From 54af51d2129d29258108a6dbf072a82c930bf399 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 17 May 2011 16:28:15 +0200 Subject: Add a new option to override primary GID number https://fedorahosted.org/sssd/ticket/742 --- src/confdb/confdb.c | 7 +++++++ src/confdb/confdb.h | 3 +++ src/config/SSSDConfig.py | 1 + src/config/SSSDConfigTest.py | 2 ++ src/config/etc/sssd.api.conf | 1 + src/man/sssd.conf.5.xml | 9 +++++++++ src/responder/nss/nsssrv.c | 2 +- src/responder/nss/nsssrv_cmd.c | 10 +++++++++- 8 files changed, 33 insertions(+), 2 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 4975a427..fdf409f9 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -842,6 +842,13 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } + ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, + CONFDB_DOMAIN_OVERRIDE_GID, 0); + if (ret != EOK) { + DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_OVERRIDE_GID)); + goto done; + } + *_domain = domain; ret = EOK; diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 7173c9fc..4e8a6dd8 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -109,6 +109,7 @@ #define CONFDB_DOMAIN_DNS_DISCOVERY_NAME "dns_discovery_domain" #define CONFDB_DOMAIN_FAMILY_ORDER "lookup_family_order" #define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration" +#define CONFDB_DOMAIN_OVERRIDE_GID "override_gid" /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" @@ -143,6 +144,8 @@ struct sss_domain_info { bool cache_credentials; bool legacy_passwords; + gid_t override_gid; + uint32_t entry_cache_timeout; struct sss_domain_info *next; diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index b613cfe4..25484dbc 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -85,6 +85,7 @@ option_strings = { 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), + 'override_gid' : _('Override GID value from the identity provider with this value'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 8931cdf3..7bd45b47 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -480,6 +480,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'account_cache_expiration', 'dns_resolver_timeout', 'dns_discovery_domain', + 'override_gid', 'id_provider', 'auth_provider', 'access_provider', @@ -784,6 +785,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'lookup_family_order', 'dns_resolver_timeout', 'dns_discovery_domain', + 'override_gid', 'id_provider', 'auth_provider', 'access_provider', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 8885a85f..dfb5badc 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -64,6 +64,7 @@ filter_users = list, str, false filter_groups = list, str, false dns_resolver_timeout = int, None, false dns_discovery_domain = str, None, false +override_gid = int, None, false # Special providers [provider/permit] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 6ac9de89..386dd035 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -807,6 +807,15 @@ + + + override_gid (integer) + + + Override the primary GID value with the one specified. + + + diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 9ae6f05e..6c20ca31 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -94,7 +94,7 @@ static int nss_get_config(struct nss_ctx *nctx, if (ret != EOK) goto done; if (nctx->cache_refresh_percent < 0 || nctx->cache_refresh_percent > 99) { - DEBUG(0,("Configuration error: entry_cache_nowait_percentage is" + DEBUG(0,("Configuration error: entry_cache_nowait_percentage is " "invalid. Disabling feature.\n")); nctx->cache_refresh_percent = 0; } diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index db301b38..2f510b9b 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -170,6 +170,14 @@ struct setent_ctx { * PASSWD db related functions ***************************************************************************/ +static gid_t get_gid_override(struct ldb_message *msg, + struct sss_domain_info *dom) +{ + return dom->override_gid ? + dom->override_gid : + ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); +} + static int fill_pwent(struct sss_packet *packet, struct sss_domain_info *dom, struct nss_ctx *nctx, @@ -206,7 +214,7 @@ static int fill_pwent(struct sss_packet *packet, name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); - gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); + gid = get_gid_override(msg, dom); if (!name || !uid || !gid) { DEBUG(2, ("Incomplete or fake user object for %s[%llu]! Skipping\n", -- cgit