Inherit ID limits of parent domains if set

https://fedorahosted.org/sssd/ticket/2123

Previously, the subdomains were always unbound even if the administrator
limited the ranges with min_id/max_id. This could have posed problems
when running programs that scan the whole ID space, such as "groupadd
-r".

1 files changed, 5 insertions, 3 deletions

diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index a6aa5c733..4da0c9d2a 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -74,9 +74,11 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
 
     dom->enumerate = false;
     dom->fqnames = false;
-    /* FIXME: get ranges from the server */
-    dom->id_min = 0;
-    dom->id_max = 0xffffffff;
+    /* If the parent domain explicitly limits ID ranges, the subdomain
+     * should honour the limits as well.
+     */
+    dom->id_min = parent->id_min ? parent->id_min : 0;
+    dom->id_max = parent->id_max ? parent->id_max : 0xffffffff;
     dom->pwd_expiration_warning = parent->pwd_expiration_warning;
     dom->cache_credentials = parent->cache_credentials;
     dom->case_sensitive = false;