From f0603645f5ea5f707875807b4f815400f4b79e41 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Wed, 24 Oct 2018 09:41:44 +0200

Subject: [PATCH] PYSSS: Re-add the pysss.getgrouplist() interface

Related:

https://pagure.io/SSSD/sssd/issue/3493

Commit 0e211b8ba30c3adcdeef21ca1339b194cbfffb04 was supposed to remove

only the parts of the pysss API that relate to the local domain. But it

removed also the getgrouplist() method by accident. This method is very

important to IPA, so we need to add it back.

Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>

---

 src/python/pysss.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++

 1 file changed, 83 insertions(+)

diff --git a/src/python/pysss.c b/src/python/pysss.c

index e92653a9e4cb4fdfef14b0ab3e297b1d469ad1dc..78b8de0739f8184bd5411e51d99c2baf5ce48057 100644

--- a/src/python/pysss.c

+++ b/src/python/pysss.c

@@ -215,12 +215,95 @@ static PyTypeObject pysss_password_type = {

     .tp_doc   = sss_py_const_p(char, "SSS password obfuscation"),

 };

+/*

+ * Get list of groups user belongs to

+ */

+PyDoc_STRVAR(py_sss_getgrouplist__doc__,

+    "Get list of groups user belongs to.\n\n"

+    "NOTE: The interface uses the system NSS calls and is not limited to "

+    "users served by the SSSD!\n"

+    ":param username: name of user to get list for\n");

+

+static PyObject *py_sss_getgrouplist(PyObject *self, PyObject *args)

+{

+    char *username = NULL;

+    gid_t *groups = NULL;

+    struct passwd *pw;

+    struct group *gr;

+    int ngroups;

+    int ret;

+    Py_ssize_t i, idx;

+    PyObject *groups_tuple;

+

+    if(!PyArg_ParseTuple(args, discard_const_p(char, "s"), &username)) {

+        goto fail;

+    }

+

+    pw = getpwnam(username);

+    if (pw == NULL) {

+        goto fail;

+    }

+

+    ngroups = 32;

+    groups = malloc(sizeof(gid_t) * ngroups);

+    if (groups == NULL) {

+        goto fail;

+    }

+

+    do {

+        ret = getgrouplist(username, pw->pw_gid, groups, &ngroups);

+        if (ret < ngroups) {

+            gid_t *tmp_groups = realloc(groups, ngroups * sizeof(gid_t));

+            if (tmp_groups == NULL) {

+                goto fail;

+            }

+            groups = tmp_groups;

+        }

+    } while (ret != ngroups);

+

+    groups_tuple = PyTuple_New((Py_ssize_t) ngroups);

+    if (groups_tuple == NULL) {

+        goto fail;

+    }

+

+    /* Populate a tuple with names of groups

+     * In unlikely case of group not being able to resolve, skip it

+     * We also need to resize resulting tuple to avoid empty elements there */

+    idx = 0;

+    for (i = 0; i < ngroups; i++) {

+        gr = getgrgid(groups[i]);

+        if (gr) {

+            PyTuple_SetItem(groups_tuple, idx,

+#ifdef IS_PY3K

+                    PyUnicode_FromString(gr->gr_name)

+#else

+                    PyString_FromString(gr->gr_name)

+#endif

+                    );

+            idx++;

+        }

+    }

+    free(groups);

+    groups = NULL;

+

+    if (i != idx) {

+        _PyTuple_Resize(&groups_tuple, idx);

+    }

+

+    return groups_tuple;

+

+fail:

+    free(groups);

+    return NULL;

+}

+

 /* ==================== the sss module initialization =======================*/

 /*

  * Module methods

  */

 static PyMethodDef module_methods[] = {

+        {"getgrouplist", py_sss_getgrouplist, METH_VARARGS, py_sss_getgrouplist__doc__},

         {NULL, NULL, 0, NULL}  /* Sentinel */

 };

-- 

2.14.4