80 lines
3.4 KiB
Diff
80 lines
3.4 KiB
Diff
|
From d8006abd55f2ce0698e09213b8374e9071e70016 Mon Sep 17 00:00:00 2001
|
||
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
||
|
Date: Mon, 9 Mar 2015 17:25:48 +0100
|
||
|
Subject: [PATCH 23/99] NSS: Handle ENOENT when doing initgroups by UPN
|
||
|
|
||
|
https://fedorahosted.org/sssd/ticket/2598
|
||
|
|
||
|
We need to return an empty result in cases an initgroups lookup by UPN
|
||
|
doesn't return anything. Please note testing with "id user" is not
|
||
|
sufficient as id calls a getpwnam first.
|
||
|
|
||
|
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
||
|
---
|
||
|
src/responder/nss/nsssrv_cmd.c | 46 +++++++++++++++++++++++++-----------------
|
||
|
1 file changed, 28 insertions(+), 18 deletions(-)
|
||
|
|
||
|
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
|
||
|
index 19a6121d8cf0ccc1d6f9af797b2ac58a36df9e36..4c0e9414d2cdebe61fd91de06f4900f00904ef22 100644
|
||
|
--- a/src/responder/nss/nsssrv_cmd.c
|
||
|
+++ b/src/responder/nss/nsssrv_cmd.c
|
||
|
@@ -4062,27 +4062,37 @@ static int nss_cmd_initgroups_search(struct nss_dom_ctx *dctx)
|
||
|
|
||
|
if (cmdctx->name_is_upn) {
|
||
|
ret = sysdb_search_user_by_upn(cmdctx, dom, name, user_attrs, &msg);
|
||
|
- if (ret != EOK && ret != ENOENT) {
|
||
|
+ if (ret == ENOENT) {
|
||
|
+ dctx->res = talloc_zero(cmdctx, struct ldb_result);
|
||
|
+ if (dctx->res == NULL) {
|
||
|
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
|
||
|
+ return ENOMEM;
|
||
|
+ }
|
||
|
+
|
||
|
+ dctx->res->count = 0;
|
||
|
+ dctx->res->msgs = NULL;
|
||
|
+ ret = EOK;
|
||
|
+ } else if (ret != EOK) {
|
||
|
DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_upn failed.\n");
|
||
|
return ret;
|
||
|
- }
|
||
|
+ } else {
|
||
|
+ sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
|
||
|
+ if (sysdb_name == NULL) {
|
||
|
+ DEBUG(SSSDBG_OP_FAILURE,
|
||
|
+ "Sysdb entry does not have a name.\n");
|
||
|
+ return EINVAL;
|
||
|
+ }
|
||
|
|
||
|
- sysdb_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
|
||
|
- if (sysdb_name == NULL) {
|
||
|
- DEBUG(SSSDBG_OP_FAILURE,
|
||
|
- "Sysdb entry does not have a name.\n");
|
||
|
- return EINVAL;
|
||
|
- }
|
||
|
-
|
||
|
- ret = sysdb_initgroups(cmdctx, dom, sysdb_name, &dctx->res);
|
||
|
- if (ret == EOK && DOM_HAS_VIEWS(dom)) {
|
||
|
- for (c = 0; c < dctx->res->count; c++) {
|
||
|
- ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c],
|
||
|
- NULL, NULL);
|
||
|
- if (ret != EOK) {
|
||
|
- DEBUG(SSSDBG_OP_FAILURE,
|
||
|
- "sysdb_add_overrides_to_object failed.\n");
|
||
|
- return ret;
|
||
|
+ ret = sysdb_initgroups(cmdctx, dom, sysdb_name, &dctx->res);
|
||
|
+ if (ret == EOK && DOM_HAS_VIEWS(dom)) {
|
||
|
+ for (c = 0; c < dctx->res->count; c++) {
|
||
|
+ ret = sysdb_add_overrides_to_object(dom, dctx->res->msgs[c],
|
||
|
+ NULL, NULL);
|
||
|
+ if (ret != EOK) {
|
||
|
+ DEBUG(SSSDBG_OP_FAILURE,
|
||
|
+ "sysdb_add_overrides_to_object failed.\n");
|
||
|
+ return ret;
|
||
|
+ }
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
--
|
||
|
2.4.0
|
||
|
|