From 23dfa2e35bec9c0f6c3d579e7dc2e1d0ce636aa2 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 19 Sep 2014 13:33:10 +0200 Subject: [PATCH] nsswitch: Skip groups we were not able to map. If we have configured the idmap_ad backend it is possible that the user is in a group without a gid set. This will result in (uid_t)-1 as the gid. We return this invalid gid to NSS which is wrong. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10824 Signed-off-by: Andreas Schneider Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp Autobuild-Date(master): Fri Sep 19 17:57:14 CEST 2014 on sn-devel-104 (cherry picked from commit 7f59711f076e98ece099f6b38ff6da8c80fa6d5e) Signed-off-by: Andreas Schneider --- nsswitch/winbind_nss_linux.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c index 8d66a74..70ede3e 100644 --- a/nsswitch/winbind_nss_linux.c +++ b/nsswitch/winbind_nss_linux.c @@ -1101,6 +1101,11 @@ _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, continue; } + /* Skip groups without a mapping */ + if (gid_list[i] == (uid_t)-1) { + continue; + } + /* Filled buffer ? If so, resize. */ if (*start == *size) { -- 2.1.0