nss-systemd: properly handle empty membership lists

When we are queried for membership lists on a system that has exactly zero, then we'll return ESRCH immediately instead of at EOF. Which is OK, but we need to handle this in various places, and not get confused by it. (cherry picked from commit a1aa41e4e175c2712b97600d7e10e9d6c58e5543)
author: Lennart Poettering <lennart@poettering.net> 2021-05-05 18:57:30 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2021-05-07 12:13:17 +0200
commit: d0f8a01a74e5a1bed4d687339abde774cb944579 (patch)
tree: 2f136e04435172e14f9bb68cf09da5d21703c6ab
parent: 18babc7b290de4c0108b2fe39400c3e9c471ef67 (diff)
download: systemd-d0f8a01a74e5a1bed4d687339abde774cb944579.tar.gz
2 files changed, 7 insertions, 4 deletions
diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c
index b810da7347..84f94f500f 100644
--- a/src/nss-systemd/nss-systemd.c
+++ b/src/nss-systemd/nss-systemd.c
@@ -441,7 +441,7 @@ enum nss_status _nss_systemd_getgrent_r(
                         getgrent_data.iterator = userdb_iterator_free(getgrent_data.iterator);
 
                         r = membershipdb_all(nss_glue_userdb_flags(), &getgrent_data.iterator);
-                        if (r < 0) {
+                        if (r < 0 && r != -ESRCH) {
                                 UNPROTECT_ERRNO;
                                 *errnop = -r;
                                 return NSS_STATUS_UNAVAIL;
@@ -454,7 +454,7 @@ enum nss_status _nss_systemd_getgrent_r(
                         return NSS_STATUS_UNAVAIL;
                 } else if (!STR_IN_SET(gr->group_name, root_group.gr_name, nobody_group.gr_name)) {
                         r = membershipdb_by_group_strv(gr->group_name, nss_glue_userdb_flags(), &members);
-                        if (r < 0) {
+                        if (r < 0 && r != -ESRCH) {
                                 UNPROTECT_ERRNO;
                                 *errnop = -r;
                                 return NSS_STATUS_UNAVAIL;
@@ -465,6 +465,9 @@ enum nss_status _nss_systemd_getgrent_r(
         if (getgrent_data.by_membership) {
                 _cleanup_(_nss_systemd_unblockp) bool blocked = false;
 
+                if (!getgrent_data.iterator)
+                        return NSS_STATUS_NOTFOUND;
+
                 for (;;) {
                         _cleanup_free_ char *user_name = NULL, *group_name = NULL;
 
diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c
index 22af0fde60..8ad7ef608e 100644
--- a/src/nss-systemd/userdb-glue.c
+++ b/src/nss-systemd/userdb-glue.c
@@ -215,7 +215,7 @@ enum nss_status userdb_getgrnam(
         }
 
         r = membershipdb_by_group_strv(name, nss_glue_userdb_flags(), &members);
-        if (r < 0) {
+        if (r < 0 && r != -ESRCH) {
                 *errnop = -r;
                 return NSS_STATUS_UNAVAIL;
         }
@@ -308,7 +308,7 @@ enum nss_status userdb_getgrgid(
                 from_nss = false;
 
         r = membershipdb_by_group_strv(g->group_name, nss_glue_userdb_flags(), &members);
-        if (r < 0) {
+        if (r < 0 && r != -ESRCH) {
                 *errnop = -r;
                 return NSS_STATUS_UNAVAIL;
         }
author	Lennart Poettering <lennart@poettering.net>	2021-05-05 18:57:30 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2021-05-07 12:13:17 +0200
commit	d0f8a01a74e5a1bed4d687339abde774cb944579 (patch)
tree	2f136e04435172e14f9bb68cf09da5d21703c6ab
parent	18babc7b290de4c0108b2fe39400c3e9c471ef67 (diff)
download	systemd-d0f8a01a74e5a1bed4d687339abde774cb944579.tar.gz