URL: https://github.com/SSSD/sssd/pull/5791 Author: sumit-bose Title: #5791: sysdb: more specific mpg search filter Action: opened
PR body: """ Originally all user of an mpg domain had an automatically created user-private group and as a result the ID space was unified in the sense that a given ID either belongs to a group to to a user with a user-private group. With the introduction of id-overrides and the auto_private_groups option this assumption is not true anymore and as a result the search filter for GIDs must be more specific with respect to the user objects. Resolves: https://github.com/SSSD/sssd/issues/5790 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5791/head:pr5791 git checkout pr5791
From 137afc4864924620b9260f738c29c378893fd606 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Mon, 2 Aug 2021 15:53:42 +0200 Subject: [PATCH] sysdb: more specific mpg search filter Originally all user of an mpg domain had an automatically created user-private group and as a result the ID space was unified in the sense that a given ID either belongs to a group to to a user with a user-private group. With the introduction of id-overrides and the auto_private_groups option this assumption is not true anymore and as a result the search filter for GIDs must be more specific with respect to the user objects. Resolves: https://github.com/SSSD/sssd/issues/5790 --- src/db/sysdb.h | 2 +- src/db/sysdb_search.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 83e2f7c13e..596aff2862 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -222,7 +222,7 @@ #define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))" #define SYSDB_GRENT_FILTER "("SYSDB_GC")" #define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" -#define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))" +#define SYSDB_GRGID_MPG_FILTER "(|(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))(&("SYSDB_UC")("SYSDB_GIDNUM"=%lu)("SYSDB_UIDNUM"=%lu)))" #define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")" #define SYSDB_INITGR_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=*))" diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 0cd8321cb1..68745cb1a0 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -1355,7 +1355,7 @@ int sysdb_getgrgid_attrs(TALLOC_CTX *mem_ctx, } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, - LDB_SCOPE_SUBTREE, attrs, fmt_filter, ul_gid); + LDB_SCOPE_SUBTREE, attrs, fmt_filter, ul_gid, ul_gid, ul_gid); if (ret != EOK) { ret = sysdb_error_to_errno(ret); goto done;
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
