summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-08-14 17:13:13 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-19 12:53:49 +0200
commit39f13b3bf5b3cf79f5f16575403f03b539300dc7 (patch)
tree817bf3977365aa4d67e54a821048ee4bb2ddb51d
parent8cdb9b9824d3fcc2448544d67544496f55b8d393 (diff)
downloadsssd-39f13b3bf5b3cf79f5f16575403f03b539300dc7.tar.gz
sssd-39f13b3bf5b3cf79f5f16575403f03b539300dc7.tar.xz
sssd-39f13b3bf5b3cf79f5f16575403f03b539300dc7.zip
fill_initgr: add original primary GID if available
In some cases when MPG domains are used the information about the original primary group of a user cannot be determined by looking at the explicit group memberships. In those cases the GID related to the original primary group is stored in a special attribute of the user object. This patch adds the GID of the original primary group when available and needed. Fixes https://fedorahosted.org/sssd/ticket/2027
-rw-r--r--src/db/sysdb.h1
-rw-r--r--src/responder/nss/nsssrv_cmd.c27
2 files changed, 28 insertions, 0 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 53fb8603..7b02b344 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -170,6 +170,7 @@
SYSDB_GIDNUM, SYSDB_GECOS, \
SYSDB_HOMEDIR, SYSDB_SHELL, \
SYSDB_DEFAULT_ATTRS, \
+ SYSDB_PRIMARY_GROUP_GIDNUM, \
NULL}
#define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \
SYSDB_MEMBERUID, \
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 62a564a4..7c35a7b3 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -3399,6 +3399,7 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res)
int ret, i, num, bindex;
int skipped = 0;
const char *posix;
+ gid_t orig_primary_gid;
if (res->count == 0) {
return ENOENT;
@@ -3413,6 +3414,20 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res)
}
sss_packet_get_body(packet, &body, &blen);
+ orig_primary_gid = ldb_msg_find_attr_as_uint64(res->msgs[0],
+ SYSDB_PRIMARY_GROUP_GIDNUM,
+ 0);
+
+ /* If the GID of the original primary group is available but equal to the
+ * current primary GID it must not be added. */
+ if (orig_primary_gid != 0) {
+ gid = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_GIDNUM, 0);
+
+ if (orig_primary_gid == gid) {
+ orig_primary_gid = 0;
+ }
+ }
+
/* skip first entry, it's the user entry */
bindex = 0;
for (i = 0; i < num; i++) {
@@ -3429,6 +3444,18 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res)
}
((uint32_t *)body)[2 + bindex] = gid;
bindex++;
+
+ /* do not add the GID of the original primary group is the user is
+ * already and explicit member of the group. */
+ if (orig_primary_gid == gid) {
+ orig_primary_gid = 0;
+ }
+ }
+
+ if (orig_primary_gid != 0) {
+ ((uint32_t *)body)[2 + bindex] = orig_primary_gid;
+ bindex++;
+ num++;
}
((uint32_t *)body)[0] = num-skipped; /* num results */