Bug#500890: libnss-pgsql2: Wrong SQL querys in nss-pgsql.conf

Fri, 24 Oct 2008 11:51:34 -0700 

The solution of Torsten would imply that only the users who have the
given group as a primary group are listed as the groupmembers.

The attached patch uses the join-table, and only the join-table. This
means things would break if users have this group as primary group but
aren't listed in the usergroups table. It's possible to add an OR/UNION
to the query to select these members too. (In my situation it's not
required, but I don't know what the current best-practice is to store
this.)

Herwin

--- nss-pgsql.conf.orig	2008-10-24 20:34:06.000000000 +0200
+++ nss-pgsql.conf	2008-10-24 20:40:49.000000000 +0200
@@ -11,9 +11,9 @@
 # All users
 allusers        = SELECT username, passwd, gecos, homedir, shell, uid, gid FROM passwd_table
 # Must return group_name, group_passwd, group_gid
-getgrnam        = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table WHERE groupname = $1
+getgrnam        = SELECT groupname, passwd, gid, ARRAY(SELECT passwd_table.username FROM passwd_table, usergroups WHERE passwd_table.uid = usergroups.uid AND usergroups.gid = group_table.gid) AS members FROM group_table WHERE groupname = $1
 # Must return group_name, group_passwd, group_gid
-getgrgid        = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table WHERE gid = $1
+getgrgid        = SELECT groupname, passwd, gid, ARRAY(SELECT passwd_table.username FROM passwd_table, usergroups WHERE passwd_table.uid = usergroups.uid AND usergroups.gid = group_table.gid) AS members FROM group_table WHERE gid = $1
 # Must return gid.  %s MUST appear first for username match in where clause
-groups_dyn      = SELECT ug.gid FROM passwd_table JOIN usergroups USING (uid) where username = $1 and ug.gid <> $2
-allgroups       = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table
+groups_dyn      = SELECT usergroups.gid FROM passwd_table JOIN usergroups USING (uid) where username = $1 and usergroups.gid <> $2
+allgroups       = SELECT groupname, passwd, gid, ARRAY(SELECT passwd_table.username FROM passwd_table, usergroups WHERE passwd_table.uid = usergroups.uid AND usergroups.gid = group_table.gid) AS members FROM group_table

Reply via email to