#include <stdio.h>
#include <syslog.h>
#include <errno.h>
+#include <pwd.h>
#include <grp.h>
#include <nss.h>
#include "nsswitch-internal.h"
#include "nonlocal.h"
+/*
+ * If the MAGIC_NONLOCAL_GROUPNAME local group exists, then nonlocal
+ * users will be automatically added to it. Furthermore, if a local
+ * user is added to this group, then that user will inherit any
+ * nonlocal gids from a nonlocal user of the same name, as
+ * supplementary gids.
+ */
#define MAGIC_NONLOCAL_GROUPNAME "nss-nonlocal-users"
+
+/*
+ * If the MAGIC_LOCAL_GROUPNAME local group exists, then local users
+ * will be automatically added to it.
+ */
#define MAGIC_LOCAL_GROUPNAME "nss-local-users"
char *buffer;
int in, out, i;
- /* Check that the user is a nonlocal user before adding any groups. */
+ /* Check that the user is a nonlocal user, or a member of the
+ * MAGIC_NONLOCAL_GROUPNAME group, before adding any groups. */
status = check_nonlocal_user(user, errnop);
if (status == NSS_STATUS_TRYAGAIN) {
return status;
if (!add_group(nonlocal_users_group.gr_gid, start, size, groupsp,
limit, errnop, &status))
return status;
+ } else {
+ int i;
+ for (i = 0; i < *start; ++i) {
+ if ((*groupsp)[i] == nonlocal_users_group.gr_gid) {
+ is_nonlocal = true;
+ break;
+ }
+ }
+
+ if (is_nonlocal) {
+ struct passwd pwbuf;
+ char *buf;
+ int nonlocal_errno = *errnop;
+ status = get_nonlocal_passwd(user, &pwbuf, &buf, errnop);
+
+ if (status == NSS_STATUS_SUCCESS) {
+ nonlocal_errno = *errnop;
+ status = check_nonlocal_gid(user, pwbuf.pw_gid,
+ &nonlocal_errno);
+ free(buf);
+ }
+
+ if (status == NSS_STATUS_SUCCESS) {
+ if (!add_group(pwbuf.pw_gid, start, size, groupsp, limit,
+ errnop, &status))
+ return status;
+ } else if (status == NSS_STATUS_TRYAGAIN) {
+ *errnop = nonlocal_errno;
+ return status;
+ }
+ }
}
} else if (status == NSS_STATUS_TRYAGAIN) {
if (is_nonlocal)