diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-07-15 18:01:50 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-07-27 16:40:01 -0400 |
commit | 804dc66b3a646938167ddeb34b011f3f3b6dfebc (patch) | |
tree | 03a1b92419a89609819659cdbdc528c07a0ae440 | |
parent | 8ab71d67fc4702be9390c38c4b0c68b4b184c594 (diff) | |
download | sssd-804dc66b3a646938167ddeb34b011f3f3b6dfebc.tar.gz sssd-804dc66b3a646938167ddeb34b011f3f3b6dfebc.tar.xz sssd-804dc66b3a646938167ddeb34b011f3f3b6dfebc.zip |
Explicitly ignore groups with gidNumber=0
https://fedorahosted.org/sssd/ticket/916
-rw-r--r-- | src/providers/ldap/ldap_id.c | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 27 |
2 files changed, 18 insertions, 11 deletions
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index a3c9c0cd4..85d4aa0e5 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -346,7 +346,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, goto fail; } - base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", + base_filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s>=1))", attr_name, clean_name, ctx->opts->group_map[SDAP_OC_GROUP].name, ctx->opts->group_map[SDAP_AT_GROUP_NAME].name, diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index e6b1dd88f..581abc609 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -758,7 +758,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, } /* check that the gid is valid for this domain */ - if (posix_group || gid != 0) { + if (posix_group) { if (OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { DEBUG(2, ("Group [%s] filtered out! (id out of range)\n", name)); @@ -2170,7 +2170,10 @@ static errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, ret = sysdb_attrs_get_uint32_t(ldap_groups[ai], SYSDB_GIDNUM, &gid); - if (ret == ENOENT) { + if (ret == ENOENT || (ret == EOK && gid == 0)) { + DEBUG(9, ("The group %s gid was %s\n", + name, ret == ENOENT ? "missing" : "zero")); + DEBUG(8, ("Marking group %s as non-posix and setting GID=0!\n", name)); gid = 0; posix = false; } else if (ret) { @@ -2354,7 +2357,7 @@ struct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx, return NULL; } - filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s=*))", + filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s)(%s=*)(%s>=1))", opts->group_map[SDAP_AT_GROUP_MEMBER].name, clean_name, opts->group_map[SDAP_OC_GROUP].name, @@ -3451,14 +3454,18 @@ static struct tevent_req *sdap_nested_group_process_send( ret = sysdb_attrs_get_uint32_t(group, opts->group_map[SDAP_AT_GROUP_GID].name, &gid); - if (ret == ENOENT) { + if (ret == ENOENT || (ret == EOK && gid == 0)) { + DEBUG(9, ("The group's gid was %s\n", ret == ENOENT ? "missing" : "zero")); DEBUG(8, ("Marking group as non-posix and setting GID=0!\n")); - ret = sysdb_attrs_add_uint32(group, - opts->group_map[SDAP_AT_GROUP_GID].name, - 0); - if (ret != EOK) { - DEBUG(1, ("Failed to add a GID to non-posix group!\n")); - goto immediate; + + if (ret == ENOENT) { + ret = sysdb_attrs_add_uint32(group, + opts->group_map[SDAP_AT_GROUP_GID].name, + 0); + if (ret != EOK) { + DEBUG(1, ("Failed to add a GID to non-posix group!\n")); + goto immediate; + } } ret = sysdb_attrs_add_bool(group, SYSDB_POSIX, false); |