summaryrefslogtreecommitdiffstats
path: root/server/responder
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-11-23 14:34:36 -0500
committerStephen Gallagher <sgallagh@redhat.com>2009-11-23 16:49:51 -0500
commit089077a742b2cb6fbac3ab6c9c59b09dc6339247 (patch)
tree1035df5b1bac2422ece4f653604103b382d50529 /server/responder
parent269b17b8070d27ec3805e86a088fcff7a50f7f40 (diff)
downloadsssd-089077a742b2cb6fbac3ab6c9c59b09dc6339247.tar.gz
sssd-089077a742b2cb6fbac3ab6c9c59b09dc6339247.tar.xz
sssd-089077a742b2cb6fbac3ab6c9c59b09dc6339247.zip
Fix ticket #289
When I converted fill_grent to speed up enumerations I left out this check by mistake.
Diffstat (limited to 'server/responder')
-rw-r--r--server/responder/nss/nsssrv_cmd.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c
index 97178978f..6be78900c 100644
--- a/server/responder/nss/nsssrv_cmd.c
+++ b/server/responder/nss/nsssrv_cmd.c
@@ -1636,6 +1636,24 @@ static int fill_grent(struct sss_packet *packet,
continue;
}
nlen = p - name;
+
+ if (nctx->filter_users_in_groups) {
+ char t;
+ t = *p;
+ *p = '\0';
+ ret = nss_ncache_check_user(nctx->ncache,
+ nctx->neg_timeout,
+ domain, name);
+ *p = t;
+ if (ret == EEXIST) {
+ DEBUG(6, ("Group [%s] member [%.*s@%s] filtered out!"
+ " (negative cache)\n",
+ (char *)&body[rzero+STRS_ROFFSET],
+ nlen, name, domain));
+ continue;
+ }
+ }
+
p++;
if (strncmp(p, SYSDB_USERS_CONTAINER, sysuserslen) != 0) {
DEBUG(1, ("Member [%.*s] not in the std format ?! "