dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0031-nss-idmap-allow-empty-buffer-with-SSS_NSS_EX_FLAG_IN.patch

9f2ebf
From 464a19ecef7c4a0aad22cd9d2c7b2364e3680351 Mon Sep 17 00:00:00 2001
9f2ebf
From: Sumit Bose <sbose@redhat.com>
9f2ebf
Date: Thu, 2 Nov 2017 11:09:20 +0100
9f2ebf
Subject: [PATCH 31/31] nss-idmap: allow empty buffer with
9f2ebf
 SSS_NSS_EX_FLAG_INVALIDATE_CACHE
9f2ebf
9f2ebf
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
9f2ebf
(cherry picked from commit 859bddc2bf51dc426a3dc56bd9f365e9c5722b65)
9f2ebf
---
9f2ebf
 src/sss_client/idmap/sss_nss_ex.c | 89 ++++++++++++++++++++++++++-------------
9f2ebf
 1 file changed, 60 insertions(+), 29 deletions(-)
9f2ebf
9f2ebf
diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c
9f2ebf
index 148eb7b35ec236b6272dd203a0035399cfdef73d..dcd9619a8b07ced7498f61b7e809fa46ebffe09e 100644
9f2ebf
--- a/src/sss_client/idmap/sss_nss_ex.c
9f2ebf
+++ b/src/sss_client/idmap/sss_nss_ex.c
9f2ebf
@@ -103,8 +103,11 @@ errno_t sss_nss_mc_get(struct nss_input *inp)
9f2ebf
     }
9f2ebf
 }
9f2ebf
 
9f2ebf
-static int check_flags(uint32_t flags)
9f2ebf
+static int check_flags(struct nss_input *inp, uint32_t flags,
9f2ebf
+                       bool *skip_mc, bool *skip_data)
9f2ebf
 {
9f2ebf
+    bool no_data = false;
9f2ebf
+
9f2ebf
     /* SSS_NSS_EX_FLAG_NO_CACHE and SSS_NSS_EX_FLAG_INVALIDATE_CACHE are
9f2ebf
      * mutually exclusive */
9f2ebf
     if ((flags & SSS_NSS_EX_FLAG_NO_CACHE) != 0
9f2ebf
@@ -112,6 +115,52 @@ static int check_flags(uint32_t flags)
9f2ebf
         return EINVAL;
9f2ebf
     }
9f2ebf
 
9f2ebf
+    *skip_mc = false;
9f2ebf
+    if ((flags & SSS_NSS_EX_FLAG_NO_CACHE) != 0
9f2ebf
+            || (flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) != 0) {
9f2ebf
+        *skip_mc = true;
9f2ebf
+    }
9f2ebf
+
9f2ebf
+    switch(inp->cmd) {
9f2ebf
+    case SSS_NSS_GETPWNAM:
9f2ebf
+    case SSS_NSS_GETPWNAM_EX:
9f2ebf
+    case SSS_NSS_GETPWUID:
9f2ebf
+    case SSS_NSS_GETPWUID_EX:
9f2ebf
+        if (inp->result.pwrep.buffer == NULL
9f2ebf
+                || inp->result.pwrep.buflen == 0) {
9f2ebf
+            no_data = true;
9f2ebf
+        }
9f2ebf
+        break;
9f2ebf
+    case SSS_NSS_GETGRNAM:
9f2ebf
+    case SSS_NSS_GETGRNAM_EX:
9f2ebf
+    case SSS_NSS_GETGRGID:
9f2ebf
+    case SSS_NSS_GETGRGID_EX:
9f2ebf
+        if (inp->result.grrep.buffer == NULL
9f2ebf
+                || inp->result.grrep.buflen == 0) {
9f2ebf
+            no_data = true;
9f2ebf
+        }
9f2ebf
+        break;
9f2ebf
+    case SSS_NSS_INITGR:
9f2ebf
+    case SSS_NSS_INITGR_EX:
9f2ebf
+        if (inp->result.initgrrep.ngroups == 0
9f2ebf
+                || inp->result.initgrrep.groups == NULL) {
9f2ebf
+            return EINVAL;
9f2ebf
+        }
9f2ebf
+        break;
9f2ebf
+    default:
9f2ebf
+        return EINVAL;
9f2ebf
+    }
9f2ebf
+
9f2ebf
+    *skip_data = false;
9f2ebf
+    /* Allow empty buffer with SSS_NSS_EX_FLAG_INVALIDATE_CACHE */
9f2ebf
+    if (no_data) {
9f2ebf
+        if ((flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) != 0) {
9f2ebf
+            *skip_data = true;
9f2ebf
+        } else {
9f2ebf
+            return ERANGE;
9f2ebf
+        }
9f2ebf
+    }
9f2ebf
+
9f2ebf
     return 0;
9f2ebf
 }
9f2ebf
 
9f2ebf
@@ -128,18 +177,14 @@ int sss_get_ex(struct nss_input *inp, uint32_t flags, unsigned int timeout)
9f2ebf
     gid_t *new_groups;
9f2ebf
     size_t idx;
9f2ebf
     bool skip_mc = false;
9f2ebf
+    bool skip_data = false;
9f2ebf
 
9f2ebf
-    ret = check_flags(flags);
9f2ebf
+    ret = check_flags(inp, flags, &skip_mc, &skip_data);
9f2ebf
     if (ret != 0) {
9f2ebf
         return ret;
9f2ebf
     }
9f2ebf
 
9f2ebf
-    if ((flags & SSS_NSS_EX_FLAG_NO_CACHE) != 0
9f2ebf
-            || (flags & SSS_NSS_EX_FLAG_INVALIDATE_CACHE) != 0) {
9f2ebf
-        skip_mc = true;
9f2ebf
-    }
9f2ebf
-
9f2ebf
-    if (!skip_mc) {
9f2ebf
+    if (!skip_mc && !skip_data) {
9f2ebf
         ret = sss_nss_mc_get(inp);
9f2ebf
         switch (ret) {
9f2ebf
         case 0:
9f2ebf
@@ -159,7 +204,7 @@ int sss_get_ex(struct nss_input *inp, uint32_t flags, unsigned int timeout)
9f2ebf
 
9f2ebf
     sss_nss_timedlock(timeout, &time_left);
9f2ebf
 
9f2ebf
-    if (!skip_mc) {
9f2ebf
+    if (!skip_mc && !skip_data) {
9f2ebf
         /* previous thread might already initialize entry in mmap cache */
9f2ebf
         ret = sss_nss_mc_get(inp);
9f2ebf
         switch (ret) {
9f2ebf
@@ -196,6 +241,12 @@ int sss_get_ex(struct nss_input *inp, uint32_t flags, unsigned int timeout)
9f2ebf
         goto out;
9f2ebf
     }
9f2ebf
 
9f2ebf
+    if (skip_data) {
9f2ebf
+        /* No data requested, just return the return code */
9f2ebf
+        ret = 0;
9f2ebf
+        goto out;
9f2ebf
+    }
9f2ebf
+
9f2ebf
     if (inp->cmd == SSS_NSS_INITGR || inp->cmd == SSS_NSS_INITGR_EX) {
9f2ebf
         if ((*(inp->result.initgrrep.ngroups) - *(inp->result.initgrrep.start))
9f2ebf
                     < num_results) {
9f2ebf
@@ -311,10 +362,6 @@ int sss_nss_getpwnam_timeout(const char *name, struct passwd *pwd,
9f2ebf
         .result.pwrep.buffer = buffer,
9f2ebf
         .result.pwrep.buflen = buflen};
9f2ebf
 
9f2ebf
-    if (buffer == NULL || buflen == 0) {
9f2ebf
-        return ERANGE;
9f2ebf
-    }
9f2ebf
-
9f2ebf
     ret = make_name_flag_req_data(name, flags, &inp.rd);
9f2ebf
     if (ret != 0) {
9f2ebf
         return ret;
9f2ebf
@@ -346,10 +393,6 @@ int sss_nss_getpwuid_timeout(uid_t uid, struct passwd *pwd,
9f2ebf
         .result.pwrep.buffer = buffer,
9f2ebf
         .result.pwrep.buflen = buflen};
9f2ebf
 
9f2ebf
-    if (buffer == NULL || buflen == 0) {
9f2ebf
-        return ERANGE;
9f2ebf
-    }
9f2ebf
-
9f2ebf
     SAFEALIGN_COPY_UINT32(&req_data[0], &uid, NULL);
9f2ebf
     SAFEALIGN_COPY_UINT32(&req_data[1], &flags, NULL);
9f2ebf
     *result = NULL;
9f2ebf
@@ -373,10 +416,6 @@ int sss_nss_getgrnam_timeout(const char *name, struct group *grp,
9f2ebf
         .result.grrep.buffer = buffer,
9f2ebf
         .result.grrep.buflen = buflen};
9f2ebf
 
9f2ebf
-    if (buffer == NULL || buflen == 0) {
9f2ebf
-        return ERANGE;
9f2ebf
-    }
9f2ebf
-
9f2ebf
     ret = make_name_flag_req_data(name, flags, &inp.rd);
9f2ebf
     if (ret != 0) {
9f2ebf
         return ret;
9f2ebf
@@ -407,10 +446,6 @@ int sss_nss_getgrgid_timeout(gid_t gid, struct group *grp,
9f2ebf
         .result.grrep.buffer = buffer,
9f2ebf
         .result.grrep.buflen = buflen};
9f2ebf
 
9f2ebf
-    if (buffer == NULL || buflen == 0) {
9f2ebf
-        return ERANGE;
9f2ebf
-    }
9f2ebf
-
9f2ebf
     SAFEALIGN_COPY_UINT32(&req_data[0], &gid, NULL);
9f2ebf
     SAFEALIGN_COPY_UINT32(&req_data[1], &flags, NULL);
9f2ebf
     *result = NULL;
9f2ebf
@@ -434,10 +469,6 @@ int sss_nss_getgrouplist_timeout(const char *name, gid_t group,
9f2ebf
         .input.name = name,
9f2ebf
         .cmd = SSS_NSS_INITGR_EX};
9f2ebf
 
9f2ebf
-    if (groups == NULL || ngroups == NULL || *ngroups == 0) {
9f2ebf
-        return EINVAL;
9f2ebf
-    }
9f2ebf
-
9f2ebf
     ret = make_name_flag_req_data(name, flags, &inp.rd);
9f2ebf
     if (ret != 0) {
9f2ebf
         return ret;
9f2ebf
-- 
9f2ebf
2.13.6
9f2ebf