URL: https://github.com/SSSD/sssd/pull/495
Author: fidencio
 Title: #495: DESKPROFILE: Add checks for user and host category
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/495/head:pr495
git checkout pr495
From 1fa5a0bfba05d43b50ad7f88e421695fab0ab623 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com>
Date: Mon, 22 Jan 2018 00:02:43 +0100
Subject: [PATCH] DESKPROFILE: Add checks for user and host category
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

freeipa-deskprofile-plugin can have both user and host category set as
"all" and when it happens, no users and groups or hosts or hostgroups
are going to be set.

Let's treat this expected (but so far missed) situation on SSSD side.

Resolves:
https://pagure.io/SSSD/sssd/issue/3449

Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com>
---
 src/providers/ipa/ipa_deskprofile_rules_util.c | 70 +++++++++++++++++++-------
 1 file changed, 52 insertions(+), 18 deletions(-)

diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c
index 53c433145..ffcb5c846 100644
--- a/src/providers/ipa/ipa_deskprofile_rules_util.c
+++ b/src/providers/ipa/ipa_deskprofile_rules_util.c
@@ -684,6 +684,8 @@ ipa_deskprofile_rules_save_rule_to_disk(
     TALLOC_CTX *tmp_ctx;
     const char *rule_name;
     const char *data;
+    const char *hostcat;
+    const char *usercat;
     char *shortname;
     char *domainname;
     char *base_dn;
@@ -722,6 +724,28 @@ ipa_deskprofile_rules_save_rule_to_disk(
         goto done;
     }
 
+    ret = sysdb_attrs_get_string(rule, IPA_HOST_CATEGORY, &hostcat);
+    if (ret == ENOENT) {
+        hostcat = NULL;
+    } else if (ret != EOK) {
+        DEBUG(SSSDBG_TRACE_FUNC,
+              "Failed to get the Desktop Profile Rule host category for rule "
+              "\"%s\" [%d]: %s\n",
+              rule_name, ret, sss_strerror(ret));
+        goto done;
+    }
+
+    ret = sysdb_attrs_get_string(rule, IPA_USER_CATEGORY, &usercat);
+    if (ret == ENOENT) {
+        usercat = NULL;
+    } else if (ret != EOK) {
+        DEBUG(SSSDBG_TRACE_FUNC,
+              "Failed to get the Desktop Profile Rule user category for rule "
+              "\"%s\" [%d]: %s\n",
+              rule_name, ret, sss_strerror(ret));
+        goto done;
+    }
+
     rule_prio = talloc_asprintf(tmp_ctx, "%06d", prio);
     if (rule_prio == NULL) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate rule priority\n");
@@ -753,26 +777,36 @@ ipa_deskprofile_rules_save_rule_to_disk(
         goto done;
     }
 
-    ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule,
-                                                rule_name, rule_prio,
-                                                base_dn, username,
-                                                &user_prio, &group_prio);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_CRIT_FAILURE,
-              "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n",
-              ret, sss_strerror(ret));
-        goto done;
+    if (usercat != NULL && strcasecmp(usercat, "all") == 0) {
+        user_prio = talloc_strdup(tmp_ctx, rule_prio);
+        group_prio = talloc_strdup(tmp_ctx, rule_prio);
+    } else {
+        ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule,
+                                                    rule_name, rule_prio,
+                                                    base_dn, username,
+                                                    &user_prio, &group_prio);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n",
+                  ret, sss_strerror(ret));
+            goto done;
+        }
     }
 
-    ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule,
-                                                rule_name, rule_prio,
-                                                base_dn, hostname,
-                                                &host_prio, &hostgroup_prio);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_CRIT_FAILURE,
-              "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n",
-              ret, sss_strerror(ret));
-        goto done;
+    if (hostcat != NULL && strcasecmp(hostcat, "all") == 0) {
+        host_prio = talloc_strdup(tmp_ctx, rule_prio);
+        hostgroup_prio = talloc_strdup(tmp_ctx, rule_prio);
+    } else {
+        ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule,
+                                                    rule_name, rule_prio,
+                                                    base_dn, hostname,
+                                                    &host_prio, &hostgroup_prio);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n",
+                  ret, sss_strerror(ret));
+            goto done;
+        }
     }
 
     ret = ipa_deskprofile_get_normalized_rule_name(mem_ctx, rule_name,
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to