[Bug libc/15304] New: nss_hesiod's initgroups_dyn incorrectly adds input group id to list

[Bug libc/15304] New: nss_hesiod's initgroups_dyn incorrectly adds input group id to list

[siddhesh at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=15304

             Bug #: 15304
           Summary: nss_hesiod's initgroups_dyn incorrectly adds input
                    group id to list
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: siddhesh@redhat.com
        ReportedBy: siddhesh@redhat.com
                CC: drepper.fsp@gmail.com
    Classification: Unclassified


All initgroups_dyn implementations add all groups associated with a user except
the gid passed by the caller to the groups list.  Hesiod works differently
however, since it adds a group (including the one passed in the function call)
if it does not already exist.  This works fine for the vanilla initgroups
function, but not when nscd calls it, since the latter calls initgroups_dyn
with -1 as the gid.

Reproduce:

1. Set up a record in DNS that looks something like this:
   testuser.grplist IN TXT "12345:12346"
2. Set lhs and rhs in /etc/hesiod.conf so that "testuser.grplist""$lhs""$rhs"
resolves to the new record.
3. Add hesiod to the list of sources for group information in
/etc/nsswitch.conf.
4. Start nscd.
5. Use "id" or "groups" to retrieve testuser's supplemental groups list.

Actual results:
The unsigned interpretation of -1 (4294967295) will show up in the user's group
list.

Expected results:
The user's group list will look the same as it would if nscd weren't running.

Will post a patch to fix this.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/15304] nss_hesiod's initgroups_dyn incorrectly adds input group id to list

[siddhesh at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=15304

Siddhesh Poyarekar <siddhesh at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/15304] nss_hesiod's initgroups_dyn incorrectly adds input group id to list

[siddhesh at redhat dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=15304

Siddhesh Poyarekar <siddhesh at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED

--- Comment #1 from Siddhesh Poyarekar <siddhesh at redhat dot com> 2013-03-28 06:17:37 UTC ---
Fixed in master:

commit 7a86be6e5f18ba99b25d75c555ce56fe1fcea325
Author: Siddhesh Poyarekar <siddhesh@redhat.com>
Date:   Thu Mar 28 11:45:47 2013 +0530

    Don't add input group during initgroups_dyn in hesiod

    Fixes BZ #15304.

    The *initgroups_dyn functions are called with a group argument.  This
    group gid is usually skipped while populating the grouplist since the
    caller adds that group id in advance.

    The hesiod initgroups_dyn implementation however adds the group gid to
    the list if it does not already exist.  While it works fine for the
    usual initgroups, it breaks nscd since it calls initgroups_dyn with -1
    as the gid (to have all groups included).

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.