summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-08-21 10:11:30 -0400
committerJakub Hrozek <jhrozek@redhat.com>2013-11-20 16:42:56 +0100
commit6e56e7dad20985685f74e0f79de0651ec6ad58d7 (patch)
tree697dc39a19f77734eeb501307982c20c296d9001
parentc18f84fe65b53e40e5f2ab76aac29d51167807e6 (diff)
downloadsssd-6e56e7dad20985685f74e0f79de0651ec6ad58d7.tar.gz
sssd-6e56e7dad20985685f74e0f79de0651ec6ad58d7.tar.xz
sssd-6e56e7dad20985685f74e0f79de0651ec6ad58d7.zip
proxy: Allow initgroup to return NOTFOUND
When the user is only member of its own primary group, initgroups_dyn may return NOTFOUND as, at least for the 'files' nss provider the code skips the passed in group. Resolves: https://fedorahosted.org/sssd/ticket/2051
-rw-r--r--src/providers/proxy/proxy_id.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index a0d6770c5..120946b7d 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -933,6 +933,12 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx,
ret = handle_getgr_result(status, grp, dom, &delete_group);
} while (ret == EAGAIN);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("getgrgid failed [%d]: %s\n", ret, strerror(ret)));
+ goto done;
+ }
+
if (delete_group) {
DEBUG(SSSDBG_TRACE_FUNC,
("Group %d does not exist (or is invalid) on remote server,"
@@ -1279,6 +1285,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx,
return ENOMEM;
}
+ /* nss modules may skip the primary group when we pass it in so always add
+ * it in advance */
+ gids[0] = pwd->pw_gid;
+ num_gids++;
+
/* FIXME: should we move this call outside the transaction to keep the
* transaction as short as possible ? */
do {
@@ -1304,6 +1315,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx,
} while(status == NSS_STATUS_TRYAGAIN);
switch (status) {
+ case NSS_STATUS_NOTFOUND:
+ DEBUG(SSSDBG_FUNC_DATA, ("The initgroups call returned 'NOTFOUND'. "
+ "Assume the user is only member of its "
+ "primary group (%d)\n", pwd->pw_gid));
+ /* fall through */
case NSS_STATUS_SUCCESS:
DEBUG(SSSDBG_CONF_SETTINGS, ("User [%s] appears to be member of %lu"
"groups\n", pwd->pw_name, num_gids));