rpms / sssd

Clone
Source Code
GIT

Blame SOURCES/0097-DESKPROFILE-Add-checks-for-user-and-host-category.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   ced1f5999da391400b61715bbeadd618c57a1623
  2.   SOURCES
  3.   0097-DESKPROFILE-Add-checks-for-user-and-host-category.patch
Blob History Raw
ced1f5 
From 2349423ad813e8a4fe090c283603b4cf18919662 Mon Sep 17 00:00:00 2001
ced1f5 
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
ced1f5 
Date: Mon, 22 Jan 2018 00:02:43 +0100
ced1f5 
Subject: [PATCH 97/97] DESKPROFILE: Add checks for user and host category
ced1f5 
MIME-Version: 1.0
ced1f5 
Content-Type: text/plain; charset=UTF-8
ced1f5 
Content-Transfer-Encoding: 8bit
ced1f5
ced1f5 
freeipa-deskprofile-plugin can have both user and host category set as
ced1f5 
"all" and when it happens, no users and groups or hosts or hostgroups
ced1f5 
are going to be set.
ced1f5
ced1f5 
Let's treat this expected (but so far missed) situation on SSSD side.
ced1f5
ced1f5 
Resolves:
ced1f5 
https://pagure.io/SSSD/sssd/issue/3449
ced1f5
ced1f5 
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>
ced1f5
ced1f5 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ced1f5 
(cherry picked from commit b72e444bc1cd2fe8d9617f09b446c678d4684fff)
ced1f5 
---
ced1f5 
 src/providers/ipa/ipa_deskprofile_rules_util.c | 100 ++++++++++++++++++++-----
ced1f5 
 1 file changed, 82 insertions(+), 18 deletions(-)
ced1f5
ced1f5 
diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c
ced1f5 
index 53c433145666af00a994420ccd1a926b11937fc9..01b7d0527c2a15e0f4d2bdce1867ad0482fca7b0 100644
ced1f5 
--- a/src/providers/ipa/ipa_deskprofile_rules_util.c
ced1f5 
+++ b/src/providers/ipa/ipa_deskprofile_rules_util.c
ced1f5 
@@ -684,6 +684,8 @@ ipa_deskprofile_rules_save_rule_to_disk(
ced1f5 
     TALLOC_CTX *tmp_ctx;
ced1f5 
     const char *rule_name;
ced1f5 
     const char *data;
ced1f5 
+    const char *hostcat;
ced1f5 
+    const char *usercat;
ced1f5 
     char *shortname;
ced1f5 
     char *domainname;
ced1f5 
     char *base_dn;
ced1f5 
@@ -722,6 +724,28 @@ ipa_deskprofile_rules_save_rule_to_disk(
ced1f5 
         goto done;
ced1f5 
     }
ced1f5
ced1f5 
+    ret = sysdb_attrs_get_string(rule, IPA_HOST_CATEGORY, &hostcat);
ced1f5 
+    if (ret == ENOENT) {
ced1f5 
+        hostcat = NULL;
ced1f5 
+    } else if (ret != EOK) {
ced1f5 
+        DEBUG(SSSDBG_TRACE_FUNC,
ced1f5 
+              "Failed to get the Desktop Profile Rule host category for rule "
ced1f5 
+              "\"%s\" [%d]: %s\n",
ced1f5 
+              rule_name, ret, sss_strerror(ret));
ced1f5 
+        goto done;
ced1f5 
+    }
ced1f5 
+
ced1f5 
+    ret = sysdb_attrs_get_string(rule, IPA_USER_CATEGORY, &usercat);
ced1f5 
+    if (ret == ENOENT) {
ced1f5 
+        usercat = NULL;
ced1f5 
+    } else if (ret != EOK) {
ced1f5 
+        DEBUG(SSSDBG_TRACE_FUNC,
ced1f5 
+              "Failed to get the Desktop Profile Rule user category for rule "
ced1f5 
+              "\"%s\" [%d]: %s\n",
ced1f5 
+              rule_name, ret, sss_strerror(ret));
ced1f5 
+        goto done;
ced1f5 
+    }
ced1f5 
+
ced1f5 
     rule_prio = talloc_asprintf(tmp_ctx, "%06d", prio);
ced1f5 
     if (rule_prio == NULL) {
ced1f5 
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate rule priority\n");
ced1f5 
@@ -753,26 +777,66 @@ ipa_deskprofile_rules_save_rule_to_disk(
ced1f5 
         goto done;
ced1f5 
     }
ced1f5
ced1f5 
-    ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule,
ced1f5 
-                                                rule_name, rule_prio,
ced1f5 
-                                                base_dn, username,
ced1f5 
-                                                &user_prio, &group_prio);
ced1f5 
-    if (ret != EOK) {
ced1f5 
-        DEBUG(SSSDBG_CRIT_FAILURE,
ced1f5 
-              "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n",
ced1f5 
-              ret, sss_strerror(ret));
ced1f5 
-        goto done;
ced1f5 
+    if (usercat != NULL && strcasecmp(usercat, "all") == 0) {
ced1f5 
+        user_prio = talloc_strdup(tmp_ctx, rule_prio);
ced1f5 
+        if (user_prio == NULL) {
ced1f5 
+            DEBUG(SSSDBG_CRIT_FAILURE,
ced1f5 
+                  "Failed to allocate the user priority "
ced1f5 
+                  "when user category is \"all\"\n");
ced1f5 
+            ret = ENOMEM;
ced1f5 
+            goto done;
ced1f5 
+        }
ced1f5 
+
ced1f5 
+        group_prio = talloc_strdup(tmp_ctx, rule_prio);
ced1f5 
+        if (group_prio == NULL) {
ced1f5 
+            DEBUG(SSSDBG_CRIT_FAILURE,
ced1f5 
+                  "Failed to allocate the group priority "
ced1f5 
+                  "when user category is \"all\"\n");
ced1f5 
+            ret = ENOMEM;
ced1f5 
+            goto done;
ced1f5 
+        }
ced1f5 
+    } else {
ced1f5 
+        ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule,
ced1f5 
+                                                    rule_name, rule_prio,
ced1f5 
+                                                    base_dn, username,
ced1f5 
+                                                    &user_prio, &group_prio);
ced1f5 
+        if (ret != EOK) {
ced1f5 
+            DEBUG(SSSDBG_CRIT_FAILURE,
ced1f5 
+                  "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n",
ced1f5 
+                  ret, sss_strerror(ret));
ced1f5 
+            goto done;
ced1f5 
+        }
ced1f5 
     }
ced1f5
ced1f5 
-    ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule,
ced1f5 
-                                                rule_name, rule_prio,
ced1f5 
-                                                base_dn, hostname,
ced1f5 
-                                                &host_prio, &hostgroup_prio);
ced1f5 
-    if (ret != EOK) {
ced1f5 
-        DEBUG(SSSDBG_CRIT_FAILURE,
ced1f5 
-              "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n",
ced1f5 
-              ret, sss_strerror(ret));
ced1f5 
-        goto done;
ced1f5 
+    if (hostcat != NULL && strcasecmp(hostcat, "all") == 0) {
ced1f5 
+        host_prio = talloc_strdup(tmp_ctx, rule_prio);
ced1f5 
+        if (host_prio == NULL) {
ced1f5 
+            DEBUG(SSSDBG_CRIT_FAILURE,
ced1f5 
+                  "Failed to allocate the host priority "
ced1f5 
+                  "when host category is \"all\"\n");
ced1f5 
+            ret = ENOMEM;
ced1f5 
+            goto done;
ced1f5 
+        }
ced1f5 
+
ced1f5 
+        hostgroup_prio = talloc_strdup(tmp_ctx, rule_prio);
ced1f5 
+        if (hostgroup_prio == NULL) {
ced1f5 
+            DEBUG(SSSDBG_CRIT_FAILURE,
ced1f5 
+                  "Failed to allocate the hostgroup priority "
ced1f5 
+                  "when host category is \"all\"\n");
ced1f5 
+            ret = ENOMEM;
ced1f5 
+            goto done;
ced1f5 
+        }
ced1f5 
+    } else {
ced1f5 
+        ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule,
ced1f5 
+                                                    rule_name, rule_prio,
ced1f5 
+                                                    base_dn, hostname,
ced1f5 
+                                                    &host_prio, &hostgroup_prio);
ced1f5 
+        if (ret != EOK) {
ced1f5 
+            DEBUG(SSSDBG_CRIT_FAILURE,
ced1f5 
+                  "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n",
ced1f5 
+                  ret, sss_strerror(ret));
ced1f5 
+            goto done;
ced1f5 
+        }
ced1f5 
     }
ced1f5
ced1f5 
     ret = ipa_deskprofile_get_normalized_rule_name(mem_ctx, rule_name,
ced1f5 
--
ced1f5 
2.14.3
ced1f5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation