GetUserGroups in sssd-ifp fails to include primary group #5112

sssd-bot · 2020-05-02T14:02:14Z

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/4157

Created at 2020-02-13 02:05:41 by daenth
Assigned to nobody

Reported on sssd version 1.16.4.

https://www.adelton.com/apache/mod_lookup_identity/ relies on the org.freedesktop.sssd.infopipe.GetUserGroups call to enumerate the names of groups a specific user is a part of. However, it looks like this call fails to include the primary group as part of this enumeration? Reproducing this with the dbus-python library:

import dbus

bus = dbus.SystemBus()
users_obj = bus.get_object('org.freedesktop.sssd.infopipe', '/org/freedesktop/sssd/infopipe/Users')
users_iface = dbus.Interface(users_obj, 'org.freedesktop.sssd.infopipe.Users')

groups_obj = bus.get_object('org.freedesktop.sssd.infopipe', '/org/freedesktop/sssd/infopipe/Groups')
groups_iface = dbus.Interface(groups_obj, 'org.freedesktop.sssd.infopipe.Groups')

ifp_obj = bus.get_object('org.freedesktop.sssd.infopipe', '/org/freedesktop/sssd/infopipe')
ifp_iface = dbus.Interface(ifp_obj, 'org.freedesktop.sssd.infopipe')

my_obj = bus.get_object('org.freedesktop.sssd.infopipe', users_iface.FindByName('myuser'))
my_iface = dbus.Interface(my_obj, 'org.freedesktop.sssd.Users.User')
my_iface_properties = dbus.Interface(my_obj, 'org.freedesktop.DBus.Properties')

my_iface_properties.Get('org.freedesktop.sssd.infopipe.Users.User', 'groups')
# dbus.Array([dbus.ObjectPath('/org/freedesktop/sssd/infopipe/Groups/--/1722'), dbus.ObjectPath('/org/freedesktop/sssd/infopipe/Groups/--/10051'), dbus.ObjectPath('/org/freedesktop/ss
sd/infopipe/Groups/--/2067'), dbus.ObjectPath('/org/freedesktop/sssd/infopipe/Groups/--/1961'), dbus.ObjectPath('/org/freedesktop/sssd/infopipe/Groups/--/1932'), dbus.O
bjectPath('/org/freedesktop/sssd/infopipe/Groups/--/1897')], signature=dbus.Signature('o'), variant_level=1)

ifp_iface.GetUserGroups('myuser')
# dbus.Array([dbus.String('web'), dbus.String('cs0000'), dbus.String('logs'), dbus.String('consult'), dbus.String('dnsadmin')], signature=dbus.Signature('s'))

The group name for group 1722 is not reported (it's name is "chpc") in the GetUserGroups call but the group is reported in the groups property of myuser.

I suspect it is because 1722 is myuser's primary group (ie set as myuser's gidNumber) but myuser is not listed as a member of the group 1722.

Comments

Comment from sbose at 2020-02-13 17:07:50

Hi,

what's the output of id myuser and groups myuser ?

bye,
Sumit

Comment from daenth at 2020-02-15 05:41:55

id myuser:
uid=1141817(myuser) gid=1722(chpc) groups=1722(chpc),1897(dnsadmin),1932(consult),1961(logs),2067(cs0000),10051(chpcweb) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

groups myuser:
chpc dnsadmin consult logs cs0000 chpcweb

Comment from thalman at 2020-03-13 15:58:09

Metadata Update from @thalman:

Issue tagged with: Future milestone

The text was updated successfully, but these errors were encountered:

sssd-bot added the Future milestone label May 2, 2020

FroggyFlox mentioned this issue Feb 9, 2021

AD enable in 4.0.5-0 (RC6) requires reboot or rockstor service restart rockstor/rockstor-core#2240

Closed

andreboscatto closed this as completed Jul 25, 2023

andreboscatto assigned pbrezina Jul 25, 2023

andreboscatto added the Needs triage label Jul 25, 2023

andreboscatto reopened this Jul 25, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GetUserGroups in sssd-ifp fails to include primary group #5112

GetUserGroups in sssd-ifp fails to include primary group #5112

sssd-bot commented May 2, 2020