diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2011-07-21 17:45:24 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-07-27 16:40:01 -0400 |
| commit | 8ab71d67fc4702be9390c38c4b0c68b4b184c594 (patch) | |
| tree | 0abe81f64b6ec4f0d76996d4ef2f459351d84186 /src/providers/ldap | |
| parent | 801ef60c4b4a9ed9c118d963f79b265ec288840e (diff) | |
| download | sssd-8ab71d67fc4702be9390c38c4b0c68b4b184c594.tar.gz sssd-8ab71d67fc4702be9390c38c4b0c68b4b184c594.tar.xz sssd-8ab71d67fc4702be9390c38c4b0c68b4b184c594.zip | |
Set gidNumber of non-posix groups to 0 even on updates
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 52 |
1 files changed, 44 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index a8f95fdd1..e6b1dd88f 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -663,6 +663,39 @@ done: /* FIXME: support non legacy */ /* FIXME: support storing additional attributes */ +static errno_t +sdap_store_group_with_gid(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *ctx, + struct sss_domain_info *domain, + const char *name, + gid_t gid, + struct sysdb_attrs *group_attrs, + uint64_t cache_timeout, + bool posix_group) +{ + errno_t ret; + + /* make sure that non-posix (empty or explicit gid=0) groups have the + * gidNumber set to zero even if updating existing group */ + if (!posix_group) { + ret = sysdb_attrs_add_uint32(mem_ctx, SYSDB_GIDNUM, 0); + if (ret) { + DEBUG(2, ("Could not set explicit GID 0 for %s\n", name)); + return ret; + } + } + + ret = sysdb_store_group(mem_ctx, ctx, domain, + name, gid, group_attrs, + cache_timeout); + if (ret) { + DEBUG(2, ("Could not store group %s\n", name)); + return ret; + } + + return ret; +} + static int sdap_save_group(TALLOC_CTX *memctx, struct sysdb_ctx *ctx, struct sdap_options *opts, @@ -725,12 +758,14 @@ static int sdap_save_group(TALLOC_CTX *memctx, } /* check that the gid is valid for this domain */ - if ((posix_group || gid != 0) && - OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { + if (posix_group || gid != 0) { + if (OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) { DEBUG(2, ("Group [%s] filtered out! (id out of range)\n", name)); - ret = EINVAL; - goto fail; + ret = EINVAL; + goto fail; + } + /* Group ID OK */ } ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el); @@ -822,10 +857,11 @@ static int sdap_save_group(TALLOC_CTX *memctx, DEBUG(6, ("Storing info for group %s\n", name)); - ret = sysdb_store_group(group_attrs, ctx, dom, - name, gid, group_attrs, - dp_opt_get_int(opts->basic, - SDAP_ENTRY_CACHE_TIMEOUT)); + ret = sdap_store_group_with_gid(group_attrs, ctx, dom, + name, gid, group_attrs, + dp_opt_get_int(opts->basic, + SDAP_ENTRY_CACHE_TIMEOUT), + posix_group); if (ret) goto fail; if (_usn_value) { |