summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-03-09 11:22:48 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-03-09 15:10:33 -0500
commitd544e31a44268408deb400464c6df604e6b3a780 (patch)
tree650021e11a2338f55881f7dff6f8e5dbb46aff53
parent0230a650e715328a286045b35532a61573798029 (diff)
downloadsssd-d544e31a44268408deb400464c6df604e6b3a780.tar.gz
sssd-d544e31a44268408deb400464c6df604e6b3a780.tar.xz
sssd-d544e31a44268408deb400464c6df604e6b3a780.zip
Fix netgroup error handlingsssd-1.8.0-12.el6
https://fedorahosted.org/sssd/ticket/1242 Handle empty elements in proxy netgroups:
-rw-r--r--src/providers/proxy/proxy_netgroup.c85
1 files changed, 65 insertions, 20 deletions
diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c
index 797f8c6b8..afc57ecbe 100644
--- a/src/providers/proxy/proxy_netgroup.c
+++ b/src/providers/proxy/proxy_netgroup.c
@@ -28,6 +28,8 @@
#define BUFLEN 1024
+#define get_triple_el(s) ((s) ? (s) : "")
+
static errno_t make_netgroup_attr(struct __netgrent netgrent,
struct sysdb_attrs *attrs)
{
@@ -42,9 +44,10 @@ static errno_t make_netgroup_attr(struct __netgrent netgrent,
return ret;
}
} else if (netgrent.type == triple_val) {
- dummy = talloc_asprintf(attrs, "(%s,%s,%s)", netgrent.val.triple.host,
- netgrent.val.triple.user,
- netgrent.val.triple.domain);
+ dummy = talloc_asprintf(attrs, "(%s,%s,%s)",
+ get_triple_el(netgrent.val.triple.host),
+ get_triple_el(netgrent.val.triple.user),
+ get_triple_el(netgrent.val.triple.domain));
if (dummy == NULL) {
DEBUG(1, ("talloc_asprintf failed.\n"));
return ENOMEM;
@@ -96,6 +99,41 @@ static errno_t save_netgroup(struct sysdb_ctx *sysdb,
return EOK;
}
+static errno_t handle_error(enum nss_status status,
+ struct sysdb_ctx *sysdb, const char *name)
+{
+ errno_t ret;
+
+ switch (status) {
+ case NSS_STATUS_SUCCESS:
+ DEBUG(SSSDBG_TRACE_INTERNAL, ("Netgroup lookup succeeded\n"));
+ ret = EOK;
+ break;
+
+ case NSS_STATUS_NOTFOUND:
+ DEBUG(SSSDBG_MINOR_FAILURE, ("The netgroup was not found\n"));
+ ret = sysdb_delete_netgroup(sysdb, name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot delete netgroup: %d\n", ret));
+ ret = EIO;
+ }
+ break;
+
+ case NSS_STATUS_UNAVAIL:
+ DEBUG(SSSDBG_TRACE_LIBS,
+ ("The proxy target did not respond, going offline\n"));
+ ret = ENXIO;
+ break;
+
+ default:
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected error looking up netgroup\n"));
+ ret = EIO;
+ break;
+ }
+
+ return ret;
+}
+
errno_t get_netgroup(struct proxy_id_ctx *ctx,
struct sysdb_ctx *sysdb,
struct sss_domain_info *dom,
@@ -105,49 +143,57 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx,
enum nss_status status;
char buffer[BUFLEN];
int ret;
- TALLOC_CTX *tmp_ctx;
+ TALLOC_CTX *tmp_ctx = NULL;
struct sysdb_attrs *attrs;
- memset(&result, 0 ,sizeof(result));
+ memset(&result, 0, sizeof(result));
status = ctx->ops.setnetgrent(name, &result);
if (status != NSS_STATUS_SUCCESS) {
- DEBUG(5, ("setnetgrent failed for netgroup [%s].\n", name));
- return EIO;
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("setnetgrent failed for netgroup [%s].\n", name));
+ ret = handle_error(status, sysdb, name);
+ goto done;
}
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
- DEBUG(1, ("talloc_new failed.\n"));
- return ENOMEM;
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed.\n"));
+ ret = ENOMEM;
+ goto done;
}
attrs = sysdb_new_attrs(tmp_ctx);
if (attrs == NULL) {
- DEBUG(1, ("sysdb_new_attrs failed.\n"));
- return ENOMEM;
+ DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_new_attrs failed.\n"));
+ ret = ENOMEM;
+ goto done;
}
do {
status = ctx->ops.getnetgrent_r(&result, buffer, BUFLEN, &ret);
- if (status != NSS_STATUS_SUCCESS && status != NSS_STATUS_RETURN) {
- DEBUG(1, ("getnetgrent_r failed for netgroup [%s]: [%d][%s].\n",
- name, ret, strerror(ret)));
+ if (status != NSS_STATUS_SUCCESS &&
+ status != NSS_STATUS_RETURN &&
+ status != NSS_STATUS_NOTFOUND) {
+ ret = handle_error(status, sysdb, name);
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("getnetgrent_r failed for netgroup [%s]: [%d][%s].\n",
+ name, ret, strerror(ret)));
goto done;
}
if (status == NSS_STATUS_SUCCESS) {
ret = make_netgroup_attr(result, attrs);
if (ret != EOK) {
- DEBUG(1, ("make_netgroup_attr failed.\n"));
+ DEBUG(SSSDBG_CRIT_FAILURE, ("make_netgroup_attr failed.\n"));
goto done;
}
}
- } while (status != NSS_STATUS_RETURN);
+ } while (status != NSS_STATUS_RETURN && status != NSS_STATUS_NOTFOUND);
status = ctx->ops.endnetgrent(&result);
if (status != NSS_STATUS_SUCCESS) {
- DEBUG(1, ("endnetgrent failed.\n"));
- ret = EIO;
+ DEBUG(SSSDBG_OP_FAILURE, ("endnetgrent failed.\n"));
+ ret = handle_error(status, sysdb, name);
goto done;
}
@@ -155,7 +201,7 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx,
!dom->case_sensitive,
dom->netgroup_timeout);
if (ret != EOK) {
- DEBUG(1, ("sysdb_add_netgroup failed.\n"));
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_add_netgroup failed.\n"));
goto done;
}
@@ -163,6 +209,5 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx,
done:
talloc_free(tmp_ctx);
-
return ret;
}