summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLukas Slebodnik <lslebodn@redhat.com>2015-04-13 09:50:29 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-04-14 13:18:51 +0200
commitfcb426997111b84514f38c0dfd8d78a5706d6d04 (patch)
tree003bf305ad2dcb09624dde993221d7891a48c7c6
parent5601c23a999eb83ebfd5558742900ad467eee19d (diff)
downloadsssd-fcb426997111b84514f38c0dfd8d78a5706d6d04.tar.gz
sssd-fcb426997111b84514f38c0dfd8d78a5706d6d04.tar.xz
sssd-fcb426997111b84514f38c0dfd8d78a5706d6d04.zip
SDAP: Filter ad groups in initgroups
Function sdap_add_incomplete_groups stored domain local groups from subdomain as POSIX group, which should not be done. Resolves: https://fedorahosted.org/sssd/ticket/2614 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit b9fbeb75e7a4f50f98d979a70a710f9221892483) (cherry picked from commit 49895bb18508a4f4b83b99d9875e99e17c81285b)
Diffstat
-rw-r--r--src/providers/ldap/sdap_async_initgroups.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 96617aecc..ae617b9c4 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -51,6 +51,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
time_t now;
char *sid_str = NULL;
bool use_id_mapping;
+ bool need_filter;
char *tmp_name;
/* There are no groups in LDAP but we should add user to groups ?? */
@@ -210,6 +211,17 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
uuid = NULL;
}
+ ret = sdap_check_ad_group_type(domain, opts, ldap_groups[ai],
+ groupname, &need_filter);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ if (need_filter) {
+ posix = false;
+ gid = 0;
+ }
+
DEBUG(SSSDBG_TRACE_INTERNAL,
"Adding fake group %s to sysdb\n", groupname);
ret = sysdb_add_incomplete_group(domain, groupname, gid,
generated by cgit (git 2.34.1) at 2024-04-25 13:05:23 +0000