From c52fb1e2f51c48a08e96cb4ba9ebde2bcbfba4d9 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 17 May 2011 16:28:15 +0200 Subject: Add a new option to override primary GID number https://fedorahosted.org/sssd/ticket/742 --- src/confdb/confdb.c | 7 +++++++ src/confdb/confdb.h | 3 +++ src/config/SSSDConfig.py | 1 + src/config/SSSDConfigTest.py | 2 ++ src/config/etc/sssd.api.conf | 1 + src/man/sssd.conf.5.xml | 9 +++++++++ src/responder/nss/nsssrv.c | 2 +- src/responder/nss/nsssrv_cmd.c | 10 +++++++++- 8 files changed, 33 insertions(+), 2 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 4975a4276..fdf409f96 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -842,6 +842,13 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, goto done; } + ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid, + CONFDB_DOMAIN_OVERRIDE_GID, 0); + if (ret != EOK) { + DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_OVERRIDE_GID)); + goto done; + } + *_domain = domain; ret = EOK; diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 7173c9fc8..4e8a6dd84 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -109,6 +109,7 @@ #define CONFDB_DOMAIN_DNS_DISCOVERY_NAME "dns_discovery_domain" #define CONFDB_DOMAIN_FAMILY_ORDER "lookup_family_order" #define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration" +#define CONFDB_DOMAIN_OVERRIDE_GID "override_gid" /* Local Provider */ #define CONFDB_LOCAL_DEFAULT_SHELL "default_shell" @@ -143,6 +144,8 @@ struct sss_domain_info { bool cache_credentials; bool legacy_passwords; + gid_t override_gid; + uint32_t entry_cache_timeout; struct sss_domain_info *next; diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 6026bf4ff..d8f13a1e0 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -85,6 +85,7 @@ option_strings = { 'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'), 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'), 'dns_discovery_domain' : _('The domain part of service discovery DNS query'), + 'override_gid' : _('Override GID value from the identity provider with this value'), # [provider/ipa] 'ipa_domain' : _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index cad183ea0..93cae9c59 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -479,6 +479,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'account_cache_expiration', 'dns_resolver_timeout', 'dns_discovery_domain', + 'override_gid', 'id_provider', 'auth_provider', 'access_provider', @@ -808,6 +809,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'lookup_family_order', 'dns_resolver_timeout', 'dns_discovery_domain', + 'override_gid', 'id_provider', 'auth_provider', 'access_provider', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index e91597166..9176407ad 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -63,6 +63,7 @@ filter_users = list, str, false filter_groups = list, str, false dns_resolver_timeout = int, None, false dns_discovery_domain = str, None, false +override_gid = int, None, false # Special providers [provider/permit] diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 6ac9de890..386dd035c 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -807,6 +807,15 @@ + + + override_gid (integer) + + + Override the primary GID value with the one specified. + + + diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index dfb0312e8..fe66c0d4d 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -94,7 +94,7 @@ static int nss_get_config(struct nss_ctx *nctx, if (ret != EOK) goto done; if (nctx->cache_refresh_percent < 0 || nctx->cache_refresh_percent > 99) { - DEBUG(0,("Configuration error: entry_cache_nowait_percentage is" + DEBUG(0,("Configuration error: entry_cache_nowait_percentage is " "invalid. Disabling feature.\n")); nctx->cache_refresh_percent = 0; } diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index e5a63e02a..6ab32abd0 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -170,6 +170,14 @@ struct setent_ctx { * PASSWD db related functions ***************************************************************************/ +static gid_t get_gid_override(struct ldb_message *msg, + struct sss_domain_info *dom) +{ + return dom->override_gid ? + dom->override_gid : + ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); +} + static int fill_pwent(struct sss_packet *packet, struct sss_domain_info *dom, struct nss_ctx *nctx, @@ -206,7 +214,7 @@ static int fill_pwent(struct sss_packet *packet, name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); - gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); + gid = get_gid_override(msg, dom); if (!name || !uid || !gid) { DEBUG(2, ("Incomplete or fake user object for %s[%llu]! Skipping\n", -- cgit