diff options
author | Sumit Bose <sbose@redhat.com> | 2009-08-21 16:54:48 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-08-21 12:55:43 -0400 |
commit | c1410419224a504954791dbfd36fd19ad78cfb65 (patch) | |
tree | 6743909accd5fe9da6b2f0632e9b162ca8fae0bc /server/responder/nss/nsssrv_cmd.c | |
parent | bd3d8fc1d59837f3c80de22780c146c43b2eb45d (diff) | |
download | sssd-c1410419224a504954791dbfd36fd19ad78cfb65.tar.gz sssd-c1410419224a504954791dbfd36fd19ad78cfb65.tar.xz sssd-c1410419224a504954791dbfd36fd19ad78cfb65.zip |
fix handling of filtersUsers in groups
- with the boolean option filterUsersInGroups it can be controlled
wether filtered users appear in groups or not.
- fixed an error which prevented the display of groups with filtered
members
- removed some tab indents
Diffstat (limited to 'server/responder/nss/nsssrv_cmd.c')
-rw-r--r-- | server/responder/nss/nsssrv_cmd.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c index e8f178a48..520bf6df2 100644 --- a/server/responder/nss/nsssrv_cmd.c +++ b/server/responder/nss/nsssrv_cmd.c @@ -1373,6 +1373,7 @@ static int fill_grent(struct sss_packet *packet, const char *namefmt = nctx->rctx->names->fq_fmt; bool packet_initialized = false; int ncret; + bool legacy = false; if (add_domain) dom_len = strlen(domain); @@ -1496,19 +1497,22 @@ static int fill_grent(struct sss_packet *packet, el = ldb_msg_find_element(msg, SYSDB_LEGACY_MEMBER); if (el) { /* legacy */ + legacy = true; memnum = el->num_values; n = 0; for (j = 0; j < memnum; j++) { name = (char *)el->values[j].data; - ncret = nss_ncache_check_user(nctx->ncache, - nctx->neg_timeout, - domain, name); - if (ncret == EEXIST) { - DEBUG(4, ("User [%s@%s] filtered out! (negative cache)\n", - name, domain)); - continue; + if (nctx->filter_users_in_groups) { + ncret = nss_ncache_check_user(nctx->ncache, + nctx->neg_timeout, + domain, name); + if (ncret == EEXIST) { + DEBUG(4,("User [%s@%s] filtered out! (negative cache)\n", + name, domain)); + continue; + } } name_len = el->values[j].length + 1; @@ -1586,12 +1590,14 @@ static int fill_grent(struct sss_packet *packet, goto done; } - ncret = nss_ncache_check_user(nctx->ncache, - nctx->neg_timeout, domain, name); - if (ncret == EEXIST) { - DEBUG(4, ("User [%s@%s] filtered out! (negative cache)\n", - name, domain)); - continue; + if (nctx->filter_users_in_groups) { + ncret = nss_ncache_check_user(nctx->ncache, + nctx->neg_timeout, domain, name); + if (ncret == EEXIST) { + DEBUG(4, ("User [%s@%s] filtered out! (negative cache)\n", + name, domain)); + continue; + } } /* check that the uid is valid for this domain */ @@ -1651,7 +1657,7 @@ static int fill_grent(struct sss_packet *packet, goto done; } - if (mnump) { + if (mnump && !legacy) { /* fill in the last group member count */ sss_packet_get_body(packet, &body, &blen); ((uint32_t *)(&body[mnump]))[0] = memnum; /* num members */ |