src/sss_client/common.c: Use getpwnam_r to avoid clobbering struct passwd

salahcoronya · salahcoronya · commit c37669aca34a · 2026-03-01T23:02:57.000-06:00
If something else uses PAM (like openrc, see OpenRC/openrc#984) and getpwnam, and calls something like pam_open_session, sssd's call to getpwnam in init_sssd_ids clobbers the cached value by the other program. Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
@@ -148,11 +148,35 @@ static void init_sssd_ids(void)
     /* 'libnss_sss' doesn't resolve SSSD_USER,
      * so no need to set '_SSS_LOOPS'
      */
-    struct passwd *pwd = getpwnam(SSSD_USER);
-    if (pwd != NULL) {
-        sss_sssd_uid = pwd->pw_uid;
-        sss_sssd_gid = pwd->pw_gid;
-    }
+    struct passwd pwd, *result;
+    ssize_t bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
+    char* buf;
+    int r;
+
+    if(bufsize == -1)
+        bufsize = 16384;
+
+    if(!(buf = malloc(bufsize)))
+        return;
+
+    do {
+        r = getpwnam_r(SSSD_USER, &pwd, buf, bufsize, &result);
+        if(!result) {
+            if(r == ERANGE) {
+                char* newbuf = realloc(buf, bufsize += 4096);
+
+                if(!newbuf)
+                    break;
+                buf = newbuf;
+                continue;
+            }
+        } else {
+            sss_sssd_uid = result->pw_uid;
+            sss_sssd_gid = result->pw_gid;
+        }
+    } while(!result && r == ERANGE);
+
+    free(buf);
 }
 #endif
 #endif /* SSSD_NON_ROOT_USER */
