nsswitch: handle missing actions properly
Siddhesh Poyarekar
siddhesh@gotplt.org
Thu Dec 10 04:21:39 GMT 2020
On 12/10/20 9:20 AM, DJ Delorie via Libc-alpha wrote:
>
> RCA: the __nss_database_get return value is nonzero on ERROR, not on
> MISSING. A separate check for MISSING is needed. This only really
> affects initgroups, since it has a fallback, so needs to know if
> initgroups is missing from nsswitch.conf. Note: it's now possible to
> have a line in nsswitch.conf like this:
>
> initgroups:
>
> That is *not* MISSING but has an empty module list. If this is
> undesired behavior, a further "&& nip->module" is needed. The
> nss_database.c patch ensures an empty module list for an empty
> nsswitch.conf list, instead of
>
> See also https://bugzilla.redhat.com/show_bug.cgi?id=1906066
>
> Actual proposed commit follows:
>
> -----
> Some internal functions need to know if a database has a nonzero
> list of actions; success getting the database does not guarantee
> that. Add checks for such as needed.
>
> Skip the ":" in each nsswitch.conf line so as not to add a dummy
> action libnss_:.so
The fix is OK but there ought to be a regression test that verifies that
getgroups() returns the full list of supplementary groups. I'm not sure
if the container testing can handle this though.
Siddhesh
More information about the Libc-alpha
mailing list