summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-11-03 07:43:03 -0400
committerStephen Gallagher <sgallagh@redhat.com>2010-11-04 09:49:06 -0400
commitb3b327ada3a5db73c008ec8a7eeff2bfc5cc3d3e (patch)
tree282816015e96db4e690dded2b8a50bbd2b40943b /src/providers
parent92836f366dbfafe978f8ab009f20292d68ee55ee (diff)
downloadsssd-b3b327ada3a5db73c008ec8a7eeff2bfc5cc3d3e.tar.gz
sssd-b3b327ada3a5db73c008ec8a7eeff2bfc5cc3d3e.tar.xz
sssd-b3b327ada3a5db73c008ec8a7eeff2bfc5cc3d3e.zip
Don't clean up groups for which a user has it as primary GID
We were cleaning up all groups that were expired and for which there existed no user with memberOf: <thegroup> as an attribute. This patch modifies the search to also check for cached users with this group's GID as their primary GID. Fixes https://fedorahosted.org/sssd/ticket/624
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ldap/ldap_id_cleanup.c17
1 files changed, 15 insertions, 2 deletions
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c
index 6357708a1..293681cf4 100644
--- a/src/providers/ldap/ldap_id_cleanup.c
+++ b/src/providers/ldap/ldap_id_cleanup.c
@@ -363,10 +363,11 @@ static int cleanup_groups(TALLOC_CTX *memctx,
struct sss_domain_info *domain)
{
TALLOC_CTX *tmpctx;
- const char *attrs[] = { SYSDB_NAME, NULL };
+ const char *attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL };
time_t now = time(NULL);
char *subfilter;
const char *dn;
+ gid_t gid;
struct ldb_message **msgs;
size_t count;
struct ldb_message **u_msgs;
@@ -411,7 +412,19 @@ static int cleanup_groups(TALLOC_CTX *memctx,
goto done;
}
- subfilter = talloc_asprintf(tmpctx, "(%s=%s)", SYSDB_MEMBEROF, dn);
+ gid = (gid_t) ldb_msg_find_attr_as_uint(msgs[i], SYSDB_GIDNUM, 0);
+ if (!gid) {
+ DEBUG(2, ("Entry has no GID\n"));
+ ret = EIO;
+ goto done;
+ }
+
+ /* Search for users that are members of this group, or
+ * that have this group as their primary GID
+ */
+ subfilter = talloc_asprintf(tmpctx, "(|(%s=%s)(%s=%lu))",
+ SYSDB_MEMBEROF, dn,
+ SYSDB_GIDNUM, (long unsigned) gid);
if (!subfilter) {
DEBUG(2, ("Failed to build filter\n"));
ret = ENOMEM;