nss-systemd: properly handle empty membership lists

When we are queried for membership lists on a system that has exactly zero, then we'll return ESRCH immediately instead of at EOF. Which is OK, but we need to handle this in various places, and not get confused by it.
author: Lennart Poettering <lennart@poettering.net> 2021-05-05 18:57:30 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2021-05-07 09:15:40 +0200
commit: a1aa41e4e175c2712b97600d7e10e9d6c58e5543 (patch)
tree: ae1ff4eb18d3c072278544db01a31fc0c708466f /src/nss-systemd
parent: nss-systemd: reset the right field (diff)
download: systemd-a1aa41e4e175c2712b97600d7e10e9d6c58e5543.tar.xz
systemd-a1aa41e4e175c2712b97600d7e10e9d6c58e5543.zip
2 files changed, 7 insertions, 4 deletions
diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c
index 185cb3de24..3ac57441d9 100644
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@@ -441,7 +441,7 @@ enum nss_status _nss_systemd_getgrent_r(
                         getgrent_data.iterator = userdb_iterator_free(getgrent_data.iterator);
 
                         r = membershipdb_all(nss_glue_userdb_flags(), &getgrent_data.iterator);
-                        if (r < 0) {
+                        if (r < 0 && r != -ESRCH) {
                                 UNPROTECT_ERRNO;
                                 *errnop = -r;
                                 return NSS_STATUS_UNAVAIL;
@@ -454,7 +454,7 @@ enum nss_status _nss_systemd_getgrent_r(
                         return NSS_STATUS_UNAVAIL;
                 } else if (!STR_IN_SET(gr->group_name, root_group.gr_name, nobody_group.gr_name)) {
                         r = membershipdb_by_group_strv(gr->group_name, nss_glue_userdb_flags(), &members);
-                        if (r < 0) {
+                        if (r < 0 && r != -ESRCH) {
                                 UNPROTECT_ERRNO;
                                 *errnop = -r;
                                 return NSS_STATUS_UNAVAIL;
@@ -465,6 +465,9 @@ enum nss_status _nss_systemd_getgrent_r(
         if (getgrent_data.by_membership) {
                 _cleanup_(_nss_systemd_unblockp) bool blocked = false;
 
+                if (!getgrent_data.iterator)
+                        return NSS_STATUS_NOTFOUND;
+
                 for (;;) {
                         _cleanup_free_ char *user_name = NULL, *group_name = NULL;
 
diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c
index 0cc84bfac7..8f8988579b 100644
--- a/src/nss-systemd/userdb-glue.c
+++ b/src/nss-systemd/userdb-glue.c
@@ -216,7 +216,7 @@ enum nss_status userdb_getgrnam(
         }
 
         r = membershipdb_by_group_strv(name, nss_glue_userdb_flags(), &members);
-        if (r < 0) {
+        if (r < 0 && r != -ESRCH) {
                 *errnop = -r;
                 return NSS_STATUS_UNAVAIL;
         }
@@ -309,7 +309,7 @@ enum nss_status userdb_getgrgid(
                 from_nss = false;
 
         r = membershipdb_by_group_strv(g->group_name, nss_glue_userdb_flags(), &members);
-        if (r < 0) {
+        if (r < 0 && r != -ESRCH) {
                 *errnop = -r;
                 return NSS_STATUS_UNAVAIL;
         }
author	Lennart Poettering <lennart@poettering.net>	2021-05-05 18:57:30 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2021-05-07 09:15:40 +0200
commit	a1aa41e4e175c2712b97600d7e10e9d6c58e5543 (patch)
tree	ae1ff4eb18d3c072278544db01a31fc0c708466f /src/nss-systemd
parent	nss-systemd: reset the right field (diff)
download	systemd-a1aa41e4e175c2712b97600d7e10e9d6c58e5543.tar.xz systemd-a1aa41e4e175c2712b97600d7e10e9d6c58e5543.zip