diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2011-05-17 16:28:15 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-05-20 05:49:25 -0400 |
| commit | 54af51d2129d29258108a6dbf072a82c930bf399 (patch) | |
| tree | 03b97d3b98b82395f5b35b6fbf0f0d67e3712262 | |
| parent | 217d7e26345fb5f7e296551b62a4c1d82c9d9585 (diff) | |
| download | sssd-54af51d2129d29258108a6dbf072a82c930bf399.tar.gz sssd-54af51d2129d29258108a6dbf072a82c930bf399.tar.bz2 sssd-54af51d2129d29258108a6dbf072a82c930bf399.zip | |
Add a new option to override primary GID number
https://fedorahosted.org/sssd/ticket/742
| -rw-r--r-- | src/confdb/confdb.c | 7 | ||||
| -rw-r--r-- | src/confdb/confdb.h | 3 | ||||
| -rw-r--r-- | src/config/SSSDConfig.py | 1 | ||||
| -rwxr-xr-x | src/config/SSSDConfigTest.py | 2 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
| -rw-r--r-- | src/man/sssd.conf.5.xml | 9 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv.c | 2 | ||||
| -rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 10 |
8 files changed, 33 insertions, 2 deletions
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 4975a427..fdf409f9 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -842,6 +842,13 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } + ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, + CONFDB_DOMAIN_OVERRIDE_GID, 0); + if (ret != EOK) { + DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_OVERRIDE_GID)); + goto done; + } + *_domain = domain; ret = EOK; diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 7173c9fc..4e8a6dd8 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -109,6 +109,7 @@ #define CONFDB_DOMAIN_DNS_DISCOVERY_NAME "dns_discovery_domain" #define CONFDB_DOMAIN_FAMILY_ORDER "lookup_family_order" #define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration" +#define CONFDB_DOMAIN_OVERRIDE_GID "override_gid" /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" @@ -143,6 +144,8 @@ struct sss_domain_info { bool cache_credentials; bool legacy_passwords; + gid_t override_gid; + uint32_t entry_cache_timeout; struct sss_domain_info *next; diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index b613cfe4..25484dbc 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -85,6 +85,7 @@ option_strings = { 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), + 'override_gid' : _('Override GID value from the identity provider with this value'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 8931cdf3..7bd45b47 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -480,6 +480,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'account_cache_expiration', 'dns_resolver_timeout', 'dns_discovery_domain', + 'override_gid', 'id_provider', 'auth_provider', 'access_provider', @@ -784,6 +785,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'lookup_family_order', 'dns_resolver_timeout', 'dns_discovery_domain', + 'override_gid', 'id_provider', 'auth_provider', 'access_provider', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 8885a85f..dfb5badc 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -64,6 +64,7 @@ filter_users = list, str, false filter_groups = list, str, false dns_resolver_timeout = int, None, false dns_discovery_domain = str, None, false +override_gid = int, None, false # Special providers [provider/permit] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 6ac9de89..386dd035 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -807,6 +807,15 @@ </para> </listitem> </varlistentry> + + <varlistentry> + <term>override_gid (integer)</term> + <listitem> + <para> + Override the primary GID value with the one specified. + </para> + </listitem> + </varlistentry> </variablelist> </para> diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 9ae6f05e..6c20ca31 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -94,7 +94,7 @@ static int nss_get_config(struct nss_ctx *nctx, if (ret != EOK) goto done; if (nctx->cache_refresh_percent < 0 || nctx->cache_refresh_percent > 99) { - DEBUG(0,("Configuration error: entry_cache_nowait_percentage is" + DEBUG(0,("Configuration error: entry_cache_nowait_percentage is " "invalid. Disabling feature.\n")); nctx->cache_refresh_percent = 0; } diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index db301b38..2f510b9b 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -170,6 +170,14 @@ struct setent_ctx { * PASSWD db related functions ***************************************************************************/ +static gid_t get_gid_override(struct ldb_message *msg, + struct sss_domain_info *dom) +{ + return dom->override_gid ? + dom->override_gid : + ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); +} + static int fill_pwent(struct sss_packet *packet, struct sss_domain_info *dom, struct nss_ctx *nctx, @@ -206,7 +214,7 @@ static int fill_pwent(struct sss_packet *packet, name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); - gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); + gid = get_gid_override(msg, dom); if (!name || !uid || !gid) { DEBUG(2, ("Incomplete or fake user object for %s[%llu]! Skipping\n", |