#4071 sss_nfs_[ug]id_to_name not properly respecting the libnfsidmap interface
Opened 6 months ago by realrichardsharpe. Modified 6 months ago

In the current code downloaded from github I see the following function:

src/sss_client/nfs/sss_nfs_client.c:sss_nfs_uid_to_name:

static int sss_nfs_uid_to_name(uid_t uid, char *domain, char *name, size_t len)
{
    int rc;

    if (name == NULL) {
        IDMAP_LOG(0, ("%s: name is null", __func__));
        return -EINVAL;
    }

    rc = get_user_from_mc(name, len, uid);
    if (rc != 0) {
        rc = id_to_name(name, len, uid, SSS_NSS_GETPWUID);
    }

    log_actual_rc(__func__, rc);
    rc = normalise_rc(rc);

    return -rc;
}

The code does nothing with the domain parameter, however, the
interface requirement is that if an unqualified name is to be
returned, perhaps from /etc/passwd, if domain is non null, it should
be appended to the name to be returned preceded by an '@'.

Eg, administrators@localhost.

The same goes for sss_nfs_gid_to_name.

See, for example, nfs-utils:support/nfsidmap/nss.c:nss_uid_to_name
which calls write_name to handle appending the local domain name
passed in if one is not present.

A possible solution is:

--- a/src/sss_client/nfs/sss_nfs_client.c.orig  2019-08-21 22:23:08.092929457
+0000
+++ a/src/sss_client/nfs/sss_nfs_client.c       2019-08-21 22:23:13.798820088
+0000
@@ -512,6 +512,18 @@
     return -rc;
 }

+static int append_domain_if_needed(char *dest, char *domain, size_t len)
+{
+    if (dest[0] && !strchr(dest, '@')) {
+        if (strlen(dest) + 1 + strlen(domain) + 1 > len)
+            return -ENAMETOOLONG;
+        strcat(dest, "@");
+        strcat(dest, domain);
+    }
+
+    return 0;
+}
+
 static int sss_nfs_uid_to_name(uid_t uid, char *domain, char *name, size_t le
n)
 {
     int rc;
@@ -526,6 +538,9 @@
         rc = id_to_name(name, len, uid, SSS_NSS_GETPWUID);
     }

+    /* do we have to add the default domain? */
+    rc = append_domain_if_needed(name, domain, len);
+
     log_actual_rc(__func__, rc);
     rc = normalise_rc(rc);

@@ -546,6 +561,9 @@
         rc = id_to_name(name, len, gid, SSS_NSS_GETGRGID);
     }

+    /* do we have to add the default domain? */
+    rc = append_domain_if_needed(name, domain, len);
+
     log_actual_rc(__func__, rc);
     rc = normalise_rc(rc);

Login to comment on this ticket.

Metadata