From d544e31a44268408deb400464c6df604e6b3a780 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 9 Mar 2012 11:22:48 -0500
Subject: Fix netgroup error handling

https://fedorahosted.org/sssd/ticket/1242

Handle empty elements in proxy netgroups:
---
 src/providers/proxy/proxy_netgroup.c | 85 +++++++++++++++++++++++++++---------
 1 file changed, 65 insertions(+), 20 deletions(-)

diff --git a/src/providers/proxy/proxy_netgroup.c b/src/providers/proxy/proxy_netgroup.c
index 797f8c6b8..afc57ecbe 100644
--- a/src/providers/proxy/proxy_netgroup.c
+++ b/src/providers/proxy/proxy_netgroup.c
@@ -28,6 +28,8 @@
 
 #define BUFLEN  1024
 
+#define get_triple_el(s) ((s) ? (s) : "")
+
 static errno_t make_netgroup_attr(struct __netgrent netgrent,
                                   struct sysdb_attrs *attrs)
 {
@@ -42,9 +44,10 @@ static errno_t make_netgroup_attr(struct __netgrent netgrent,
             return ret;
         }
     } else if (netgrent.type == triple_val) {
-        dummy = talloc_asprintf(attrs, "(%s,%s,%s)", netgrent.val.triple.host,
-                                netgrent.val.triple.user,
-                                netgrent.val.triple.domain);
+        dummy = talloc_asprintf(attrs, "(%s,%s,%s)",
+                                get_triple_el(netgrent.val.triple.host),
+                                get_triple_el(netgrent.val.triple.user),
+                                get_triple_el(netgrent.val.triple.domain));
         if (dummy == NULL) {
             DEBUG(1, ("talloc_asprintf failed.\n"));
             return ENOMEM;
@@ -96,6 +99,41 @@ static errno_t save_netgroup(struct sysdb_ctx *sysdb,
     return EOK;
 }
 
+static errno_t handle_error(enum nss_status status,
+                            struct sysdb_ctx *sysdb, const char *name)
+{
+    errno_t ret;
+
+    switch (status) {
+    case NSS_STATUS_SUCCESS:
+        DEBUG(SSSDBG_TRACE_INTERNAL, ("Netgroup lookup succeeded\n"));
+        ret = EOK;
+        break;
+
+    case NSS_STATUS_NOTFOUND:
+        DEBUG(SSSDBG_MINOR_FAILURE, ("The netgroup was not found\n"));
+        ret = sysdb_delete_netgroup(sysdb, name);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot delete netgroup: %d\n", ret));
+            ret = EIO;
+        }
+        break;
+
+    case NSS_STATUS_UNAVAIL:
+        DEBUG(SSSDBG_TRACE_LIBS,
+              ("The proxy target did not respond, going offline\n"));
+        ret = ENXIO;
+        break;
+
+    default:
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unexpected error looking up netgroup\n"));
+        ret = EIO;
+        break;
+    }
+
+    return ret;
+}
+
 errno_t get_netgroup(struct proxy_id_ctx *ctx,
                      struct sysdb_ctx *sysdb,
                      struct sss_domain_info *dom,
@@ -105,49 +143,57 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx,
     enum nss_status status;
     char buffer[BUFLEN];
     int ret;
-    TALLOC_CTX *tmp_ctx;
+    TALLOC_CTX *tmp_ctx = NULL;
     struct sysdb_attrs *attrs;
 
-    memset(&result, 0 ,sizeof(result));
+    memset(&result, 0, sizeof(result));
     status = ctx->ops.setnetgrent(name, &result);
     if (status != NSS_STATUS_SUCCESS) {
-        DEBUG(5, ("setnetgrent failed for netgroup [%s].\n", name));
-        return EIO;
+        DEBUG(SSSDBG_OP_FAILURE,
+              ("setnetgrent failed for netgroup [%s].\n", name));
+        ret = handle_error(status, sysdb, name);
+        goto done;
     }
 
     tmp_ctx = talloc_new(NULL);
     if (tmp_ctx == NULL) {
-        DEBUG(1, ("talloc_new failed.\n"));
-        return ENOMEM;
+        DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new failed.\n"));
+        ret = ENOMEM;
+        goto done;
     }
 
     attrs = sysdb_new_attrs(tmp_ctx);
     if (attrs == NULL) {
-        DEBUG(1, ("sysdb_new_attrs failed.\n"));
-        return ENOMEM;
+        DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_new_attrs failed.\n"));
+        ret = ENOMEM;
+        goto done;
     }
 
     do {
         status = ctx->ops.getnetgrent_r(&result, buffer, BUFLEN, &ret);
-        if (status != NSS_STATUS_SUCCESS && status != NSS_STATUS_RETURN) {
-            DEBUG(1, ("getnetgrent_r failed for netgroup [%s]: [%d][%s].\n",
-                      name, ret, strerror(ret)));
+        if (status != NSS_STATUS_SUCCESS &&
+            status != NSS_STATUS_RETURN &&
+            status != NSS_STATUS_NOTFOUND) {
+            ret = handle_error(status, sysdb, name);
+            DEBUG(SSSDBG_OP_FAILURE,
+                  ("getnetgrent_r failed for netgroup [%s]: [%d][%s].\n",
+                   name, ret, strerror(ret)));
             goto done;
         }
 
         if (status == NSS_STATUS_SUCCESS) {
             ret = make_netgroup_attr(result, attrs);
             if (ret != EOK) {
-                DEBUG(1, ("make_netgroup_attr failed.\n"));
+                DEBUG(SSSDBG_CRIT_FAILURE, ("make_netgroup_attr failed.\n"));
                 goto done;
             }
         }
-    } while (status != NSS_STATUS_RETURN);
+    } while (status != NSS_STATUS_RETURN && status != NSS_STATUS_NOTFOUND);
 
     status = ctx->ops.endnetgrent(&result);
     if (status != NSS_STATUS_SUCCESS) {
-        DEBUG(1, ("endnetgrent failed.\n"));
-        ret = EIO;
+        DEBUG(SSSDBG_OP_FAILURE, ("endnetgrent failed.\n"));
+        ret = handle_error(status, sysdb, name);
         goto done;
     }
 
@@ -155,7 +201,7 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx,
                         !dom->case_sensitive,
                         dom->netgroup_timeout);
     if (ret != EOK) {
-        DEBUG(1, ("sysdb_add_netgroup failed.\n"));
+        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_add_netgroup failed.\n"));
         goto done;
     }
 
@@ -163,6 +209,5 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx,
 
 done:
     talloc_free(tmp_ctx);
-
     return ret;
 }
-- 
cgit