From 8d728461964488b29cdcd431210872eaee9bc9f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Thu, 17 Sep 2015 14:46:34 +0200
Subject: [PATCH 73/73] views: allow ghost members for LOCAL view
LOCAL view does not allow the case when both ghost member and
user override is created so it is safe to allow ghost members
for this view.
Resolves:
https://fedorahosted.org/sssd/ticket/2790
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/db/sysdb_search.c | 36 ++++++++++++++++++++----------------
src/responder/nss/nsssrv_cmd.c | 3 ++-
2 files changed, 22 insertions(+), 17 deletions(-)
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
index 4f617b841bf3b3760d9cb05a06f4b46ea0c58ff5..efd583beefe78bb6bb26263a9833bf3bfafd0083 100644
--- a/src/db/sysdb_search.c
+++ b/src/db/sysdb_search.c
@@ -482,14 +482,16 @@ int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx,
/* If there are views we have to check if override values must be added to
* the original object. */
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
- el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
- if (el != NULL && el->num_values != 0) {
- DEBUG(SSSDBG_TRACE_ALL,
- "Group object [%s], contains ghost entries which must be " \
- "resolved before overrides can be applied.\n",
- ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
- ret = ENOENT;
- goto done;
+ if (!is_local_view(domain->view_name)) {
+ el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
+ if (el != NULL && el->num_values != 0) {
+ DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost "
+ "entries which must be resolved before overrides can be "
+ "applied.\n",
+ ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
+ ret = ENOENT;
+ goto done;
+ }
}
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
@@ -634,14 +636,16 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
/* If there are views we have to check if override values must be added to
* the original object. */
if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
- el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
- if (el != NULL && el->num_values != 0) {
- DEBUG(SSSDBG_TRACE_ALL,
- "Group object [%s], contains ghost entries which must be " \
- "resolved before overrides can be applied.\n",
- ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
- ret = ENOENT;
- goto done;
+ if (!is_local_view(domain->view_name)) {
+ el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
+ if (el != NULL && el->num_values != 0) {
+ DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost "
+ "entries which must be resolved before overrides can be "
+ "applied.\n",
+ ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
+ ret = ENOENT;
+ goto done;
+ }
}
ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 459634b8d7a590a196ad47a17cd52729fc633ee2..d177135db00369c2af69eb62f6a4a4aaf54ba510 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -2909,7 +2909,8 @@ static int fill_grent(struct sss_packet *packet,
}
el = ldb_msg_find_element(msg, SYSDB_GHOST);
if (el) {
- if (DOM_HAS_VIEWS(dom) && el->num_values != 0) {
+ if (DOM_HAS_VIEWS(dom) && !is_local_view(dom->view_name)
+ && el->num_values != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Domain has a view [%s] but group [%s] still has " \
"ghost members.\n", dom->view_name, orig_name);
--
2.4.3