diff options
author | Sumit Bose <sbose@redhat.com> | 2013-08-14 17:13:13 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-19 12:53:49 +0200 |
commit | 39f13b3bf5b3cf79f5f16575403f03b539300dc7 (patch) | |
tree | 817bf3977365aa4d67e54a821048ee4bb2ddb51d | |
parent | 8cdb9b9824d3fcc2448544d67544496f55b8d393 (diff) | |
download | sssd-39f13b3bf5b3cf79f5f16575403f03b539300dc7.tar.gz sssd-39f13b3bf5b3cf79f5f16575403f03b539300dc7.tar.bz2 sssd-39f13b3bf5b3cf79f5f16575403f03b539300dc7.zip |
fill_initgr: add original primary GID if available
In some cases when MPG domains are used the information about the
original primary group of a user cannot be determined by looking at
the explicit group memberships. In those cases the GID related to the
original primary group is stored in a special attribute of the user
object.
This patch adds the GID of the original primary group when available and
needed.
Fixes https://fedorahosted.org/sssd/ticket/2027
-rw-r--r-- | src/db/sysdb.h | 1 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 27 |
2 files changed, 28 insertions, 0 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 53fb8603..7b02b344 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -170,6 +170,7 @@ SYSDB_GIDNUM, SYSDB_GECOS, \ SYSDB_HOMEDIR, SYSDB_SHELL, \ SYSDB_DEFAULT_ATTRS, \ + SYSDB_PRIMARY_GROUP_GIDNUM, \ NULL} #define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \ SYSDB_MEMBERUID, \ diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 62a564a4..7c35a7b3 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -3399,6 +3399,7 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res) int ret, i, num, bindex; int skipped = 0; const char *posix; + gid_t orig_primary_gid; if (res->count == 0) { return ENOENT; @@ -3413,6 +3414,20 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res) } sss_packet_get_body(packet, &body, &blen); + orig_primary_gid = ldb_msg_find_attr_as_uint64(res->msgs[0], + SYSDB_PRIMARY_GROUP_GIDNUM, + 0); + + /* If the GID of the original primary group is available but equal to the + * current primary GID it must not be added. */ + if (orig_primary_gid != 0) { + gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0); + + if (orig_primary_gid == gid) { + orig_primary_gid = 0; + } + } + /* skip first entry, it's the user entry */ bindex = 0; for (i = 0; i < num; i++) { @@ -3429,6 +3444,18 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res) } ((uint32_t *)body)[2 + bindex] = gid; bindex++; + + /* do not add the GID of the original primary group is the user is + * already and explicit member of the group. */ + if (orig_primary_gid == gid) { + orig_primary_gid = 0; + } + } + + if (orig_primary_gid != 0) { + ((uint32_t *)body)[2 + bindex] = orig_primary_gid; + bindex++; + num++; } ((uint32_t *)body)[0] = num-skipped; /* num results */ |