Hello,
I'm using Dovecot with its "passwd" userdb, which effectivly uses NSS. NSS services are provided by the files and by the sss "plugins".
The `doveadm user *` command enumerates the list of users. Repeating the command doesn't enumerate the users provided by sssd again.
Analyzing this issue reveals:
Dovecot uses a long living process talking to NSS. For user enumeration it uses
setpwent() while (…) { getpwent(); }
and then misses the call to endpwent(). This bug is already confirmed by the Dovecot developers.
I'm not sure about the semantics of setpwent()/endpwend(), especially about calling sequences like
setpwent() while (…) { getpwent(); }
setpwent() while (…) { getpwent(); }
According to setpwent(3) it should rewind to the beginning. Calling endpwent() seems to be for curtesy only (to have resources freed)
I suggest calling a preventive endpwent() before using setpwent() again in nss_cmd.c.
Attached you'll find my patch. I'd be happy about integration into upstream.
Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE -