Handle non-POSIX groups in nestingsssd-1.5.1-40.el6

Added sysdb_attrs_get_bool() function

Non-posix group processing - sysdb changes

Non-posix group processing - ldap provider and nss responder

1 files changed, 11 insertions, 3 deletions

diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index 74c56a311..db7edd023 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -2922,6 +2922,8 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res)
     size_t blen;
     gid_t gid;
     int ret, i, num;
+    int skipped = 0;
+    const char *posix;
 
     if (res->count == 0) {
         return ENOENT;
@@ -2939,14 +2941,20 @@ static int fill_initgr(struct sss_packet *packet, struct ldb_result *res)
     /* skip first entry, it's the user entry */
     for (i = 0; i < num; i++) {
         gid = ldb_msg_find_attr_as_uint64(res->msgs[i + 1], SYSDB_GIDNUM, 0);
+        posix = ldb_msg_find_attr_as_string(res->msgs[i + 1], SYSDB_POSIX, NULL);
         if (!gid) {
-            DEBUG(1, ("Incomplete group object for initgroups! Aborting\n"));
-            return EFAULT;
+            if (posix && strcmp(posix, "FALSE") == 0) {
+                skipped++;
+                continue;
+            } else {
+                DEBUG(1, ("Incomplete group object for initgroups! Aborting\n"));
+                return EFAULT;
+            }
         }
         ((uint32_t *)body)[2 + i] = gid;
     }
 
-    ((uint32_t *)body)[0] = num; /* num results */
+    ((uint32_t *)body)[0] = num-skipped; /* num results */
     ((uint32_t *)body)[1] = 0; /* reserved */
 
     return EOK;