62 lines
2.3 KiB
Diff
62 lines
2.3 KiB
Diff
|
From 0e86f1a53b893a296488d96a432b98458403bcb9 Mon Sep 17 00:00:00 2001
|
||
|
From: Sumit Bose <sbose@redhat.com>
|
||
|
Date: Fri, 14 Jun 2024 16:10:34 +0200
|
||
|
Subject: [PATCH 12/15] sysdb: do not fail to add non-posix user to MPG domain
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
SSSD does not handle the root user (UID==0) and treats all accounts with
|
||
|
UID 0 as non-Posix accounts. The primary GID of those accounts is 0 as
|
||
|
well and as a result for those accounts in MPG domains the check for a
|
||
|
collisions of the primary GID should be skipped. The current code might
|
||
|
e.g. cause issues during GPO evaluation when adding a host account into
|
||
|
the cache which does not have any UID or GID set in AD and SSSD is
|
||
|
configured to read UID and GID from AD.
|
||
|
|
||
|
Resolves: https://github.com/SSSD/sssd/issues/7451
|
||
|
|
||
|
Reviewed-by: Alejandro López <allopez@redhat.com>
|
||
|
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
||
|
(cherry picked from commit 986bb726202e69b05f861c14c3a220379baf9bd1)
|
||
|
(cherry picked from commit d234cf5d6e793daf2c96856887acb641c4dff407)
|
||
|
|
||
|
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
||
|
---
|
||
|
src/db/sysdb_ops.c | 18 ++++++++++--------
|
||
|
1 file changed, 10 insertions(+), 8 deletions(-)
|
||
|
|
||
|
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
|
||
|
index 3331d4687..fa2d81217 100644
|
||
|
--- a/src/db/sysdb_ops.c
|
||
|
+++ b/src/db/sysdb_ops.c
|
||
|
@@ -1914,15 +1914,17 @@ int sysdb_add_user(struct sss_domain_info *domain,
|
||
|
goto done;
|
||
|
}
|
||
|
|
||
|
- ret = sysdb_search_group_by_gid(tmp_ctx, domain, uid, NULL, &msg);
|
||
|
- if (ret != ENOENT) {
|
||
|
- if (ret == EOK) {
|
||
|
- DEBUG(SSSDBG_OP_FAILURE,
|
||
|
- "Group with GID [%"SPRIgid"] already exists in an "
|
||
|
- "MPG domain\n", gid);
|
||
|
- ret = EEXIST;
|
||
|
+ if (uid != 0) { /* uid == 0 means non-POSIX object */
|
||
|
+ ret = sysdb_search_group_by_gid(tmp_ctx, domain, uid, NULL, &msg);
|
||
|
+ if (ret != ENOENT) {
|
||
|
+ if (ret == EOK) {
|
||
|
+ DEBUG(SSSDBG_OP_FAILURE,
|
||
|
+ "Group with GID [%"SPRIgid"] already exists in an "
|
||
|
+ "MPG domain\n", uid);
|
||
|
+ ret = EEXIST;
|
||
|
+ }
|
||
|
+ goto done;
|
||
|
}
|
||
|
- goto done;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
--
|
||
|
2.46.1
|
||
|
|