[SSSD] [PATCHES] Two proxy provider issues

Wed, 15 Jun 2011 03:44:30 -0700 

Hi,

Kaushik found missleading error messages in the proxy provider if the
user is not a member of any secondary groups. Currently we send back the
errno value returned in the last argument of the external
initgroups_dyn() which seems to be undefined if the call itself returns
NSS_STATUS_SUCCESS. To be on the safe side I think we should set it
explicitly. Additionaly patch 0002 makes sure that we print this errno
value in the debug message in case of an error and not always EIO.

While trying to reproduce this issued I found that libsss_util is needed
to run the proxy provider and fixed this with patch 0001.

bye,
Sumit

From f633a1b3da74d8d5f964af79e4ac9fcf317fbb26 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 15 Jun 2011 10:51:37 +0200
Subject: [PATCH 1/2] Add missing libsss_util to proxy provider

---
 Makefile.am |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 8bde56b..b8423ba 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -806,6 +806,7 @@ libsss_proxy_la_SOURCES = \
 libsss_proxy_la_CFLAGS = \
     $(AM_CFLAGS)
 libsss_proxy_la_LIBADD = \
+    libsss_util.la \
     $(PAM_LIBS)
 libsss_proxy_la_LDFLAGS = \
     -avoid-version \
-- 
1.7.5.2


From 58324933274e5953268f0e6f5241e2f424dcb603 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Tue, 14 Jun 2011 18:13:18 +0200
Subject: [PATCH 2/2] Fix proxy provider return code for secondary missing
 groups

---
 src/providers/proxy/proxy_id.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index 3df2106..5ce9095 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -1026,12 +1026,14 @@ again:
                 return ret;
             }
         }
+        ret = EOK;
+
         break;
 
     default:
-        ret = EIO;
         DEBUG(2, ("proxy -> initgroups_dyn failed (%d)[%s]\n",
                   ret, strerror(ret)));
+        ret = EIO;
         break;
     }
 
-- 
1.7.5.2


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to