From 8bbee851484f7fa51af542ed2757e2eea36bf535 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 29 May 2018 15:44:28 +0200 Subject: [PATCH] ipa: allow mpg group objects in apply_subdomain_homedir() Since with algorithmic id-mapping SSSD automatically creates user private groups for AD user with the help of magic private groups (mpg) apply_subdomain_homedir() should be aware the in mpg domains a group lookup might actually return a user object. Since the related sysdb calls are clever and replace the objectcategory so that it matches the original request type we have to check for the group category in the mpg case as well. apply_subdomain_homedir() checks the uidNumber later as well to make sure the object has the needed attributes for a user. Related to https://pagure.io/SSSD/sssd/issue/3748 Reviewed-by: Jakub Hrozek (cherry picked from commit e66517dcf63f1d4aaf866c22371dac7740ce0a48) --- src/providers/ipa/ipa_subdomains_id.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c index 3943579b07c7b2d32dde192b97b86eb036b91885..c2064d33029a27a2c5d4b5344034ce90f8e746b8 100644 --- a/src/providers/ipa/ipa_subdomains_id.c +++ b/src/providers/ipa/ipa_subdomains_id.c @@ -895,9 +895,16 @@ apply_subdomain_homedir(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, goto done; } + /* The object is a user if SYSDB_OBJECTCATEGORY is SYSDB_USER_CLASS or in + * case of a MPG group lookup if SYSDB_OBJECTCATEGORY is SYSDB_GROUP_CLASS. + */ for (c = 0; c < msg_el->num_values; c++) { if (strncmp(SYSDB_USER_CLASS, (const char *)msg_el->values[c].data, - msg_el->values[c].length) == 0) { + msg_el->values[c].length) == 0 + || (dom->mpg + && strncmp(SYSDB_GROUP_CLASS, + (const char *)msg_el->values[c].data, + msg_el->values[c].length) == 0)) { break; } } -- 2.14.4