From 089077a742b2cb6fbac3ab6c9c59b09dc6339247 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 23 Nov 2009 14:34:36 -0500 Subject: Fix ticket #289 When I converted fill_grent to speed up enumerations I left out this check by mistake. --- server/responder/nss/nsssrv_cmd.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c index 97178978..6be78900 100644 --- a/server/responder/nss/nsssrv_cmd.c +++ b/server/responder/nss/nsssrv_cmd.c @@ -1636,6 +1636,24 @@ static int fill_grent(struct sss_packet *packet, continue; } nlen = p - name; + + if (nctx->filter_users_in_groups) { + char t; + t = *p; + *p = '\0'; + ret = nss_ncache_check_user(nctx->ncache, + nctx->neg_timeout, + domain, name); + *p = t; + if (ret == EEXIST) { + DEBUG(6, ("Group [%s] member [%.*s@%s] filtered out!" + " (negative cache)\n", + (char *)&body[rzero+STRS_ROFFSET], + nlen, name, domain)); + continue; + } + } + p++; if (strncmp(p, SYSDB_USERS_CONTAINER, sysuserslen) != 0) { DEBUG(1, ("Member [%.*s] not in the std format ?! " -- cgit