summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-08-21 10:11:30 -0400
committerJakub Hrozek <jhrozek@redhat.com>2013-08-22 19:57:54 +0200
commit66d1f565dfb39325ab7daa264b5795b1f348756e (patch)
treeade59d6a1b29b78a1f7e1d06cd2d0d5555d58f5a
parent1f7fb30cc25765e54841e5d5f4192c12e3b29a16 (diff)
downloadsssd-66d1f565dfb39325ab7daa264b5795b1f348756e.tar.gz
sssd-66d1f565dfb39325ab7daa264b5795b1f348756e.tar.xz
sssd-66d1f565dfb39325ab7daa264b5795b1f348756e.zip
proxy: Allow initgroup to return NOTFOUND
When the user is only member of its own primary group, initgroups_dyn may return NOTFOUND as, at least for the 'files' nss provider the code skips the passed in group. Resolves: https://fedorahosted.org/sssd/ticket/2051
-rw-r--r--src/providers/proxy/proxy_id.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index aae3ee8f4..86a11e875 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -939,6 +939,12 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx,
ret = handle_getgr_result(status, grp, dom, &delete_group);
} while (ret == EAGAIN);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("getgrgid failed [%d]: %s\n", ret, strerror(ret)));
+ goto done;
+ }
+
if (delete_group) {
DEBUG(SSSDBG_TRACE_FUNC,
("Group %d does not exist (or is invalid) on remote server,"
@@ -1285,6 +1291,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx,
return ENOMEM;
}
+ /* nss modules may skip the primary group when we pass it in so always add
+ * it in advance */
+ gids[0] = pwd->pw_gid;
+ num_gids++;
+
/* FIXME: should we move this call outside the transaction to keep the
* transaction as short as possible ? */
do {
@@ -1310,6 +1321,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx,
} while(status == NSS_STATUS_TRYAGAIN);
switch (status) {
+ case NSS_STATUS_NOTFOUND:
+ DEBUG(SSSDBG_FUNC_DATA, ("The initgroups call returned 'NOTFOUND'. "
+ "Assume the user is only member of its "
+ "primary group (%d)\n", pwd->pw_gid));
+ /* fall through */
case NSS_STATUS_SUCCESS:
DEBUG(SSSDBG_CONF_SETTINGS, ("User [%s] appears to be member of %lu"
"groups\n", pwd->pw_name, num_gids));