#include "nsswitch-internal.h"
#include "nonlocal.h"
+/*
+ * If the MAGIC_NONLOCAL_GROUPNAME local group exists, then nonlocal
+ * users will be automatically added to it. Furthermore, if a local
+ * user is added to this group, then that user will inherit any
+ * nonlocal supplementary gids from a nonlocal user of the same name.
+ */
#define MAGIC_NONLOCAL_GROUPNAME "nss-nonlocal-users"
+
+/*
+ * If the MAGIC_LOCAL_GROUPNAME local group exists, then local users
+ * will be automatically added to it.
+ */
#define MAGIC_LOCAL_GROUPNAME "nss-local-users"
const __typeof__(&_nss_nonlocal_initgroups_dyn) self = NULL;
struct group local_users_group, nonlocal_users_group;
- int is_local = 0;
+ bool is_nonlocal = true;
char *buffer;
int in, out, i;
- /* Check that the user is a nonlocal user before adding any groups. */
+ /* Check that the user is a nonlocal user, or a member of the
+ * MAGIC_NONLOCAL_GROUPNAME group, before adding any groups. */
status = check_nonlocal_user(user, errnop);
if (status == NSS_STATUS_TRYAGAIN) {
return status;
} else if (status != NSS_STATUS_SUCCESS) {
- is_local = 1;
+ is_nonlocal = false;
status = get_local_group(MAGIC_LOCAL_GROUPNAME,
&local_users_group, &buffer, errnop);
"nss_nonlocal: Group %s does not exist locally!",
MAGIC_LOCAL_GROUPNAME);
}
- } else {
- status = get_local_group(MAGIC_NONLOCAL_GROUPNAME,
- &nonlocal_users_group, &buffer, errnop);
- if (status == NSS_STATUS_SUCCESS) {
- free(buffer);
+ }
+
+ status = get_local_group(MAGIC_NONLOCAL_GROUPNAME,
+ &nonlocal_users_group, &buffer, errnop);
+ if (status == NSS_STATUS_SUCCESS) {
+ free(buffer);
+ if (is_nonlocal) {
if (!add_group(nonlocal_users_group.gr_gid, start, size, groupsp,
limit, errnop, &status))
return status;
- } else if (status == NSS_STATUS_TRYAGAIN) {
- return status;
} else {
- syslog(LOG_WARNING, "nss_nonlocal: Group %s does not exist locally!",
- MAGIC_NONLOCAL_GROUPNAME);
+ int i;
+ for (i = 0; i < *start; ++i) {
+ if ((*groupsp)[i] == nonlocal_users_group.gr_gid) {
+ is_nonlocal = true;
+ break;
+ }
+ }
}
+ } else if (status == NSS_STATUS_TRYAGAIN) {
+ if (is_nonlocal)
+ return status;
+ } else {
+ syslog(LOG_WARNING, "nss_nonlocal: Group %s does not exist locally!",
+ MAGIC_NONLOCAL_GROUPNAME);
}
- if (is_local)
+ if (!is_nonlocal)
return NSS_STATUS_SUCCESS;
in = out = *start;