Ticket 452 - automember rebuild task adds users to groups that do not…

… match the configuration scope Bug Description: The new task features of automember(rebuild, export, and map) did not check the configuration scope and filter, which would allow users to be added to groups that shouldn't be. Fix Description: Check each entries scope before updating group membership. https://fedorahosted.org/389/ticket/452 Reviewed by: ?
389ds · Sep 11, 2012 · 82ae04c · 82ae04c
1 parent 0d2516a
commit 82ae04c
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/ldap/servers/plugins/automember/automember.c b/ldap/servers/plugins/automember/automember.c
@@ -2190,7 +2190,12 @@ void automember_rebuild_task_thread(void *arg){
             list = PR_LIST_HEAD(g_automember_config);
             while (list != g_automember_config) {
                 config = (struct configEntry *)list;
-                automember_update_membership(config, entries[i], NULL);
+                /* Does the entry meet scope and filter requirements? */
+                if (slapi_dn_issuffix(slapi_sdn_get_dn(td->base_dn), config->scope) &&
+                    (slapi_filter_test_simple(entries[i], config->filter) == 0))
+                {		
+                    automember_update_membership(config, entries[i], NULL);
+                }
                 list = PR_NEXT_LINK(list);
             }
         }
@@ -2385,7 +2390,11 @@ void automember_export_task_thread(void *arg){
             list = PR_LIST_HEAD(g_automember_config);
             while (list != g_automember_config) {
                 config = (struct configEntry *)list;
-                automember_update_membership(config, entries[i], ldif_fd);
+                if (slapi_dn_issuffix(slapi_sdn_get_dn(td->base_dn), config->scope) &&
+                    (slapi_filter_test_simple(entries[i], config->filter) == 0))
+                { 
+                    automember_update_membership(config, entries[i], ldif_fd);
+                }
                 list = PR_NEXT_LINK(list);
             }
         }
@@ -2572,7 +2581,11 @@ void automember_map_task_thread(void *arg){
                 list = PR_LIST_HEAD(g_automember_config);
                 while (list != g_automember_config) {
                     config = (struct configEntry *)list;
-                    automember_update_membership(config, e, ldif_fd_out);
+                    if (slapi_dn_issuffix(slapi_entry_get_dn_const(e), config->scope) &&
+                        (slapi_filter_test_simple(e, config->filter) == 0))
+                    {
+                        automember_update_membership(config, e, ldif_fd_out);
+                    }
                     list = PR_NEXT_LINK(list);
                 }
             }