dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0073-views-allow-ghost-members-for-LOCAL-view.patch

6cf099
From 8d728461964488b29cdcd431210872eaee9bc9f7 Mon Sep 17 00:00:00 2001
6cf099
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
6cf099
Date: Thu, 17 Sep 2015 14:46:34 +0200
6cf099
Subject: [PATCH 73/73] views: allow ghost members for LOCAL view
6cf099
6cf099
LOCAL view does not allow the case when both ghost member and
6cf099
user override is created so it is safe to allow ghost members
6cf099
for this view.
6cf099
6cf099
Resolves:
6cf099
https://fedorahosted.org/sssd/ticket/2790
6cf099
6cf099
Reviewed-by: Sumit Bose <sbose@redhat.com>
6cf099
---
6cf099
 src/db/sysdb_search.c          | 36 ++++++++++++++++++++----------------
6cf099
 src/responder/nss/nsssrv_cmd.c |  3 ++-
6cf099
 2 files changed, 22 insertions(+), 17 deletions(-)
6cf099
6cf099
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
6cf099
index 4f617b841bf3b3760d9cb05a06f4b46ea0c58ff5..efd583beefe78bb6bb26263a9833bf3bfafd0083 100644
6cf099
--- a/src/db/sysdb_search.c
6cf099
+++ b/src/db/sysdb_search.c
6cf099
@@ -482,14 +482,16 @@ int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx,
6cf099
     /* If there are views we have to check if override values must be added to
6cf099
      * the original object. */
6cf099
     if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
6cf099
-        el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
6cf099
-        if (el != NULL && el->num_values != 0) {
6cf099
-            DEBUG(SSSDBG_TRACE_ALL,
6cf099
-                  "Group object [%s], contains ghost entries which must be " \
6cf099
-                  "resolved before overrides can be applied.\n",
6cf099
-                   ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
6cf099
-            ret = ENOENT;
6cf099
-            goto done;
6cf099
+        if (!is_local_view(domain->view_name)) {
6cf099
+            el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
6cf099
+            if (el != NULL && el->num_values != 0) {
6cf099
+                DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost "
6cf099
+                      "entries which must be resolved before overrides can be "
6cf099
+                      "applied.\n",
6cf099
+                      ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
6cf099
+                ret = ENOENT;
6cf099
+                goto done;
6cf099
+            }
6cf099
         }
6cf099
 
6cf099
         ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
6cf099
@@ -634,14 +636,16 @@ int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
6cf099
     /* If there are views we have to check if override values must be added to
6cf099
      * the original object. */
6cf099
     if (DOM_HAS_VIEWS(domain) && orig_obj->count == 1) {
6cf099
-        el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
6cf099
-        if (el != NULL && el->num_values != 0) {
6cf099
-            DEBUG(SSSDBG_TRACE_ALL,
6cf099
-                  "Group object [%s], contains ghost entries which must be " \
6cf099
-                  "resolved before overrides can be applied.\n",
6cf099
-                   ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
6cf099
-            ret = ENOENT;
6cf099
-            goto done;
6cf099
+        if (!is_local_view(domain->view_name)) {
6cf099
+            el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_GHOST);
6cf099
+            if (el != NULL && el->num_values != 0) {
6cf099
+                DEBUG(SSSDBG_TRACE_ALL, "Group object [%s], contains ghost "
6cf099
+                      "entries which must be resolved before overrides can be "
6cf099
+                      "applied.\n",
6cf099
+                      ldb_dn_get_linearized(orig_obj->msgs[0]->dn));
6cf099
+                ret = ENOENT;
6cf099
+                goto done;
6cf099
+            }
6cf099
         }
6cf099
 
6cf099
         ret = sysdb_add_overrides_to_object(domain, orig_obj->msgs[0],
6cf099
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
6cf099
index 459634b8d7a590a196ad47a17cd52729fc633ee2..d177135db00369c2af69eb62f6a4a4aaf54ba510 100644
6cf099
--- a/src/responder/nss/nsssrv_cmd.c
6cf099
+++ b/src/responder/nss/nsssrv_cmd.c
6cf099
@@ -2909,7 +2909,8 @@ static int fill_grent(struct sss_packet *packet,
6cf099
             }
6cf099
             el = ldb_msg_find_element(msg, SYSDB_GHOST);
6cf099
             if (el) {
6cf099
-                if (DOM_HAS_VIEWS(dom) && el->num_values != 0) {
6cf099
+                if (DOM_HAS_VIEWS(dom) && !is_local_view(dom->view_name)
6cf099
+                        && el->num_values != 0) {
6cf099
                     DEBUG(SSSDBG_CRIT_FAILURE,
6cf099
                           "Domain has a view [%s] but group [%s] still has " \
6cf099
                           "ghost members.\n", dom->view_name, orig_name);
6cf099
-- 
6cf099
2.4.3
6cf099