URL: https://github.com/SSSD/sssd/pull/330 Author: sumit-bose Title: #330: ad_account_can_shortcut: shortcut if ID is unknown Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/330/head:pr330 git checkout pr330
From 4994f919324156cdc17a9454b5e1d9844c2c1f30 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Thu, 20 Jul 2017 20:01:14 +0200 Subject: [PATCH] ad_account_can_shortcut: shortcut if ID is unknown If sss_idmap_unix_to_sid() returns an error we can assume that the given POSIX ID is not from the current domain and can be skipped. This is e.g. the case in the IPA provider if a POSIX ID used in the IPA domain is checked in a trusted id-mapped AD domain before the IPA domain is checked. Resolves https://pagure.io/SSSD/sssd/issue/3452 --- src/providers/ad/ad_id.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index d1f6c444f..e14ada386 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -86,6 +86,8 @@ static bool ad_account_can_shortcut(struct sdap_idmap_ctx *idmap_ctx, if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, "Mapping ID [%s] to SID failed: " "[%s]\n", filter_value, idmap_error_string(err)); + /* assume id is from a different domain */ + shortcut = true; goto done; } /* fall through */
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org