sshd/winbind wrong GID redux

Hans Petter Jansson hpj at cl.no
Thu May 28 05:13:08 AEST 2020


On Wed, 2020-05-27 at 09:27 +0200, Jakub Jelen wrote:
> On Tue, 2020-05-26 at 17:11 +0200, Hans Petter Jansson wrote:

> > https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-February/037556.html
> > 
> > That's the last mention of this I could find in the archives. Was a
> > final decision reached on whether that patch (or something similar)
> > would be accepted?
> 
> Did you try that patch and it solved the issue for you? We tried and
> we
> were not able to verify it fixes the described issue.
> 
> Moreover this original patch is broken in systems where two users
> have
> same UID.
> 
> I tried to tweak it a bit (see the attached patch) to avoid these
> issues, but still we were not able to verify it fixes the described
> issue so we do not ship it.
> 
> I did not look into this much, but if I am right, the group
> information
> is cached in uidswap.c too so it might need some more work to be
> working. Whether it will be accepted here, is other question.
> 
> Hope it helps,

Thanks, it does.

I haven't tried the patch from Andreas, but I got positive feedback on
one I wrote. That one may be bad for other reasons, though :) I'm
attaching it anyway.

Reportedly this only works with nscd disabled. Otherwise it will also
cache the bad GID.

-- 
Hans Petter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Refresh-primary-group-ID-after-successful-authentica.patch
Type: text/x-patch
Size: 1515 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200527/fcf9857c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200527/fcf9857c/attachment.asc>


More information about the openssh-unix-dev mailing list