[PATCH] Fix for winbind_nss get{pw,gr}ent on FreeBSD

Landon J. Fuller landonf at opendarwin.org
Mon Apr 12 18:44:43 GMT 2004 

Hello -

I have filed a bug for this issue, the bugzilla id is 1232.
If there are any questions I can answer, or changes I should make,
please let me know.

Recap of the problem:
Without this fix, winbind user and group enumeration does not work on
FreeBSD.  Without working user/group enumeration, getgrouplist(3) will
only return a user's base gid, and thus, initgroups(3) will only include
the user's base gid in the process' group access list.

Cheers,
Landon J. Fuller
E-mail: landonf (at) opendarwin.org

On Sat, Mar 27, 2004 at 11:29:11PM +0100, Landon J. Fuller wrote:
> For simplicity, I will explain the getgrent case below. The getpwent case
> is exactly the same; simply substitute 'pw' for 'gr' and you'll understand
> it perfectly. I'm new to the code base; I apologize for anything I've
> missed.
> 
> In winbindd_group.c, winbindd_getgrent() checks that state->getgrent_state
> is not NULL before proceeding:
>         if (!(ent = state->getgrent_state))
>                 return WINBINDD_ERROR;
> 
> There are four conditions under which state->getgrent_state will be NULL:
>     1) winbindd_setgrent() has not been called
>     2) The end of the group list has been reached, and
> state->getgrent_state has been set to NULL.
>     3) winbindd_endgrent() has been called.
>     4) The associated client connection has been closed
> 
> Condition #1 is breaks user/group enumeration and 'supplementary' groups
> on FreeBSD; setgrent() is not called, and so, winbindd_getgrent()
> immediately returns WINBINDD_ERROR.
> 
> In the patch I have attached below, I have added two additional variables
> to the winbindd_cli_state structure:
>     BOOL getpwent_initialized;
>     BOOL getgrent_initialized;
> 
> With the patch:
>     winbindd_setgrent() sets state->getgrent_initialized to True;
>     winbindd_endgrent() sets state->getgrent_initialized to False; In
> winbindd_getgrent, if state->getgrent_initialized is False,
> winbindd_setgrent() is called.
> 
> Since getgrent_state signifies end-of-list with NULL, it can not also be
> used to signify that the list has not been initialized.
> 
> With this change, user and group enumeration works on FreeBSD 5.2.1
> 
> Landon J. Fuller
> E-mail: landonf (at) opendarwin.org
> Mobile: +42 608 05 8452

More information about the samba-technical mailing list