NSS: Handle ENOENT when doing initgroups by UPN

https://fedorahosted.org/sssd/ticket/2598 We need to return an empty result in cases an initgroups lookup by UPN doesn't return anything. Please note testing with "id user" is not sufficient as id calls a getpwnam first. Reviewed-by: Pavel Reichl <preichl@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2015-03-09 17:25:48 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-03-12 09:49:15 +0100
commit: ff19b24a93a50c8a62b5c2621e45d101e3a00781 (patch)
tree: e2a8f481fbc2d3a4a876266261a4ea8416c4ee2b
parent: 84a4c4fcc93b3dcc70604817a05f7943606ff596 (diff)
download: sssd-ff19b24a93a50c8a62b5c2621e45d101e3a00781.tar.gz
sssd-ff19b24a93a50c8a62b5c2621e45d101e3a00781.tar.xz
sssd-ff19b24a93a50c8a62b5c2621e45d101e3a00781.zip
1 files changed, 28 insertions, 18 deletions
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index f9056590a..4f297c6a3 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -4062,27 +4062,37 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
 
         if (cmdctx->name_is_upn) {
             ret = sysdb_search_user_by_upn(cmdctx, dom, name, user_attrs, &msg);
-            if (ret != EOK && ret != ENOENT) {
+            if (ret == ENOENT) {
+                dctx->res = talloc_zero(cmdctx, struct ldb_result);
+                if (dctx->res == NULL) {
+                    DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
+                    return ENOMEM;
+                }
+
+                dctx->res->count = 0;
+                dctx->res->msgs = NULL;
+                ret = EOK;
+            } else if (ret != EOK) {
                 DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_upn failed.\n");
                 return ret;
-            }
-
-            sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
-            if (sysdb_name == NULL) {
-                DEBUG(SSSDBG_OP_FAILURE,
-                      "Sysdb entry does not have a name.\n");
-                return EINVAL;
-            }
+            } else {
+                sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
+                if (sysdb_name == NULL) {
+                    DEBUG(SSSDBG_OP_FAILURE,
+                        "Sysdb entry does not have a name.\n");
+                    return EINVAL;
+                }
 
-            ret = sysdb_initgroups(cmdctx, dom, sysdb_name, &dctx->res);
-            if (ret == EOK && DOM_HAS_VIEWS(dom)) {
-                for (c = 0; c < dctx->res->count; c++) {
-                    ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c],
-                                                        NULL, NULL);
-                    if (ret != EOK) {
-                        DEBUG(SSSDBG_OP_FAILURE,
-                              "sysdb_add_overrides_to_object failed.\n");
-                        return ret;
+                ret = sysdb_initgroups(cmdctx, dom, sysdb_name, &dctx->res);
+                if (ret == EOK && DOM_HAS_VIEWS(dom)) {
+                    for (c = 0; c < dctx->res->count; c++) {
+                        ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c],
+                                                            NULL, NULL);
+                        if (ret != EOK) {
+                            DEBUG(SSSDBG_OP_FAILURE,
+                                "sysdb_add_overrides_to_object failed.\n");
+                            return ret;
+                        }
                     }
                 }
             }
author	Jakub Hrozek <jhrozek@redhat.com>	2015-03-09 17:25:48 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-03-12 09:49:15 +0100
commit	ff19b24a93a50c8a62b5c2621e45d101e3a00781 (patch)
tree	e2a8f481fbc2d3a4a876266261a4ea8416c4ee2b
parent	84a4c4fcc93b3dcc70604817a05f7943606ff596 (diff)
download	sssd-ff19b24a93a50c8a62b5c2621e45d101e3a00781.tar.gz sssd-ff19b24a93a50c8a62b5c2621e45d101e3a00781.tar.xz sssd-ff19b24a93a50c8a62b5c2621e45d101e3a00781.zip