nsswitch: Skip groups we were not able to map.

If we have configured the idmap_ad backend it is possible that the user
is in a group without a gid set. This will result in (uid_t)-1 as the
gid. We return this invalid gid to NSS which is wrong.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10824

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Sep 19 17:57:14 CEST 2014 on sn-devel-104

(cherry picked from commit 7f59711f076e98ece099f6b38ff6da8c80fa6d5e)
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-1-test): Sat Sep 27 23:12:49 CEST 2014 on sn-devel-104

diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c
index 8d66a740a697d4582c6d5fea34d82c3034761f6c..70ede3edbd88992461fcdbbec09bc3d88cdb9d0e 100644 (file)
--- a/nsswitch/winbind_nss_linux.c
+++ b/nsswitch/winbind_nss_linux.c
@@ -1101,6 +1101,11 @@ _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
                                continue;
                        }
 
+                       /* Skip groups without a mapping */
+                       if (gid_list[i] == (uid_t)-1) {
+                               continue;
+                       }
+
                        /* Filled buffer ? If so, resize. */
 
                        if (*start == *size) {