Line data Source code
1 : /*
2 : SSSD
3 :
4 : AD groups helper routines
5 :
6 : Authors:
7 : Lukas Slebodnik <lslebodn@redhat.com>
8 :
9 : Copyright (C) 2013 Red Hat
10 :
11 : This program is free software; you can redistribute it and/or modify
12 : it under the terms of the GNU General Public License as published by
13 : the Free Software Foundation; either version 3 of the License, or
14 : (at your option) any later version.
15 :
16 : This program is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 : GNU General Public License for more details.
20 :
21 : You should have received a copy of the GNU General Public License
22 : along with this program. If not, see <http://www.gnu.org/licenses/>.
23 : */
24 :
25 : #include "db/sysdb.h"
26 : #include "providers/ldap/sdap.h"
27 : #include "providers/ldap/sdap_async_private.h"
28 :
29 : /* ==Group-Parsing Routines=============================================== */
30 :
31 15 : errno_t sdap_check_ad_group_type(struct sss_domain_info *dom,
32 : struct sdap_options *opts,
33 : struct sysdb_attrs *group_attrs,
34 : const char *group_name,
35 : bool *_need_filter)
36 : {
37 : int32_t ad_group_type;
38 15 : errno_t ret = EOK;
39 15 : *_need_filter = false;
40 :
41 15 : if (opts->schema_type == SDAP_SCHEMA_AD) {
42 0 : ret = sysdb_attrs_get_int32_t(group_attrs, SYSDB_GROUP_TYPE,
43 : &ad_group_type);
44 0 : if (ret != EOK) {
45 0 : DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_int32_t failed.\n");
46 0 : return ret;
47 : }
48 :
49 0 : DEBUG(SSSDBG_TRACE_ALL,
50 : "AD group [%s] has type flags %#x.\n",
51 : group_name, ad_group_type);
52 :
53 : /* Only security groups from AD are considered for POSIX groups.
54 : * Additionally only global and universal group are taken to account
55 : * for trusted domains. */
56 0 : if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY)
57 0 : || (IS_SUBDOMAIN(dom)
58 0 : && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL)
59 0 : || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) {
60 0 : DEBUG(SSSDBG_TRACE_FUNC,
61 : "Filtering AD group [%s].\n", group_name);
62 :
63 0 : *_need_filter = true;
64 : }
65 : }
66 :
67 15 : return ret;
68 : }
|