Line data    Source code

       1             : /*
       2             :     SSSD
       3             : 
       4             :     AD groups helper routines
       5             : 
       6             :     Authors:
       7             :         Lukas Slebodnik <lslebodn@redhat.com>
       8             : 
       9             :     Copyright (C) 2013 Red Hat
      10             : 
      11             :     This program is free software; you can redistribute it and/or modify
      12             :     it under the terms of the GNU General Public License as published by
      13             :     the Free Software Foundation; either version 3 of the License, or
      14             :     (at your option) any later version.
      15             : 
      16             :     This program is distributed in the hope that it will be useful,
      17             :     but WITHOUT ANY WARRANTY; without even the implied warranty of
      18             :     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      19             :     GNU General Public License for more details.
      20             : 
      21             :     You should have received a copy of the GNU General Public License
      22             :     along with this program.  If not, see <http://www.gnu.org/licenses/>.
      23             : */
      24             : 
      25             : #include "db/sysdb.h"
      26             : #include "providers/ldap/sdap.h"
      27             : #include "providers/ldap/sdap_async_private.h"
      28             : 
      29             : /* ==Group-Parsing Routines=============================================== */
      30             : 
      31          19 : errno_t sdap_check_ad_group_type(struct sss_domain_info *dom,
      32             :                                  struct sdap_options *opts,
      33             :                                  struct sysdb_attrs *group_attrs,
      34             :                                  const char *group_name,
      35             :                                  bool *_need_filter)
      36             : {
      37             :     int32_t ad_group_type;
      38          19 :     errno_t ret = EOK;
      39          19 :     *_need_filter = false;
      40             : 
      41          19 :     if (opts->schema_type == SDAP_SCHEMA_AD) {
      42           0 :         ret = sysdb_attrs_get_int32_t(group_attrs, SYSDB_GROUP_TYPE,
      43             :                                       &ad_group_type);
      44           0 :         if (ret != EOK) {
      45           0 :             DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_int32_t failed.\n");
      46           0 :             return ret;
      47             :         }
      48             : 
      49           0 :         DEBUG(SSSDBG_TRACE_ALL,
      50             :               "AD group [%s] has type flags %#x.\n",
      51             :               group_name, ad_group_type);
      52             : 
      53             :         /* Only security groups from AD are considered for POSIX groups.
      54             :          * Additionally only global and universal group are taken to account
      55             :          * for trusted domains. */
      56           0 :         if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY)
      57           0 :             || (IS_SUBDOMAIN(dom)
      58           0 :                 && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL)
      59           0 :                       || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) {
      60           0 :             DEBUG(SSSDBG_TRACE_FUNC,
      61             :                   "Filtering AD group [%s].\n", group_name);
      62             : 
      63           0 :             *_need_filter = true;
      64             :         }
      65             :     }
      66             : 
      67          19 :     return ret;
      68             : }