[SSSD] Fix proxy backend initgroups_dyn code

Simo Sorce Wed, 21 Aug 2013 08:51:27 -0700

Tested fix for #2051 and seem to work.

However it just occurred to me we may always want to check if pwd.pw_gid
is listed in the gids returned and add it if not ?


Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

>From 37cd3db881e12c5b630ae3b55ff112920c164a7d Mon Sep 17 00:00:00 2001
From: Simo Sorce <[email protected]>
Date: Wed, 21 Aug 2013 10:11:30 -0400
Subject: [PATCH] proxy: Allow initgroup to return NOTFOUND

When the user is only member of its own primary group, initgroups_dyn may
return NOTFOUND as, at least for the 'files' nss provider the code skips the
passed in group.

Resolves:
https://fedorahosted.org/sssd/ticket/2051
---
 src/providers/proxy/proxy_id.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index aae3ee8f4e29e16e49d9b588d6da5ee8310c7f91..dee397af6b115c61a913f51d45c563dfedd8c361 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -1310,6 +1310,13 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx,
     } while(status == NSS_STATUS_TRYAGAIN);
 
     switch (status) {
+    case NSS_STATUS_NOTFOUND:
+        DEBUG(SSSDBG_CONF_SETTINGS, ("The initgroups call returned 'NOTFOUND'."
+                                     " Assume the user is only member of its"
+                                     " primary group (%d)\n", pwd->pw_gid));
+        gids[0] = pwd->pw_gid;
+        num_gids = 1;
+        /* fall through */
     case NSS_STATUS_SUCCESS:
         DEBUG(SSSDBG_CONF_SETTINGS, ("User [%s] appears to be member of %lu"
                     "groups\n", pwd->pw_name, num_gids));
-- 
1.8.3.1

_______________________________________________
sssd-devel mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

[SSSD] Fix proxy backend initgroups_dyn code

Reply via email to