diff options
author | Sumit Bose <sbose@redhat.com> | 2013-08-08 12:35:12 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-26 11:44:42 +0200 |
commit | e5aa9ba0df9f30e32a86453727beabed8a9e4e27 (patch) | |
tree | 9a89301b23b46f6401417fc60fea138ab8576171 /src/responder/pac | |
parent | 5c28b1bdb9f180590bdfec947bd2df52351912a8 (diff) | |
download | sssd-e5aa9ba0df9f30e32a86453727beabed8a9e4e27.tar.gz sssd-e5aa9ba0df9f30e32a86453727beabed8a9e4e27.tar.xz sssd-e5aa9ba0df9f30e32a86453727beabed8a9e4e27.zip |
PAC: handle non-POSIX groups in cache
Since the DN of the group is used to remove a membership it is not
necessary to check if the GID is valid.
Diffstat (limited to 'src/responder/pac')
-rw-r--r-- | src/responder/pac/pacsrv.h | 1 | ||||
-rw-r--r-- | src/responder/pac/pacsrv_cmd.c | 19 |
2 files changed, 9 insertions, 11 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h index 126ec7de1..f90b40c67 100644 --- a/src/responder/pac/pacsrv.h +++ b/src/responder/pac/pacsrv.h @@ -55,7 +55,6 @@ struct pac_ctx { }; struct grp_info { - gid_t gid; char *orig_dn; struct ldb_dn *dn; }; diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index bcdcdc467..79841b5d7 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -454,7 +454,10 @@ static errno_t pac_user_get_grp_info(TALLOC_CTX *mem_ctx, key.str = discard_const(cur_sid); ret = hash_lookup(pr_ctx->sid_table, &key, &value); if (ret == HASH_SUCCESS) { - /* user is already member of the group */ + DEBUG(SSSDBG_TRACE_ALL, ("User [%s] already member of group " \ + "with SID [%s].\n", + pr_ctx->user_name, cur_sid)); + ret = hash_delete(pr_ctx->sid_table, &key); if (ret != HASH_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to remove hash entry.\n")); @@ -462,15 +465,9 @@ static errno_t pac_user_get_grp_info(TALLOC_CTX *mem_ctx, goto done; } } else if (ret == HASH_ERROR_KEY_NOT_FOUND) { - /* group is not in the PAC anymore, membership must be removed */ - del_grp_list[del_idx].gid = - ldb_msg_find_attr_as_uint64(res->msgs[c + 1], - SYSDB_GIDNUM, 0); - if (del_grp_list[del_idx].gid == 0) { - DEBUG(SSSDBG_OP_FAILURE, ("Missing GID.\n")); - ret = EINVAL; - goto done; - } + DEBUG(SSSDBG_TRACE_INTERNAL, ("Group with SID [%s] is not in " \ + "the PAC anymore, membership " \ + "must be removed.\n", cur_sid)); tmp_str = ldb_msg_find_attr_as_string(res->msgs[c + 1], SYSDB_ORIG_DN, NULL); @@ -517,6 +514,8 @@ static errno_t pac_user_get_grp_info(TALLOC_CTX *mem_ctx, ret = ENOMEM; goto done; } + DEBUG(SSSDBG_TRACE_ALL, ("SID [%s] added to add_sids " \ + "list.\n", entry->key.str)); c++; } } |