getgroups() gives wrong result with nss_winbind
tridge at samba.org
tridge at samba.org
Fri Sep 17 01:58:05 GMT 2004
Andreas,
> This one is taking some time to end, but it's already way past testing for 64.
Interesting. On my debian unstable glibc 2.3.2 system with kernel
2.6.5 the limit is 32. You said earlier that you are running a glibc
2.3.3 system with kernel 2.6.8.
I just had a quick look at the glibc 2.3.2 to 2.3.3 diff, and there
are certainly quite a few changes around getgroups/setgroups and
related code. Perhaps there is a bug in those changes?
I'd now suggest you use the tool nsstest to see exactly what the
winbind nss module is giving. nsstest bypasses glibc, so it avoids any
glibc bugs. You can get the latest nsstest from:
http://samba.org/ftp/unpacked/junkcode/nsstest.c
build it like this:
gcc -o nsstest nsstest.c -ldl
and use it on winbind like this:
nsstest /lib/libnss_winbind.so.2
you can also run it on any other nss module in a similar
fashion.
The lines to look for are the initgroups results. The initgroups call
is the way that glibc gets the group information for a user from
winbindd.
Note that some nss modules do not have an initgroups function, in
which case glibc falls back to a getgrent group scan, but that should
not matter for your problem, as winbindd does provide an initgroups
function.
If nsstest shows the right results, but a tool that goes via glibc
doesn't, then we can we pretty sure its a glibc bug of some sort. If
nsstest does not show the right results then we can be pretty sure its
a winbindd bug.
Cheers, Tridge
More information about the samba-technical
mailing list