#2051 Do not fail if initgroups returns NOT_FOUND
Closed: Fixed None Opened 5 years ago by simo.

I was testing with id_provider = proxy and the files nss lib.
When trying to login we do an initgroups_dyn call to determine the group list.
This is done passing the user's primary group as an argument.
In this case glibc skips the user's group when it looks it up, resulting in the call returning NSS_STATUS_NOTFOUND if the user is member only of that specific group.
In this case we should not fail but simply consider that only group being available to be the user's primary group as returned by getpwnam.

As a temporary workaround I added the user to a new group and initgroups 'started working' again .


Fields changed

description: I was testing with id_provider = proxy and the files nss lib.
When trying to login we do an initgroups_dyn call to determine the group list.
This is done passing the user's primary group as an argument.
In this case glibc skips the user's group when it looks it up, resulting in the call returning NSS_STATUS+NOTFOUND if the user is member only of that specific group.
In this case we should not fail but simply consider that only group being available to be the user's primary group as returned by getpwnam.

As a temporary workaround I added the user to a new group and initgroups 'started working' again . => I was testing with id_provider = proxy and the files nss lib.
When trying to login we do an initgroups_dyn call to determine the group list.
This is done passing the user's primary group as an argument.
In this case glibc skips the user's group when it looks it up, resulting in the call returning NSS_STATUS_NOTFOUND if the user is member only of that specific group.
In this case we should not fail but simply consider that only group being available to be the user's primary group as returned by getpwnam.

As a temporary workaround I added the user to a new group and initgroups 'started working' again .

Fields changed

owner: somebody => simo
status: new => assigned

This patch is untested but should work.

patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10.2

resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: SSSD 1.10.2

2 years ago

Login to comment on this ticket.

Metadata