diff options
author | Simo Sorce <simo@redhat.com> | 2013-08-21 10:11:30 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-22 19:57:54 +0200 |
commit | 66d1f565dfb39325ab7daa264b5795b1f348756e (patch) | |
tree | ade59d6a1b29b78a1f7e1d06cd2d0d5555d58f5a | |
parent | 1f7fb30cc25765e54841e5d5f4192c12e3b29a16 (diff) | |
download | sssd-66d1f565dfb39325ab7daa264b5795b1f348756e.tar.gz sssd-66d1f565dfb39325ab7daa264b5795b1f348756e.tar.xz sssd-66d1f565dfb39325ab7daa264b5795b1f348756e.zip |
proxy: Allow initgroup to return NOTFOUND
When the user is only member of its own primary group, initgroups_dyn may
return NOTFOUND as, at least for the 'files' nss provider the code skips the
passed in group.
Resolves:
https://fedorahosted.org/sssd/ticket/2051
-rw-r--r-- | src/providers/proxy/proxy_id.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index aae3ee8f4..86a11e875 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -939,6 +939,12 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx, ret = handle_getgr_result(status, grp, dom, &delete_group); } while (ret == EAGAIN); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("getgrgid failed [%d]: %s\n", ret, strerror(ret))); + goto done; + } + if (delete_group) { DEBUG(SSSDBG_TRACE_FUNC, ("Group %d does not exist (or is invalid) on remote server," @@ -1285,6 +1291,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx, return ENOMEM; } + /* nss modules may skip the primary group when we pass it in so always add + * it in advance */ + gids[0] = pwd->pw_gid; + num_gids++; + /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ do { @@ -1310,6 +1321,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx, } while(status == NSS_STATUS_TRYAGAIN); switch (status) { + case NSS_STATUS_NOTFOUND: + DEBUG(SSSDBG_FUNC_DATA, ("The initgroups call returned 'NOTFOUND'. " + "Assume the user is only member of its " + "primary group (%d)\n", pwd->pw_gid)); + /* fall through */ case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_CONF_SETTINGS, ("User [%s] appears to be member of %lu" "groups\n", pwd->pw_name, num_gids)); |