>From ed58ef9e97d27591c98e072bb6d7e8f506de19ba Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 18 Oct 2013 17:05:38 +0200 Subject: [PATCH] Inherit ID limits of parent domains if set https://fedorahosted.org/sssd/ticket/2123 Previously, the subdomains were always unbound even if the administrator limited the ranges with min_id/max_id. This could have posed problems when running programs that scan the whole ID space, such as "groupadd -r". --- src/util/domain_info_utils.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/util/domain_info_utils.c b/src/util/domain_info_utils.c index 9d7bb5f5a8358519320cf5425cb1891e0e02c497..8d07871ecb206f21c6cb02faef09d62815c7c2c2 100644 --- a/src/util/domain_info_utils.c +++ b/src/util/domain_info_utils.c @@ -251,9 +251,11 @@ struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx, dom->enumerate = enumerate; dom->fqnames = true; dom->mpg = mpg; - /* FIXME: get ranges from the server */ - dom->id_min = 0; - dom->id_max = 0xffffffff; + /* If the parent domain explicitly limits ID ranges, the subdomain + * should honour the limits as well. + */ + dom->id_min = parent->id_min ? parent->id_min : 0; + dom->id_max = parent->id_max ? parent->id_max : 0xffffffff; dom->pwd_expiration_warning = parent->pwd_expiration_warning; dom->cache_credentials = parent->cache_credentials; dom->case_sensitive = false; -- 1.8.3.1