From a6de362d3cfe16550eb16d01900f44c9aeb8cc50 Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Tue, 29 May 2018 15:42:55 +0200

Subject: [PATCH] ipa: use mpg aware group lookup in get_object_from_cache()

Since with algorithmic id-mapping SSSD automatically creates user

private groups for AD user with the help of magic private groups (mpg)

get_object_from_cache() should use mpg aware calls to make sure the

right user object is found when handling a request to look up a user

private group.

Only the lookup by gid had to be modified because

sysdb_search_group_by_name() used for lookups by name is aware of MPGs.

Related to https://pagure.io/SSSD/sssd/issue/3748

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

(cherry picked from commit 032221568fe4287686d0ebb11b5c1fe51cc4735f)

---

 src/providers/ipa/ipa_subdomains_id.c | 18 ++++++++++++++++--

 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c

index d40671086854f9c1a3f8bc7fc711009298dc31c8..3943579b07c7b2d32dde192b97b86eb036b91885 100644

--- a/src/providers/ipa/ipa_subdomains_id.c

+++ b/src/providers/ipa/ipa_subdomains_id.c

@@ -1030,7 +1030,14 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx,

         switch (ar->entry_type & BE_REQ_TYPE_MASK) {

         case BE_REQ_GROUP:

-            ret = sysdb_search_group_by_gid(mem_ctx, dom, id, attrs, &msg;;

+            ret = sysdb_getgrgid_attrs(mem_ctx, dom, id, attrs, &res;;

+            if (ret == EOK) {

+                if (res->count == 0) {

+                    ret = ENOENT;

+                } else {

+                    msg = res->msgs[0];

+                }

+            }

             break;

         case BE_REQ_INITGROUPS:

         case BE_REQ_USER:

@@ -1038,7 +1045,14 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx,

             ret = sysdb_search_user_by_uid(mem_ctx, dom, id, attrs, &msg;;

             if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK)

                                                      == BE_REQ_USER_AND_GROUP) {

-                ret = sysdb_search_group_by_gid(mem_ctx, dom, id, attrs, &msg;;

+                ret = sysdb_getgrgid_attrs(mem_ctx, dom, id, attrs, &res;;

+                if (ret == EOK) {

+                    if (res->count == 0) {

+                        ret = ENOENT;

+                    } else {

+                        msg = res->msgs[0];

+                    }

+                }

             }

             break;

         default:

-- 

2.14.4