From a6de362d3cfe16550eb16d01900f44c9aeb8cc50 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 29 May 2018 15:42:55 +0200 Subject: [PATCH] ipa: use mpg aware group lookup in get_object_from_cache() Since with algorithmic id-mapping SSSD automatically creates user private groups for AD user with the help of magic private groups (mpg) get_object_from_cache() should use mpg aware calls to make sure the right user object is found when handling a request to look up a user private group. Only the lookup by gid had to be modified because sysdb_search_group_by_name() used for lookups by name is aware of MPGs. Related to https://pagure.io/SSSD/sssd/issue/3748 Reviewed-by: Jakub Hrozek (cherry picked from commit 032221568fe4287686d0ebb11b5c1fe51cc4735f) --- src/providers/ipa/ipa_subdomains_id.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index d40671086854f9c1a3f8bc7fc711009298dc31c8..3943579b07c7b2d32dde192b97b86eb036b91885 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -1030,7 +1030,14 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_GROUP: - ret = sysdb_search_group_by_gid(mem_ctx, dom, id, attrs, &msg); + ret = sysdb_getgrgid_attrs(mem_ctx, dom, id, attrs, &res); + if (ret == EOK) { + if (res->count == 0) { + ret = ENOENT; + } else { + msg = res->msgs[0]; + } + } break; case BE_REQ_INITGROUPS: case BE_REQ_USER: @@ -1038,7 +1045,14 @@ errno_t get_object_from_cache(TALLOC_CTX *mem_ctx, ret = sysdb_search_user_by_uid(mem_ctx, dom, id, attrs, &msg); if (ret == ENOENT && (ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_USER_AND_GROUP) { - ret = sysdb_search_group_by_gid(mem_ctx, dom, id, attrs, &msg); + ret = sysdb_getgrgid_attrs(mem_ctx, dom, id, attrs, &res); + if (ret == EOK) { + if (res->count == 0) { + ret = ENOENT; + } else { + msg = res->msgs[0]; + } + } } break; default: -- 2.14.4