Hi,
attached are two patches for issues I found in the proxy netgroups code.
[PATCH 1/2] Fix netgroup error handling
https://fedorahosted.org/sssd/ticket/1242
The patch improves error handling, and, most importanly, deletes any
netgroup that might be in the cache if the search did not yield any
results. There's one catch, though. During my testing with
nss-pam-ldapd, all the NSS operations returned NSS_STATUS_SUCCESS and an
empty "struct __netgrent" structure for cases when the netgroup existed
and when the netgroup existed but had no nisNetgroupTriple attributes.
This may be a nss-pam-ldapd bug, though..is there any other back end
that could be used to test? I'd like to avoid setting up NIS :-)
[PATCH 2/2] Handle empty elements in proxy netgroups
The make_netgroup_attr() function did not check for NULL elements of
netgroup triples and could print literal "(null)" into the triple
element in the nice case and crash in the worse case.