Issue #4071: sss_nfs_[ug]id_to_name not properly respecting the libnfsidmap interface - sssd

SSSD / sssd

#4071 sss_nfs_[ug]id_to_name not properly respecting the libnfsidmap interface

Closed: cloned-to-github 5 years ago by pbrezina. Opened 5 years ago by realrichardsharpe.

In the current code downloaded from github I see the following function:

src/sss_client/nfs/sss_nfs_client.c:sss_nfs_uid_to_name:

static int sss_nfs_uid_to_name(uid_t uid, char *domain, char *name, size_t len)
{
    int rc;

    if (name == NULL) {
        IDMAP_LOG(0, ("%s: name is null", __func__));
        return -EINVAL;
    }

    rc = get_user_from_mc(name, len, uid);
    if (rc != 0) {
        rc = id_to_name(name, len, uid, SSS_NSS_GETPWUID);
    }

    log_actual_rc(__func__, rc);
    rc = normalise_rc(rc);

    return -rc;
}

The code does nothing with the domain parameter, however, the
interface requirement is that if an unqualified name is to be
returned, perhaps from /etc/passwd, if domain is non null, it should
be appended to the name to be returned preceded by an '@'.

Eg, administrators@localhost.

The same goes for sss_nfs_gid_to_name.

See, for example, nfs-utils:support/nfsidmap/nss.c:nss_uid_to_name
which calls write_name to handle appending the local domain name
passed in if one is not present.

A possible solution is:

--- a/src/sss_client/nfs/sss_nfs_client.c.orig  2019-08-21 22:23:08.092929457
+0000
+++ a/src/sss_client/nfs/sss_nfs_client.c       2019-08-21 22:23:13.798820088
+0000
@@ -512,6 +512,18 @@
     return -rc;
 }

+static int append_domain_if_needed(char *dest, char *domain, size_t len)
+{
+    if (dest[0] && !strchr(dest, '@')) {
+        if (strlen(dest) + 1 + strlen(domain) + 1 > len)
+            return -ENAMETOOLONG;
+        strcat(dest, "@");
+        strcat(dest, domain);
+    }
+
+    return 0;
+}
+
 static int sss_nfs_uid_to_name(uid_t uid, char *domain, char *name, size_t le
n)
 {
     int rc;
@@ -526,6 +538,9 @@
         rc = id_to_name(name, len, uid, SSS_NSS_GETPWUID);
     }

+    /* do we have to add the default domain? */
+    rc = append_domain_if_needed(name, domain, len);
+
     log_actual_rc(__func__, rc);
     rc = normalise_rc(rc);

@@ -546,6 +561,9 @@
         rc = id_to_name(name, len, gid, SSS_NSS_GETGRGID);
     }

+    /* do we have to add the default domain? */
+    rc = append_domain_if_needed(name, domain, len);
+
     log_actual_rc(__func__, rc);
     rc = normalise_rc(rc);

Metadata Update from @thalman:
- Issue tagged with: Future milestone

5 years ago

pbrezina commented 5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/5039

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

5 years ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

Priority

minor

Milestone

None

type

None

component

None

version

None

selected

None

testsupdated

None

patch

None

rhbz

None

design_review

None

review

None

changelog

None

keywords

None

coverity

None

mark

None

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#4071 sss_nfs_[ug]id_to_name not properly respecting the libnfsidmap interface Closed: cloned-to-github 5 years ago by pbrezina. Opened 5 years ago by realrichardsharpe.

Metadata

Future milestone

#4071 sss_nfs_[ug]id_to_name not properly respecting the libnfsidmap interface

Closed: cloned-to-github 5 years ago by pbrezina. Opened 5 years ago by realrichardsharpe.