diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-03-09 11:22:48 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-03-09 15:10:33 -0500 |
commit | d544e31a44268408deb400464c6df604e6b3a780 (patch) | |
tree | 650021e11a2338f55881f7dff6f8e5dbb46aff53 /src/providers/proxy | |
parent | 0230a650e715328a286045b35532a61573798029 (diff) | |
download | sssd-d544e31a44268408deb400464c6df604e6b3a780.tar.gz sssd-d544e31a44268408deb400464c6df604e6b3a780.tar.xz sssd-d544e31a44268408deb400464c6df604e6b3a780.zip |
Fix netgroup error handlingsssd-1.8.0-12.el6
https://fedorahosted.org/sssd/ticket/1242
Handle empty elements in proxy netgroups:
Diffstat (limited to 'src/providers/proxy')
-rw-r--r-- | src/providers/proxy/proxy_netgroup.c | 85 |
1 files changed, 65 insertions, 20 deletions
diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c index 797f8c6b8..afc57ecbe 100644 --- a/src/providers/proxy/proxy_netgroup.c +++ b/src/providers/proxy/proxy_netgroup.c @@ -28,6 +28,8 @@ #define BUFLEN 1024 +#define get_triple_el(s) ((s) ? (s) : "") + static errno_t make_netgroup_attr(struct __netgrent netgrent, struct sysdb_attrs *attrs) { @@ -42,9 +44,10 @@ static errno_t make_netgroup_attr(struct __netgrent netgrent, return ret; } } else if (netgrent.type == triple_val) { - dummy = talloc_asprintf(attrs, "(%s,%s,%s)", netgrent.val.triple.host, - netgrent.val.triple.user, - netgrent.val.triple.domain); + dummy = talloc_asprintf(attrs, "(%s,%s,%s)", + get_triple_el(netgrent.val.triple.host), + get_triple_el(netgrent.val.triple.user), + get_triple_el(netgrent.val.triple.domain)); if (dummy == NULL) { DEBUG(1, ("talloc_asprintf failed.\n")); return ENOMEM; @@ -96,6 +99,41 @@ static errno_t save_netgroup(struct sysdb_ctx *sysdb, return EOK; } +static errno_t handle_error(enum nss_status status, + struct sysdb_ctx *sysdb, const char *name) +{ + errno_t ret; + + switch (status) { + case NSS_STATUS_SUCCESS: + DEBUG(SSSDBG_TRACE_INTERNAL, ("Netgroup lookup succeeded\n")); + ret = EOK; + break; + + case NSS_STATUS_NOTFOUND: + DEBUG(SSSDBG_MINOR_FAILURE, ("The netgroup was not found\n")); + ret = sysdb_delete_netgroup(sysdb, name); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot delete netgroup: %d\n", ret)); + ret = EIO; + } + break; + + case NSS_STATUS_UNAVAIL: + DEBUG(SSSDBG_TRACE_LIBS, + ("The proxy target did not respond, going offline\n")); + ret = ENXIO; + break; + + default: + DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected error looking up netgroup\n")); + ret = EIO; + break; + } + + return ret; +} + errno_t get_netgroup(struct proxy_id_ctx *ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *dom, @@ -105,49 +143,57 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx, enum nss_status status; char buffer[BUFLEN]; int ret; - TALLOC_CTX *tmp_ctx; + TALLOC_CTX *tmp_ctx = NULL; struct sysdb_attrs *attrs; - memset(&result, 0 ,sizeof(result)); + memset(&result, 0, sizeof(result)); status = ctx->ops.setnetgrent(name, &result); if (status != NSS_STATUS_SUCCESS) { - DEBUG(5, ("setnetgrent failed for netgroup [%s].\n", name)); - return EIO; + DEBUG(SSSDBG_OP_FAILURE, + ("setnetgrent failed for netgroup [%s].\n", name)); + ret = handle_error(status, sysdb, name); + goto done; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, ("talloc_new failed.\n")); - return ENOMEM; + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed.\n")); + ret = ENOMEM; + goto done; } attrs = sysdb_new_attrs(tmp_ctx); if (attrs == NULL) { - DEBUG(1, ("sysdb_new_attrs failed.\n")); - return ENOMEM; + DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_new_attrs failed.\n")); + ret = ENOMEM; + goto done; } do { status = ctx->ops.getnetgrent_r(&result, buffer, BUFLEN, &ret); - if (status != NSS_STATUS_SUCCESS && status != NSS_STATUS_RETURN) { - DEBUG(1, ("getnetgrent_r failed for netgroup [%s]: [%d][%s].\n", - name, ret, strerror(ret))); + if (status != NSS_STATUS_SUCCESS && + status != NSS_STATUS_RETURN && + status != NSS_STATUS_NOTFOUND) { + ret = handle_error(status, sysdb, name); + DEBUG(SSSDBG_OP_FAILURE, + ("getnetgrent_r failed for netgroup [%s]: [%d][%s].\n", + name, ret, strerror(ret))); goto done; } if (status == NSS_STATUS_SUCCESS) { ret = make_netgroup_attr(result, attrs); if (ret != EOK) { - DEBUG(1, ("make_netgroup_attr failed.\n")); + DEBUG(SSSDBG_CRIT_FAILURE, ("make_netgroup_attr failed.\n")); goto done; } } - } while (status != NSS_STATUS_RETURN); + } while (status != NSS_STATUS_RETURN && status != NSS_STATUS_NOTFOUND); status = ctx->ops.endnetgrent(&result); if (status != NSS_STATUS_SUCCESS) { - DEBUG(1, ("endnetgrent failed.\n")); - ret = EIO; + DEBUG(SSSDBG_OP_FAILURE, ("endnetgrent failed.\n")); + ret = handle_error(status, sysdb, name); goto done; } @@ -155,7 +201,7 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx, !dom->case_sensitive, dom->netgroup_timeout); if (ret != EOK) { - DEBUG(1, ("sysdb_add_netgroup failed.\n")); + DEBUG(SSSDBG_OP_FAILURE, ("sysdb_add_netgroup failed.\n")); goto done; } @@ -163,6 +209,5 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx, done: talloc_free(tmp_ctx); - return ret; } |