On Mon, Nov 10, 2014 at 03:17:04PM +0100, Sumit Bose wrote: > Hi, > > this patch-set should solve https://fedorahosted.org/sssd/ticket/2481 > "ID Views implementation does not support IPA user&group overrides". It > depends on the already commit patches which bring back ldap_user_uuid > and ldap_group_uuid and "sysdb: add sysdb_search_object_by_uuid()" which > is still under review. > > Most of the patches adds support for UUIDs here and there, The main part > of the work is done in the 0006 where the user and group lookup request > is extended in a similar way like for AD users where the overrides are > checked first, then the original object and eventually a final lookup in > the override tree. I will file a ticket to refactor the code so that code > paths for IPA and AD users are unified but for the time being I think > it is better to have them separate so that changes in one path do not > break the other path. >
Please find attached a new version of the patch set. It is rebased on current master plus the "sysdb: add sysdb_search_object_by_uuid()" patch and fixes a segfault in the 6th patch. bye, Sumit
From 9f807e92b8db786c331842117e1481dbb494a1f7 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Thu, 6 Nov 2014 13:13:27 +0100 Subject: [PATCH 1/7] ipa: add split_ipa_anchor() This call extracts the domain and the UUID part from an IPA override anchor. Related to https://fedorahosted.org/sssd/ticket/2481 --- Makefile.am | 2 ++ src/providers/ipa/ipa_id.h | 2 ++ src/providers/ipa/ipa_utils.c | 63 +++++++++++++++++++++++++++++++++++++ src/tests/cmocka/test_sysdb_views.c | 32 +++++++++++++++++++ 4 files changed, 99 insertions(+) create mode 100644 src/providers/ipa/ipa_utils.c diff --git a/Makefile.am b/Makefile.am index b85341f..c083a2e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2066,6 +2066,7 @@ endif # BUILD_IFP test_sysdb_views_SOURCES = \ src/tests/cmocka/test_sysdb_views.c \ + src/providers/ipa/ipa_utils.c \ $(NULL) test_sysdb_views_CFLAGS = \ $(AM_CFLAGS) \ @@ -2388,6 +2389,7 @@ libsss_ipa_la_SOURCES = \ src/providers/ipa/ipa_subdomains_id.c \ src/providers/ipa/ipa_subdomains_ext_groups.c \ src/providers/ipa/ipa_views.c \ + src/providers/ipa/ipa_utils.c \ src/providers/ipa/ipa_s2n_exop.c \ src/providers/ipa/ipa_hbac_hosts.c \ src/providers/ipa/ipa_hbac_private.h \ diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index e13aded..033ac40 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -103,4 +103,6 @@ struct tevent_req *ipa_subdomain_account_send(TALLOC_CTX *memctx, errno_t ipa_subdomain_account_recv(struct tevent_req *req, int *dp_error_out); +errno_t split_ipa_anchor(TALLOC_CTX *mem_ctx, const char *anchor, + char **_anchor_domain, char **_ipa_uuid); #endif diff --git a/src/providers/ipa/ipa_utils.c b/src/providers/ipa/ipa_utils.c new file mode 100644 index 0000000..86ba51c --- /dev/null +++ b/src/providers/ipa/ipa_utils.c @@ -0,0 +1,63 @@ +/* + SSSD + + IPA Module utility functions + + Authors: + Sumit Bose <sb...@redhat.com> + + Copyright (C) 2014 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "util/util.h" + +#define OVERRIDE_ANCHOR_IPA_PREFIX ":IPA:" +#define OVERRIDE_ANCHOR_IPA_PREFIX_LEN (sizeof(OVERRIDE_ANCHOR_IPA_PREFIX) -1 ) + +errno_t split_ipa_anchor(TALLOC_CTX *mem_ctx, const char *anchor, + char **_anchor_domain, char **_ipa_uuid) +{ + const char *sep; + + if (anchor == NULL) { + return EINVAL; + } + if (strncmp(OVERRIDE_ANCHOR_IPA_PREFIX, anchor, + OVERRIDE_ANCHOR_IPA_PREFIX_LEN) != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, "No IPA anchor [%s].\n", anchor); + return ENOMSG; + } + + sep = strchr(anchor + OVERRIDE_ANCHOR_IPA_PREFIX_LEN, ':'); + if (sep == NULL || sep[1] == '\0') { + DEBUG(SSSDBG_CRIT_FAILURE, "Broken IPA anchor [%s].\n", anchor); + return EINVAL; + } + + *_anchor_domain = talloc_strndup(mem_ctx, + anchor + OVERRIDE_ANCHOR_IPA_PREFIX_LEN, + sep - anchor - OVERRIDE_ANCHOR_IPA_PREFIX_LEN); + *_ipa_uuid = talloc_strdup(mem_ctx, sep + 1); + + if (*_anchor_domain == NULL || *_ipa_uuid == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n"); + talloc_free(*_anchor_domain); + talloc_free(*_ipa_uuid); + return ENOMEM; + } + + return EOK; +} diff --git a/src/tests/cmocka/test_sysdb_views.c b/src/tests/cmocka/test_sysdb_views.c index 9fb2d72..0dc5144 100644 --- a/src/tests/cmocka/test_sysdb_views.c +++ b/src/tests/cmocka/test_sysdb_views.c @@ -29,6 +29,7 @@ #include <popt.h> #include "tests/cmocka/common_mock.h" +#include "providers/ipa/ipa_id.h" #define TESTS_PATH "tests_sysdb_views" #define TEST_CONF_FILE "tests_conf.ldb" @@ -189,6 +190,35 @@ void test_sysdb_add_overrides_to_object(void **state) assert_int_equal(ldb_val_string_cmp(&el->values[1], "OVERRIDEKEY2"), 0); } +void test_split_ipa_anchor(void **state) +{ + int ret; + char *dom; + char *uuid; + struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state, + struct sysdb_test_ctx); + + ret = split_ipa_anchor(test_ctx, NULL, &dom, &uuid); + assert_int_equal(ret, EINVAL); + + ret = split_ipa_anchor(test_ctx, "fwfkwjfkw", &dom, &uuid); + assert_int_equal(ret, ENOMSG); + + ret = split_ipa_anchor(test_ctx, ":IPA:", &dom, &uuid); + assert_int_equal(ret, EINVAL); + + ret = split_ipa_anchor(test_ctx, ":IPA:abc", &dom, &uuid); + assert_int_equal(ret, EINVAL); + + ret = split_ipa_anchor(test_ctx, ":IPA:abc:", &dom, &uuid); + assert_int_equal(ret, EINVAL); + + ret = split_ipa_anchor(test_ctx, ":IPA:abc:def", &dom, &uuid); + assert_int_equal(ret, EOK); + assert_string_equal(dom, "abc"); + assert_string_equal(uuid, "def"); +} + int main(int argc, const char *argv[]) { int rv; @@ -206,6 +236,8 @@ int main(int argc, const char *argv[]) const UnitTest tests[] = { unit_test_setup_teardown(test_sysdb_add_overrides_to_object, test_sysdb_setup, test_sysdb_teardown), + unit_test_setup_teardown(test_split_ipa_anchor, + test_sysdb_setup, test_sysdb_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ -- 1.8.3.1
From ec4cf492945cb8f30fcb2467e9d26836de7ff6d8 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 7 Nov 2014 13:55:01 +0100 Subject: [PATCH 2/7] LDAP: add support for lookups by UUID Related to https://fedorahosted.org/sssd/ticket/2481 --- src/providers/data_provider.h | 2 ++ src/providers/ldap/ldap_id.c | 58 +++++++++++++++++++++++++++++++++++++++---- 2 files changed, 55 insertions(+), 5 deletions(-) diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h index e1cb4be..5df493e 100644 --- a/src/providers/data_provider.h +++ b/src/providers/data_provider.h @@ -127,6 +127,7 @@ #define BE_FILTER_IDNUM 2 #define BE_FILTER_ENUM 3 #define BE_FILTER_SECID 4 +#define BE_FILTER_UUID 5 #define BE_REQ_USER 0x0001 #define BE_REQ_GROUP 0x0002 @@ -139,6 +140,7 @@ #define BE_REQ_HOST 0x0010 #define BE_REQ_BY_SECID 0x0011 #define BE_REQ_USER_AND_GROUP 0x0012 +#define BE_REQ_BY_UUID 0x0013 #define BE_REQ_TYPE_MASK 0x00FF #define BE_REQ_FAST 0x1000 diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index e8b3a0e..2e58f4e 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -179,6 +179,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, goto done; } break; + case BE_FILTER_UUID: + attr_name = ctx->opts->user_map[SDAP_AT_USER_UUID].name; + if (attr_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "UUID search not configured for this backend.\n"); + ret = EINVAL; + goto done; + } + + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto done; + } + break; default: ret = EINVAL; goto done; @@ -458,8 +472,9 @@ static void users_get_done(struct tevent_req *subreq) break; case BE_FILTER_SECID: - /* Since it is not clear if the SID belongs to a user or a group - * we have nothing to do here. */ + case BE_FILTER_UUID: + /* Since it is not clear if the SID/UUID belongs to a user or a + * group we have nothing to do here. */ break; default: @@ -635,6 +650,20 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto done; } break; + case BE_FILTER_UUID: + attr_name = ctx->opts->group_map[SDAP_AT_GROUP_UUID].name; + if (attr_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "UUID search not configured for this backend.\n"); + ret = EINVAL; + goto done; + } + + ret = sss_filter_sanitize(state, name, &clean_name); + if (ret != EOK) { + goto done; + } + break; default: ret = EINVAL; goto done; @@ -884,8 +913,9 @@ static void groups_get_done(struct tevent_req *subreq) break; case BE_FILTER_SECID: - /* Since it is not clear if the SID belongs to a user or a group - * we have nothing to do here. */ + case BE_FILTER_UUID: + /* Since it is not clear if the SID/UUID belongs to a user or a + * group we have nothing to do here. */ break; default: @@ -1401,7 +1431,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, goto done; } - if (ar->filter_type == BE_FILTER_SECID) { + if (ar->filter_type == BE_FILTER_SECID + || ar->filter_type == BE_FILTER_UUID) { ret = EINVAL; state->err = "Invalid filter type"; goto done; @@ -1430,6 +1461,21 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, noexist_delete); break; + case BE_REQ_BY_UUID: + if (ar->filter_type != BE_FILTER_UUID) { + ret = EINVAL; + state->err = "Invalid filter type"; + goto done; + } + + subreq = get_user_and_group_send(breq, be_ctx->ev, id_ctx, + sdom, conn, + ar->filter_value, + ar->filter_type, + ar->attr_type, + noexist_delete); + break; + case BE_REQ_USER_AND_GROUP: if (!(ar->filter_type == BE_FILTER_NAME || ar->filter_type == BE_FILTER_IDNUM)) { @@ -1504,6 +1550,8 @@ sdap_handle_acct_req_done(struct tevent_req *subreq) break; case BE_REQ_BY_SECID: /* Fallthrough */ + case BE_REQ_BY_UUID: + /* Fallthrough */ case BE_REQ_USER_AND_GROUP: err = "Lookup by SID failed"; ret = sdap_get_user_and_group_recv(subreq, &state->dp_error, -- 1.8.3.1
From 15ea0a84cc1d1ded27c6f84ac563b7902f203526 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 7 Nov 2014 21:33:36 +0100 Subject: [PATCH 3/7] LDAP: always store UUID if available Related to https://fedorahosted.org/sssd/ticket/2481 --- src/providers/ldap/sdap_async_groups.c | 20 ++++++++++++++++++++ src/providers/ldap/sdap_async_users.c | 19 +++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index a82d2aa..dc1b60d 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -511,6 +511,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, bool posix_group; bool use_id_mapping; char *sid_str; + const char *uuid; struct sss_domain_info *subdomain; int32_t ad_group_type; @@ -547,6 +548,25 @@ static int sdap_save_group(TALLOC_CTX *memctx, sid_str = NULL; } + /* Always store UUID if available */ + ret = sysdb_attrs_get_string(attrs, + opts->group_map[SDAP_AT_GROUP_UUID].sys_name, + &uuid); + if (ret == EOK) { + ret = sysdb_attrs_add_string(group_attrs, SYSDB_UUID, uuid); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Could not add UUID string: [%s]\n", + strerror(ret)); + goto done; + } + } else if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, "UUID not available for group [%s].\n", + group_name); + } else { + DEBUG(SSSDBG_MINOR_FAILURE, "Could not identify UUID [%s]\n", + strerror(ret)); + } + /* If this object has a SID available, we will determine the correct * domain by its SID. */ if (sid_str != NULL) { diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 2331ba9..c6da5c1 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -140,6 +140,7 @@ int sdap_save_user(TALLOC_CTX *memctx, TALLOC_CTX *tmpctx = NULL; bool use_id_mapping; char *sid_str; + const char *uuid; char *dom_sid_str = NULL; struct sss_domain_info *subdomain; @@ -177,6 +178,24 @@ int sdap_save_user(TALLOC_CTX *memctx, sid_str = NULL; } + /* Always store UUID if available */ + ret = sysdb_attrs_get_string(attrs, + opts->user_map[SDAP_AT_USER_UUID].sys_name, + &uuid); + if (ret == EOK) { + ret = sysdb_attrs_add_string(user_attrs, SYSDB_UUID, uuid); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Could not add UUID string: [%s]\n", + strerror(ret)); + goto done; + } + } else if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, "UUID not available for user.\n"); + } else { + DEBUG(SSSDBG_MINOR_FAILURE, "Could not identify UUID [%s]\n", + strerror(ret)); + } + /* If this object has a SID available, we will determine the correct * domain by its SID. */ if (sid_str != NULL) { -- 1.8.3.1
From 3adf966d906cf491f7ca852bb36921fc05542dbf Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 7 Nov 2014 15:05:41 +0100 Subject: [PATCH 4/7] ipa: add get_be_acct_req_for_uuid() This new call creates the needs data for a lookup by UUID which is needed when trying to find the original object for an IPA override object. Related to https://fedorahosted.org/sssd/ticket/2481 --- src/providers/ipa/ipa_id.h | 4 ++++ src/providers/ipa/ipa_views.c | 42 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 40 insertions(+), 6 deletions(-) diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index 033ac40..890d00d 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -83,6 +83,10 @@ errno_t get_be_acct_req_for_sid(TALLOC_CTX *mem_ctx, const char *sid, const char *domain_name, struct be_acct_req **_ar); +errno_t get_be_acct_req_for_uuid(TALLOC_CTX *mem_ctx, const char *uuid, + const char *domain_name, + struct be_acct_req **_ar); + struct tevent_req *ipa_get_ad_override_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct sdap_id_ctx *sdap_id_ctx, diff --git a/src/providers/ipa/ipa_views.c b/src/providers/ipa/ipa_views.c index 2eb7721..ee58689 100644 --- a/src/providers/ipa/ipa_views.c +++ b/src/providers/ipa/ipa_views.c @@ -140,9 +140,10 @@ static errno_t be_acct_req_to_override_filter(TALLOC_CTX *mem_ctx, return EOK; } -errno_t get_be_acct_req_for_sid(TALLOC_CTX *mem_ctx, const char *sid, - const char *domain_name, - struct be_acct_req **_ar) +static errno_t get_be_acct_req_for_xyz(TALLOC_CTX *mem_ctx, const char *val, + const char *domain_name, + int type, + struct be_acct_req **_ar) { struct be_acct_req *ar; @@ -152,9 +153,22 @@ errno_t get_be_acct_req_for_sid(TALLOC_CTX *mem_ctx, const char *sid, return ENOMEM; } - ar->entry_type = BE_REQ_BY_SECID; - ar->filter_type = BE_FILTER_SECID; - ar->filter_value = talloc_strdup(ar, sid); + switch (type) { + case BE_REQ_BY_SECID: + ar->entry_type = BE_REQ_BY_SECID; + ar->filter_type = BE_FILTER_SECID; + break; + case BE_REQ_BY_UUID: + ar->entry_type = BE_REQ_BY_UUID; + ar->filter_type = BE_FILTER_UUID; + break; + default: + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported request type [%d].\n", type); + talloc_free(ar); + return EINVAL; + } + + ar->filter_value = talloc_strdup(ar, val); ar->domain = talloc_strdup(ar, domain_name); if (ar->filter_value == NULL || ar->domain == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); @@ -168,6 +182,22 @@ errno_t get_be_acct_req_for_sid(TALLOC_CTX *mem_ctx, const char *sid, return EOK; } +errno_t get_be_acct_req_for_sid(TALLOC_CTX *mem_ctx, const char *sid, + const char *domain_name, + struct be_acct_req **_ar) +{ + return get_be_acct_req_for_xyz(mem_ctx, sid, domain_name, BE_REQ_BY_SECID, + _ar); +} + +errno_t get_be_acct_req_for_uuid(TALLOC_CTX *mem_ctx, const char *uuid, + const char *domain_name, + struct be_acct_req **_ar) +{ + return get_be_acct_req_for_xyz(mem_ctx, uuid, domain_name, BE_REQ_BY_UUID, + _ar); +} + struct ipa_get_ad_override_state { struct tevent_context *ev; struct sdap_id_ctx *sdap_id_ctx; -- 1.8.3.1
From 9047069105444545a2f5dc0be3ef30d4c43689d1 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 7 Nov 2014 21:34:55 +0100 Subject: [PATCH 5/7] IPA: make get_object_from_cache() public Related to https://fedorahosted.org/sssd/ticket/2481 --- src/providers/ipa/ipa_id.h | 5 +++++ src/providers/ipa/ipa_subdomains_id.c | 9 +++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index 890d00d..9d219f2 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -109,4 +109,9 @@ errno_t ipa_subdomain_account_recv(struct tevent_req *req, int *dp_error_out); errno_t split_ipa_anchor(TALLOC_CTX *mem_ctx, const char *anchor, char **_anchor_domain, char **_ipa_uuid); + +errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, + struct sss_domain_info *dom, + struct be_acct_req *ar, + struct ldb_message **_msg); #endif diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 0d00d09..dd1eae1 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -848,10 +848,10 @@ done: return ret; } -static errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, - struct sss_domain_info *dom, - struct be_acct_req *ar, - struct ldb_message **_msg) +errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, + struct sss_domain_info *dom, + struct be_acct_req *ar, + struct ldb_message **_msg) { errno_t ret; uint32_t id; @@ -861,6 +861,7 @@ static errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, SYSDB_UIDNUM, SYSDB_SID_STR, SYSDB_OBJECTCLASS, + SYSDB_UUID, NULL }; char *name; -- 1.8.3.1
From 9047069105444545a2f5dc0be3ef30d4c43689d1 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 7 Nov 2014 21:34:55 +0100 Subject: [PATCH 5/7] IPA: make get_object_from_cache() public Related to https://fedorahosted.org/sssd/ticket/2481 --- src/providers/ipa/ipa_id.h | 5 +++++ src/providers/ipa/ipa_subdomains_id.c | 9 +++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/providers/ipa/ipa_id.h b/src/providers/ipa/ipa_id.h index 890d00d..9d219f2 100644 --- a/src/providers/ipa/ipa_id.h +++ b/src/providers/ipa/ipa_id.h @@ -109,4 +109,9 @@ errno_t ipa_subdomain_account_recv(struct tevent_req *req, int *dp_error_out); errno_t split_ipa_anchor(TALLOC_CTX *mem_ctx, const char *anchor, char **_anchor_domain, char **_ipa_uuid); + +errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, + struct sss_domain_info *dom, + struct be_acct_req *ar, + struct ldb_message **_msg); #endif diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 0d00d09..dd1eae1 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -848,10 +848,10 @@ done: return ret; } -static errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, - struct sss_domain_info *dom, - struct be_acct_req *ar, - struct ldb_message **_msg) +errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, + struct sss_domain_info *dom, + struct be_acct_req *ar, + struct ldb_message **_msg) { errno_t ret; uint32_t id; @@ -861,6 +861,7 @@ static errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, SYSDB_UIDNUM, SYSDB_SID_STR, SYSDB_OBJECTCLASS, + SYSDB_UUID, NULL }; char *name; -- 1.8.3.1
From d3d3d51a1d49936c9ad1a3733388bfd384fd07c4 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 7 Nov 2014 21:36:12 +0100 Subject: [PATCH 7/7] Enable views for all domains Currently views and overrides were only available for sub-domains, this patch enables the lookup for the configured domains as well. Related to https://fedorahosted.org/sssd/ticket/2481 --- src/util/util.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/util/util.h b/src/util/util.h index ffc8a87..7c335b9 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -574,8 +574,7 @@ errno_t sssd_domain_init(TALLOC_CTX *mem_ctx, #define IS_SUBDOMAIN(dom) ((dom)->parent != NULL) -/* Currently views are only supported for subdomains */ -#define DOM_HAS_VIEWS(dom) ((dom)->has_views && IS_SUBDOMAIN(dom)) +#define DOM_HAS_VIEWS(dom) ((dom)->has_views) errno_t sss_write_domain_mappings(struct sss_domain_info *domain); -- 1.8.3.1
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
