On 04/11/2016 07:44 PM, Sumit Bose wrote:
On Fri, Apr 08, 2016 at 07:31:59PM +0300, Nikolai Kondrashov wrote:
> On 04/06/2016 02:06 PM, Sumit Bose wrote:
>> I wonder if it would makes sense to add the cached user object to preq
>> in pam_check_user_search() to avoid the lookup in
>> pam_reply_export_shell(). The data is already allocated on preq and as
>> far as I can see never freed explicitly, so it wouldn't even cost more
>> memory.
>
> Sure, that would be nice. However it's really hard for me to tell where that
> would come from, where it's actually retrieved and what's the lifetime would
> be. I really miss documentation there.
>
> Could you suggest the change, perhaps?
sure, please have a look at attached (untested) patch. With this you start in
pam_reply_export_shell() with
+ shell = ldb_msg_find_attr_as_string(preq->user_obj, SYSDB_SHELL, NULL);
+ if (shell == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "user has no shell\n");
+ ret = ENOENT;
+ goto done;
+ }
Thanks a lot Sumit, this is very helpful! However, the problem is the non-UPN
case is requesting the user with sysdb_getpwnam_with_views and
pam_reply_export_shell needs the non-overridden shell to pass it to tlog-rec,
as local override is the mechanism used to enable tlog-rec at the moment.
So, it seems we need the second lookup in pam_reply_export_shell after all.
Or am I missing something?
Thank you.
Nick