getgroups() gives wrong result with nss_winbind
tridge at samba.org
tridge at samba.org
Fri Sep 17 13:59:04 GMT 2004
Andreas,
> It doesn't break "unfortunately":
> [root at pandora 1]# grep compat /etc/nsswitch.conf
> # compat Use NIS on compat mode
> passwd: compat winbind
> shadow: compat winbind
> group: compat winbind
>
> [root at pandora 1]# su - testando
> [testando at pandora ~]$ /tmp/getgroups
> Result=101
ok, so that indicates that the initgroups method in libnss_compat.so.2
is managing some trick that the one in libnss_winbind.so.2 isn't.
I'd be interested in seeing what arguments are being passed to
_nss_winbind_initgroups_dyn() for your test program.
That function looks like this:
NSS_STATUS
_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
long int *size, gid_t **groups, long int limit,
int *errnop);
notice the "limit" and "*size" arguments? Those are what limits this
function to a particular number of groups. Maybe glibc is calling it
with a small limit first, and expecting some specific error code or
other indicator in order to continue?
At this stage I'd start adding debug code to
_nss_winbind_initgroups_dyn() in source/nsswitch/winbind_nss_linux.c
and see if you can spot whats going on.
hmm, I just did some tests with my libnss_compat.so and it certainly
looks like winbind treats "limit" and "*size" differently to the
compat implementation. We should probably look inside the
implementation of the compat module in glibc and see exactly what
rules it uses for those two parameters. If we fix those in the
winbindd nss module, then I suspect it will fix your problem.
Cheers, Tridge
More information about the samba-technical
mailing list