diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-04-25 15:23:38 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-04-27 11:47:24 -0400 |
commit | 2ffb41c6a16892fccc39fcae7f203bccb8c72dfc (patch) | |
tree | 5a893bd6de29eae2ca289f956e556bfa7ad81d60 | |
parent | 505383ec905863bb8f4f563f694b9bf077f9002c (diff) | |
download | sssd-2ffb41c6a16892fccc39fcae7f203bccb8c72dfc.tar.gz sssd-2ffb41c6a16892fccc39fcae7f203bccb8c72dfc.tar.bz2 sssd-2ffb41c6a16892fccc39fcae7f203bccb8c72dfc.zip |
simple provider: Don't treat primary GID lookup failures as fatal
-rw-r--r-- | src/providers/simple/simple_access.c | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c index a54bad00..e2fc0755 100644 --- a/src/providers/simple/simple_access.c +++ b/src/providers/simple/simple_access.c @@ -158,22 +158,28 @@ errno_t simple_access_check(struct simple_ctx *ctx, const char *username, if (ret != EOK) { DEBUG(1, ("Could not look up primary group [%lu]: [%d][%s]\n", gid, ret, strerror(ret))); - goto done; - } + /* We have to treat this as non-fatal, because the primary + * group may be local to the machine and not available in + * our ID provider. + */ + } else { + primary_group = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); + if (!primary_group) { + ret = EINVAL; + goto done; + } - primary_group = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL); - if (!primary_group) { - ret = EINVAL; - goto done; - } + groups[j] = talloc_strdup(tmp_ctx, primary_group); + if (!groups[j]) { + ret = ENOMEM; + goto done; + } + j++; - groups[j] = talloc_strdup(tmp_ctx, primary_group); - if (!groups[j]) { - ret = ENOMEM; - goto done; + talloc_zfree(msg); } - groups[j+1] = NULL; - talloc_zfree(msg); + + groups[j] = NULL; /* Now process allow and deny group rules * If access was already granted above, we'll skip |