dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Source Code
GIT

Blame SOURCES/0097-DESKPROFILE-Add-checks-for-user-and-host-category.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   ab1ddb1a1bb39484793bc7c20de8ffd3760a3442
  2.   SOURCES
  3.   0097-DESKPROFILE-Add-checks-for-user-and-host-category.patch
Blob History Raw
9f2ebf 
From 2349423ad813e8a4fe090c283603b4cf18919662 Mon Sep 17 00:00:00 2001
9f2ebf 
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
9f2ebf 
Date: Mon, 22 Jan 2018 00:02:43 +0100
9f2ebf 
Subject: [PATCH 97/97] DESKPROFILE: Add checks for user and host category
9f2ebf 
MIME-Version: 1.0
9f2ebf 
Content-Type: text/plain; charset=UTF-8
9f2ebf 
Content-Transfer-Encoding: 8bit
9f2ebf
9f2ebf 
freeipa-deskprofile-plugin can have both user and host category set as
9f2ebf 
"all" and when it happens, no users and groups or hosts or hostgroups
9f2ebf 
are going to be set.
9f2ebf
9f2ebf 
Let's treat this expected (but so far missed) situation on SSSD side.
9f2ebf
9f2ebf 
Resolves:
9f2ebf 
https://pagure.io/SSSD/sssd/issue/3449
9f2ebf
9f2ebf 
Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>
9f2ebf
9f2ebf 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
9f2ebf 
(cherry picked from commit b72e444bc1cd2fe8d9617f09b446c678d4684fff)
9f2ebf 
---
9f2ebf 
 src/providers/ipa/ipa_deskprofile_rules_util.c | 100 ++++++++++++++++++++-----
9f2ebf 
 1 file changed, 82 insertions(+), 18 deletions(-)
9f2ebf
9f2ebf 
diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c
9f2ebf 
index 53c433145666af00a994420ccd1a926b11937fc9..01b7d0527c2a15e0f4d2bdce1867ad0482fca7b0 100644
9f2ebf 
--- a/src/providers/ipa/ipa_deskprofile_rules_util.c
9f2ebf 
+++ b/src/providers/ipa/ipa_deskprofile_rules_util.c
9f2ebf 
@@ -684,6 +684,8 @@ ipa_deskprofile_rules_save_rule_to_disk(
9f2ebf 
     TALLOC_CTX *tmp_ctx;
9f2ebf 
     const char *rule_name;
9f2ebf 
     const char *data;
9f2ebf 
+    const char *hostcat;
9f2ebf 
+    const char *usercat;
9f2ebf 
     char *shortname;
9f2ebf 
     char *domainname;
9f2ebf 
     char *base_dn;
9f2ebf 
@@ -722,6 +724,28 @@ ipa_deskprofile_rules_save_rule_to_disk(
9f2ebf 
         goto done;
9f2ebf 
     }
9f2ebf
9f2ebf 
+    ret = sysdb_attrs_get_string(rule, IPA_HOST_CATEGORY, &hostcat);
9f2ebf 
+    if (ret == ENOENT) {
9f2ebf 
+        hostcat = NULL;
9f2ebf 
+    } else if (ret != EOK) {
9f2ebf 
+        DEBUG(SSSDBG_TRACE_FUNC,
9f2ebf 
+              "Failed to get the Desktop Profile Rule host category for rule "
9f2ebf 
+              "\"%s\" [%d]: %s\n",
9f2ebf 
+              rule_name, ret, sss_strerror(ret));
9f2ebf 
+        goto done;
9f2ebf 
+    }
9f2ebf 
+
9f2ebf 
+    ret = sysdb_attrs_get_string(rule, IPA_USER_CATEGORY, &usercat);
9f2ebf 
+    if (ret == ENOENT) {
9f2ebf 
+        usercat = NULL;
9f2ebf 
+    } else if (ret != EOK) {
9f2ebf 
+        DEBUG(SSSDBG_TRACE_FUNC,
9f2ebf 
+              "Failed to get the Desktop Profile Rule user category for rule "
9f2ebf 
+              "\"%s\" [%d]: %s\n",
9f2ebf 
+              rule_name, ret, sss_strerror(ret));
9f2ebf 
+        goto done;
9f2ebf 
+    }
9f2ebf 
+
9f2ebf 
     rule_prio = talloc_asprintf(tmp_ctx, "%06d", prio);
9f2ebf 
     if (rule_prio == NULL) {
9f2ebf 
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate rule priority\n");
9f2ebf 
@@ -753,26 +777,66 @@ ipa_deskprofile_rules_save_rule_to_disk(
9f2ebf 
         goto done;
9f2ebf 
     }
9f2ebf
9f2ebf 
-    ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule,
9f2ebf 
-                                                rule_name, rule_prio,
9f2ebf 
-                                                base_dn, username,
9f2ebf 
-                                                &user_prio, &group_prio);
9f2ebf 
-    if (ret != EOK) {
9f2ebf 
-        DEBUG(SSSDBG_CRIT_FAILURE,
9f2ebf 
-              "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n",
9f2ebf 
-              ret, sss_strerror(ret));
9f2ebf 
-        goto done;
9f2ebf 
+    if (usercat != NULL && strcasecmp(usercat, "all") == 0) {
9f2ebf 
+        user_prio = talloc_strdup(tmp_ctx, rule_prio);
9f2ebf 
+        if (user_prio == NULL) {
9f2ebf 
+            DEBUG(SSSDBG_CRIT_FAILURE,
9f2ebf 
+                  "Failed to allocate the user priority "
9f2ebf 
+                  "when user category is \"all\"\n");
9f2ebf 
+            ret = ENOMEM;
9f2ebf 
+            goto done;
9f2ebf 
+        }
9f2ebf 
+
9f2ebf 
+        group_prio = talloc_strdup(tmp_ctx, rule_prio);
9f2ebf 
+        if (group_prio == NULL) {
9f2ebf 
+            DEBUG(SSSDBG_CRIT_FAILURE,
9f2ebf 
+                  "Failed to allocate the group priority "
9f2ebf 
+                  "when user category is \"all\"\n");
9f2ebf 
+            ret = ENOMEM;
9f2ebf 
+            goto done;
9f2ebf 
+        }
9f2ebf 
+    } else {
9f2ebf 
+        ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule,
9f2ebf 
+                                                    rule_name, rule_prio,
9f2ebf 
+                                                    base_dn, username,
9f2ebf 
+                                                    &user_prio, &group_prio);
9f2ebf 
+        if (ret != EOK) {
9f2ebf 
+            DEBUG(SSSDBG_CRIT_FAILURE,
9f2ebf 
+                  "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n",
9f2ebf 
+                  ret, sss_strerror(ret));
9f2ebf 
+            goto done;
9f2ebf 
+        }
9f2ebf 
     }
9f2ebf
9f2ebf 
-    ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule,
9f2ebf 
-                                                rule_name, rule_prio,
9f2ebf 
-                                                base_dn, hostname,
9f2ebf 
-                                                &host_prio, &hostgroup_prio);
9f2ebf 
-    if (ret != EOK) {
9f2ebf 
-        DEBUG(SSSDBG_CRIT_FAILURE,
9f2ebf 
-              "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n",
9f2ebf 
-              ret, sss_strerror(ret));
9f2ebf 
-        goto done;
9f2ebf 
+    if (hostcat != NULL && strcasecmp(hostcat, "all") == 0) {
9f2ebf 
+        host_prio = talloc_strdup(tmp_ctx, rule_prio);
9f2ebf 
+        if (host_prio == NULL) {
9f2ebf 
+            DEBUG(SSSDBG_CRIT_FAILURE,
9f2ebf 
+                  "Failed to allocate the host priority "
9f2ebf 
+                  "when host category is \"all\"\n");
9f2ebf 
+            ret = ENOMEM;
9f2ebf 
+            goto done;
9f2ebf 
+        }
9f2ebf 
+
9f2ebf 
+        hostgroup_prio = talloc_strdup(tmp_ctx, rule_prio);
9f2ebf 
+        if (hostgroup_prio == NULL) {
9f2ebf 
+            DEBUG(SSSDBG_CRIT_FAILURE,
9f2ebf 
+                  "Failed to allocate the hostgroup priority "
9f2ebf 
+                  "when host category is \"all\"\n");
9f2ebf 
+            ret = ENOMEM;
9f2ebf 
+            goto done;
9f2ebf 
+        }
9f2ebf 
+    } else {
9f2ebf 
+        ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule,
9f2ebf 
+                                                    rule_name, rule_prio,
9f2ebf 
+                                                    base_dn, hostname,
9f2ebf 
+                                                    &host_prio, &hostgroup_prio);
9f2ebf 
+        if (ret != EOK) {
9f2ebf 
+            DEBUG(SSSDBG_CRIT_FAILURE,
9f2ebf 
+                  "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n",
9f2ebf 
+                  ret, sss_strerror(ret));
9f2ebf 
+            goto done;
9f2ebf 
+        }
9f2ebf 
     }
9f2ebf
9f2ebf 
     ret = ipa_deskprofile_get_normalized_rule_name(mem_ctx, rule_name,
9f2ebf 
--
9f2ebf 
2.14.3
9f2ebf

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation