diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-02-23 10:44:54 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-03-19 21:47:30 +0100 |
commit | c0bca1722d6f9dfb654ad78397be70f79ff39af1 (patch) | |
tree | 04a479b7191cca127e632a738a48c4182a39cae3 /src/providers/simple/simple_access.h | |
parent | 6569d57e3bc168e6e83d70333b48c5cb43aa04c4 (diff) | |
download | sssd-c0bca1722d6f9dfb654ad78397be70f79ff39af1.tar.gz sssd-c0bca1722d6f9dfb654ad78397be70f79ff39af1.tar.bz2 sssd-c0bca1722d6f9dfb654ad78397be70f79ff39af1.zip |
Resolve GIDs in the simple access provider
Changes the simple access provider's interface to be asynchronous. When
the simple access provider encounters a group that has gid, but no
meaningful name, it attempts to resolve the name using the
be_file_account_request function.
Some providers (like the AD provider) might perform initgroups
without resolving the group names. In order for the simple access
provider to work correctly, we need to resolve the groups before
performing the access check. In AD provider, the situation is
even more tricky b/c the groups HAVE name, but their name
attribute is set to SID and they are set as non-POSIX
Diffstat (limited to 'src/providers/simple/simple_access.h')
-rw-r--r-- | src/providers/simple/simple_access.h | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/providers/simple/simple_access.h b/src/providers/simple/simple_access.h index 2ddf2769..15dfaceb 100644 --- a/src/providers/simple/simple_access.h +++ b/src/providers/simple/simple_access.h @@ -26,6 +26,7 @@ struct simple_ctx { struct sss_domain_info *domain; + struct be_ctx *be_ctx; char **allow_users; char **deny_users; @@ -33,6 +34,12 @@ struct simple_ctx { char **deny_groups; }; -errno_t simple_access_check(struct simple_ctx *ctx, const char *username, - bool *access_granted); +struct tevent_req *simple_access_check_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct simple_ctx *ctx, + const char *username); + +errno_t simple_access_check_recv(struct tevent_req *req, + bool *access_granted); + #endif /* __SIMPLE_ACCESS_H__ */ |