diff options
author | Pavel Reichl <preichl@redhat.com> | 2015-09-22 04:41:18 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-10-02 12:38:18 +0200 |
commit | 6735c0451d4e80d7cd4b480a8c1f7dafb2b536ea (patch) | |
tree | e6706891cabc6949159c49cf459a82a1a8f33a79 /src/providers | |
parent | c156a67bbd627f1085668f87093b2a9ed81dd24a (diff) | |
download | sssd-6735c0451d4e80d7cd4b480a8c1f7dafb2b536ea.tar.gz sssd-6735c0451d4e80d7cd4b480a8c1f7dafb2b536ea.tar.xz sssd-6735c0451d4e80d7cd4b480a8c1f7dafb2b536ea.zip |
SDAP: Relax POSIX check
Relax the check on UID or GID just to check if at least one of them is
present but do not require them to be positive numbers.
Add requirement on objectclass attributes to be user or group to make
check more reliable.
Resolves:
https://fedorahosted.org/sssd/ticket/2800
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap_async.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 97c9ea5df..b81431f79 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -2586,9 +2586,12 @@ sdap_posix_check_send(TALLOC_CTX *memctx, struct tevent_context *ev, state->attrs[2] = opts->group_map[SDAP_AT_GROUP_GID].name; state->attrs[3] = NULL; - state->filter = talloc_asprintf(state, "(|(%s=*)(%s=*))", + state->filter = talloc_asprintf(state, + "(|(&(%s=*)(objectclass=%s))(&(%s=*)(objectclass=%s)))", opts->user_map[SDAP_AT_USER_UID].name, - opts->group_map[SDAP_AT_GROUP_GID].name); + opts->user_map[SDAP_OC_USER].name, + opts->group_map[SDAP_AT_GROUP_GID].name, + opts->group_map[SDAP_OC_GROUP].name); if (state->filter == NULL) { ret = ENOMEM; goto fail; @@ -2671,9 +2674,8 @@ static errno_t sdap_posix_check_parse(struct sdap_handle *sh, errno = 0; strtouint32(vals[0]->bv_val, &endptr, 10); if (errno || *endptr || (vals[0]->bv_val == endptr)) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_MINOR_FAILURE, "POSIX attribute is not a number: %s\n", vals[0]->bv_val); - goto done; } state->has_posix = true; |