URL: https://github.com/SSSD/sssd/pull/77 Author: jhrozek Title: #77: Qualify ghost users with RFC2307bis and ldap_nesting_level=0 Action: opened
PR body: """ None """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/77/head:pr77 git checkout pr77
From 33efb0fdc7e6efce325b7a6fbcaa943f15a91a98 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Wed, 9 Nov 2016 11:59:10 +0100 Subject: [PATCH 1/2] Qualify ghost user attribute in case ldap_group_nesting_level is set to 0 When the sssd is set to not resolve nested groups with RFC2307bis, then the LDAP provider takes a different path. We didn't qualify the ghost users in this case. Resolves: https://fedorahosted.org/sssd/ticket/3236 --- src/providers/ldap/sdap_async_groups.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 08dfa01..8150379 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1668,7 +1668,7 @@ static void sdap_process_group_members(struct tevent_req *subreq) struct sdap_process_group_state *state = tevent_req_data(req, struct sdap_process_group_state); struct ldb_message_element *el; - uint8_t* name_string; + char *name_string; state->check_count--; DEBUG(SSSDBG_TRACE_ALL, "Members remaining: %zu\n", state->check_count); @@ -1694,11 +1694,18 @@ static void sdap_process_group_members(struct tevent_req *subreq) goto next; } - name_string = el[0].values[0].data; + name_string = sss_create_internal_fqname(state, + (const char *) el[0].values[0].data, + state->dom->name); + if (name_string == NULL) { + ret = ENOMEM; + goto next; + } + state->ghost_dns->values[state->ghost_dns->num_values].data = - talloc_steal(state->ghost_dns->values, name_string); + talloc_steal(state->ghost_dns->values, (uint8_t *) name_string); state->ghost_dns->values[state->ghost_dns->num_values].length = - strlen((char *)name_string); + strlen(name_string); state->ghost_dns->num_values++; next: From 0ff80facde7856c062fa4ace49f89301d75446bb Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Wed, 9 Nov 2016 11:59:34 +0100 Subject: [PATCH 2/2] tests: Add a test for group resolution with ldap_group_nesting_level=0 --- src/tests/intg/test_ldap.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py index 7f0b8ff..667ae27 100644 --- a/src/tests/intg/test_ldap.py +++ b/src/tests/intg/test_ldap.py @@ -951,3 +951,29 @@ def test_remove_user_from_nested_group(ldap_conn, dict(mem=ent.contains_only("user2"))) ent.assert_group_by_name("group3", dict(mem=ent.contains_only())) + +def zero_nesting_sssd_conf(ldap_conn, schema): + """Format an SSSD configuration with group nesting disabled""" + return \ + format_basic_conf(ldap_conn, schema) + \ + unindent(""" + [domain/LDAP] + ldap_group_nesting_level = 0 + """).format(INTERACTIVE_TIMEOUT) + +@pytest.fixture +def rfc2307bis_no_nesting(request, ldap_conn): + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) + ent_list.add_user("user1", 1001, 2001) + ent_list.add_group_bis("group1", 20001, member_uids=["user1"]) + create_ldap_fixture(request, ldap_conn, ent_list) + create_conf_fixture(request, + zero_nesting_sssd_conf( + ldap_conn, + SCHEMA_RFC2307_BIS)) + create_sssd_fixture(request) + return None + +def test_zero_nesting_level(ldap_conn, rfc2307bis_no_nesting): + ent.assert_group_by_name("group1", + dict(mem=ent.contains_only("user1")))
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
