|
 |
71e593 |
From c250beca50dbebc0cf1e90cdc1c871e9eeca922d Mon Sep 17 00:00:00 2001
|
|
|
71e593 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
71e593 |
Date: Mon, 9 Jul 2018 18:45:21 +0200
|
|
|
71e593 |
Subject: [PATCH 11/19] responder: make sure SSS_DP_CERT is passed to files
|
|
|
71e593 |
provider
|
|
|
71e593 |
|
|
|
71e593 |
Currently the files provider is only contacted once in a while to update
|
|
|
71e593 |
the full cache with fresh data from the passwd file. To allow rule based
|
|
|
71e593 |
certificate mapping the lookup by certificate request must be always
|
|
|
71e593 |
send to the file provider so that it can evaluate the rules and add the
|
|
|
71e593 |
certificate to cached entry of the matching user.
|
|
|
71e593 |
|
|
|
71e593 |
Related to https://pagure.io/SSSD/sssd/issue/3500
|
|
|
71e593 |
|
|
|
71e593 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
71e593 |
(cherry picked from commit 9fdc5f1d87a133885e6a22810a7eb980c60dcb55)
|
|
|
71e593 |
---
|
|
|
71e593 |
src/responder/common/responder_dp.c | 20 +++++++++++++-------
|
|
|
71e593 |
1 file changed, 13 insertions(+), 7 deletions(-)
|
|
|
71e593 |
|
|
|
71e593 |
diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c
|
|
|
71e593 |
index 878aa1d73be0ccc56afb79303b61cd5cffe7b5e0..39f0f20c506c7ed63b271461f982ebb4f84afce7 100644
|
|
|
71e593 |
--- a/src/responder/common/responder_dp.c
|
|
|
71e593 |
+++ b/src/responder/common/responder_dp.c
|
|
|
71e593 |
@@ -34,15 +34,17 @@ sss_dp_account_files_params(struct sss_domain_info *dom,
|
|
|
71e593 |
enum sss_dp_acct_type *_type_out,
|
|
|
71e593 |
const char **_opt_name_out)
|
|
|
71e593 |
{
|
|
|
71e593 |
- if (sss_domain_get_state(dom) != DOM_INCONSISTENT) {
|
|
|
71e593 |
+ if (type_in != SSS_DP_CERT) {
|
|
|
71e593 |
+ if (sss_domain_get_state(dom) != DOM_INCONSISTENT) {
|
|
|
71e593 |
+ DEBUG(SSSDBG_TRACE_INTERNAL,
|
|
|
71e593 |
+ "The entries in the files domain are up-to-date\n");
|
|
|
71e593 |
+ return EOK;
|
|
|
71e593 |
+ }
|
|
|
71e593 |
+
|
|
|
71e593 |
DEBUG(SSSDBG_TRACE_INTERNAL,
|
|
|
71e593 |
- "The entries in the files domain are up-to-date\n");
|
|
|
71e593 |
- return EOK;
|
|
|
71e593 |
+ "Domain files is not consistent, issuing update\n");
|
|
|
71e593 |
}
|
|
|
71e593 |
|
|
|
71e593 |
- DEBUG(SSSDBG_TRACE_INTERNAL,
|
|
|
71e593 |
- "Domain files is not consistent, issuing update\n");
|
|
|
71e593 |
-
|
|
|
71e593 |
switch(type_in) {
|
|
|
71e593 |
case SSS_DP_USER:
|
|
|
71e593 |
case SSS_DP_GROUP:
|
|
|
71e593 |
@@ -56,12 +58,16 @@ sss_dp_account_files_params(struct sss_domain_info *dom,
|
|
|
71e593 |
*_type_out = type_in;
|
|
|
71e593 |
*_opt_name_out = DP_REQ_OPT_FILES_INITGR;
|
|
|
71e593 |
return EAGAIN;
|
|
|
71e593 |
+ case SSS_DP_CERT:
|
|
|
71e593 |
+ /* Let the backend handle certificate mapping for local users */
|
|
|
71e593 |
+ *_type_out = type_in;
|
|
|
71e593 |
+ *_opt_name_out = opt_name_in;
|
|
|
71e593 |
+ return EAGAIN;
|
|
|
71e593 |
/* These are not handled by the files provider, just fall back */
|
|
|
71e593 |
case SSS_DP_NETGR:
|
|
|
71e593 |
case SSS_DP_SERVICES:
|
|
|
71e593 |
case SSS_DP_SECID:
|
|
|
71e593 |
case SSS_DP_USER_AND_GROUP:
|
|
|
71e593 |
- case SSS_DP_CERT:
|
|
|
71e593 |
case SSS_DP_WILDCARD_USER:
|
|
|
71e593 |
case SSS_DP_WILDCARD_GROUP:
|
|
|
71e593 |
return EOK;
|
|
|
71e593 |
--
|
|
|
71e593 |
2.14.4
|
|
|
71e593 |
|