahosted.org/sssd/ticket/2790
|
|
|
6cf099 |
|
|
|
6cf099 |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
6cf099 |
---
|
|
|
6cf099 |
src/db/sysdb_search.c | 36 ++++++++++++++++++++----------------
|
|
|
6cf099 |
src/responder/nss/nsssrv_cmd.c | 3 ++-
|
|
|
6cf099 |
2 files changed, 22 insertions(+), 17 deletions(-)
|
|
|
6cf099 |
|
|
|
6cf099 |
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
|
|
|
6cf099 |
index 4f617b841bf3b3760d9cb05a06f4b46ea0c58ff5..efd583beefe78bb6bb26263a9833bf3bfafd0083 100644
|
|
|
6cf099 |
--- a/src/db/sysdb_search.c
|
|
|
6cf099 |
+++ b/src/db/sysdb_search.c
|
|
|
6cf099 |
@@ -482,14 +482,16 @@ int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
/* If there are views we have to check if override values must be added to
|
|
|
6cf099 |
* the original object. */
|
|
|
6cf099 |
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
|
|
|
6cf099 |
- el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
|
|
|
6cf099 |
- if (el != NULL && el->num_values != 0) {
|
|
|
6cf099 |
- DEBUG(SSSDBG_TRACE_ALL,
|
|
|
6cf099 |
- "Group object [%s], contains ghost entries which must be " \
|
|
|
6cf099 |
- "resolved before overrides can be applied.\n",
|
|
|
6cf099 |
- ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
|
|
|
6cf099 |
- ret = ENOENT;
|
|
|
6cf099 |
- goto done;
|
|
|
6cf099 |
+ if (!is_local_view(domain->view_name)) {
|
|
|
6cf099 |
+ el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
|
|
|
6cf099 |
+ if (el != NULL && el->num_values != 0) {
|
|
|
6cf099 |
+ DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost "
|
|
|
6cf099 |
+ "entries which must be resolved before overrides can be "
|
|
|
6cf099 |
+ "applied.\n",
|
|
|
6cf099 |
+ ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
|
|
|
6cf099 |
+ ret = ENOENT;
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
|
|
|
6cf099 |
@@ -634,14 +636,16 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
/* If there are views we have to check if override values must be added to
|
|
|
6cf099 |
* the original object. */
|
|
|
6cf099 |
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
|
|
|
6cf099 |
- el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
|
|
|
6cf099 |
- if (el != NULL && el->num_values != 0) {
|
|
|
6cf099 |
- DEBUG(SSSDBG_TRACE_ALL,
|
|
|
6cf099 |
- "Group object [%s], contains ghost entries which must be " \
|
|
|
6cf099 |
- "resolved before overrides can be applied.\n",
|
|
|
6cf099 |
- ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
|
|
|
6cf099 |
- ret = ENOENT;
|
|
|
6cf099 |
- goto done;
|
|
|
6cf099 |
+ if (!is_local_view(domain->view_name)) {
|
|
|
6cf099 |
+ el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
|
|
|
6cf099 |
+ if (el != NULL && el->num_values != 0) {
|
|
|
6cf099 |
+ DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost "
|
|
|
6cf099 |
+ "entries which must be resolved before overrides can be "
|
|
|
6cf099 |
+ "applied.\n",
|
|
|
6cf099 |
+ ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
|
|
|
6cf099 |
+ ret = ENOENT;
|
|
|
6cf099 |
+ goto done;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
}
|
|
|
6cf099 |
|
|
|
6cf099 |
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
|
|
|
6cf099 |
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
|
|
|
6cf099 |
index 459634b8d7a590a196ad47a17cd52729fc633ee2..d177135db00369c2af69eb62f6a4a4aaf54ba510 100644
|
|
|
6cf099 |
--- a/src/responder/nss/nsssrv_cmd.c
|
|
|
6cf099 |
+++ b/src/responder/nss/nsssrv_cmd.c
|
|
|
6cf099 |
@@ -2909,7 +2909,8 @@ static int fill_grent(struct sss_packet *packet,
|
|
|
6cf099 |
}
|
|
|
6cf099 |
el = ldb_msg_find_element(msg, SYSDB_GHOST);
|
|
|
6cf099 |
if (el) {
|
|
|
6cf099 |
- if (DOM_HAS_VIEWS(dom) && el->num_values != 0) {
|
|
|
6cf099 |
+ if (DOM_HAS_VIEWS(dom) && !is_local_view(dom->view_name)
|
|
|
6cf099 |
+ && el->num_values != 0) {
|
|
|
6cf099 |
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
6cf099 |
"Domain has a view [%s] but group [%s] still has " \
|
|
|
6cf099 |
"ghost members.\n", dom->view_name, orig_name);
|
|
|
6cf099 |
--
|
|
|
6cf099 |
2.4.3
|
|
|
6cf099 |
|