Problem with signed vs unsigned treatment of uid
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| sssd (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
I've been researching the appearance of an error message in sssd_nss.log.
[sssd[nss]] [nss_cmd_
Although I don't know yet where this "-1" is coming from, I have discovered something else which indicates a (possibly unrelated) bug.
Cranking up the debug_level we see the following when doing "su -c pwd foo"
(Sun Oct 14 17:47:33 2012) [sssd[nss]] [nss_cmd_
(Sun Oct 14 17:47:33 2012) [sssd[nss]] [sss_dp_
(Sun Oct 14 17:47:33 2012) [sssd[nss]] [sss_dp_
(Sun Oct 14 17:47:33 2012) [sssd[nss]] [sss_dp_
(Sun Oct 14 17:47:33 2012) [sssd[nss]] [nss_cmd_
(Sun Oct 14 17:47:33 2012) [sssd[nss]] [nss_cmd_
(Sun Oct 14 17:47:33 2012) [sssd[nss]] [sss_dp_
(Sun Oct 14 17:47:33 2012) [sssd[nss]] [sss_parse_
[...]
Adding
max_id = 999999
to the [domain/SAMBA] section of sssd.conf changes this to:
(Sun Oct 14 17:49:32 2012) [sssd[nss]] [nss_cmd_
(Sun Oct 14 17:49:32 2012) [sssd[nss]] [nss_cmd_
(Sun Oct 14 17:49:32 2012) [sssd[nss]] [sss_parse_
It seems that although the uid is printed out as a signed integer, it is compared with the max_id value as an unsigned integer.
| Stephen Gallagher (stephen-gallagherhome) wrote | #1 |
| Changed in sssd (Ubuntu): | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
| Changed in sssd (Ubuntu): | |
| status: | Confirmed → Fix Released |
-1 commonly appears as part of an ancient NFS bug that returns -1 as the value of the UID if the user is being cast into 'nobody'. We've seen a similar bug elsewhere in the code before.
That log message *is* related. It looks like in certain places we're casting the value to signed before printing it, but internally we're maintaining it as -1.
Probably we could be handling this better, but it's unlikely to matter much in the real world. Users with that ID are being given it because the NFS server doesn't want them to have any real permissions.