diff options
author | Simo Sorce <simo@redhat.com> | 2013-08-21 10:11:30 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-22 19:58:57 +0200 |
commit | d804bc1c08cd678ab032590846f764f8a7137afa (patch) | |
tree | aa3ea0bcc1cc8961509a14741f8163d67ef2239a /src/providers | |
parent | 9eae161c281c946c7b60f8033a7a45650cee125d (diff) | |
download | sssd-d804bc1c08cd678ab032590846f764f8a7137afa.tar.gz sssd-d804bc1c08cd678ab032590846f764f8a7137afa.tar.xz sssd-d804bc1c08cd678ab032590846f764f8a7137afa.zip |
proxy: Allow initgroup to return NOTFOUND
When the user is only member of its own primary group, initgroups_dyn may
return NOTFOUND as, at least for the 'files' nss provider the code skips the
passed in group.
Resolves:
https://fedorahosted.org/sssd/ticket/2051
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/proxy/proxy_id.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index aae3ee8f4..86a11e875 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -939,6 +939,12 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx, ret = handle_getgr_result(status, grp, dom, &delete_group); } while (ret == EAGAIN); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("getgrgid failed [%d]: %s\n", ret, strerror(ret))); + goto done; + } + if (delete_group) { DEBUG(SSSDBG_TRACE_FUNC, ("Group %d does not exist (or is invalid) on remote server," @@ -1285,6 +1291,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx, return ENOMEM; } + /* nss modules may skip the primary group when we pass it in so always add + * it in advance */ + gids[0] = pwd->pw_gid; + num_gids++; + /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ do { @@ -1310,6 +1321,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx, } while(status == NSS_STATUS_TRYAGAIN); switch (status) { + case NSS_STATUS_NOTFOUND: + DEBUG(SSSDBG_FUNC_DATA, ("The initgroups call returned 'NOTFOUND'. " + "Assume the user is only member of its " + "primary group (%d)\n", pwd->pw_gid)); + /* fall through */ case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_CONF_SETTINGS, ("User [%s] appears to be member of %lu" "groups\n", pwd->pw_name, num_gids)); |