[Nsspampgsql-devel] Bug#500890: Bug#500890: libnss-pgsql2: Wrong SQL querys in nss-pgsql.conf

Torsten Irländer torsten at irlaender.de
Thu Oct 2 16:28:06 UTC 2008 

On Thu, Oct 02, 2008 at 04:54:35PM +0100, Stephen Gran wrote:
> severity 500890 normal
> thanks
> This one time, at band camp, Torsten Irländer said:
> > Dear maintainers, 
> > 
> > I run into some problems with the nss-pgsql.conf file comming in this package
> > which does not work for me out of the box. 
> > 
> > After creating all needed tables and putting the exampe config in place doing
> > a "getnet group" results in the following errors in the postgres log:
> 
> > --- nss-pgsql.conf.org	2007-11-13 02:03:16.000000000 +0100
> > +++ nss-pgsql.conf	2008-10-02 13:14:57.000000000 +0200
> >  
> > @@ -11,9 +11,9 @@
> >  # All users
> >  allusers        = SELECT username, passwd, gecos, homedir, shell, uid, gid FROM passwd_table
> >  # Must return group_name, group_passwd, group_gid
> > -getgrnam        = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table WHERE groupname = $1
> > +getgrnam        = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM passwd_table WHERE passwd_table.gid = group_table.gid) AS members FROM group_table WHERE groupname = $1
> >  # Must return group_name, group_passwd, group_gid
> > -getgrgid        = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table WHERE gid = $1
> > +getgrgid        = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM passwd_table WHERE passwd_table.gid = group_table.gid) AS members FROM group_table WHERE gid = $1
> >  # Must return gid.  %s MUST appear first for username match in where clause
> > -groups_dyn      = SELECT ug.gid FROM passwd_table JOIN usergroups USING (uid) where username = $1 and ug.gid <> $2
> > -allgroups       = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table
> > +groups_dyn      = SELECT ug.gid FROM passwd_table JOIN usergroups ug USING (uid) where username = $1 and ug.gid <> $2
> > +allgroups       = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM passwd_table pt JOIN usergroups ug ON ug.uid = pt.uid WHERE ug.gid = gt.gid ) AS members FROM group_table gt
> 
> You appear to be missing a table.  You need a total of three tables,
> minimally, for this to work.  You need one table with user information 
> (the passwd_table), one table with group information (the group_table),
> and a map table (the usergroups table) to map user to group membership.

No, i'm not missing a table here. The three tables you mentioned are created
correct by the default db-script loctaed in the example folder. The shadow
table is created too, but this isn't needed for the minimal setup.

I think the failure is in the sql query:

> > -getgrnam        = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table WHERE groupname = $1
> > +getgrnam        = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM passwd_table WHERE passwd_table.gid = group_table.gid) AS members FROM group_table WHERE groupname = $1

The 'usergroups' table does not have any field named 'username' e.g as this is
the mapping table between users und groups. The second part of the patch deals
with a syntax error and again the error from above:

> >  # Must return gid.  %s MUST appear first for username match in where clause
> > -groups_dyn      = SELECT ug.gid FROM passwd_table JOIN usergroups USING (uid) where username = $1 and ug.gid <> $2
> > -allgroups       = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM usergroups WHERE usergroups.gid = group_table.gid) AS members FROM group_table
> > +groups_dyn      = SELECT ug.gid FROM passwd_table JOIN usergroups ug USING (uid) where username = $1 and ug.gid <> $2
> > +allgroups       = SELECT groupname, passwd, gid, ARRAY(SELECT username FROM passwd_table pt JOIN usergroups ug ON ug.uid = pt.uid WHERE ug.gid = gt.gid ) AS members FROM group_table gt

Here a field ug.gid is referenced which has not been declared in the statement.

> The queries are correct for that.  If the default sql does not create
> the 3 tables, that's a problem that should be addressed.

Well, the queries does not work for me, and because the tables were created
correct IMHO the problems seems to be the query.

Regards, 

	Torsten

More information about the Nsspampgsql-devel mailing list