nss-systemd: properly handle empty membership lists

When we are queried for membership lists on a system that has exactly zero, then we'll return ESRCH immediately instead of at EOF. Which is OK, but we need to handle this in various places, and not get confused by it.
2025-03-31 14:50:15 +03:00 · 2021-05-05 18:57:30 +02:00 · 2021-05-05 18:57:30 +02:00 · a1aa41e4e1
commit a1aa41e4e1
parent 1fdfca4da7
2 changed files with 7 additions and 4 deletions
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@ -441,7 +441,7 @@ enum nss_status _nss_systemd_getgrent_r(
                        getgrent_data.iterator = userdb_iterator_free(getgrent_data.iterator);

                        r = membershipdb_all(nss_glue_userdb_flags(), &getgrent_data.iterator);
-                        if (r < 0) {
+                        if (r < 0 && r != -ESRCH) {
                                UNPROTECT_ERRNO;
                                *errnop = -r;
                                return NSS_STATUS_UNAVAIL;
@ -454,7 +454,7 @@ enum nss_status _nss_systemd_getgrent_r(
                        return NSS_STATUS_UNAVAIL;
                } else if (!STR_IN_SET(gr->group_name, root_group.gr_name, nobody_group.gr_name)) {
                        r = membershipdb_by_group_strv(gr->group_name, nss_glue_userdb_flags(), &members);
-                        if (r < 0) {
+                        if (r < 0 && r != -ESRCH) {
                                UNPROTECT_ERRNO;
                                *errnop = -r;
                                return NSS_STATUS_UNAVAIL;
@ -465,6 +465,9 @@ enum nss_status _nss_systemd_getgrent_r(
        if (getgrent_data.by_membership) {
                _cleanup_(_nss_systemd_unblockp) bool blocked = false;

+                if (!getgrent_data.iterator)
+                        return NSS_STATUS_NOTFOUND;
+
                for (;;) {
                        _cleanup_free_ char *user_name = NULL, *group_name = NULL;

--- a/src/nss-systemd/userdb-glue.c
+++ b/src/nss-systemd/userdb-glue.c
@ -216,7 +216,7 @@ enum nss_status userdb_getgrnam(
        }

        r = membershipdb_by_group_strv(name, nss_glue_userdb_flags(), &members);
-        if (r < 0) {
+        if (r < 0 && r != -ESRCH) {
                *errnop = -r;
                return NSS_STATUS_UNAVAIL;
        }
@ -309,7 +309,7 @@ enum nss_status userdb_getgrgid(
                from_nss = false;

        r = membershipdb_by_group_strv(g->group_name, nss_glue_userdb_flags(), &members);
-        if (r < 0) {
+        if (r < 0 && r != -ESRCH) {
                *errnop = -r;
                return NSS_STATUS_UNAVAIL;
        }