diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-09 17:25:48 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-12 09:49:15 +0100 |
commit | ff19b24a93a50c8a62b5c2621e45d101e3a00781 (patch) | |
tree | e2a8f481fbc2d3a4a876266261a4ea8416c4ee2b | |
parent | 84a4c4fcc93b3dcc70604817a05f7943606ff596 (diff) | |
download | sssd-ff19b24a93a50c8a62b5c2621e45d101e3a00781.tar.gz sssd-ff19b24a93a50c8a62b5c2621e45d101e3a00781.tar.xz sssd-ff19b24a93a50c8a62b5c2621e45d101e3a00781.zip |
NSS: Handle ENOENT when doing initgroups by UPN
https://fedorahosted.org/sssd/ticket/2598
We need to return an empty result in cases an initgroups lookup by UPN
doesn't return anything. Please note testing with "id user" is not
sufficient as id calls a getpwnam first.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 46 |
1 files changed, 28 insertions, 18 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index f9056590a..4f297c6a3 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -4062,27 +4062,37 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx) if (cmdctx->name_is_upn) { ret = sysdb_search_user_by_upn(cmdctx, dom, name, user_attrs, &msg); - if (ret != EOK && ret != ENOENT) { + if (ret == ENOENT) { + dctx->res = talloc_zero(cmdctx, struct ldb_result); + if (dctx->res == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n"); + return ENOMEM; + } + + dctx->res->count = 0; + dctx->res->msgs = NULL; + ret = EOK; + } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_upn failed.\n"); return ret; - } - - sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); - if (sysdb_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "Sysdb entry does not have a name.\n"); - return EINVAL; - } + } else { + sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + if (sysdb_name == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Sysdb entry does not have a name.\n"); + return EINVAL; + } - ret = sysdb_initgroups(cmdctx, dom, sysdb_name, &dctx->res); - if (ret == EOK && DOM_HAS_VIEWS(dom)) { - for (c = 0; c < dctx->res->count; c++) { - ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c], - NULL, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "sysdb_add_overrides_to_object failed.\n"); - return ret; + ret = sysdb_initgroups(cmdctx, dom, sysdb_name, &dctx->res); + if (ret == EOK && DOM_HAS_VIEWS(dom)) { + for (c = 0; c < dctx->res->count; c++) { + ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c], + NULL, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_add_overrides_to_object failed.\n"); + return ret; + } } } } |