From d804bc1c08cd678ab032590846f764f8a7137afa Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Aug 22 2013 17:58:57 +0000 Subject: proxy: Allow initgroup to return NOTFOUND When the user is only member of its own primary group, initgroups_dyn may return NOTFOUND as, at least for the 'files' nss provider the code skips the passed in group. Resolves: https://fedorahosted.org/sssd/ticket/2051 --- diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index aae3ee8..86a11e8 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -939,6 +939,12 @@ static int get_gr_gid(TALLOC_CTX *mem_ctx, ret = handle_getgr_result(status, grp, dom, &delete_group); } while (ret == EAGAIN); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("getgrgid failed [%d]: %s\n", ret, strerror(ret))); + goto done; + } + if (delete_group) { DEBUG(SSSDBG_TRACE_FUNC, ("Group %d does not exist (or is invalid) on remote server," @@ -1285,6 +1291,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx, return ENOMEM; } + /* nss modules may skip the primary group when we pass it in so always add + * it in advance */ + gids[0] = pwd->pw_gid; + num_gids++; + /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ do { @@ -1310,6 +1321,11 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx, } while(status == NSS_STATUS_TRYAGAIN); switch (status) { + case NSS_STATUS_NOTFOUND: + DEBUG(SSSDBG_FUNC_DATA, ("The initgroups call returned 'NOTFOUND'. " + "Assume the user is only member of its " + "primary group (%d)\n", pwd->pw_gid)); + /* fall through */ case NSS_STATUS_SUCCESS: DEBUG(SSSDBG_CONF_SETTINGS, ("User [%s] appears to be member of %lu" "groups\n", pwd->pw_name, num_gids));