On Tue, 2012-11-13 at 13:40 -0800, Paul B. Henson wrote:
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 036e88f..1182532 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -2035,24 +2035,25 @@ static int fill_grent(struct sss_packet *packet, pwfield.str, pwfield.len);
memnum = 0;
el = ldb_msg_find_element(msg, SYSDB_MEMBERUID);
if (el) {
ret = fill_members(packet, dom, nctx, el, &rzero, &rsize,
&memnum);
if (ret != EOK) {
num = 0;
goto done;
if (!dom->ignore_group_members) {
el = ldb_msg_find_element(msg, SYSDB_MEMBERUID);
if (el) {
ret = fill_members(packet, dom, nctx, el, &rzero,
&rsize, &memnum);
if (ret != EOK) {
num = 0;
goto done;
}
sss_packet_get_body(packet, &body, &blen); }
sss_packet_get_body(packet, &body, &blen);
}
el = ldb_msg_find_element(msg, SYSDB_GHOST);
if (el) {
ret = fill_members(packet, dom, nctx, el, &rzero, &rsize,
&memnum);
if (ret != EOK) {
num = 0;
goto done;
el = ldb_msg_find_element(msg, SYSDB_GHOST);
if (el) {
ret = fill_members(packet, dom, nctx, el, &rzero,
&rsize, &memnum);
if (ret != EOK) {
num = 0;
goto done;
}
sss_packet_get_body(packet, &body, &blen); }
sss_packet_get_body(packet, &body, &blen); } if (memnum) {
Is this part really necessary ?
If you do not fetch members from LDAP then memberuid will usually be empty anyway. In any case even if there is something (initgroups ?) then what you have there is only members that actually have logged in and that *is* information you may want to have so that applications that may (naively) use a getgrnam() call in order to check membership of a specific user will not fail at least for logged in users.
IMO it looks like you should simply drop the changes to this file.
Simo.