Blame SOURCES/0167-IPA-set-SYSDB_INITGR_EXPIRE-for-RESP_USER_GROUPLIST.patch

905b4d
From d9da43cb6ec9aff5aa1a760e50f3bcbf54307d25 Mon Sep 17 00:00:00 2001
905b4d
From: Sumit Bose <sbose@redhat.com>
905b4d
Date: Tue, 9 Dec 2014 17:48:46 +0100
905b4d
Subject: [PATCH 167/167] IPA: set SYSDB_INITGR_EXPIRE for RESP_USER_GROUPLIST
905b4d
905b4d
Since RESP_USER_GROUPLIST contains all group memberships it is
905b4d
effectively an initgroups request hence SYSDB_INITGR_EXPIRE will be set.
905b4d
905b4d
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
905b4d
(cherry picked from commit 62d919aea98edd1095f6a22241903d4c045b46ed)
905b4d
---
905b4d
 src/providers/ipa/ipa_s2n_exop.c | 14 ++++++++++++++
905b4d
 1 file changed, 14 insertions(+)
905b4d
905b4d
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
905b4d
index 0aa12f371e8aa0d58311391a27c668aa929a5b80..e7c2d9bb97908746eb5ab6cacc6fc58d353dea06 100644
905b4d
--- a/src/providers/ipa/ipa_s2n_exop.c
905b4d
+++ b/src/providers/ipa/ipa_s2n_exop.c
905b4d
@@ -1911,6 +1911,20 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
905b4d
                 }
905b4d
             }
905b4d
 
905b4d
+            if (attrs->response_type == RESP_USER_GROUPLIST) {
905b4d
+                /* Since RESP_USER_GROUPLIST contains all group memberships it
905b4d
+                 * is effectively an initgroups request hence
905b4d
+                 * SYSDB_INITGR_EXPIRE will be set.*/
905b4d
+                ret = sysdb_attrs_add_time_t(attrs->sysdb_attrs,
905b4d
+                                             SYSDB_INITGR_EXPIRE,
905b4d
+                                             time(NULL) + timeout);
905b4d
+                if (ret != EOK) {
905b4d
+                    DEBUG(SSSDBG_OP_FAILURE,
905b4d
+                          "sysdb_attrs_add_time_t failed.\n");
905b4d
+                    goto done;
905b4d
+                }
905b4d
+            }
905b4d
+
905b4d
             gid = 0;
905b4d
             if (dom->mpg == false) {
905b4d
                 gid = attrs->a.user.pw_gid;
905b4d
-- 
905b4d
2.1.0
905b4d