diff options
author | Simo Sorce <ssorce@redhat.com> | 2009-11-23 14:34:36 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-11-23 16:49:51 -0500 |
commit | 089077a742b2cb6fbac3ab6c9c59b09dc6339247 (patch) | |
tree | 1035df5b1bac2422ece4f653604103b382d50529 /server | |
parent | 269b17b8070d27ec3805e86a088fcff7a50f7f40 (diff) | |
download | sssd-089077a742b2cb6fbac3ab6c9c59b09dc6339247.tar.gz sssd-089077a742b2cb6fbac3ab6c9c59b09dc6339247.tar.bz2 sssd-089077a742b2cb6fbac3ab6c9c59b09dc6339247.zip |
Fix ticket #289
When I converted fill_grent to speed up enumerations I left out this check
by mistake.
Diffstat (limited to 'server')
-rw-r--r-- | server/responder/nss/nsssrv_cmd.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c index 97178978..6be78900 100644 --- a/server/responder/nss/nsssrv_cmd.c +++ b/server/responder/nss/nsssrv_cmd.c @@ -1636,6 +1636,24 @@ static int fill_grent(struct sss_packet *packet, continue; } nlen = p - name; + + if (nctx->filter_users_in_groups) { + char t; + t = *p; + *p = '\0'; + ret = nss_ncache_check_user(nctx->ncache, + nctx->neg_timeout, + domain, name); + *p = t; + if (ret == EEXIST) { + DEBUG(6, ("Group [%s] member [%.*s@%s] filtered out!" + " (negative cache)\n", + (char *)&body[rzero+STRS_ROFFSET], + nlen, name, domain)); + continue; + } + } + p++; if (strncmp(p, SYSDB_USERS_CONTAINER, sysuserslen) != 0) { DEBUG(1, ("Member [%.*s] not in the std format ?! " |