summaryrefslogtreecommitdiffstats
path: root/src/util
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-10-18 17:05:38 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-10-24 16:01:30 +0200
commite4a731167c210a6e57e68f451361f270337b1eed (patch)
tree16c48fbf04310cdceb863fdea8463b1b1746fddb /src/util
parent5fe6ca5e339fd345119752e996c14edf8db57660 (diff)
downloadsssd-e4a731167c210a6e57e68f451361f270337b1eed.tar.gz
sssd-e4a731167c210a6e57e68f451361f270337b1eed.tar.xz
sssd-e4a731167c210a6e57e68f451361f270337b1eed.zip
Inherit ID limits of parent domains if set
https://fedorahosted.org/sssd/ticket/2123 Previously, the subdomains were always unbound even if the administrator limited the ranges with min_id/max_id. This could have posed problems when running programs that scan the whole ID space, such as "groupadd -r".
Diffstat (limited to 'src/util')
-rw-r--r--src/util/domain_info_utils.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c
index 9d7bb5f5a..8d07871ec 100644
--- a/src/util/domain_info_utils.c
+++ b/src/util/domain_info_utils.c
@@ -251,9 +251,11 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
dom->enumerate = enumerate;
dom->fqnames = true;
dom->mpg = mpg;
- /* FIXME: get ranges from the server */
- dom->id_min = 0;
- dom->id_max = 0xffffffff;
+ /* If the parent domain explicitly limits ID ranges, the subdomain
+ * should honour the limits as well.
+ */
+ dom->id_min = parent->id_min ? parent->id_min : 0;
+ dom->id_max = parent->id_max ? parent->id_max : 0xffffffff;
dom->pwd_expiration_warning = parent->pwd_expiration_warning;
dom->cache_credentials = parent->cache_credentials;
dom->case_sensitive = false;