122 lines
5.1 KiB
Diff
122 lines
5.1 KiB
Diff
From cffe6e09c6b4cd8afa049365bbd432ace5d2a9d9 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Thu, 26 Oct 2023 14:09:48 +0200
|
|
Subject: [PATCH] nssidmap: fix sss_nss_getgrouplist_timeout() with empty
|
|
secondary group list
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
sss_nss_getgrouplist_timeout() is intended as a replacement for
|
|
getgrouplist() which only gets secondary groups from SSSD. Currently it
|
|
returns an ENOENT error if there are no secondary groups returned by
|
|
SSSD. However, as with getgrouplist(), there is the second parameter
|
|
which expects a single GID which will be added to the result. This means
|
|
that sss_nss_getgrouplist_timeout() will always return at least this GID
|
|
as a result and an ENOENT error does not make sense.
|
|
|
|
With this patch sss_nss_getgrouplist_timeout() will not return an error
|
|
anymore if there are no secondary groups but just a result with the
|
|
single GID from the second parameter.
|
|
|
|
Reviewed-by: Alejandro López <allopez@redhat.com>
|
|
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
|
---
|
|
src/sss_client/idmap/sss_nss_ex.c | 5 ++--
|
|
src/tests/cmocka/sss_nss_idmap-tests.c | 32 ++++++++++++++++++++++++++
|
|
2 files changed, 35 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c
|
|
index b5230d6b7..24e2a6be9 100644
|
|
--- a/src/sss_client/idmap/sss_nss_ex.c
|
|
+++ b/src/sss_client/idmap/sss_nss_ex.c
|
|
@@ -241,8 +241,9 @@ static int sss_get_ex(struct nss_input *inp, uint32_t flags,
|
|
/* Get number of results from repbuf. */
|
|
SAFEALIGN_COPY_UINT32(&num_results, repbuf, NULL);
|
|
|
|
- /* no results if not found */
|
|
- if (num_results == 0) {
|
|
+ /* no results if not found, INITGR requests are handled separately */
|
|
+ if (num_results == 0 && inp->cmd != SSS_NSS_INITGR
|
|
+ && inp->cmd != SSS_NSS_INITGR_EX) {
|
|
ret = ENOENT;
|
|
goto out;
|
|
}
|
|
diff --git a/src/tests/cmocka/sss_nss_idmap-tests.c b/src/tests/cmocka/sss_nss_idmap-tests.c
|
|
index 880bab0e5..30b24a57e 100644
|
|
--- a/src/tests/cmocka/sss_nss_idmap-tests.c
|
|
+++ b/src/tests/cmocka/sss_nss_idmap-tests.c
|
|
@@ -30,6 +30,7 @@
|
|
#include "util/util.h"
|
|
#include "util/sss_endian.h"
|
|
|
|
+#define IPA_389DS_PLUGIN_HELPER_CALLS 1
|
|
#include "sss_client/idmap/sss_nss_idmap.h"
|
|
#include "tests/cmocka/common_mock.h"
|
|
|
|
@@ -50,6 +51,8 @@ uint8_t buf3[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x
|
|
uint8_t buf4[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 'x'};
|
|
|
|
uint8_t buf_orig1[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 'k', 'e', 'y', 0x00, 'v', 'a', 'l', 'u', 'e', 0x00};
|
|
+
|
|
+uint8_t buf_initgr[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xde, 0x00, 0x00, 0x00};
|
|
#elif (__BYTE_ORDER == __BIG_ENDIAN)
|
|
uint8_t buf1[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 0x00};
|
|
uint8_t buf2[] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 0x00};
|
|
@@ -57,10 +60,14 @@ uint8_t buf3[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x
|
|
uint8_t buf4[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 'x'};
|
|
|
|
uint8_t buf_orig1[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 'k', 'e', 'y', 0x00, 'v', 'a', 'l', 'u', 'e', 0x00};
|
|
+
|
|
+uint8_t buf_initgr[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xde};
|
|
#else
|
|
#error "unknow endianess"
|
|
#endif
|
|
|
|
+uint8_t buf_initgr_no_gr[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
|
|
+
|
|
enum nss_status __wrap_sss_nss_make_request_timeout(enum sss_cli_command cmd,
|
|
struct sss_cli_req_data *rd,
|
|
int timeout,
|
|
@@ -148,12 +155,37 @@ void test_getorigbyname(void **state)
|
|
sss_nss_free_kv(kv_list);
|
|
}
|
|
|
|
+void test_sss_nss_getgrouplist_timeout(void **state)
|
|
+{
|
|
+ int ret;
|
|
+ gid_t groups[10];
|
|
+ int ngroups = sizeof(groups);
|
|
+ struct sss_nss_make_request_test_data d = {buf_initgr, sizeof(buf_initgr), 0, NSS_STATUS_SUCCESS};
|
|
+
|
|
+ will_return(__wrap_sss_nss_make_request_timeout, &d);
|
|
+ ret = sss_nss_getgrouplist_timeout("test", 111, groups, &ngroups, 0, 0);
|
|
+ assert_int_equal(ret, EOK);
|
|
+ assert_int_equal(ngroups, 2);
|
|
+ assert_int_equal(groups[0], 111);
|
|
+ assert_int_equal(groups[1], 222);
|
|
+
|
|
+ d.repbuf = buf_initgr_no_gr;
|
|
+ d.replen = sizeof(buf_initgr_no_gr);
|
|
+
|
|
+ will_return(__wrap_sss_nss_make_request_timeout, &d);
|
|
+ ret = sss_nss_getgrouplist_timeout("test", 111, groups, &ngroups, 0, 0);
|
|
+ assert_int_equal(ret, EOK);
|
|
+ assert_int_equal(ngroups, 1);
|
|
+ assert_int_equal(groups[0], 111);
|
|
+}
|
|
+
|
|
int main(int argc, const char *argv[])
|
|
{
|
|
|
|
const struct CMUnitTest tests[] = {
|
|
cmocka_unit_test(test_getsidbyname),
|
|
cmocka_unit_test(test_getorigbyname),
|
|
+ cmocka_unit_test(test_sss_nss_getgrouplist_timeout),
|
|
};
|
|
|
|
return cmocka_run_group_tests(tests, NULL, NULL);
|
|
--
|
|
2.33.0
|
|
|