dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0056-files-add-session-recording-flag.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   71e59364bf4bf30ca1631dcafcbe696959a37827
  2.   SOURCES
  3.   0056-files-add-session-recording-flag.patch
Blob History Raw
71e593 
From 21087821ab7942a54168d545ea2f96a6f7582344 Mon Sep 17 00:00:00 2001
71e593 
From: Sumit Bose <sbose@redhat.com>
71e593 
Date: Mon, 15 Oct 2018 20:05:09 +0200
71e593 
Subject: [PATCH 56/57] files: add session recording flag
71e593
71e593 
If session recording is configured for a group the NSS ans PAM
71e593 
responder rely on a attribute in the cache set by the backend to
71e593 
determine is session recording is configured for the user or not. This
71e593 
flag is typically set during the initgroups request.
71e593
71e593 
Since the files provider does not have a dedicated initgroups request
71e593 
the attribute must be set otherwise. This patch sets is for all users
71e593 
after the files are reloaded.
71e593
71e593 
Related to https://pagure.io/SSSD/sssd/issue/3855
71e593
71e593 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
71e593 
---
71e593 
 src/providers/data_provider/dp_iface.h     |  3 ++
71e593 
 src/providers/data_provider/dp_target_id.c | 62 ++++++++++++++++++++++++++++++
71e593 
 src/providers/files/files_ops.c            |  7 ++++
71e593 
 3 files changed, 72 insertions(+)
71e593
71e593 
diff --git a/src/providers/data_provider/dp_iface.h b/src/providers/data_provider/dp_iface.h
71e593 
index 0b0855da6c62d01d523486fe65e9920578ba58e5..8f6b2076c1adb8ad046a0d03ae5ae8a0600a5707 100644
71e593 
--- a/src/providers/data_provider/dp_iface.h
71e593 
+++ b/src/providers/data_provider/dp_iface.h
71e593 
@@ -188,4 +188,7 @@ errno_t
71e593 
 dp_access_control_refresh_rules_recv(TALLOC_CTX *mem_ctx,
71e593 
                                      struct tevent_req *req);
71e593
71e593 
+
71e593 
+errno_t
71e593 
+dp_add_sr_attribute(struct be_ctx *be_ctx);
71e593 
 #endif /* DP_IFACE_H_ */
71e593 
diff --git a/src/providers/data_provider/dp_target_id.c b/src/providers/data_provider/dp_target_id.c
71e593 
index 265788be9b032fcdf0f354f9c66a98241aa17916..748d886748f34e6b99c6bfc0f7607e048cbd2425 100644
71e593 
--- a/src/providers/data_provider/dp_target_id.c
71e593 
+++ b/src/providers/data_provider/dp_target_id.c
71e593 
@@ -328,6 +328,68 @@ done:
71e593 
     talloc_free(tmp_ctx);
71e593 
 }
71e593
71e593 
+errno_t dp_add_sr_attribute(struct be_ctx *be_ctx)
71e593 
+{
71e593 
+    int ret;
71e593 
+    struct dp_initgr_ctx *dp_initgr_ctx = NULL;
71e593 
+    TALLOC_CTX *tmp_ctx = NULL;
71e593 
+    struct dp_id_data *data;
71e593 
+    size_t msgs_count;
71e593 
+    struct ldb_message **msgs = NULL;
71e593 
+    const char *attrs[] = {SYSDB_NAME, NULL};
71e593 
+    size_t c;
71e593 
+
71e593 
+    tmp_ctx = talloc_new(NULL);
71e593 
+    if (tmp_ctx == NULL) {
71e593 
+        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
71e593 
+        return ENOMEM;
71e593 
+    }
71e593 
+
71e593 
+    ret = sysdb_search_users(tmp_ctx, be_ctx->domain, "("SYSDB_NAME "=*)", attrs,
71e593 
+                            &msgs_count, &msgs);
71e593 
+    if (ret != EOK) {
71e593 
+        DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_users failed.\n");
71e593 
+        goto done;
71e593 
+    }
71e593 
+
71e593 
+    data = talloc_zero(tmp_ctx, struct dp_id_data);
71e593 
+    if (data == NULL) {
71e593 
+        ret = ENOMEM;
71e593 
+        goto done;
71e593 
+    }
71e593 
+
71e593 
+    data->entry_type = BE_REQ_INITGROUPS;
71e593 
+    data->filter_type = BE_FILTER_NAME;
71e593 
+    data->filter_value = NULL;
71e593 
+    data->extra_value = NULL;
71e593 
+    data->domain = be_ctx->domain->name;
71e593 
+
71e593 
+    for (c = 0; c < msgs_count; c++) {
71e593 
+        data->filter_value = ldb_msg_find_attr_as_string(msgs[c], SYSDB_NAME,
71e593 
+                                                         NULL);
71e593 
+        if (data->filter_value == NULL) {
71e593 
+            DEBUG(SSSDBG_CRIT_FAILURE,
71e593 
+                  "Cache object [%s] does not have a name, skipping.\n",
71e593 
+                  ldb_dn_get_linearized(msgs[c]->dn));
71e593 
+            continue;
71e593 
+        }
71e593 
+
71e593 
+        talloc_free(dp_initgr_ctx);
71e593 
+        ret = dp_create_initgroups_ctx(tmp_ctx, be_ctx, data, &dp_initgr_ctx);
71e593 
+        if (ret != EOK) {
71e593 
+            DEBUG(SSSDBG_OP_FAILURE, "dp_create_initgroups_ctx failed.\n");
71e593 
+            goto done;
71e593 
+        }
71e593 
+
71e593 
+        dp_req_initgr_pp_sr_overlay(be_ctx->provider, dp_initgr_ctx);
71e593 
+    }
71e593 
+
71e593 
+done:
71e593 
+    talloc_free(tmp_ctx);
71e593 
+
71e593 
+    return ret;
71e593 
+}
71e593 
+
71e593 
 static errno_t set_initgroups_expire_attribute(struct sss_domain_info *domain,
71e593 
                                                const char *name)
71e593 
 {
71e593 
diff --git a/src/providers/files/files_ops.c b/src/providers/files/files_ops.c
71e593 
index f5a40297a7cd1eb4ec66315250556ddaf6cc8cfc..74f77b5395285818d049eaa521b4afd8a9c89dde 100644
71e593 
--- a/src/providers/files/files_ops.c
71e593 
+++ b/src/providers/files/files_ops.c
71e593 
@@ -26,6 +26,7 @@
71e593 
 #include "db/sysdb.h"
71e593 
 #include "util/inotify.h"
71e593 
 #include "util/util.h"
71e593 
+#include "providers/data_provider/dp_iface.h"
71e593
71e593 
 /* When changing this constant, make sure to also adjust the files integration
71e593 
  * test for reallocation branch
71e593 
@@ -771,6 +772,12 @@ static errno_t sf_enum_files(struct files_id_ctx *id_ctx,
71e593 
         }
71e593 
     }
71e593
71e593 
+    ret = dp_add_sr_attribute(id_ctx->be);
71e593 
+    if (ret != EOK) {
71e593 
+        DEBUG(SSSDBG_CRIT_FAILURE,
71e593 
+              "Failed to add session recording attribute, ignored.\n");
71e593 
+    }
71e593 
+
71e593 
     ret = sysdb_transaction_commit(id_ctx->domain->sysdb);
71e593 
     if (ret != EOK) {
71e593 
         goto done;
71e593 
--
71e593 
2.14.4
71e593

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation