Fix nscd lookup for innetgr when netgroup has wildcards (BZ #16758)

nscd works correctly when the request in innetgr is a wildcard, i.e. when one or more of host, user or domain parameters is NULL. However, it does not work when the the triplet in the netgroup definition has a wildcard. This is easy to reproduce for a triplet defined as follows: foonet (,foo,) Here, an innetgr call that looks like this: innetgr ("foonet", "foohost", "foo", NULL); should succeed and so should: innetgr ("foonet", NULL, "foo", "foodomain"); It does succeed with nscd disabled, but not with nscd enabled. This fix adds this additional check for all three parts of the triplet so that it gives the correct result. [BZ #16758] * nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has blank values.
2014-03-27 07:15:22 +05:30 · 2014-03-27 07:15:22 +05:30 · fbd6b5a405
parent 1b26b855b4
commit fbd6b5a405
3 changed files with 14 additions and 4 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2014-03-27  Siddhesh Poyarekar  <siddhesh@redhat.com>
+
+	[BZ #16758]
+	* nscd/netgroupcache.c (addinnetgrX): Succeed if triplet has
+	blank values.
+
 2014-03-26  Paul Pluzhnikov  <ppluzhnikov@google.com>

 	* elf/dl-load.c: Convert __builtin_expect into __glibc_{un}likely.
--- a/2
+++ b/2
@ -12,7 +12,7 @@ Version 2.20
  15347, 15804, 15894, 16002, 16198, 16284, 16357, 16447, 16532, 16545,
  16574, 16599, 16600, 16609, 16610, 16611, 16613, 16623, 16632, 16634,
  16639, 16642, 16649, 16670, 16674, 16677, 16680, 16683, 16689, 16695,
-  16701, 16706, 16707, 16712, 16713, 16714, 16731, 16743.
+  16701, 16706, 16707, 16712, 16713, 16714, 16731, 16743, 16758.

 * Running the testsuite no longer terminates as soon as a test fails.
  Instead, a file tests.sum (xtests.sum from "make xcheck") is generated,
--- a/nscd/netgroupcache.c
+++ b/nscd/netgroupcache.c
@ -560,15 +560,19 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
 	{
 	  bool success = true;

-	  if (host != NULL)
+	  /* For the host, user and domain in each triplet, we assume success
+	     if the value is blank because that is how the wildcard entry to
+	     match anything is stored in the netgroup cache.  */
+	  if (host != NULL && *triplets != '\0')
 	    success = strcmp (host, triplets) == 0;
 	  triplets = (const char *) rawmemchr (triplets, '\0') + 1;

-	  if (success && user != NULL)
+	  if (success && user != NULL && *triplets != '\0')
 	    success = strcmp (user, triplets) == 0;
 	  triplets = (const char *) rawmemchr (triplets, '\0') + 1;

-	  if (success && (domain == NULL || strcmp (domain, triplets) == 0))
+	  if (success && (domain == NULL || *triplets == '\0'
+			  || strcmp (domain, triplets) == 0))
 	    {
 	      dataset->resp.result = 1;
 	      break;