|
|
bb7cd1 |
From b8a36e1be5cdd2c61ddf8e40970270bb878d26a3 Mon Sep 17 00:00:00 2001
|
|
|
bb7cd1 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
bb7cd1 |
Date: Wed, 22 Mar 2017 14:13:05 +0100
|
|
|
bb7cd1 |
Subject: [PATCH 58/60] IPA: add mapped attributes to user from trusted domains
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Allow the usage of the mapped attribute for the lookup of AD users on
|
|
|
bb7cd1 |
IPA clients as already used for the normal LDAP lookup.
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Related to https://pagure.io/SSSD/sssd/issue/3050
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
bb7cd1 |
---
|
|
|
bb7cd1 |
src/providers/ipa/ipa_s2n_exop.c | 33 ++++++++++++++++++++++++---------
|
|
|
bb7cd1 |
1 file changed, 24 insertions(+), 9 deletions(-)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
|
|
|
bb7cd1 |
index c99312274073858e5e03f3e82c069dafc839eb61..05c32a24d61947e62884f460069083fb81f40fe0 100644
|
|
|
bb7cd1 |
--- a/src/providers/ipa/ipa_s2n_exop.c
|
|
|
bb7cd1 |
+++ b/src/providers/ipa/ipa_s2n_exop.c
|
|
|
bb7cd1 |
@@ -761,6 +761,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
|
|
|
bb7cd1 |
struct resp_attrs *simple_attrs,
|
|
|
bb7cd1 |
const char *view_name,
|
|
|
bb7cd1 |
struct sysdb_attrs *override_attrs,
|
|
|
bb7cd1 |
+ struct sysdb_attrs *mapped_attrs,
|
|
|
bb7cd1 |
bool update_initgr_timeout);
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
@@ -1009,6 +1010,7 @@ struct ipa_s2n_get_list_state {
|
|
|
bb7cd1 |
struct resp_attrs *attrs;
|
|
|
bb7cd1 |
struct sss_domain_info *obj_domain;
|
|
|
bb7cd1 |
struct sysdb_attrs *override_attrs;
|
|
|
bb7cd1 |
+ struct sysdb_attrs *mapped_attrs;
|
|
|
bb7cd1 |
};
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
static errno_t ipa_s2n_get_list_step(struct tevent_req *req);
|
|
|
bb7cd1 |
@@ -1025,7 +1027,8 @@ static struct tevent_req *ipa_s2n_get_list_send(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
int entry_type,
|
|
|
bb7cd1 |
enum request_types request_type,
|
|
|
bb7cd1 |
enum req_input_type list_type,
|
|
|
bb7cd1 |
- char **list)
|
|
|
bb7cd1 |
+ char **list,
|
|
|
bb7cd1 |
+ struct sysdb_attrs *mapped_attrs)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
int ret;
|
|
|
bb7cd1 |
struct ipa_s2n_get_list_state *state;
|
|
|
bb7cd1 |
@@ -1057,6 +1060,7 @@ static struct tevent_req *ipa_s2n_get_list_send(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
state->request_type = request_type;
|
|
|
bb7cd1 |
state->attrs = NULL;
|
|
|
bb7cd1 |
state->override_attrs = NULL;
|
|
|
bb7cd1 |
+ state->mapped_attrs = mapped_attrs;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
ret = ipa_s2n_get_list_step(req);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
@@ -1288,7 +1292,8 @@ static errno_t ipa_s2n_get_list_save_step(struct tevent_req *req)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
ret = ipa_s2n_save_objects(state->dom, &state->req_input, state->attrs,
|
|
|
bb7cd1 |
NULL, state->ipa_ctx->view_name,
|
|
|
bb7cd1 |
- state->override_attrs, false);
|
|
|
bb7cd1 |
+ state->override_attrs, state->mapped_attrs,
|
|
|
bb7cd1 |
+ false);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
|
|
|
bb7cd1 |
return ret;
|
|
|
bb7cd1 |
@@ -1704,7 +1709,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
BE_REQ_GROUP,
|
|
|
bb7cd1 |
REQ_FULL_WITH_MEMBERS,
|
|
|
bb7cd1 |
REQ_INP_NAME,
|
|
|
bb7cd1 |
- missing_list);
|
|
|
bb7cd1 |
+ missing_list, NULL);
|
|
|
bb7cd1 |
if (subreq == NULL) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
bb7cd1 |
"ipa_s2n_get_list_send failed.\n");
|
|
|
bb7cd1 |
@@ -1732,7 +1737,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
BE_REQ_USER,
|
|
|
bb7cd1 |
REQ_FULL_WITH_MEMBERS,
|
|
|
bb7cd1 |
REQ_INP_NAME,
|
|
|
bb7cd1 |
- missing_list);
|
|
|
bb7cd1 |
+ missing_list, NULL);
|
|
|
bb7cd1 |
if (subreq == NULL) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
bb7cd1 |
"ipa_s2n_get_list_send failed.\n");
|
|
|
bb7cd1 |
@@ -1810,7 +1815,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
if (ret == ENOENT || is_default_view(state->ipa_ctx->view_name)) {
|
|
|
bb7cd1 |
ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
|
|
|
bb7cd1 |
- state->simple_attrs, NULL, NULL, true);
|
|
|
bb7cd1 |
+ state->simple_attrs, NULL, NULL, NULL, true);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
@@ -1978,6 +1983,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
|
|
|
bb7cd1 |
struct resp_attrs *simple_attrs,
|
|
|
bb7cd1 |
const char *view_name,
|
|
|
bb7cd1 |
struct sysdb_attrs *override_attrs,
|
|
|
bb7cd1 |
+ struct sysdb_attrs *mapped_attrs,
|
|
|
bb7cd1 |
bool update_initgr_timeout)
|
|
|
bb7cd1 |
{
|
|
|
bb7cd1 |
int ret;
|
|
|
bb7cd1 |
@@ -2305,6 +2311,15 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
+ if (mapped_attrs != NULL) {
|
|
|
bb7cd1 |
+ ret = sysdb_set_user_attr(dom, name, mapped_attrs,
|
|
|
bb7cd1 |
+ SYSDB_MOD_ADD);
|
|
|
bb7cd1 |
+ if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_user_attr failed.\n");
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
if (gid_override_attrs != NULL) {
|
|
|
bb7cd1 |
ret = sysdb_set_user_attr(dom, name, gid_override_attrs,
|
|
|
bb7cd1 |
SYSDB_MOD_REP);
|
|
|
bb7cd1 |
@@ -2487,7 +2502,7 @@ static void ipa_s2n_get_list_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
&sid_str);
|
|
|
bb7cd1 |
if (ret == ENOENT) {
|
|
|
bb7cd1 |
ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
|
|
|
bb7cd1 |
- state->simple_attrs, NULL, NULL, true);
|
|
|
bb7cd1 |
+ state->simple_attrs, NULL, NULL, NULL, true);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
|
|
|
bb7cd1 |
goto fail;
|
|
|
bb7cd1 |
@@ -2525,7 +2540,7 @@ static void ipa_s2n_get_list_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
|
|
|
bb7cd1 |
state->simple_attrs,
|
|
|
bb7cd1 |
state->ipa_ctx->view_name,
|
|
|
bb7cd1 |
- state->override_attrs, true);
|
|
|
bb7cd1 |
+ state->override_attrs, NULL, true);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
|
|
|
bb7cd1 |
tevent_req_error(req, ret);
|
|
|
bb7cd1 |
@@ -2561,7 +2576,7 @@ static void ipa_s2n_get_user_get_override_done(struct tevent_req *subreq)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
|
|
|
bb7cd1 |
state->simple_attrs, state->ipa_ctx->view_name,
|
|
|
bb7cd1 |
- override_attrs, true);
|
|
|
bb7cd1 |
+ override_attrs, NULL, true);
|
|
|
bb7cd1 |
if (ret != EOK) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
|
|
|
bb7cd1 |
tevent_req_error(req, ret);
|
|
|
bb7cd1 |
@@ -2662,7 +2677,7 @@ struct tevent_req *ipa_get_subdom_acct_process_pac_send(TALLOC_CTX *mem_ctx,
|
|
|
bb7cd1 |
dp_opt_get_int(ipa_ctx->sdap_id_ctx->opts->basic,
|
|
|
bb7cd1 |
SDAP_SEARCH_TIMEOUT),
|
|
|
bb7cd1 |
BE_REQ_BY_SECID, REQ_FULL, REQ_INP_SECID,
|
|
|
bb7cd1 |
- state->missing_sids);
|
|
|
bb7cd1 |
+ state->missing_sids, NULL);
|
|
|
bb7cd1 |
if (subreq == NULL) {
|
|
|
bb7cd1 |
DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_send failed.\n");
|
|
|
bb7cd1 |
ret = ENOMEM;
|
|
|
bb7cd1 |
--
|
|
|
bb7cd1 |
2.9.3
|
|
|
bb7cd1 |
|