|
 |
5a92ae |
From 0dde096aac1db7d8533f51254f6a8c22a67114d8 Mon Sep 17 00:00:00 2001
|
|
|
5a92ae |
From: Sumit Bose <sbose@redhat.com>
|
|
|
5a92ae |
Date: Mon, 2 Aug 2021 15:53:42 +0200
|
|
|
5a92ae |
Subject: [PATCH] sysdb: more specific mpg search filter
|
|
|
5a92ae |
MIME-Version: 1.0
|
|
|
5a92ae |
Content-Type: text/plain; charset=UTF-8
|
|
|
5a92ae |
Content-Transfer-Encoding: 8bit
|
|
|
5a92ae |
|
|
|
5a92ae |
Originally all user of an mpg domain had an automatically created
|
|
|
5a92ae |
user-private group and as a result the ID space was unified in the sense
|
|
|
5a92ae |
that a given ID either belongs to a group or to a user with a
|
|
|
5a92ae |
user-private group.
|
|
|
5a92ae |
|
|
|
5a92ae |
With the introduction of id-overrides and the auto_private_groups option
|
|
|
5a92ae |
this assumption is not true anymore and as a result the search filter
|
|
|
5a92ae |
for GIDs must be more specific with respect to the user objects.
|
|
|
5a92ae |
|
|
|
5a92ae |
Resolves: https://github.com/SSSD/sssd/issues/5790
|
|
|
5a92ae |
|
|
|
5a92ae |
:fixes: Improve mpg search filter to be more reliable with id-overrides
|
|
|
5a92ae |
and the new auto_private_groups options.
|
|
|
5a92ae |
|
|
|
5a92ae |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
5a92ae |
(cherry picked from commit 4be5fcd9afd62b1094eb27970627d327ac770127)
|
|
|
5a92ae |
|
|
|
5a92ae |
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
|
|
5a92ae |
---
|
|
|
5a92ae |
src/db/sysdb.h | 2 +-
|
|
|
5a92ae |
src/db/sysdb_search.c | 2 +-
|
|
|
5a92ae |
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
5a92ae |
|
|
|
5a92ae |
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
|
|
|
5a92ae |
index c771ce633..c601c251f 100644
|
|
|
5a92ae |
--- a/src/db/sysdb.h
|
|
|
5a92ae |
+++ b/src/db/sysdb.h
|
|
|
5a92ae |
@@ -215,7 +215,7 @@
|
|
|
5a92ae |
#define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))"
|
|
|
5a92ae |
#define SYSDB_GRENT_FILTER "("SYSDB_GC")"
|
|
|
5a92ae |
#define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
|
|
|
5a92ae |
-#define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))"
|
|
|
5a92ae |
+#define SYSDB_GRGID_MPG_FILTER "(|(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))(&("SYSDB_UC")("SYSDB_GIDNUM"=%lu)("SYSDB_UIDNUM"=%lu)))"
|
|
|
5a92ae |
#define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")"
|
|
|
5a92ae |
|
|
|
5a92ae |
#define SYSDB_INITGR_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=*))"
|
|
|
5a92ae |
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
|
|
|
5a92ae |
index 7939944ba..d783abc68 100644
|
|
|
5a92ae |
--- a/src/db/sysdb_search.c
|
|
|
5a92ae |
+++ b/src/db/sysdb_search.c
|
|
|
5a92ae |
@@ -1355,7 +1355,7 @@ int sysdb_getgrgid_attrs(TALLOC_CTX *mem_ctx,
|
|
|
5a92ae |
}
|
|
|
5a92ae |
|
|
|
5a92ae |
ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn,
|
|
|
5a92ae |
- LDB_SCOPE_SUBTREE, attrs, fmt_filter, ul_gid);
|
|
|
5a92ae |
+ LDB_SCOPE_SUBTREE, attrs, fmt_filter, ul_gid, ul_gid, ul_gid);
|
|
|
5a92ae |
if (ret != EOK) {
|
|
|
5a92ae |
ret = sysdb_error_to_errno(ret);
|
|
|
5a92ae |
goto done;
|
|
|
5a92ae |
--
|
|
|
5a92ae |
2.26.3
|
|
|
5a92ae |
|