IFP: org.freedesktop.sssd.infopipe.GetUserGroups does not take SYSDB_PRIMARY_GROUP_GIDNUM into account #4569
Assignees
Labels
Comments
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Aug 13, 2020
There was a mismatch between the information provided by NSS and IFP interfaces. nss_protocol_fill_initgr() returned SYSDB_PRIMARY_GROUP_GIDNUM, but GetUserGroups() didn't. This commit makes GetUserGroups() also return SYSDB_PRIMARY_GROUP_GIDNUM value. Resolves: SSSD#4569
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Aug 13, 2020
There was a mismatch between the information provided by NSS and IFP interfaces. nss_protocol_fill_initgr() returned SYSDB_PRIMARY_GROUP_GIDNUM, but GetUserGroups() didn't. This commit makes GetUserGroups() also return SYSDB_PRIMARY_GROUP_GIDNUM value. Resolves: SSSD#4569
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Aug 24, 2020
There was a mismatch between the information provided by NSS and IFP interfaces. nss_protocol_fill_initgr() returned origPrimaryGroupGidNumber as one of the group members of a user, but GetUserGroups() didn't. This commit makes GetUserGroups() also return origPrimaryGroupGidNumber value. Resolves: SSSD#4569
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Aug 24, 2020
New infopipe test case to check: Given auto_private_groups is enabled When GetUserGroups is called Then the origPrimaryGroupGidNumber is returned as part of the group memberships Resolves: SSSD#4569
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Aug 24, 2020
New infopipe test case to check: Given auto_private_groups is enabled When GetUserGroups is called Then the origPrimaryGroupGidNumber is returned as part of the group memberships Resolves: SSSD#4569
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Sep 30, 2020
There was a mismatch between the information provided by NSS and IFP interfaces. nss_protocol_fill_initgr() returned origPrimaryGroupGidNumber as one of the group members of a user, but GetUserGroups() didn't. This commit makes GetUserGroups() also return origPrimaryGroupGidNumber value. Resolves: SSSD#4569
ikerexxe
added a commit
to ikerexxe/sssd
that referenced
this issue
Sep 30, 2020
New infopipe test case to check: Given auto_private_groups is enabled When GetUserGroups is called Then the origPrimaryGroupGidNumber is returned as part of the group memberships Resolves: SSSD#4569
pbrezina
pushed a commit
that referenced
this issue
Oct 1, 2020
New infopipe test case to check: Given auto_private_groups is enabled When GetUserGroups is called Then the origPrimaryGroupGidNumber is returned as part of the group memberships Resolves: #4569 Reviewed-by: Sumit Bose <sbose@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3543
With a domain that auto-creates user private groups, we still save the original GID into the SYSDB_PRIMARY_GROUP_GIDNUM attribute and then we also return this GID in
nss_protocol_fill_initgr.But we don't do any such thing in GetUserGroups, which leads to a different set of groups being reported via the IFP interface and the NSS interface.
Comments
Comment from jhrozek at 2017-10-31 22:32:24
Metadata Update from @jhrozek:
Comment from thalman at 2020-03-11 14:32:20
We need to verify current status of this issue
Comment from thalman at 2020-03-11 14:32:20
Metadata Update from @thalman:
The text was updated successfully, but these errors were encountered: