summaryrefslogtreecommitdiff
path: root/src/responder/pac
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-08-08 12:35:12 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-26 11:44:42 +0200
commite5aa9ba0df9f30e32a86453727beabed8a9e4e27 (patch)
tree9a89301b23b46f6401417fc60fea138ab8576171 /src/responder/pac
parent5c28b1bdb9f180590bdfec947bd2df52351912a8 (diff)
downloadsssd-e5aa9ba0df9f30e32a86453727beabed8a9e4e27.tar.gz
sssd-e5aa9ba0df9f30e32a86453727beabed8a9e4e27.tar.bz2
sssd-e5aa9ba0df9f30e32a86453727beabed8a9e4e27.zip
PAC: handle non-POSIX groups in cache
Since the DN of the group is used to remove a membership it is not necessary to check if the GID is valid.
Diffstat (limited to 'src/responder/pac')
-rw-r--r--src/responder/pac/pacsrv.h1
-rw-r--r--src/responder/pac/pacsrv_cmd.c19
2 files changed, 9 insertions, 11 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index 126ec7de..f90b40c6 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -55,7 +55,6 @@ struct pac_ctx {
};
struct grp_info {
- gid_t gid;
char *orig_dn;
struct ldb_dn *dn;
};
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index bcdcdc46..79841b5d 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -454,7 +454,10 @@ static errno_t pac_user_get_grp_info(TALLOC_CTX *mem_ctx,
key.str = discard_const(cur_sid);
ret = hash_lookup(pr_ctx->sid_table, &key, &value);
if (ret == HASH_SUCCESS) {
- /* user is already member of the group */
+ DEBUG(SSSDBG_TRACE_ALL, ("User [%s] already member of group " \
+ "with SID [%s].\n",
+ pr_ctx->user_name, cur_sid));
+
ret = hash_delete(pr_ctx->sid_table, &key);
if (ret != HASH_SUCCESS) {
DEBUG(SSSDBG_OP_FAILURE, ("Failed to remove hash entry.\n"));
@@ -462,15 +465,9 @@ static errno_t pac_user_get_grp_info(TALLOC_CTX *mem_ctx,
goto done;
}
} else if (ret == HASH_ERROR_KEY_NOT_FOUND) {
- /* group is not in the PAC anymore, membership must be removed */
- del_grp_list[del_idx].gid =
- ldb_msg_find_attr_as_uint64(res->msgs[c + 1],
- SYSDB_GIDNUM, 0);
- if (del_grp_list[del_idx].gid == 0) {
- DEBUG(SSSDBG_OP_FAILURE, ("Missing GID.\n"));
- ret = EINVAL;
- goto done;
- }
+ DEBUG(SSSDBG_TRACE_INTERNAL, ("Group with SID [%s] is not in " \
+ "the PAC anymore, membership " \
+ "must be removed.\n", cur_sid));
tmp_str = ldb_msg_find_attr_as_string(res->msgs[c + 1],
SYSDB_ORIG_DN, NULL);
@@ -517,6 +514,8 @@ static errno_t pac_user_get_grp_info(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto done;
}
+ DEBUG(SSSDBG_TRACE_ALL, ("SID [%s] added to add_sids " \
+ "list.\n", entry->key.str));
c++;
}
}