URL: https://github.com/SSSD/sssd/pull/678 Author: sumit-bose Title: #678: files: add session recording flag Action: opened
PR body: """ If session recording is configured for a group the NSS ans PAM responder rely on a attribute in the cache set by the backend to determine is session recording is configured for the user or not. This flag is typically set during the initgroups request. Since the files provider does not have a dedicated initgroups request the attribute must be set otherwise. This patch sets is for all users after the files are reloaded. Related to https://pagure.io/SSSD/sssd/issue/3855 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/678/head:pr678 git checkout pr678
From 57701b67001298d1039ff396c039a6c8584bfb18 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Mon, 15 Oct 2018 20:05:09 +0200 Subject: [PATCH] files: add session recording flag If session recording is configured for a group the NSS ans PAM responder rely on a attribute in the cache set by the backend to determine is session recording is configured for the user or not. This flag is typically set during the initgroups request. Since the files provider does not have a dedicated initgroups request the attribute must be set otherwise. This patch sets is for all users after the files are reloaded. Related to https://pagure.io/SSSD/sssd/issue/3855 --- src/providers/data_provider/dp_iface.h | 3 ++ src/providers/data_provider/dp_target_id.c | 62 ++++++++++++++++++++++ src/providers/files/files_ops.c | 7 +++ 3 files changed, 72 insertions(+) diff --git a/src/providers/data_provider/dp_iface.h b/src/providers/data_provider/dp_iface.h index 0b0855da6c..8f6b2076c1 100644 --- a/src/providers/data_provider/dp_iface.h +++ b/src/providers/data_provider/dp_iface.h @@ -188,4 +188,7 @@ errno_t dp_access_control_refresh_rules_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req); + +errno_t +dp_add_sr_attribute(struct be_ctx *be_ctx); #endif /* DP_IFACE_H_ */ diff --git a/src/providers/data_provider/dp_target_id.c b/src/providers/data_provider/dp_target_id.c index 265788be9b..748d886748 100644 --- a/src/providers/data_provider/dp_target_id.c +++ b/src/providers/data_provider/dp_target_id.c @@ -328,6 +328,68 @@ static void dp_req_initgr_pp_sr_overlay(struct data_provider *provider, talloc_free(tmp_ctx); } +errno_t dp_add_sr_attribute(struct be_ctx *be_ctx) +{ + int ret; + struct dp_initgr_ctx *dp_initgr_ctx = NULL; + TALLOC_CTX *tmp_ctx = NULL; + struct dp_id_data *data; + size_t msgs_count; + struct ldb_message **msgs = NULL; + const char *attrs[] = {SYSDB_NAME, NULL}; + size_t c; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + return ENOMEM; + } + + ret = sysdb_search_users(tmp_ctx, be_ctx->domain, "("SYSDB_NAME "=*)", attrs, + &msgs_count, &msgs); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_users failed.\n"); + goto done; + } + + data = talloc_zero(tmp_ctx, struct dp_id_data); + if (data == NULL) { + ret = ENOMEM; + goto done; + } + + data->entry_type = BE_REQ_INITGROUPS; + data->filter_type = BE_FILTER_NAME; + data->filter_value = NULL; + data->extra_value = NULL; + data->domain = be_ctx->domain->name; + + for (c = 0; c < msgs_count; c++) { + data->filter_value = ldb_msg_find_attr_as_string(msgs[c], SYSDB_NAME, + NULL); + if (data->filter_value == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Cache object [%s] does not have a name, skipping.\n", + ldb_dn_get_linearized(msgs[c]->dn)); + continue; + } + + talloc_free(dp_initgr_ctx); + ret = dp_create_initgroups_ctx(tmp_ctx, be_ctx, data, &dp_initgr_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "dp_create_initgroups_ctx failed.\n"); + goto done; + } + + dp_req_initgr_pp_sr_overlay(be_ctx->provider, dp_initgr_ctx); + } + +done: + talloc_free(tmp_ctx); + + return ret; +} + static errno_t set_initgroups_expire_attribute(struct sss_domain_info *domain, const char *name) { diff --git a/src/providers/files/files_ops.c b/src/providers/files/files_ops.c index f5a40297a7..74f77b5395 100644 --- a/src/providers/files/files_ops.c +++ b/src/providers/files/files_ops.c @@ -26,6 +26,7 @@ #include "db/sysdb.h" #include "util/inotify.h" #include "util/util.h" +#include "providers/data_provider/dp_iface.h" /* When changing this constant, make sure to also adjust the files integration * test for reallocation branch @@ -771,6 +772,12 @@ static errno_t sf_enum_files(struct files_id_ctx *id_ctx, } } + ret = dp_add_sr_attribute(id_ctx->be); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to add session recording attribute, ignored.\n"); + } + ret = sysdb_transaction_commit(id_ctx->domain->sysdb); if (ret != EOK) { goto done;
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
