dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0058-IPA-add-mapped-attributes-to-user-from-trusted-domai.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   ecf7095b458fd37aa15bb4b2037d5dc9a7979e1c
  2.   SOURCES
  3.   0058-IPA-add-mapped-attributes-to-user-from-trusted-domai.patch
Blob History Raw
ecf709 
From b8a36e1be5cdd2c61ddf8e40970270bb878d26a3 Mon Sep 17 00:00:00 2001
ecf709 
From: Sumit Bose <sbose@redhat.com>
ecf709 
Date: Wed, 22 Mar 2017 14:13:05 +0100
ecf709 
Subject: [PATCH 58/60] IPA: add mapped attributes to user from trusted domains
ecf709
ecf709 
Allow the usage of the mapped attribute for the lookup of AD users on
ecf709 
IPA clients as already used for the normal LDAP lookup.
ecf709
ecf709 
Related to https://pagure.io/SSSD/sssd/issue/3050
ecf709
ecf709 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ecf709 
---
ecf709 
 src/providers/ipa/ipa_s2n_exop.c | 33 ++++++++++++++++++++++++---------
ecf709 
 1 file changed, 24 insertions(+), 9 deletions(-)
ecf709
ecf709 
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
ecf709 
index c99312274073858e5e03f3e82c069dafc839eb61..05c32a24d61947e62884f460069083fb81f40fe0 100644
ecf709 
--- a/src/providers/ipa/ipa_s2n_exop.c
ecf709 
+++ b/src/providers/ipa/ipa_s2n_exop.c
ecf709 
@@ -761,6 +761,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
ecf709 
                                     struct resp_attrs *simple_attrs,
ecf709 
                                     const char *view_name,
ecf709 
                                     struct sysdb_attrs *override_attrs,
ecf709 
+                                    struct sysdb_attrs *mapped_attrs,
ecf709 
                                     bool update_initgr_timeout);
ecf709
ecf709 
 static errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx,
ecf709 
@@ -1009,6 +1010,7 @@ struct ipa_s2n_get_list_state {
ecf709 
     struct resp_attrs *attrs;
ecf709 
     struct sss_domain_info *obj_domain;
ecf709 
     struct sysdb_attrs *override_attrs;
ecf709 
+    struct sysdb_attrs *mapped_attrs;
ecf709 
 };
ecf709
ecf709 
 static errno_t ipa_s2n_get_list_step(struct tevent_req *req);
ecf709 
@@ -1025,7 +1027,8 @@ static struct tevent_req *ipa_s2n_get_list_send(TALLOC_CTX *mem_ctx,
ecf709 
                                                 int entry_type,
ecf709 
                                                 enum request_types request_type,
ecf709 
                                                 enum req_input_type list_type,
ecf709 
-                                                char **list)
ecf709 
+                                                char **list,
ecf709 
+                                                struct sysdb_attrs *mapped_attrs)
ecf709 
 {
ecf709 
     int ret;
ecf709 
     struct ipa_s2n_get_list_state *state;
ecf709 
@@ -1057,6 +1060,7 @@ static struct tevent_req *ipa_s2n_get_list_send(TALLOC_CTX *mem_ctx,
ecf709 
     state->request_type = request_type;
ecf709 
     state->attrs = NULL;
ecf709 
     state->override_attrs = NULL;
ecf709 
+    state->mapped_attrs = mapped_attrs;
ecf709
ecf709 
     ret = ipa_s2n_get_list_step(req);
ecf709 
     if (ret != EOK) {
ecf709 
@@ -1288,7 +1292,8 @@ static errno_t ipa_s2n_get_list_save_step(struct tevent_req *req)
ecf709
ecf709 
     ret = ipa_s2n_save_objects(state->dom, &state->req_input, state->attrs,
ecf709 
                                NULL, state->ipa_ctx->view_name,
ecf709 
-                               state->override_attrs, false);
ecf709 
+                               state->override_attrs, state->mapped_attrs,
ecf709 
+                               false);
ecf709 
     if (ret != EOK) {
ecf709 
         DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
ecf709 
         return ret;
ecf709 
@@ -1704,7 +1709,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
ecf709 
                                                  BE_REQ_GROUP,
ecf709 
                                                  REQ_FULL_WITH_MEMBERS,
ecf709 
                                                  REQ_INP_NAME,
ecf709 
-                                                 missing_list);
ecf709 
+                                                 missing_list, NULL);
ecf709 
                 if (subreq == NULL) {
ecf709 
                     DEBUG(SSSDBG_OP_FAILURE,
ecf709 
                           "ipa_s2n_get_list_send failed.\n");
ecf709 
@@ -1732,7 +1737,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
ecf709 
                                                  BE_REQ_USER,
ecf709 
                                                  REQ_FULL_WITH_MEMBERS,
ecf709 
                                                  REQ_INP_NAME,
ecf709 
-                                                 missing_list);
ecf709 
+                                                 missing_list, NULL);
ecf709 
                 if (subreq == NULL) {
ecf709 
                     DEBUG(SSSDBG_OP_FAILURE,
ecf709 
                           "ipa_s2n_get_list_send failed.\n");
ecf709 
@@ -1810,7 +1815,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
ecf709
ecf709 
     if (ret == ENOENT || is_default_view(state->ipa_ctx->view_name)) {
ecf709 
         ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
ecf709 
-                                   state->simple_attrs, NULL, NULL, true);
ecf709 
+                                   state->simple_attrs, NULL, NULL, NULL, true);
ecf709 
         if (ret != EOK) {
ecf709 
             DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
ecf709 
             goto done;
ecf709 
@@ -1978,6 +1983,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
ecf709 
                                     struct resp_attrs *simple_attrs,
ecf709 
                                     const char *view_name,
ecf709 
                                     struct sysdb_attrs *override_attrs,
ecf709 
+                                    struct sysdb_attrs *mapped_attrs,
ecf709 
                                     bool update_initgr_timeout)
ecf709 
 {
ecf709 
     int ret;
ecf709 
@@ -2305,6 +2311,15 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
ecf709 
                 goto done;
ecf709 
             }
ecf709
ecf709 
+            if (mapped_attrs != NULL) {
ecf709 
+                ret = sysdb_set_user_attr(dom, name, mapped_attrs,
ecf709 
+                                          SYSDB_MOD_ADD);
ecf709 
+                if (ret != EOK) {
ecf709 
+                    DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_user_attr failed.\n");
ecf709 
+                    goto done;
ecf709 
+                }
ecf709 
+            }
ecf709 
+
ecf709 
             if (gid_override_attrs != NULL) {
ecf709 
                 ret = sysdb_set_user_attr(dom, name, gid_override_attrs,
ecf709 
                                           SYSDB_MOD_REP);
ecf709 
@@ -2487,7 +2502,7 @@ static void ipa_s2n_get_list_done(struct tevent_req  *subreq)
ecf709 
                                  &sid_str);
ecf709 
     if (ret == ENOENT) {
ecf709 
         ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
ecf709 
-                                   state->simple_attrs, NULL, NULL, true);
ecf709 
+                                   state->simple_attrs, NULL, NULL, NULL, true);
ecf709 
         if (ret != EOK) {
ecf709 
             DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
ecf709 
             goto fail;
ecf709 
@@ -2525,7 +2540,7 @@ static void ipa_s2n_get_list_done(struct tevent_req  *subreq)
ecf709 
         ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
ecf709 
                                    state->simple_attrs,
ecf709 
                                    state->ipa_ctx->view_name,
ecf709 
-                                   state->override_attrs, true);
ecf709 
+                                   state->override_attrs, NULL, true);
ecf709 
         if (ret != EOK) {
ecf709 
             DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
ecf709 
             tevent_req_error(req, ret);
ecf709 
@@ -2561,7 +2576,7 @@ static void ipa_s2n_get_user_get_override_done(struct tevent_req *subreq)
ecf709
ecf709 
     ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
ecf709 
                                state->simple_attrs, state->ipa_ctx->view_name,
ecf709 
-                               override_attrs, true);
ecf709 
+                               override_attrs, NULL, true);
ecf709 
     if (ret != EOK) {
ecf709 
         DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
ecf709 
         tevent_req_error(req, ret);
ecf709 
@@ -2662,7 +2677,7 @@ struct tevent_req *ipa_get_subdom_acct_process_pac_send(TALLOC_CTX *mem_ctx,
ecf709 
                                dp_opt_get_int(ipa_ctx->sdap_id_ctx->opts->basic,
ecf709 
                                               SDAP_SEARCH_TIMEOUT),
ecf709 
                                BE_REQ_BY_SECID, REQ_FULL, REQ_INP_SECID,
ecf709 
-                               state->missing_sids);
ecf709 
+                               state->missing_sids, NULL);
ecf709 
     if (subreq == NULL) {
ecf709 
         DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_send failed.\n");
ecf709 
         ret = ENOMEM;
ecf709 
--
ecf709 
2.9.3
ecf709

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation