SSSD / sssd

Clone

6fe057e IPA: Remove MPG groups if getgrgid was called before getpw()

Authored and Committed by jhrozek 8 years ago
raw patch tree parent
1 file changed. 39 lines added. 2 lines removed.
src/providers/ipa/ipa_s2n_exop.c
file modified
+39 -2 
    IPA: Remove MPG groups if getgrgid was called before getpw()
    
    https://fedorahosted.org/sssd/ticket/2724
    
    This bug only affects IPA clients that are connected to IPA servers with
    AD trust and ID mapping in effect.
    
    If an IPA client calls getgrgid() for an ID that matches a user, the
    user's private group would be returned and stored as a group entry.
    
    Subsequent queries for that user would fail, because MPG domains impose
    uniqueness restriction for both the ID and name space across groups and
    users.
    
    To work around that, we remove the UPG groups in MPG domains during a
    group lookup.
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
file modified
+39 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.