Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Implement a hybrid mode of generating private groups #650
Design page PR:
Commit mesages follow, hopefully they are enough to explain what is going on.
SYSDB: Special case getgrnam and getgrgid searches in hybrid MPG mode
In hybrid MPG mode, we want to return the MPG group only in case the user
SYSDB: Refactor the mpg and non-mpg searches out of sysdb_getgrnam() and sysdb_getgrgid() to make them more reusable
The getgrnam and getgrgid searches already special-case lookups with
CONFDB/NSS: Add the hybrid MPG mode
Permits a new option value 'hybrid' for the auto_private_groups option. The
If the hybrid mode is selected and the user's original GID number is
CONFDB: Read auto_private_groups as string, not bool
In preparation to adding the third value of auto_private_groups, this patch
UTIL: Convert bool mpg to an enum mpg_mode
Instead of bool mpg inside struct sss_domain_info, let's introduce enum
Also adds a getter for the mpg_mode value because we want to discourage
UTIL: Add a is_domain_mpg shorthand
Instead of looking into the domain structure directly, add a
CI failed because older libcheck versions don't support one check macro:
Is anybody reviewing this? If not I can start reviewing this (but I will probably get to this properly next Tuesday first). Tentatively assigning to myself, but please feel free to reassign to yourself if you already started the review or if you plan to start review sooner than next week.
It looks like these patches work fine I have just few nitpicks, see the following two patches that should be squashed into your patches (to second and to third patch) The first patch just fixes line > 80 chars and the second ads a comment.
Unfortunately the whole patchset needs to be rebased on top of current master due to recent changes (that is my fault, sorry for the delay :/ )
2 times, most recently
Oct 3, 2018
I pushed yet another new version of the patchset which should hopefully address another requirement in this feature which was that 'a real group must not be shadowed by an autogenerated group even if the real group comes from a different domain'.
To this end, I used Sumit's idea and just moved all the logic into the NSS responder because at that point we really need the cache_req requests to iterate over all the domains.
@mzidek-rh please review
LGTM I have just two comments.
First, please add the link to the pagure issue in all commit messages (the last two commits do not seem to follow the usual format).
Second, I think man page should be updated to specify what happens in the hybrid mode when the GID and UID differ, but no corresponding group exists.
Thank you for the review, I amended the man page.
As far as I could see the ticket links were always there, if you see something that is wrong, can you point it out specifically?
btw I'm waiting for a confirmation from the customer who requested this feature as well.