NSS Protocol Sanity Check?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
NSS Protocol Sanity Check?
- From: Patrick <201809-nss-pam-ldapd [at] haller.ws>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: NSS Protocol Sanity Check?
- Date: Fri, 7 Sep 2018 15:24:39 +0800
Hi all,
Running `/usr/bin/groups $GROUP` only returns the primary group, and not
the supplemental groups.
When strace'd, `groups` appears to be sending the wrong NSS action:
group="patrick_haller"
strace groups $group 2>&1 | grep -E '(sendto|connect)'
connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nslcd/socket"}, 23) = 0
sendto(3, "\1\0\0\0\351\3\0\0\16\0\0\0patrick_haller", 26, MSG_NOSIGNAL, NULL,
0) = 26
connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nslcd/socket"}, 23) = 0
sendto(3, "\1\0\0\0\352\3\0\0f\230\0\0", 12, MSG_NOSIGNAL, NULL, 0) = 12
connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/nslcd/socket"}, 23) = 0
sendto(3, "\1\0\0\0\212\23\0\0f\230\0\0", 12, MSG_NOSIGNAL, NULL, 0) = 12
The first two queries are expected: PASSWD_BYNAME, then PASSWD_BYUID.
However, the third is 5002 for a GROUP_BYGID action, when it should
instead be 5003 for a memberUid query, right?
Thanks!
### NOTES
1) This is on CentOS 7 WITHOUT nscd running, and with
nss-pam-ldapd-0.8.13-16.el7.x86_64 and coreutils-8.22-21.el7.x86_64
2) nss-pam-ldapd is known to be working correctly because a) the following
python script will return the correct list of groups.
#!/bin/env python2
import socket, os, struct, string, sys
NSLCD_VERSION = 1
NSLCD_ACTION_GROUP_BYMEMBER = 5003
NSLCD_SOCKET = '/var/run/nslcd/socket'
group = sys.argv[1]
conn = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
conn.connect(NSLCD_SOCKET)
_int32 = struct.Struct('i')
write_int32 = lambda x: conn.send(_int32.pack(x))
write_string = lambda x: write_int32(len(x)) and conn.send(x)
write_int32(NSLCD_VERSION)
write_int32(NSLCD_ACTION_GROUP_BYMEMBER)
write_string(group)
resp = ''.join(list(map(conn.recv, [ 1024 for x in range(10) ])))
groups = resp.split('*')
groups = [ x[16:] for x in groups if len(x) > 16]
name = lambda x: x[0 : x.index(chr(0x1)) ]
print([ name(x) for x in groups ])
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
- NSS Protocol Sanity Check?,
Patrick