sssd nss: issues with applications not using endpwent()
by Heiko Schlittermann
Hello,
I'm using Dovecot with its "passwd" userdb, which effectivly uses NSS.
NSS services are provided by the files and by the sss "plugins".
The `doveadm user *` command enumerates the list of users. Repeating the
command doesn't enumerate the users provided by sssd again.
Analyzing this issue reveals:
Dovecot uses a long living process talking to NSS. For user
enumeration it uses
setpwent()
while (…) { getpwent(); }
and then misses the call to endpwent(). This bug is already confirmed by
the Dovecot developers.
I'm not sure about the semantics of setpwent()/endpwend(), especially
about calling sequences like
setpwent()
while (…) { getpwent(); }
setpwent()
while (…) { getpwent(); }
According to setpwent(3) it should rewind to the beginning. Calling
endpwent() seems to be for curtesy only (to have resources freed)
I suggest calling a preventive endpwent() before using setpwent() again
in nss_cmd.c.
Attached you'll find my patch. I'd be happy about integration into
upstream.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
3 years, 1 month