diff options
Diffstat (limited to 'src/providers/ldap/sdap_async_groups.c')
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 40 |
1 files changed, 14 insertions, 26 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 454d302ea..fb1912d2b 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -510,9 +510,9 @@ static int sdap_save_group(TALLOC_CTX *memctx, TALLOC_CTX *tmpctx = NULL; bool posix_group; bool use_id_mapping; + bool need_filter; char *sid_str; struct sss_domain_info *subdomain; - int32_t ad_group_type; tmpctx = talloc_new(NULL); if (!tmpctx) { @@ -579,32 +579,20 @@ static int sdap_save_group(TALLOC_CTX *memctx, DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", group_name); posix_group = true; - if (opts->schema_type == SDAP_SCHEMA_AD) { - ret = sysdb_attrs_get_int32_t(attrs, SYSDB_GROUP_TYPE, &ad_group_type); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_int32_t failed.\n"); - goto done; - } + ret = sdap_check_ad_group_type(dom, opts, attrs, group_name, + &need_filter); + if (ret != EOK) { + goto done; + } + if (need_filter) { + posix_group = false; + gid = 0; - DEBUG(SSSDBG_TRACE_ALL, "AD group [%s] has type flags %#x.\n", - group_name, ad_group_type); - /* Only security groups from AD are considered for POSIX groups. - * Additionally only global and universal group are taken to account - * for trusted domains. */ - if (!(ad_group_type & SDAP_AD_GROUP_TYPE_SECURITY) - || (IS_SUBDOMAIN(dom) - && (!((ad_group_type & SDAP_AD_GROUP_TYPE_GLOBAL) - || (ad_group_type & SDAP_AD_GROUP_TYPE_UNIVERSAL))))) { - posix_group = false; - gid = 0; - DEBUG(SSSDBG_TRACE_FUNC, "Filtering AD group [%s].\n", - group_name); - ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, false); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Error: Failed to mark group as non-posix!\n"); - return ret; - } + ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, false); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Error: Failed to mark group as non-posix!\n"); + return ret; } } |