URL: https://github.com/SSSD/sssd/pull/5935 Author: alexey-tikhonov Title: #5935: sysdb: more specific mpg search filter Action: opened
PR body: """ Originally all user of an mpg domain had an automatically created user-private group and as a result the ID space was unified in the sense that a given ID either belongs to a group or to a user with a user-private group. With the introduction of id-overrides and the auto_private_groups option this assumption is not true anymore and as a result the search filter for GIDs must be more specific with respect to the user objects. Resolves: https://github.com/SSSD/sssd/issues/5790 :fixes: Improve mpg search filter to be more reliable with id-overrides and the new auto_private_groups options. Reviewed-by: Pavel Březina <pbrez...@redhat.com> (cherry picked from commit 4be5fcd9afd62b1094eb27970627d327ac770127) """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5935/head:pr5935 git checkout pr5935
From 597ed9b3e4db137a7384b35b3080b213010d23b7 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Mon, 2 Aug 2021 15:53:42 +0200 Subject: [PATCH] sysdb: more specific mpg search filter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Originally all user of an mpg domain had an automatically created user-private group and as a result the ID space was unified in the sense that a given ID either belongs to a group or to a user with a user-private group. With the introduction of id-overrides and the auto_private_groups option this assumption is not true anymore and as a result the search filter for GIDs must be more specific with respect to the user objects. Resolves: https://github.com/SSSD/sssd/issues/5790 :fixes: Improve mpg search filter to be more reliable with id-overrides and the new auto_private_groups options. Reviewed-by: Pavel Březina <pbrez...@redhat.com> (cherry picked from commit 4be5fcd9afd62b1094eb27970627d327ac770127) --- src/db/sysdb.h | 2 +- src/db/sysdb_search.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index c771ce6331..c601c251f3 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -215,7 +215,7 @@ #define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))" #define SYSDB_GRENT_FILTER "("SYSDB_GC")" #define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))" -#define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))" +#define SYSDB_GRGID_MPG_FILTER "(|(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))(&("SYSDB_UC")("SYSDB_GIDNUM"=%lu)("SYSDB_UIDNUM"=%lu)))" #define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")" #define SYSDB_INITGR_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=*))" diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 7939944ba1..d783abc68c 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -1355,7 +1355,7 @@ int sysdb_getgrgid_attrs(TALLOC_CTX *mem_ctx, } ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn, - LDB_SCOPE_SUBTREE, attrs, fmt_filter, ul_gid); + LDB_SCOPE_SUBTREE, attrs, fmt_filter, ul_gid, ul_gid, ul_gid); if (ret != EOK) { ret = sysdb_error_to_errno(ret); goto done;
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
