rpms / sssd

Clone
Source Code
GIT

Blame 0057-SDAP-Filter-ad-groups-in-initgroups.patch

el5 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   1cdfb000aab60b3efbfba9ad8fb93c04555eaf15
  2.   0057-SDAP-Filter-ad-groups-in-initgroups.patch
Blob History Raw
1cdfb00 
From 49895bb18508a4f4b83b99d9875e99e17c81285b Mon Sep 17 00:00:00 2001
1cdfb00 
From: Lukas Slebodnik <lslebodn@redhat.com>
1cdfb00 
Date: Mon, 13 Apr 2015 09:50:29 +0200
1cdfb00 
Subject: [PATCH 57/99] SDAP: Filter ad groups in initgroups
1cdfb00
1cdfb00 
Function sdap_add_incomplete_groups stored domain local groups
1cdfb00 
from subdomain as POSIX group, which should not be done.
1cdfb00
1cdfb00 
Resolves:
1cdfb00 
https://fedorahosted.org/sssd/ticket/2614
1cdfb00
1cdfb00 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
1cdfb00 
(cherry picked from commit b9fbeb75e7a4f50f98d979a70a710f9221892483)
1cdfb00 
---
1cdfb00 
 src/providers/ldap/sdap_async_initgroups.c | 12 ++++++++++++
1cdfb00 
 1 file changed, 12 insertions(+)
1cdfb00
1cdfb00 
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
1cdfb00 
index 96617aecc4e9c948bbbdccb1ba75e81577a19c70..ae617b9c4c6899d0b85dcc4c4b6b971d0f235b88 100644
1cdfb00 
--- a/src/providers/ldap/sdap_async_initgroups.c
1cdfb00 
+++ b/src/providers/ldap/sdap_async_initgroups.c
1cdfb00 
@@ -51,6 +51,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
1cdfb00 
     time_t now;
1cdfb00 
     char *sid_str = NULL;
1cdfb00 
     bool use_id_mapping;
1cdfb00 
+    bool need_filter;
1cdfb00 
     char *tmp_name;
1cdfb00
1cdfb00 
     /* There are no groups in LDAP but we should add user to groups ?? */
1cdfb00 
@@ -210,6 +211,17 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
1cdfb00 
                     uuid = NULL;
1cdfb00 
                 }
1cdfb00
1cdfb00 
+                ret = sdap_check_ad_group_type(domain, opts, ldap_groups[ai],
1cdfb00 
+                                               groupname, &need_filter);
1cdfb00 
+                if (ret != EOK) {
1cdfb00 
+                    goto done;
1cdfb00 
+                }
1cdfb00 
+
1cdfb00 
+                if (need_filter) {
1cdfb00 
+                    posix = false;
1cdfb00 
+                    gid = 0;
1cdfb00 
+                }
1cdfb00 
+
1cdfb00 
                 DEBUG(SSSDBG_TRACE_INTERNAL,
1cdfb00 
                       "Adding fake group %s to sysdb\n", groupname);
1cdfb00 
                 ret = sysdb_add_incomplete_group(domain, groupname, gid,
1cdfb00 
--
1cdfb00 
2.4.0
1cdfb00
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.