Subject: pkg/32988: Bug in databases/nss_ldap
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <thesing@cs.uni-sb.de>
List: pkgsrc-bugs
Date: 03/04/2006 12:40:01
>Number: 32988
>Category: pkg
>Synopsis: databases/nss_ldap gives wrong results if used in conjunction with `files'
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Mar 04 12:40:01 +0000 2006
>Originator: Stephan Thesing
>Release: NetBSD 3.99.15
>Organization:
= Tel.: +49-681-302-5571 = Universitaet des Saarlandes =
= Fax.: +49-681-302-3065 = Postfach 15 11 50 =
= Compiler Research Group = 66041 Saarbruecken =
= FR 6.2 - Informatik = GERMANY =
>Environment:
System: NetBSD gargoyle.cs.uni-sb.de 3.99.15 NetBSD 3.99.15 (Gargoyle (19012006) ST) #2: Tue Feb 14 09:59:13 CET 2006 thesing@gargoyle.cs.uni-sb.de:/local/thesing/netbsd/current/obj/sys/arch/i386/compile.i386/Gargoyle i386
Architecture: i386
Machine: i386
>Description:
the databases/nss_ldap package provides support for using LDAP based account information for
the nsswitch facility.
The NetBSD glue in files/netbsd.c has a bug that returns garbage for group ids if /etc/nsswitch.conf
contains something like `group: files ldap' upon using the "getgroupmembership" functionality.
The nsswitch facility in this case first fetches all groups for a user from /etc/group and then should
_add_ the groups from the LDAP directory to the list.
files/netbsd.c correctly starts to put LDAP groups into the array of gid_t s provided but fails to
copy the already present gid_t's (from files), so garbage is returned in those slots finally.
In addition, netbsd.c always puts the primary gid_t of the user in slot 0, which is wrong.
>How-To-Repeat:
add `group: files ldap' to your nsswitch.conf, have a user in one of the groups in /etc/group
and in LDAP based groups and see garbage returned from e.g. `groups user' for the groups in
/etc/group
>Fix:
The attached patch to files/netbsd.c copies the gid_t's already passed in into the temporary array
allocated and thus all groups are returned correctly.
Index: files/netbsd.c
===================================================================
RCS file: /cvsroot/pkgsrc/databases/nss_ldap/files/netbsd.c,v
retrieving revision 1.4
diff -b -u -r1.4 netbsd.c
--- files/netbsd.c 19 Sep 2005 15:54:42 -0000 1.4
+++ files/netbsd.c 3 Mar 2006 11:01:47 -0000
@@ -454,13 +454,23 @@
gid_t *tmpgroups;
long int lstart, lsize;
int origsize = *size;
+ int i;
tmpgroups = malloc(limit * sizeof(gid_t));
if (!tmpgroups)
return NS_TRYAGAIN;
- /* insert primary membership */
- if (*size < limit) {
- tmpgroups[0] = group;
+
+ /* copy initial members */
+ if (*size>0)
+ memcpy(tmpgroups, groups, (*size)*sizeof(gid_t));
+
+ /* insert primary membership, if not already in there */
+ for (i=0; i<(*size); i++)
+ if (tmpgroups[i]==group)
+ break;
+
+ if (*size < limit && i==(*size)) {
+ tmpgroups[*size] = group;
(*size)++;
}
lstart = *size;