diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-03 07:43:03 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-11-04 09:49:06 -0400 |
commit | b3b327ada3a5db73c008ec8a7eeff2bfc5cc3d3e (patch) | |
tree | 282816015e96db4e690dded2b8a50bbd2b40943b /src/providers | |
parent | 92836f366dbfafe978f8ab009f20292d68ee55ee (diff) | |
download | sssd-b3b327ada3a5db73c008ec8a7eeff2bfc5cc3d3e.tar.gz sssd-b3b327ada3a5db73c008ec8a7eeff2bfc5cc3d3e.tar.xz sssd-b3b327ada3a5db73c008ec8a7eeff2bfc5cc3d3e.zip |
Don't clean up groups for which a user has it as primary GID
We were cleaning up all groups that were expired and for which
there existed no user with memberOf: <thegroup> as an attribute.
This patch modifies the search to also check for cached users with
this group's GID as their primary GID.
Fixes https://fedorahosted.org/sssd/ticket/624
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/ldap_id_cleanup.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c index 6357708a1..293681cf4 100644 --- a/src/providers/ldap/ldap_id_cleanup.c +++ b/src/providers/ldap/ldap_id_cleanup.c @@ -363,10 +363,11 @@ static int cleanup_groups(TALLOC_CTX *memctx, struct sss_domain_info *domain) { TALLOC_CTX *tmpctx; - const char *attrs[] = { SYSDB_NAME, NULL }; + const char *attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL }; time_t now = time(NULL); char *subfilter; const char *dn; + gid_t gid; struct ldb_message **msgs; size_t count; struct ldb_message **u_msgs; @@ -411,7 +412,19 @@ static int cleanup_groups(TALLOC_CTX *memctx, goto done; } - subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, dn); + gid = (gid_t) ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0); + if (!gid) { + DEBUG(2, ("Entry has no GID\n")); + ret = EIO; + goto done; + } + + /* Search for users that are members of this group, or + * that have this group as their primary GID + */ + subfilter = talloc_asprintf(tmpctx, "(|(%s=%s)(%s=%lu))", + SYSDB_MEMBEROF, dn, + SYSDB_GIDNUM, (long unsigned) gid); if (!subfilter) { DEBUG(2, ("Failed to build filter\n")); ret = ENOMEM; |