IPA: handle GID overrides for MPG domains on clients

Resolves https://fedorahosted.org/sssd/ticket/2514 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2014-12-04 12:50:03 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-01-13 21:00:14 +0100
commit: e171284d9ca72a0422c9fd44ea1ffa9ef493fd93 (patch)
tree: a4e6026512549f84ae096e6601ea74f28cae3611 /src/providers/ipa
parent: b267fdc37991ce70ab86e749b2924851a7e5a6d3 (diff)
download: sssd-e171284d9ca72a0422c9fd44ea1ffa9ef493fd93.tar.gz
sssd-e171284d9ca72a0422c9fd44ea1ffa9ef493fd93.tar.xz
sssd-e171284d9ca72a0422c9fd44ea1ffa9ef493fd93.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index 6d5b45edf..55450c702 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -1618,6 +1618,7 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
     char *realm;
     char *upn = NULL;
     gid_t gid;
+    gid_t orig_gid = 0;
     TALLOC_CTX *tmp_ctx;
     const char *sid_str;
     const char *tmp_str;
@@ -1796,6 +1797,31 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
             gid = 0;
             if (dom->mpg == false) {
                 gid = attrs->a.user.pw_gid;
+            } else {
+                /* The extdom plugin always returns the objects with the
+                 * default view applied. Since the GID is handled specially
+                 * for MPG domains we have add any overridden GID separately.
+                 */
+                ret = sysdb_attrs_get_uint32_t(attrs->sysdb_attrs,
+                                               ORIGINALAD_PREFIX SYSDB_GIDNUM,
+                                               &orig_gid);
+                if (ret == EOK || ret == ENOENT) {
+                    if ((orig_gid != 0 && orig_gid != attrs->a.user.pw_gid)
+                            || attrs->a.user.pw_uid != attrs->a.user.pw_gid) {
+                        ret = sysdb_attrs_add_uint32(attrs->sysdb_attrs,
+                                                     SYSDB_GIDNUM,
+                                                     attrs->a.user.pw_gid);
+                        if (ret != EOK) {
+                            DEBUG(SSSDBG_OP_FAILURE,
+                                  "sysdb_attrs_add_uint32 failed.\n");
+                            goto done;
+                        }
+                    }
+                } else {
+                    DEBUG(SSSDBG_OP_FAILURE,
+                          "sysdb_attrs_get_uint32_t failed.\n");
+                    goto done;
+                }
             }
 
             ret = sysdb_transaction_start(dom->sysdb);
author	Sumit Bose <sbose@redhat.com>	2014-12-04 12:50:03 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-01-13 21:00:14 +0100
commit	e171284d9ca72a0422c9fd44ea1ffa9ef493fd93 (patch)
tree	a4e6026512549f84ae096e6601ea74f28cae3611 /src/providers/ipa
parent	b267fdc37991ce70ab86e749b2924851a7e5a6d3 (diff)
download	sssd-e171284d9ca72a0422c9fd44ea1ffa9ef493fd93.tar.gz sssd-e171284d9ca72a0422c9fd44ea1ffa9ef493fd93.tar.xz sssd-e171284d9ca72a0422c9fd44ea1ffa9ef493fd93.zip