Re: [SSSD] [PATCHES] IPA: allow initgroups by UUID for FreeIPA users

Wed, 06 May 2015 01:55:54 -0700 

On Tue, May 05, 2015 at 03:40:17PM +0200, Jakub Hrozek wrote:
> On Thu, Apr 30, 2015 at 12:40:00PM +0200, Sumit Bose wrote:
> > Hi,
> > 
> > those two patches should fix https://fedorahosted.org/sssd/ticket/2642 .
> > The first patch fixes another issue as well which I found during testing
> > which is described in the commit message. The second patch is the UUID
> > version of 'IPA: allow initgroups by SID for AD users' sent recently. I
> > took the opportunity to make the handling in sdap_get_initgr_send() a
> > bit more clean.
> > 
> > bye,
> > Sumit
> 
> > From 9624ecdcae0451a910428f04e64a366e6746f9a0 Mon Sep 17 00:00:00 2001
> > From: Sumit Bose <[email protected]>
> > Date: Wed, 29 Apr 2015 15:21:17 +0200
> > Subject: [PATCH 1/2] NSS: check for overrides before calling backend
> 
> Ack, although it would be nicer if the check was wrapped in a macro or a
> mini-function to avoid copying too much code around.
> 
> 
> > From bab74590459ab51f4fdbb14ac7df22e2d69c07f1 Mon Sep 17 00:00:00 2001
> > From: Sumit Bose <[email protected]>
> > Date: Wed, 29 Apr 2015 16:46:14 +0200
> > Subject: [PATCH 2/2] IPA: allow initgroups by UUID for FreeIPA users
> > 
> > If a FreeIPA user is searched with the help of an override name the UUID
> > from the override anchor is used to search the user. Currently the
> > initgroups request only allows searches by SID or name. With this patch
> > a UUID can be used as well.
> > 
> > Related to https://fedorahosted.org/sssd/ticket/2642
> 
> [...]
> 
> > @@ -2716,10 +2717,17 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX 
> > *memctx,
> >  
> >      if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_UPN) == 0) {
> >          search_attr =  state->opts->user_map[SDAP_AT_USER_PRINC].name;
> > -    } else if (extra_value && strcmp(extra_value, EXTRA_NAME_IS_SID) == 0) 
> > {
> > -        search_attr =  state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
> >      } else {
> > -        search_attr =  state->opts->user_map[SDAP_AT_USER_NAME].name;
> > +        switch (name_type) {
> > +        case BE_FILTER_SECID:
> > +            search_attr =  
> > state->opts->user_map[SDAP_AT_USER_OBJECTSID].name;
> > +            break;
> > +        case BE_FILTER_UUID:
> > +            search_attr =  state->opts->user_map[SDAP_AT_USER_UUID].name;
> > +            break;
> > +        default:
> > +            search_attr =  state->opts->user_map[SDAP_AT_USER_NAME].name;
> 
> I'll just add break here. Otherwise ACK.

* master:
    * 0f9c28eb52d2b45c8a97f709308dc11377831b8c
    * 35b178d02dfd293778aefbc0b465a5a3a4b6cd8f 
* sssd-1-12:
    * 3b00bcd8b6d53d33207005c4e7a631b6a241d300
    * a4a447b7bf394ded65c8ae872832e7cd135425d1 
_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to