Re: [SSSD] [PATCHES] IPA: allow initgroups by UUID for FreeIPA users

Tue, 05 May 2015 06:55:14 -0700 

On Thu, Apr 30, 2015 at 12:40:00PM +0200, Sumit Bose wrote:
> Hi,
> 
> those two patches should fix https://fedorahosted.org/sssd/ticket/2642 .
> The first patch fixes another issue as well which I found during testing
> which is described in the commit message. The second patch is the UUID
> version of 'IPA: allow initgroups by SID for AD users' sent recently. I
> took the opportunity to make the handling in sdap_get_initgr_send() a
> bit more clean.
> 
> bye,
> Sumit

> From 9624ecdcae0451a910428f04e64a366e6746f9a0 Mon Sep 17 00:00:00 2001
> From: Sumit Bose <[email protected]>
> Date: Wed, 29 Apr 2015 15:21:17 +0200
> Subject: [PATCH 1/2] NSS: check for overrides before calling backend

Ack, although it would be nicer if the check was wrapped in a macro or a
mini-function to avoid copying too much code around.


> From bab74590459ab51f4fdbb14ac7df22e2d69c07f1 Mon Sep 17 00:00:00 2001
> From: Sumit Bose <[email protected]>
> Date: Wed, 29 Apr 2015 16:46:14 +0200
> Subject: [PATCH 2/2] IPA: allow initgroups by UUID for FreeIPA users
> 
> If a FreeIPA user is searched with the help of an override name the UUID
> from the override anchor is used to search the user. Currently the
> initgroups request only allows searches by SID or name. With this patch
> a UUID can be used as well.
> 
> Related to https://fedorahosted.org/sssd/ticket/2642

[...]

> @@ -2716,10 +2717,17 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX 
> *memctx,
>  
>      if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
>          search_attr =  state->opts->user_map[SDAP_AT_USER_PRINC].name;
> -    } else if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_SID) == 0) {
> -        search_attr =  state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
>      } else {
> -        search_attr =  state->opts->user_map[SDAP_AT_USER_NAME].name;
> +        switch (name_type) {
> +        case BE_FILTER_SECID:
> +            search_attr =  
> state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
> +            break;
> +        case BE_FILTER_UUID:
> +            search_attr =  state->opts->user_map[SDAP_AT_USER_UUID].name;
> +            break;
> +        default:
> +            search_attr =  state->opts->user_map[SDAP_AT_USER_NAME].name;

I'll just add break here. Otherwise ACK.
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to